Re: Replacing our core switch with 9500

abee · ‎04-26-2019

I am planning to replace our core switches 3750 with Cat 9500. The plan is slowly migrating the router over to the new core switches because there is production line running on the 3750. Do I need to create add a another subnet in the firewall to carry the traffic out? Could you please help with what would be the best practices and steps to migrate the routing over without disruptions?

luis_cordova · ‎04-26-2019

Hi @abee ,

Queries:

Your firewall allows you to create subinterfaces?

How do you connect the core switch with the firewall?

Regards

abee · ‎04-29-2019

We have Pa 820 as firewalls. as right now, it connects to the core switch using Meraki as a host.

balaji.bandi · ‎05-01-2019

here is the Steps and 2 options.

Option 1 :

Connect 9500 with 3750 Trunk and configure SVI in 9500

Move the Link 1 by 1 to 9500, and test done.

in the small window, Shutdown the SVI on 3750 and Bring up the SVI on 9500.

Option 2 :

Big bang, configure 9500 and remove the 3750 and move the cables to 9500 and test it.

Keep the 3750 on in case if you required to roleback.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

balaji.bandi · ‎04-27-2019

If i understand correctly you lookinng cut over Old 3750 to New 9500

Connect 3750 and 9500 each other, so the traffic can transit. Start Migrating Low Service Impact Device to see all working as expected. Finally with an Maintenance window, Move rest of the device to new switch, leave 3750 as it is until all working as expected.

If 3750 have any SVI, make sure they also move to 9500 in the maintenance window.

Or provide the full config of 3750 and higlevel network diagram to suggest better

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

abee · ‎04-29-2019

This is our topology

ISP - PA 820 - Core cisco 3750 - Meraki.

I'm thinking about create another interface in our firewall with the 9500 and slowly migrate traffic go that way.

paul driver · ‎04-27-2019

Hello
You dont provide enough information regards your topology-
I assume the 3750 core performing the inter-vlan routing, Is it ruining any igp
Where the FW located in your topology and what is it role?

Usually on core migrations I have found your could do it two ways,
Direct cutover (all in one)
Staged cutover (piecemeal)

With a direct the cutover you need a change window and downtime but you know if you experience any issue you can always revert back to the old core, however the downside to this is if you have loads of interconnects to migrate then just one failure could result in a complete backout

Staged is longer but you have more control of the migration should be able to workout with issues as they arise with limited down time to the users in the area your migrating and none to other users.

For this staged change you could build up the new core with the same addressing and SVI interfaces as the old core but have them in a shutdown state.

Then create a L2 connection between old and new core and migrate the L2 interconnects over first ( depending if you are running an igp you would also create a L3 connection)

Once the L2 is completed you would migrate over to the L3 routing (disabling it on the old core!) and lastly remove the connection between the old/new core.

Obviously the above is a high level example of a staged migration but I have found the main premise involves those few steps.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

abee · ‎05-01-2019

Hi Paul,

Thank you for your quick response. I have a few questions for you regarding the stage migration.

For this staged change you could build up the new core with the same addressing and SVI interfaces as the old core but have them in a shutdown state.

Then create a L2 connection between old and new core and migrate the L2 interconnects over first ( depending if you are running an igp you would also create a L3 connection) --> does it mean I migrate the Access layer switches(Meraki) to the new core?

Once the L2 is completed you would migrate over to the L3 routing (disabling it on the old core!) and lastly remove the connection between the old/new core. -->Shut down SVI in old core, and no shut in new core?

Another question is, I plan to configure the pair of 9500 as redundancy core instead of HA. I'm assuming the switches will work as STP, one active and one blocking?