« Cisco Certified People Can Get Juniper Certified...Free? | Main | Recovering Type 7 Passwords Without Web-Tools »
January 18, 2008
Help! Remote Switch IP Changes...
I feel so shamed. I have completely neglected the CiscoBlog since the holidays and my first post of the new year is a plea for help. How pathetic! Forgive me. I plan on putting plenty of time into the blog, answering many of the questions that have come in over the last few weeks, and getting that forum running (I'm really close!). The check's in the mail
So here's what I need help with. This weekend, I'm doing a massive network migration for a government agency. They have about 60 switches that I will be moving over to a new IP addressing scheme (creating a separate management VLAN). So here's, in effect, what I'll be doing:
interface vlan 1
no ip address
interface vlan 200
ip address 10.20.x.x 255.255.0.0 (each switch gets its own IP address)
no shutdown
Seems simple, right? Well, these switches are spread over 15 buildings miles apart using fiber cabling. I'd like to be able to do this all remotely, many of the switches are using low-end images that only allow a single IP assignment at a time. So, if I'm telnetted in remotely and drop the VLAN 1 IP address, I'm dead.
I thought about setting up a TFTP server on my laptop, copy the running configs of the remote switches down, changing them, then copying them back to the startup config of the remote switch and rebooting...but that seems pretty painful.
Anyone have a great idea on a quick way to do this?
Posted by JC at January 18, 2008 3:06 PM
Comments
This worked for me:
Create a text file on TFTP/FTP server like so:
interface vlan 1
no ip address
shutdown
interface vlan 200
ip address 10.200.x.x 255.255.x.x
no shut
end
then
switch# copy ftp://1.2.3.4/something.txt flash:something.txt
switch# reload in 5 ! just in case something goes wrong
switch# copy flash:something.txt running-config
hope this works for you
Posted by: mtw at January 18, 2008 4:32 PM
How about if you paste the configuration change "all at once".
Would it all get through before the connection dropped? I'm pretty sure most, if not all of it will. Then you can just telnet back in on the new address.
I tested this in dynamips and the only command that didn't make it through was the "no sh" at the very end.
But that's dynamips and my old laptop.
Might be worthwhile doing a test on the furthest away switch with the old "reload in 5" as a backup
Posted by: Stevie at January 18, 2008 4:52 PM
Use the switches gateway router, telnet/ssh them from there (so you are at layer 2 with the switches)...
- change their default gateway to the new one
- be shure to add the new L2 vlan to the vlan database
- create the new interface vlan with ip address, and no shut it
- the moment you no shut the new interface vlan the connection breaks
- telnet/ssh the switch on its new ip-address and remove the old interface vlan & L2 vlan, then write mem
Gustaf
Posted by: Gustaf Hyllested Serve at January 18, 2008 5:47 PM
You should be able to type up your code fragment (just the changes, not the whole thing) in a text file and tftp that directly to the running-config. IIRC changes done over TFTP to the running-config are executed after the transfer is finished. Use the "reload in 10" trick mentioned above as a fallback.
Test it out, of course, but if you've ever looked under the hood of CiscoWorks, that's the method it uses.
If you can get that going, it should then be a trivial matter to wrap some [insert favourite language here] code around it to automate your task. Net::Telnet::Cisco is good if you're a perl guy.
Sean
Posted by: Sean at January 18, 2008 6:23 PM
Guys - this is awesome. You've saved my Saturday (some of it, at least). Thanks much for the quick response!!
Posted by: JC at January 18, 2008 7:27 PM
Jeremy,
You know I had etly this problem on the Heathrow Airport Terminal 5 network. I had to change the remote management IP from VLAN 1 (not good) to VLAN 2 AND alter the subnet mask.
If you did the same thing, the script would go something like this:
First, create a template in notepad and save as [hostname]_tpl.txt:
interface vlan 1
no ip address
shutdown
interface vlan 200
ip address 10.200.x.x 255.255.x.x
no shut
end
wr mem
(now, you could create one template per device using real IP addresses and save it using the device hostname, or change the template above to the correct IP each time you execute the command script - I think the former is safer)
Next, create a short script like this:
copy tftp://[my laptop ip running 3Cserver] [template_filename] running-config"
Now, telnet into each device and paste in the script, causing the device to tftp their template into running-config.
I then checked that I could reach the device on it's new VLAN and ticked it off my spreadsheet.
NOTE: I did do a 'reload in..' before executing the script and did a 'cancel reload' once I reached the device on the new VLAN.
Using TFTP ensures that your connection won't be dropped, because it only executes the configuration changes once the WHOLE file has been received.
Posted by: Daren Matthews at January 19, 2008 5:13 AM
Congratulations on getting your new CBT Nuggets ICND1 & ICND2 video series out the door.
Posted by: Shaun at January 19, 2008 10:24 AM
Is there any reason why VLAN 1 has to be disabled immediately?
Create your VLAN 200 with it's IP scheme. Get everything working the way it should, then go back and un-IP VLAN 1.
Or, re-write your script like this:
interface vlan 200
ip address 10.200.x.x 255.255.0.0
no shutdown
interface vlan 1
no ip address
If it kicks you, simply reconnect and wr mem.
Posted by: James Beukelman at January 19, 2008 8:01 PM
You shouldn't be doing this inband in the first place - this kind of activity should take place over the DCN/OOB management network, via the console. If the customer doesn't have a DCN and/or doesn't have console servers, then getting one up and going ought to take precedence over just about any other project.
Posted by: Roland Dobbins at January 20, 2008 1:43 AM
I hope your IP addresses and number of switches are not real, because if I where you I would be afraid of being fired after publishing such informations... Interesting comments anyway !
Posted by: john at January 20, 2008 11:56 AM
I know you've already done this but, for future reference the simplest way would have been as follows:
Create the switch script in a text document, lets call it switch1.txt
interface vlan 1
no ip address
interface vlan 200
ip address 10.200.x.x 255.255.0.0
no shutdown
Then tftp switch1.txt to the flash of the switch.
copy tftp flash:
Then to cutover all you have to do is login to each switch and
copy flash:switch1.txt running-config
Since the file is being copied locally from the switch there are now worries of being disconnected.
Posted by: Dan at January 21, 2008 10:59 AM
If your switches had a more updated IOS you could do the following:
(http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a0080356ea5.html#wp1062026)
1. Configure the Cisco IOS configuration archive.
2. enable
3. archive config
4. configure terminal
5. Enter changes to the current running configuration.
6. exit
7. configure replace target-url [list] [force] [time seconds] [nolock]
8. configure confirm
9. exit
Basically what that does is unless you type 'configure confirm' (with the [time sec] option) for the config to be saved.
Check out the link for more info.
Tom
Posted by: Tom K at January 22, 2008 7:55 AM
Hello!
It's quite simple - I've done similar migration about 2 years ago.
1. Create mgmt vlan everywhere you need.
2. On every switch:
- reload in 5
- inter vlan 200
- ip addr new ip address and mask
- no shutdown
3. Your connection will terminate but you will be able to connect using new address.
4. reload cancel
This worked for me at least on 2950. When you bring up new interface old one automagicly goes down.
Posted by: Patryk Ściborek at January 23, 2008 5:22 AM
One more method ...
Existing Configuration
======================
interface Vlan 1
ip address 10.1.1.10 255.255.255.0
ip default-gateway 10.1.1.1
Desired Configuration
=====================
interface Vlan 200
ip address 10.200.0.10 255.255.0.0
ip default-gateway 10.200.0.1
Create our macro
================
conf t
macro name Migrate_off_of_VLAN_1
interface Vlan 1
shut
interface Vlan 200
ip address 10.200.0.10 255.255.0.0
no shut
ip default-gateway 10.200.0.1
@
Confirm our macro
=================
show parser macro name Migrate_off_of_VLAN_1
Apply our macro
===============
macro global apply Migrate_off_of_VLAN_1
Remove our macro
================
conf t
no macro name Migrate_off_of_VLAN_1
Update DNS & Network Management
===============================
???
Posted by: Richard Towle at January 23, 2008 1:22 PM
Ahhhhh...Richard - you win the award for style :). Thanks again guys, the migration went awesome. I used the tftp to running-config method. Some of the older switches (3500XLs) freaked out when I did this, and the "reload in" command because very handy. Most of the others took it just fine. Mucho gracias!
Posted by: JC at January 25, 2008 4:01 AM
On the 3500XL platform, there is a command called "management" that you run on your new management interface. So if you had:
interface VLAN1
ip address 10.1.1.254 255.255.255.0
!
interface VLAN2
ip address 192.168.10.254 255.255.255.0
shutdown
!
Just do:
conf t
int vlan2
management
It will automatically shut down the VLAN1 interface and turn up the VLAN2 interface.
Posted by: Mike Y at January 27, 2008 5:33 AM
Hey, Gratz on getting your ICND2 nugget out the door. Sorry to ask this on your blog, but could you email me?
I wasn't able to find your email anywhere and wanted to ping you about something.
Posted by: James at January 27, 2008 6:22 PM
Nice airtical, i would like to tell all of my friends about it. By the way, i would like to introduce everyone of you a very nice website, it offers cheap air max trainers for men and women. Such as Air max 1, air max 2, air max 90, nike air max 2009+, air max 2010 new, nike air max TN, nike air ltd trainers, air max 95. Dunk SB shoes, nike shox shoes. You can find almost all the nike series there, in huge collection and varies colorways. They have Latest style and classic style. Though their price are low, don't worry about it's quality. They are realll ones!!! I have bought from them for so many times, and very satisfied with the their goods and service. Come on, you'll love it.
Posted by: groupshoes at October 27, 2009 6:19 PM
I cannot believe this is true!
Posted by: casino money at December 28, 2009 7:17 AM
This brings me to an idea:...
Posted by: Nejlepší ruletní systémy at January 1, 2010 3:45 PM
This brings me to an idea:...
Posted by: Roulette Spielen at January 1, 2010 5:01 PM
This brings me to an idea:...
Posted by: Roulette Trick at January 12, 2010 11:46 AM
Great idea, thanks for this tip!
Posted by: στρατηγική ρουλέτ	 at January 13, 2010 3:03 AM
Great idea, but will this work over the long run?
Posted by: Ruletní systém at January 22, 2010 7:22 AM
Great idea, thanks for this tip!
Posted by: στρατηγική ρουλέτ	 at January 22, 2010 12:05 PM
advise projectsin refreshing conservation chantilly tashakkori atom obtains similarly thinner aictec
servimundos melifermuly
Posted by: Buy Ambien at January 25, 2010 5:12 AM
festival first disturbance simplest creatively inquisitive countercheck strings membership daniela countries
servimundos melifermuly
Posted by: Buy Valium at January 26, 2010 6:25 PM