How To Change The IP Address Or Management VLAN Of A Device Remotely

One of the challenges of working with remote devices is when you have to change the IP address. For example, if you have to change an IP from 192.168.2.1 to 192.168.2.100 you might do this:

The Maverick Approach (when you don’t care about downtime)

Connect to the switch at 192.168.2.1

[code]]czo3MTpcInJlbG9hZCBpbiA1DQpjb25mIHQNCmludCB2bGFuIDENCmlwIGFkZHJlc3MgMTkyLjE2OC4yLjEwMCAyNTUuMjU1LjI1NS57WyYqJl19MFwiO3tbJiomXX0=[[/code]

Then connect to the switch at 192.168.2.100

[code]]czoxMzpcInJlbG9hZCBjYW5jZWxcIjt7WyYqJl19[[/code]

And that’s it! If your initial IP change didn’t work your switch will reload and you’ll be back at 192.168.2.1, and you can try again.

A Safer Approach

Connect to the switch at 192.168.2.1

[code]]czo3OTpcImNvbmYgdA0KaW50IHZsYW4gMQ0KaXAgYWRkcmVzcyAxOTIuMTY4LjIuMTAxIDI1NS4yNTUuMjU1LjAgc2Vjb25kYXJ5DQp7WyYqJl19ZW5kDQpleGl0XCI7e1smKiZdfQ==[[/code]

Then connect to the switch at 192.168.2.101

[code]]czo2OTpcImNvbmYgdA0KaW50IHZsYW4gMQ0KaXAgYWRkcmVzcyAxOTIuMTY4LjIuMTAwIDI1NS4yNTUuMjU1LjANCmVuZA0KZXhpdFwie1smKiZdfTt7WyYqJl19[[/code]

Then connect to the switch at 192.168.2.100 to make sure it worked, and to remove the staging IP.

[code]]czo4MjpcImNvbmYgdA0KaW50IHZsYW4gMQ0Kbm8gaXAgYWRkcmVzcyAxOTIuMTY4LjIuMTAxIDI1NS4yNTUuMjU1LjAgc2Vjb25kYXJ7WyYqJl19eQ0KZW5kDQpleGl0XCI7e1smKiZdfQ==[[/code]

The reason we have to go through this contortion of using a third, temporary IP is because Cisco does not permit you to have a secondary IP without a primary IP configured.

More Complex Changes

The solution above works if you want to change the IP, but what if you need to do something more complex?  What if you need to move the management IP from one VLAN to another?  This might happen if you’re in an environment that was using VLAN 1 everywhere, and you’ve decided to enact of the recommendations in the Cisco Best Practices guide so now you need to move the management IP from VLAN 1 to VLAN 777.

In this case you can’t just configure 192.168.2.100 in VLAN 777, because that subnet already exists in VLAN 1.  You can’t remove the IP from VLAN 1, because then you’ll lose your connection to the device.

The solution is to use a script, as below.  You’ll note that my script included changing the VLAN of interface FastEthernet 1/0/1 to VLAN 777; this is the interface that my connection is coming through and because my management IP is going to be on VLAN 777 it is necessary to do this.  Make sure you think about what the final configuration will look like after your script completes, remember that you need to be able to connect to this device or else you’re going to have to reload and start over.

[code]]czoxMzY6XCJpbnRlcmZhY2UgVmxhbjENCm5vIGlwIGFkZHJlc3MNCmludGVyZmFjZSB2bGFuIDc3Nw0KaXAgYWRkcmVzcyAxOTIuMTZ7WyYqJl19OC4yLjEgMjU1LjI1NS4yNTUuMA0KaW50ZXJmYWNlIGZhIDEvMC8xDQpzd2l0Y2hwb3J0IGFjY2VzcyB2bGFuIDc3N1wiO3tbJiomXX0=[[/code]

Create this script in a text file, and copy it to your device.  I used tftp.

[code]]czozNzA6XCJSb3V0ZXIjY29weSB0ZnRwIGZsYXNoOg0KQWRkcmVzcyBvciBuYW1lIG9mIHJlbW90ZSBob3N0IFtdPyB0ZnRwLnNlcnZ7WyYqJl19ZXIuY29tDQpTb3VyY2UgZmlsZW5hbWUgW10/IGRldmljZS12bGFuLXNjcmlwdC50ZXh0DQpEZXN0aW5hdGlvbiBmaWxlbmFtZSBbZHtbJiomXX1ldmljZS12bGFuLXNjcmlwdC50ZXh0XT8NCkFjY2Vzc2luZyB0ZnRwOi8vdGZ0cC5zZXJ2ZXIuY29tL2RldmljZS12bGFuLXNjcmlwe1smKiZdfXQudGV4dCYjODIzMDsNCkxvYWRpbmcgZGV2aWNlLXZsYW4tc2NyaXB0LnRleHQgZnJvbSB0ZnRwLnNlcnZlci5jb20gKHZpYSBWbGF7WyYqJl19bjEpOiAhDQpbT0sgLSAxMzMgYnl0ZXNdDQoxMzMgYnl0ZXMgY29waWVkIGluIDAuMDI1IHNlY3MgKDUzMjAgYnl0ZXMvc2VjKVwiO3tbJiomXX0=[[/code]

Then I can confirm the contents are what I think they should be like this:

[code]]czoxODA6XCJSb3V0ZXIjbW9yZSBmbGFzaDovZGV2aWNlLXZsYW4tc2NyaXB0LnRleHQNCmludGVyZmFjZSBWbGFuMQ0Kbm8gaXAgYWR7WyYqJl19ZHJlc3MNCmludGVyZmFjZSB2bGFuIDc3Nw0KaXAgYWRkcmVzcyAxOTIuMTY4LjIuMSAyNTUuMjU1LjI1NS4wDQppbnRlcmZhY2UgZntbJiomXX1hIDEvMC8xDQpzd2l0Y2hwb3J0IGFjY2VzcyB2bGFuIDc3N1wiO3tbJiomXX0=[[/code]

That looks right, so we can apply the script now.  I’m cautious when I’m working remotely, so I always set a reload timer; this way if something goes really wrong I can always get back to the original configuration.

[code]]czoyOTA6XCJSb3V0ZXIjcmVsb2FkIGluIDUNClN5c3RlbSBjb25maWd1cmF0aW9uIGhhcyBiZWVuIG1vZGlmaWVkLiBTYXZlPyBbeWV7WyYqJl19cy9ub106IHllcw0KQnVpbGRpbmcgY29uZmlndXJhdGlvbuKApg0KW09LXQ0KUmVsb2FkIHNjaGVkdWxlZCBmb3IgMTU6MTk6MzkgUHtbJiomXX1TVCBNb24gTWFyIDI5IDIwMTAgKGluIDUgbWludXRlcykgYnkgcGF1bCBvbiB2dHkwICh3b3puZXkuY2EpDQpQcm9jZWVkIHdpdGgge1smKiZdfXJlbG9hZD8gW2NvbmZpcm1dDQpSb3V0ZXIjDQoqKioNCioqKiDigJQgU0hVVERPV04gaW4gMDowNTowMCDigJQNCioqKlwiO3tbJiomXX0=[[/code]

Now we can start the VLAN change!

[code]]czoxNTU6XCJSb3V0ZXIjY29weSBmbGFzaDovZGV2aWNlLXZsYW4tc2NyaXB0LnRleHQgcnVubmluZy1jb25maWcNCkRlc3RpbmF0aW97WyYqJl19biBmaWxlbmFtZSBbcnVubmluZy1jb25maWddPw0KMTMzIGJ5dGVzIGNvcGllZCBpbiAwLjEwOSBzZWNzICgxMjIwIGJ5dGVzL3NlY3tbJiomXX0pDQpSb3V0ZXIjXCI7e1smKiZdfQ==[[/code]

When I did this, my ssh session didn’t even drop.  All this really does it copy the contents of the file flash:/device-vlan-script.text right into the running configuration, and the device treats the commands just like it would when the device is booting up.  All I have to do now is cancel the timed reload.

[code]]czo2OTpcIlJvdXRlciNyZWxvYWQgY2FuY2VsDQpSb3V0ZXIjDQoqKioNCioqKiDigJQgU0hVVERPV04gQUJPUlRFRCDigJQNCioqKlwie1smKiZdfTt7WyYqJl19[[/code]