VLAN Migration Planner

Window length:

Use the approved implementation plus validation budget for each named window.

minutes

Ports per wave:

Smaller waves make access-port validation and rollback easier.

ports

Expected native VLAN:

Use the non-user VLAN configured on both trunk ends, such as 999.

Base change time:

The planner adds extra time for trunks, APs, voice pairs, high-risk, and critical rows.

minutes

Validation per wave:

Critical rows add the advanced critical buffer on top of this base validation time.

minutes

Port migration rows:

Paste one row per port or trunk. Roles: access, voice, ap, trunk, uplink. Criticality: standard, high, critical.

Columns: port, endpoint, old VLANs, new VLANs, window, role, criticality, note.

Critical-row buffer:

Use this for high-touch applications, trunks, or rows that require application-owner signoff.

minutes

Trunk old-VLAN policy:

Choose the handoff policy expected for trunk and uplink rows.

Allow VLAN 1 in planned rows

Leave off unless the change record explicitly accepts VLAN 1 on the affected port or trunk.

Rollback trigger:

Keep this executable during the maintenance window, not just a general risk note.

Check migration inputs

{{ error }}

{{ header }}	Copy
{{ cell }}
No rows for the current input.

Export to PDF Fullscreen

Embed:

Customize

Include current inputs

Size

Advanced

Width

Height

Aspect ratio

Max height

Collapsible embed

Allow fullscreen

Referrer policy

Sandbox tokens

VLAN migration planning turns a list of switch ports, endpoints, old VLANs, and new VLANs into an ordered cutover worksheet. The hard part is rarely the VLAN number alone. A printer move, camera move, access point move, voice pair, and trunk change can all fit the same maintenance record while needing different validation and rollback attention.

A useful plan keeps the maintenance window visible while the row list changes. Ports are grouped into named windows, split into waves, and checked against the approved minutes for each window. Roles and criticality then add realistic work time, so a critical trunk or uplink does not look like a simple access-port move.

VLAN migration wave plan with named windows, port waves, validation checks, and a window budget line.

Good migration planning starts with a row for each affected port or trunk. Each row should identify the endpoint, the old and new VLAN list, the named maintenance window, the port role, the criticality, and any local note that affects validation. The result is a runbook draft with timing, checks, and review flags, not a live switch inventory scan or a command generator.

The safest reading is conservative. A planned row can say Ready because its fields are internally consistent, while the real network can still fail if the VLAN is missing from a switch, DHCP scope, access control list, monitoring rule, or peer trunk. Use the worksheet to make the maintenance window clearer, then verify the live switching domain before cutover.

Technical Details:

IEEE 802.1Q VLAN tagging identifies traffic with a VLAN Identifier carried in the Ethernet tag. Ordinary planning uses VLAN IDs from 1 through 4094, while platform rules and local policy decide which of those IDs should be used, reserved, carried on trunks, or kept away from user segments. A migration plan must therefore check both the ID movement and the link type that carries the movement.

Access ports usually move one endpoint from one VLAN to another. Voice rows often carry a phone and data pair. Access point rows may involve management and client VLAN mapping. Trunks and uplinks are higher-risk because the allowed VLAN list, native VLAN, and spanning-tree state can affect many endpoints at once. The planner models those differences as role factors, risk additions, and validation buffers instead of treating every row as equal.

Rule Core:

The wave estimate combines row-level change time with shared validation time and explicit buffers for critical and trunk work.

\begin{array}{lll} T_{row} & = & ⌈ T_{base} \times RoleFactor + RiskExtra + MultiVlanBuffer ⌉ \\ T_{wave} & = & \sum T_{row} + T_{validation} + (CriticalRows \times T_{critical}) + (TrunkRows \times 3) \end{array}

VLAN migration planning rules
Planning area	Rule used	Result impact
Port rows	Rows are read as port, endpoint, old VLANs, new VLANs, window, role, criticality, and note.	Each valid row becomes one entry in `Port Wave Plan` and one candidate for the window timing model.
VLAN lists	IDs accept spaces, commas, semicolons, pipes, and ranges such as `120-124`.	Lists are deduplicated, sorted, and displayed as compact ranges in the plan and matrix.
Role factors	Access uses the base time. Voice, access point, trunk, and uplink rows add larger factors because they need broader checks.	The `Minutes` column increases for phone pairs, AP VLAN mapping, allowed-list work, and uplink work.
Risk labels	`Standard`, `High`, and `Critical` set review rank and extra row time.	Critical rows add the configured `Critical-row buffer` to their wave and raise the summary badge.
Wave building	Rows are grouped by named window and split by `Ports per wave`.	The planner marks each wave as `Fits window`, `Over budget`, or `Needs row review`.
Trunk policy	`Hold old VLANs through burn-in` or `Prune old VLANs after validation` changes closeout wording.	The checklist tells the operator whether pruning belongs in the same window or in a later follow-up change.

Validation Bounds:

VLAN migration input bounds and review flags
Input or field	Accepted range or behavior	Review cue
`Window length`	`15` to `1440` minutes.	Window totals above this value produce over-budget summary and chart status.
`Ports per wave`	`1` to `50` rows per wave.	Lower values create more validation pauses; higher values put more rows into each wave.
`Expected native VLAN`	`1` to `4094`.	Native VLAN `1` with trunk work is flagged as high risk, and trunk rows check the native ID explicitly.
VLAN row values	Each VLAN ID must be an integer from `1` through `4094`; one range can span up to `128` IDs.	Invalid tokens, missing old/new VLANs, and identical old/new lists make the row require review.
`Allow VLAN 1`	Off by default unless a documented exception is expected.	Rows that include VLAN `1` are flagged until the exception switch is enabled or the ID is replaced.
`Rollback trigger`	Any concise stop condition can be entered.	The trigger is copied into `Readiness Brief` and `Validation Checklist` so the stop rule stays visible.

Everyday Use & Decision Guide:

Start from the change ticket or switch worksheet, not from memory. Put one physical port or trunk per line in Port migration rows. Use the same Window name for rows that share the same approved maintenance period, then let Ports per wave decide how many rows are changed before validation pauses.

Keep roles honest. A simple printer move can stay access, but an AP should use ap, a phone/data move should use voice, and any allowed-list or uplink work should use trunk or uplink. That role choice changes the timing estimate and the validation focus printed in Port Wave Plan.

Use Window length for the approved implementation plus validation budget, not the entire change ticket duration if only part of it is usable.
Set Base change time to a realistic access-port move time before role and criticality buffers are added.
Raise Validation per wave when DHCP, monitoring, application probes, phone registration, or AP controller checks are slow.
Use Critical-row buffer for application-owner signoff, trunk review, or high-touch endpoints that need extra proof.
Leave Allow VLAN 1 in planned rows off unless the change record explicitly accepts that exception.

The summary title is the first stop-and-verify cue. VLAN migration needs review means row flags must be cleared before the runbook is final. VLAN migration exceeds a window means at least one named window is too full. VLAN migration ready with checks can still include critical or trunk work, so read the badges and checklist before treating it as ready for execution.

After the summary, read Readiness Brief first, then Port Wave Plan. If Window fit is clean and every port row says Ready, the next practical step is to compare the VLAN definitions, peer trunk state, DHCP scopes, and monitoring labels with the validation checklist.

Step-by-Step Guide:

Build the plan from window limits first, then tighten row details until the readiness checks are clean.

Set Window length, Ports per wave, Expected native VLAN, Base change time, and Validation per wave. The summary line updates with ports, windows, busiest window time, and budget.
Paste rows into Port migration rows using port, endpoint, old VLANs, new VLANs, window, role, criticality, and note columns. Use Load sample only when you want a known row format to copy.
Click Normalize CSV after rough pasting. Blank window, role, or criticality cells are filled with defaults so malformed spacing is easier to see.
Open Advanced and set Critical-row buffer, Trunk old-VLAN policy, the VLAN 1 exception switch, and Rollback trigger.
If Check migration inputs appears, fix the listed row issues before using the runbook. Common causes are missing endpoint, invalid VLAN token, identical old and new VLAN lists, or VLAN 1 without exception.
Read Readiness Brief for input row count, window fit, VLAN ID audit, native VLAN status, trunk scope, and rollback trigger.
Use Port Wave Plan to run waves in order. Each row shows the wave label, sequence, role, old and new VLANs, risk, minutes, action, validation focus, note, and status.
Use VLAN Change Matrix, Validation Checklist, and Window Load Map to review repeated movements, closeout checks, and window load before the change is approved.

Interpreting Results:

Port Wave Plan is the execution order. Trust the row order only after every status is Ready and the wave status is not Over budget. A row with a review flag can still receive timing, but it should not be treated as approved work until the flag is resolved or deliberately documented.

Readiness Brief is the approval checkpoint. It brings together input row count, window fit, VLAN ID audit, native VLAN status, trunk scope, and rollback trigger. A clean row table is not enough if Window fit says a window is over budget or VLAN ID audit calls out VLAN 1.

How to interpret VLAN migration result cues
Output cue	Meaning	Useful follow-up
`Ready`	The row has required values and did not trigger VLAN, native, or equality flags.	Verify the live VLAN, DHCP, ACL, monitoring, and peer trunk evidence before changing the port.
`Needs row review`	At least one row in the wave has a missing, invalid, matching, VLAN `1`, or native-VLAN issue.	Fix the row text, add an approved exception, or remove the row from the execution batch.
`Over budget`	The cumulative work for that named window exceeds `Window length`.	Reduce `Ports per wave`, add another named window, lower the row count, or increase the approved budget.
`Window Load Map`	The chart compares change work, validation, and critical/trunk buffers against the window budget.	Use the busiest window as the first timing discussion in the change review.
`Validation Checklist`	The checklist turns the row set into precheck, cutover, validation, rollback, and closeout actions.	Assign owners before the window starts, especially for trunk, AP, voice, and application checks.

Worked Examples:

A five-row access closet plan with the default 180-minute window and 3 ports per wave produces 2 waves. The summary says VLAN migration ready with checks, with 5 ports, 1 trunk checks, 1 critical, window fit, and native 999 badges. Window B / Wave 1 is the busiest at 54 min because it includes a critical trunk and a voice pair, even though it still fits inside 3.0 hr.

The same five rows become a timing problem when Window length is reduced to 45 minutes and Ports per wave is set to 2. The summary changes to VLAN migration exceeds a window and reports 3 waves. Readiness Brief shows 2 window(s) over budget, while Window Load Map shows Window A at 50 minutes and Window B at 54 minutes against a 45-minute budget.

A troubleshooting row such as sw03 Gi1/0/7,,1,1,Window C,access,standard,missing endpoint and VLAN 1 produces VLAN migration needs review. The alert says 1 row(s) need review before the runbook is final. In Port Wave Plan, the status lists Missing endpoint; Old and new VLAN lists match; VLAN 1 requires explicit exception. Fix the endpoint, replace one of the VLAN IDs, or enable the VLAN 1 exception only if the change record allows it.

FAQ:

Does it poll switches or verify live configuration?

No. It works from the rows and settings you enter. Treat Ready as an internal worksheet status, then verify switchport state, allowed VLAN lists, native VLANs, DHCP scopes, and endpoint checks on the real network.

Why did a row need review?

Rows need review when a required port, endpoint, old VLAN, or new VLAN is missing, a VLAN token is invalid, old and new VLAN lists match, VLAN 1 appears without exception, or trunk/native VLAN rules raise a flag.

Should old VLANs be pruned during the same window?

Use Trunk old-VLAN policy to match the approved handoff. Hold old VLANs through burn-in keeps pruning as a later closeout item, while Prune old VLANs after validation tells the checklist to prune only after endpoint and spanning-tree checks pass.

Why is VLAN 1 treated as an exception?

The planner leaves Allow VLAN 1 in planned rows off by default because default/native VLAN use should be intentional. A VLAN 1 row can still be planned when the exception switch is enabled, but the worksheet should carry the reason in the row note or change record.

Glossary:

VLAN: A virtual LAN identifier used to separate Ethernet traffic inside the switching domain.
Access port: A switch port that normally carries one endpoint VLAN for a printer, camera, workstation, or similar device.
Voice pair: A row where phone registration and data VLAN reachability both matter for the same physical port.
Trunk or uplink: A link that can carry several VLANs and needs allowed-list, native VLAN, and spanning-tree checks.
Native VLAN: The VLAN associated with untagged traffic on an 802.1Q trunk for platforms that use native VLAN behavior.
Wave: A small group of rows changed before validation pauses inside the same named maintenance window.
Rollback trigger: The stop condition that tells the team when to revert the active wave before touching later rows.

References:

Inter-Switch Link and IEEE 802.1Q Frame Format, Cisco.
VLAN Configuration Guide - Configure VLAN Trunking, Cisco.
Configuring Optional Spanning-Tree Features, Cisco.
802.1Q VLAN IDs and Ethernet Interface Types, Juniper Networks.

VLAN Migration Planner

{{ result.summary.title }}

Introduction:

Technical Details:

Rule Core:

Validation Bounds:

Everyday Use & Decision Guide:

Step-by-Step Guide:

Interpreting Results:

Worked Examples:

FAQ:

Glossary:

References: