What is the easiest way of Adding a new VLAN and then moving all Meraki Switches, AP's, and Firewall to new VLAN with Static IP Addresses without losing connectivity on the firewall and minimizing downtimeon the other devices. The client is in Detroit and we are in Texas. We basically want to do away with the default VLAN 1 and replace it with a new one.
I assume the crowd here will offer some good creative ways to approach this. My initial thought would be this. And, if someone spots something off in my logic chime in. It's nearing end of the workday for me and my mental acuity could be fading.
Change all APs and Switches to DHCP. Assuming DHCP is available on VLAN 1 they will pull IPs and still be reachable.
Create new mgmt VLAN(s) on MX. Not sure if you intend to use one subnet per device type or simply a new mgmt VLAN ID for all things infrastructure related.
If APs are to have statics change the IP config to use the new mgmt VLAN. Assumes it's allowed on the ports down to APs as well as the ports between the MX and Switch(es).
Assuming links from MX to Switch(es) are trunks allowing all VLANs change mgmt IP of switches to use the new mgmt VLAN.
Basically the idea is start from the edge moving inward and having a safety net of DHCP in case anything go sideways.
That is awesome advice. Thank you, sir. We do currently have VLAN1 "Default" setup with DHCP and will leave that in place until everything is over to the new VLAN. We are using one VLAN for all Meraki devices. The AP's can use DHCP but we want Switches to be Static along with firewall. I am assuming I do not need to do anything on the Firewall? Will it require a reboot or config changes? All links between switches and firewall are Trunk.
Is there any specific reason for statics on the switches?
And no, you shouldn't need to reboot anything.
For the APs. Either change the switchport connected to them to use the new mgmt VLAN as the native. Or, change the VLAN tag for the AP itself.
So for example, if the new mgmt VLAN is 700. Either change the switchport connected to the AP to be trunk native 700 and do nothing on the AP.
If instead the native on the switchport is something else let's say 100 then you'd want to type in 700 on the APs IP config. I commonly see folks specifying a tag on the AP IP config when it's the native on the switchport and that's an invalid config and you'll see errors in dashboard.
We have had issues in the past with switches in particular that when power goes out or sudden loss of connectivity due to something like and ISP outage that the switches never regain contact. Or they come back up and have the same IP associated with another device. We found that static on the switches eliminates that piece. Again, great advice on the AP's. We will try this tomorrow and see what he come up with. Thank you for all the great recommendations.