05-13-2021 09:32 AM
We just upgraded our Cisco Nexus public switch so that two extra modules could be recognized by the chassis. We were planning on using these extra modules for private network connections. Our existing private switch is EOL and we wanted to migrated those connections to our public switch. I'm pretty new to configuring an switch to use public and private networks on the same switch. How will I go about this? Are there particular configs that need to be set (ip route, VLANS, etc)? Most of the migrated connections are trunk ports connected to another nexus private switch for uplinks with 2 port-channel groups and 5 VLANS.
Old private switch: 6509
Public switch:9508
Solved! Go to Solution.
05-13-2021 11:55 AM
Hi,
So, looking at the config for the 6500, you only have VLAN 3, 5, 7, and 8. If these have private IPs (RFC 1918) then they will never be routed to the Internet unless you use NAT which I don't see configured on the Nexus. So, all you have to do is to build the above 4 VLANs on the Nexus and move the corresponding IPs as well. Also, I only see vlan 3 as access ports on the 6500 which means if you have any devices (PC/laptop, etc) connected to these ports, they also need to be moved to Nexus and be put in vlan 3. Also, move over the Portchannels you have on the 6500 if they are needed.
HTH
05-13-2021 09:40 AM
First i suggest post any configuration of both, is there any requirement public and private vlan to communicate ?
is there any mediation switch in the middle or any FW ?
it all depends on what is the exiting configuration.
where is Private switch SVI or Layer 3 interface ?
May be you can do VDC make a seperate context for the replament of switch, so that act as different switch.
or create normal VLAN and use as transit Layer 2.
05-13-2021 10:56 AM
There's no firewall in between. There is another private switch that we use on the same private networks as the old private switch.
- is there any requirement public and private vlan to communicate? No
I'm uploading my running-configs for the old private and public switches. I had to edit the config IPs for security on the upload and remove a lot of port configs so it won't be so long.
05-13-2021 11:55 AM
Hi,
So, looking at the config for the 6500, you only have VLAN 3, 5, 7, and 8. If these have private IPs (RFC 1918) then they will never be routed to the Internet unless you use NAT which I don't see configured on the Nexus. So, all you have to do is to build the above 4 VLANs on the Nexus and move the corresponding IPs as well. Also, I only see vlan 3 as access ports on the 6500 which means if you have any devices (PC/laptop, etc) connected to these ports, they also need to be moved to Nexus and be put in vlan 3. Also, move over the Portchannels you have on the 6500 if they are needed.
HTH
05-14-2021 08:04 AM
Thanks for the feedback. This helps a lot. We are not using NAT and our private network is only internal.
05-14-2021 08:15 AM
So there's no other config changes at the upper level for the switch for using private? What I gather is to mimic the VLAN configs from the old switch to the new, configure the new ports, move the physical connections, and then I should have connectivity.
05-14-2021 07:42 AM
vlan 3 ! vlan 5 ! vlan 7 ! vlan 8 ! vlan 9 !
I only see the difference here , so you do not requirement major work on nexus, just create a VLAN and move the SVI there.
if you do not like exiting nexus VLAN to talk to thease VLAN, you can have ACL to deploy locally.
Any if they are "Private IP 255.255.255.0" they can not reach internet.
05-14-2021 08:02 AM
This network doesn't need to reach the internet just internal if that helps.
05-14-2021 09:50 AM
Sure then you are good to go.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide