03-27-2023 07:22 AM
Hi all,
I have question need to confirmation.
We will do migration for vCenter from different to another vlan ie VLAN 130 to VLAN 1020.
I advised my team we need a L3 switch or L3 interface to perform this migration which is we already have Nexus switch.
so basically the precedure that i prepared is:-
L3 switch:
#vlan 130
#name DMZ
#vlan 1020
#name Mgmt
#int vlan 130
#int vlan 1020
#int e0/1
#switchport access vlan 130
#no shut
#int e0/2
#switchport access vlan 1020
Basically the default gateway for VLAN 1020-10.102.0.1 is configured at firewall network A and VLAN130-10.130.0.1 is configured at firewall network B. Both network is separated and in production. i am pretty sure that if I created SVI for both VLAN, i also need to assign the IP address inside the SVI.
btw we also using VRF in this environment which is VRF member for each VLAN segment.
My question is, how to establish communication between VLAN without assigning IP address inside SVI? because we cannot allow from server side to change the default gateway that in production.
should I configured ip vrf forwarding inside the SVI? is this correct?
Thanks,
Hafiz
03-27-2023 08:20 AM
Hi,
VLAN 1020-10.102.0.1 is configured at firewall network A and VLAN130-10.130.0.1
Based on the above info, it appears that you are changing the vlan and subnet for the servers unless the mask is a /8
If so, you would need to change the gateway for each server as well.
So, the question is, are you trying to change both the vlan and IP range?
03-27-2023 08:44 AM
Hi Reza,
we didnt want to change the VLAN and IP range, we only want this network able to communicate each other so that we can proceed with server migration. i know it impossible right? thats what im thinking too.
Because my team said we cant offord to change the gateway for these server. any other solutions?
how about vrf forwarding and membership?
Thanks,
Hafiz
03-27-2023 09:07 AM
Hi,
So, you can get the new subnet/vlan to communicate with the server vlan as long as they both have gateways configured at the firewall. The issue is that ones you start moving servers to the new subnet, you would have to change the server IPs and the gateway which is probably hard to do as it will cause outages on the servers. The only thing vrf does is just create separate routing table from the global routing table, but at the end you will have the same issue with IP address changing.
HTH
03-27-2023 04:05 PM
Hi Reza,
Thats what I thought. eventually need to set the gateway for network reachability.
basically i also understand that vrf simplified the routing table. just thinking how to provide best way for less impact.
Thanks,
Hafiz
03-27-2023 09:09 AM
can you share the topology
03-27-2023 04:38 PM
Hi MHM,
Here I provided simple network topology. although we have vPC, HSRP, etherchannel, VRF configured inside it.
Point to highlights.
So we are planning to migrate all those VMs from network A to network B. so the idea is, I said we need to allow VLAN xxx interface x/x/x at net A and configure SVI interface with IP at net A so that VLAN can communicate at L3 switch. but the servers need to change gateway for that purpose.
So i dont think this solution is workable as we need to point server gateway to new gateway at L3 switch net B. not sure why all VLAN gateway is configured FW. a bit complicated when I seen this network.
Hope someone can advise me.
Thanks,
Hafiz
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide