09-30-2015 10:33 AM - edited 03-05-2019 02:25 AM
Hello all, this is my first post.
We are using 2 Nexus 7010 machines as routers with HSRP.
We have about 300 active VLANs and we really don't need that many. A significant number of the VLANs have very small subnets and could easily be consolidated into one VLAN.
Our current setup is like this:
int vlan1
hsrp 1
ip address 10.0.1.1/25
int vlan2
hsrp 2
ip address 10.0.2.1/26
int vlan3
hsrp 3
ip address 10.0.3.1/27
etc
From what I can tell, I think we would do this:
int vlan1
hsrp 1
ip address 10.0.1.1/25
ip address 10.0.2.1/26 secondary
ip address 10.0.3.1/27 secondary
I can do this during an outage window, so uptime shouldn't be a problem.
Is this the correct way to handle the situation? I can provide more details if necessary.
Thanks.
09-30-2015 11:32 AM
"Is this the correct way to handle the situation?"
Personally, we're trying to get off of this model with using secondary addresses. Think about how you'll be able to control traffic after you implement this. You'll have to take into account multiple subnets on a single svi instead of a dedicated subnet. I wouldn't recommend moving from vlans to secondary addresses just to reduce the amount of vlans that you have.
HTH,
John
09-30-2015 12:45 PM
Thanks!
There's another aspect to this, all of these smaller subnets will eventually move to a /22 so they are all within the same subnet. I was going to put that subnet on the single vlan as well so people could move at their convenience. Does this change the answer?
09-30-2015 01:16 PM
Actually, that would change the answer :) The only issue that you would have is that your /22 cannot conflict with the smaller ranges that you already have on the interface. As long as you take that into consideration, this won't be an issue.
Here's the other thing that you need to consider. Let's assume that your servers are on vlan120 with a subnet of 10.10.120.0/24. The default gateway for those servers is 10.10.120.1 (your vlan svi). The issue is that when you move the the address to, say vlan 1, as a secondary (10.10.120.1 secondary), you will lose access to the server. The reason is that the server is either being tagged for vlan 120 via its NIC, vSwitch in the case of vmware, or an access port. When moving devices over, you just need to take into account that you're not only changing the subnet, but you're also breaking their communication until the server is moved over into the vlan that the gateway they were once using moved to. Does that make sense?
HTH,
John
09-30-2015 01:22 PM
Yeah, this is why we would take an outage while I straighten out the vlan setup on all of the access switches. I've got the new vlan pushed down all of the trunk ports, just have to flip the access ports to the new, single vlan once the gateway addresses are moved into the single vlan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide