Remotely changing the Management SVI on a Cisco 3524XL
A Cisco 35-what-what now?
You probably haven't heard of a Cisco 3524XL. You're possibly sat reading this thinking: "I've heard of the Nexus 3K, sure, but WTF is a 3520-Seires, am I behind already?". The answer is no, you aren't (or yes, you are if you're unfortunate enough to know what a C3524XL is) - but don't take my word for it, let's ask what Danny Dyer thinks:
Why are you blogging about a Cisco Switch that went EoL over a decade ago?
Indeed, the Cisco Catalyst 3524XL went End of Life in 2002 - far before I even started working in the field of Networking. So why am I talking about it here? Well, a few reasons:
- @DarrenFullwell challenged me to on Twitter
- It's got lessons to teach us all
- History needs to remind us that banging on the suffix "XL" should only be confined to fast food and t-shirts
Let's focus on what it can teach us - first, a little primer on my chief bugbear with it as a "capable Layer 3 Campus Access Switch".
The C3524XL only supports one SVI
That's not too bad you might think; you probably only want to give it a Management IP Address to the SVI, and let something more capable handle inter-VLAN Routing. But what happens when you want to do something like this:
- Remotely re-IP Address the Management IP (and the boss won't let you hire a van and take the day to drive to the arse-end of nowhere)
- Remotely change the configuration your colleague left with it using
VLAN1as the SVI, but everywhere else usesVLAN55for Switch Management (and the boss still won't let you hire that van)
Any ideas on how you're going to sort that out, remotely? Let me introduce you to the age-old Network Engineering practice of...
Squeaky bum time
There's nothing for it, soldier; we've got two basic choices to do this remotely, and we're gonna need a stock of toilet roll for both:
- Use a SNMP-based config upload tool like Network Billy (coincidentally the finest thing to have come out of a GeoCities website)
- Use a TFTP-based config upload tool (like TFTPd32)
- Keep hassling the boss for that van
I went for option two, TFTP-based; but the basic concepts are the same. Firstly, we're going to double-check what we want to achieve; for my scenario, that's two things:
- Disable
VLAN1 - Migrate the Management IP to
VLAN55(172.31.0.0/24)- I'll also have to change this upstream, so that my L3 Default Gateway Switch/Router moves
172.31.0.0/24fromVLAN1toVLAN55, or have both co-exist for a while and VRF Lite one VLAN off from the other; but that's for another blog post
- I'll also have to change this upstream, so that my L3 Default Gateway Switch/Router moves
To do this interactively, I'd want to do something like the following:
conf t
int vlan1
no ip address
no desc
shut
vlan 55
name Mgmt_VLAN
int vlan55
desc Management VLAN
ip address 172.31.0.99 255.255.255.0
no shutdown
ip default-gateway 172.31.0.1
end
wr memBut we don't have that luxury, so we'll go for a three-step approach.
Step 1 - The interactive bit
We need to setup the VLAN (just at Layer 2) ready to go; as we're talking about an archaic C3524XL, depending on the age of IOS on the Switch, that's either going to be the "new Cisco way" (as above), or if you're as unlucky as Dyer thinks, the old VLAN Database method, like this:
C3524XL#vlan database
vlan 55
exitRegardless of which, we'll then check we've got the VLAN ready to go, and if necessary, add it to any 802.1q Trunk interfaces up to the Core (L3) Switch:
C3524XL#sh vlan id 55
C3524XL#sh int trunk | inc Span|Port|55Now onward to the offline part.
Step 2 - The offline bit
Firstly, we need to grab the config file off the C3524XL. If you've got TFTPd32 running on your PC (which needs to be accessible from the existing C3524XL VLAN1 SVI IP Address, say your PC is 10.0.0.99), this is just a matter of turning TFTPd32 on, configuring it to a directory and ensuring Winblows Firewall isn't blocking inbound TFTP (UDP/69). Then login to your C3524XL, and do something like this to copy the config from the Switch to your PC:
C3524XL#copy run tftp://10.0.0.99/c3524xl-confg
yesNow you have the file locally, we'll be editing it in a text editor to make the changes above, and turn it into the startup-config (for the sake of space, I'm only showing the changed lines; the rest of the config needs to be there, you are only Find-Replacing these sections):
<snip - rest of config removed, but would be there>
hostname C3524XL
<snip - rest of config removed, but would be there>
int vlan1
no ip address
no desc
shut
int vlan55
desc Management VLAN
ip address 172.31.0.99 255.255.255.0
no shutdown
<snip - rest of config removed, but would be there>
ip default-gateway 172.31.0.1
<snip - rest of config removed, but would be there>A few handy hints here:
- Make sure all your interconnect, Trunks and Management
SVI VLAN55are set tono shutdown - Triple-check that in your scenario it is actually
VLAN 55for Management; the IP Address is correct and doesn't conflict &VLAN55exists and would be allowed on the Trunk
Nothing left now but to execute our actions and make rocket go now!
Step 3 - The bit you make a calming brew beforehand for
Now it's crunch time. You've obviously got an RFC Change Request that's approved to do this (because you wouldn't "Lab on Live", would you?), so what's to fear, eh?
Firstly, we upload the amended config file, straight into startup-config:
C3524XL#copy tftp://10.0.0.99/c3524xl-startup.txt startup-configThen we get paranoid and double-check it copied everything correctly, that we're definitely Trunking that VLAN55 and we've set the Management VLAN 55 to "no shut":
C3524XL#sh start
C3524XL#sh vlan id 55
C3524XL#sh int trunk | inc Span|Port|55And finally we sup-up that brew, clench the derriere, and invoke the outage-causing Management IP switchover:
C3524XL#reload
yesThen we wait, and nervously set our local PC Command Prompt "ping-t" going, waiting for it to pop back up with the new Management IP address:
C:\Users\NervousAdmin>ping -t 172.31.0.99
Pinging 172.31.0.99 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
<2-3 nervous minutes later>
Reply for 172.31.0.99: bytes=32 time=13ms TTL=64
Reply for 172.31.0.99: bytes=32 time=13ms TTL=64
[CTRL+C]Wrapping it up
And there we go; remotely changing the Management VLAN and IP Address of a Switch that's older than time - and hopefully a useful tip if you have a similar single-SVI-only piece of sh... kit. Enjoy!
Latest Posts
- Terraforming an F5 Cluster into Azure with pesky DO
- Juniper SRX Filter-based Forwarding (FBF) Policy Based Routing
- Juniper SRX Overlay and Underlay VRF-seperated GRE Tunnels
- WiPi Monitoring with a Raspberry Pi WLAN Device
- What happened to the OpenFlow dream?
- Hitlessly change a Cisco switchport from an Access to a Trunk Port in Production
