Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
611
Views
5
Helpful
6
Replies

design help

bluesea2010
Level 5
Level 5

‎03-26-2022 09:54 AM

Hi,

collapsed core architecture  and for TOR for servers 

l3 access.JPG

Hi ,

 

I have the  above  topology,  to access layer is layer 2 and also to TOR switches ( for servers ) 

in firewall, SVI is configured on the firewall for servers

and for access layer svi is on the core switch.

 

Now I am planning  to change the layer 2 access layer and TOR switch to layer 3 

 

Please advise regarding the configuration and where should i place the fw 

Thanks 

 

 

 

 

0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎03-26-2022 10:16 AM - edited ‎03-26-2022 10:19 AM 

Now I am planning  to change the layer 2 access layer and TOR switch to layer 3

First this required downtime  and  Service interruption

Choose whatever IGP ( i prefer OSPF)

Run OSPF n Core Switch

Bring back any gateway configured on FW for Server to Core Switch.

Configure each leg connected port from Core to Access and Core to tor Layer3 port with p2p IP

so IGP can take care of load share equally/

 

By the way, you did not mention Core is in VSS ? or Traditional Layer 3 deployment.

 

Some examples for reference :

 

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/routed-ex.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

bluesea2010
Level 5
Level 5
In response to balaji.bandi

‎03-26-2022 11:37 PM

Hi @balaji.bandi 

The core is  VSS.    

what about TOR switches. If I change SVI to the  TOR switches  or CORE switches ? 

 

Thanks 

 

 

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to bluesea2010

‎03-27-2022 04:28 AM 

what about TOR switches. If I change SVI to the  TOR switches  or CORE switches ?

If you Looking for TOR Switches to be Layer3 (moving from FW) then my suggestion is to convert them to a p2p interface and run the same OSPF, just like other access switches.

 

This suggestion is based on your requirement,  If you are using FW in the path for Lan network to reach DC (or TOR Switches) some kind of protection, then leaving gateway on FW makes sense. and leaving the TOR switches as Layer 2.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

MHM Cisco World
VIP
VIP

‎03-27-2022 09:30 AM

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/VSS30dg/campusVSS_DG/VSS-dg_ch3.html#wpxref28659

 

Route Access connect to VSS, please read this Doc. 
sorry for my little acknowledge.

0 Helpful

bluesea2010
Level 5
Level 5
In response to MHM Cisco World

‎03-27-2022 07:10 PM

Hi @balaji.bandi 

If I  change TOR switches to layer 3, and  routing will be on the firewall, 

is there any benefit?

Thanks 

 

 

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to bluesea2010

‎03-28-2022 12:08 AM 

If I  change TOR switches to layer 3, and  routing will be on the firewall, 

is there any benefit?

If you change the TOR to Layer 3, I do not see any advantage FW as routing here, your next peer should routing for you.

Personally, that is the best i do in Layer 3 deployment.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Top