Re: Communicate 2 Different VLAN without interrupting production

Hafiz_HR · ‎03-27-2023

Hi all,

I have question need to confirmation.

We will do migration for vCenter from different to another vlan ie VLAN 130 to VLAN 1020.

I advised my team we need a L3 switch or L3 interface to perform this migration which is we already have Nexus switch.

so basically the precedure that i prepared is:-

L3 switch:
#vlan 130
#name DMZ
#vlan 1020
#name Mgmt

#int vlan 130
#int vlan 1020

#int e0/1
#switchport access vlan 130
#no shut

#int e0/2
#switchport access vlan 1020

Basically the default gateway for VLAN 1020-10.102.0.1 is configured at firewall network A and VLAN130-10.130.0.1 is configured at firewall network B. Both network is separated and in production. i am pretty sure that if I created SVI for both VLAN, i also need to assign the IP address inside the SVI.

btw we also using VRF in this environment which is VRF member for each VLAN segment.

My question is, how to establish communication between VLAN without assigning IP address inside SVI? because we cannot allow from server side to change the default gateway that in production.

should I configured ip vrf forwarding inside the SVI? is this correct?

Thanks,

Hafiz

Reza Sharifi · ‎03-27-2023

Hi,

VLAN 1020-10.102.0.1 is configured at firewall network A and VLAN130-10.130.0.1

Based on the above info, it appears that you are changing the vlan and subnet for the servers unless the mask is a /8

If so, you would need to change the gateway for each server as well.

So, the question is, are you trying to change both the vlan and IP range?

Hafiz_HR · ‎03-27-2023

Hi Reza,

we didnt want to change the VLAN and IP range, we only want this network able to communicate each other so that we can proceed with server migration. i know it impossible right? thats what im thinking too.

Because my team said we cant offord to change the gateway for these server. any other solutions?

how about vrf forwarding and membership?

Thanks,

Hafiz

Reza Sharifi · ‎03-27-2023

Hi,

So, you can get the new subnet/vlan to communicate with the server vlan as long as they both have gateways configured at the firewall. The issue is that ones you start moving servers to the new subnet, you would have to change the server IPs and the gateway which is probably hard to do as it will cause outages on the servers. The only thing vrf does is just create separate routing table from the global routing table, but at the end you will have the same issue with IP address changing.

HTH

Hafiz_HR · ‎03-27-2023

Hi Reza,

Thats what I thought. eventually need to set the gateway for network reachability.

basically i also understand that vrf simplified the routing table. just thinking how to provide best way for less impact.

Thanks,

Hafiz

MHM Cisco World · ‎03-27-2023

can you share the topology

Hafiz_HR · ‎03-27-2023

Hi MHM,

Here I provided simple network topology. although we have vPC, HSRP, etherchannel, VRF configured inside it.

Point to highlights.

the default gateway for every VLANs is configured at Firewall for both network A & B.
default route is used to forward the traffic to firewall for both A & B.
all the IP address for the servers cannot be change or modify.

So we are planning to migrate all those VMs from network A to network B. so the idea is, I said we need to allow VLAN xxx interface x/x/x at net A and configure SVI interface with IP at net A so that VLAN can communicate at L3 switch. but the servers need to change gateway for that purpose.

So i dont think this solution is workable as we need to point server gateway to new gateway at L3 switch net B. not sure why all VLAN gateway is configured FW. a bit complicated when I seen this network.

Hope someone can advise me.

Thanks,

Hafiz