LAN Routing
Management VLAN Conversion Issue

Management VLAN Conversion Issue


We currently have ARUBA 5406zl2 switches at each of our electric utility substations, each one with a management IP of 192.168.2.X on the default management VLAN 1. After learning that this was not best practice to keep traffic on VLAN 1, we are in the works of converting those same IP address over to another VLAN. Our procedure has worked fine for some of the switches, however, on certain switches, the procedure does not follow through and the network becomes locked up and I have to travel there to revert the changes locally. Can someone look through the procedure below and identify any cause of why the network may be getting locked up for some switches but no others? Thank you!


Switch A = Switch that will be converted

Switch B = Connected switch that will be used to maintain remote connectivity to Switch A

1. Open CLI of Switch A. Open IP Address Management.

2. Add new IP address with 192.168.3.X subnet to VLAN 1 management (Temporary Subnet to access switch). CLI closes.

3. open new CLI with new 192.168.3.X. Enter IP address management. Add old IP 192.168.2.X to new desired management VLAN.

4. Open port VLAN settings - apply untagged on new VLAN, FORBID on default management VLAN. This will close the pipe between Switch A and B. CLI will lock up.

5. Open CLI of Switch B. Open port VLAN settings - apply untagged on new management VLAN, FORBID on default management VLAN. This will open the pipe back up between switches.

6. Ping Test to verify. Open Switch A CLI - remove temporary IP from default managemen VLAN. Original IP now on new VLAN.


As stated earlier, this procedure worked for several switches, however, did not work for one instance for reasons unknown. When troubleshooting, we found that TAGGING the old default management VLAN allowed traffic to pass through and allow the switches to talk. But we don't want any purpose of using the default VLAN anymore by any means. Please let us know if we are missing something crucial because it's not making sense to us.


Hi there,

what is your device list or your network topology? And you can have a try to upgrade the fault device's software.



