11-24-2020 11:36 AM
I really need help. I need to know if there is a way to migrate our existing core switch to a newer one by trunking it to the only port available on our ASA and then migrating all the rest to the new switch, from the old, on a port-by-port basis without any
downtime. I work for an outfit that is tasked to specifically help people during this pandemic and most of everything in the office is done via PC. So any significant downtime is not an option. I have asked to wait on this procedure until things calm down and until there are less critical dependencies, therefor less risk. But, I'm getting pushed. To put things in perspective have you folks seen The Hunt for Red October? The Quote, "...You've killed us all." comes to mind. Wow, been doing this way too long. Anyway, against my better judgement I'm moving forward. So my question is, am I being too cautious and if so, with the hardware list below, is there a safe way to do this? All I know is this has got ugly written all over it so I'm just trying to mitigate the potential issues.
Firewall -----------
ASA5510
version 12.2
Old Switch -------------
Cisco Catalyst 3750G
Version 12.2
New Switch -------------
Cisco 3850 POE
Solved! Go to Solution.
11-24-2020 12:32 PM
yes possible most case with conditions. make a small network digram with new and old setup and upgrade approach.
1. You can build a new Switch connected to exiting OLD Switch,
2. Configure new Switch - and connect to the OLD switch
3. Move the configuration of the device to a new switch and migrate 1 device at a time, but still OLD switch as a transit point.
Once all the devices Migrated from OLD CORE to New CORE. (make sure you have pre lay cables to connect.
now you have task for uplink moving, required small downtime if you have all the cables ready and plugged in
If you have dual uplink then its easy to move to 1 at a time.
Is your FW only 1 or HA ? If only 1 here another dependency and make cables ready and onsite engineer available for you physical move with small downtime.
Note: if the devices do not have high availability, the risk is high - and you need to plan very carefully.
11-24-2020 12:32 PM
yes possible most case with conditions. make a small network digram with new and old setup and upgrade approach.
1. You can build a new Switch connected to exiting OLD Switch,
2. Configure new Switch - and connect to the OLD switch
3. Move the configuration of the device to a new switch and migrate 1 device at a time, but still OLD switch as a transit point.
Once all the devices Migrated from OLD CORE to New CORE. (make sure you have pre lay cables to connect.
now you have task for uplink moving, required small downtime if you have all the cables ready and plugged in
If you have dual uplink then its easy to move to 1 at a time.
Is your FW only 1 or HA ? If only 1 here another dependency and make cables ready and onsite engineer available for you physical move with small downtime.
Note: if the devices do not have high availability, the risk is high - and you need to plan very carefully.
11-24-2020 02:29 PM
Thank you! I totally forgot about the trunking option. Also, we have only 1 Firewall so no HA. We only have what our budget will allow. Its not much, but it's all we got: God help us.
11-24-2020 02:40 PM
Hello
You dont state what device is performing the routing, if its the old switch or ASA, if its the old switch then youll need to use the trunk between old-new switch's and run a L3 connection over it also so you can plan to move each routed vlan without total outage, unless that is you go for an all in one approach and shutting the routing off the old switch and applying it on the new switch, However this will incur some outage but all this is irrelevant if the asa is performing the routing and @balaji.bandi solution should be applicable
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide