Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1162
Views
10
Helpful
8
Replies

Configure Private Network on existing public switch

Go to solution
greg8
Level 1
Level 1

‎05-13-2021 09:32 AM

We just upgraded our Cisco Nexus public switch so that two extra modules could be recognized by the chassis.  We were planning on using these extra modules for private network connections.  Our existing private switch is EOL and we wanted to migrated those connections to our public switch.  I'm pretty new to configuring an switch to use public and private networks on the same switch.  How will I go about this?  Are there particular configs that need to be set (ip route, VLANS, etc)?  Most of the migrated connections are trunk ports connected to another nexus private switch for uplinks with 2 port-channel groups and 5 VLANS. 

Old private switch: 6509

Public switch:9508

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to greg8

‎05-13-2021 11:55 AM

Hi,

So, looking at the config for the 6500, you only have VLAN 3, 5, 7, and 8. If these have private IPs (RFC 1918) then they will never be routed to the Internet unless you use NAT which I don't see configured on the Nexus. So, all you have to do is to build the above 4 VLANs on the Nexus and move the corresponding IPs as well. Also, I only see vlan 3 as access ports on the 6500 which means if you have any devices (PC/laptop, etc) connected to these ports, they also need to be moved to Nexus and be put in vlan 3. Also, move over the Portchannels you have on the 6500 if they are needed.

 

HTH

 

View solution in original post

8 Replies 8

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-13-2021 09:40 AM

First i suggest post any configuration of both, is there any requirement public and private vlan to communicate ?

is there any mediation switch in the middle or any FW ?

 

it all depends on what is the exiting configuration.

where is Private switch SVI or Layer 3 interface  ?

May be you can do VDC make a seperate context for the replament of switch, so that act as different switch.

or create normal VLAN and use as transit Layer 2.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
greg8
Level 1
Level 1
In response to balaji.bandi

‎05-13-2021 10:56 AM

There's no firewall in between.  There is another private switch that we use on the same private networks as the old private switch.

- is there any requirement public and private vlan to communicate?  No

I'm uploading my running-configs for the old private and public switches.  I had to edit the config IPs for security on the upload and remove a lot of port configs so it won't be so long.

Preview file
5 KB
Preview file
15 KB
0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to greg8

‎05-13-2021 11:55 AM

Hi,

So, looking at the config for the 6500, you only have VLAN 3, 5, 7, and 8. If these have private IPs (RFC 1918) then they will never be routed to the Internet unless you use NAT which I don't see configured on the Nexus. So, all you have to do is to build the above 4 VLANs on the Nexus and move the corresponding IPs as well. Also, I only see vlan 3 as access ports on the 6500 which means if you have any devices (PC/laptop, etc) connected to these ports, they also need to be moved to Nexus and be put in vlan 3. Also, move over the Portchannels you have on the 6500 if they are needed.

 

HTH

 

Go to solution
greg8
Level 1
Level 1
In response to Reza Sharifi

‎05-14-2021 08:04 AM

Thanks for the feedback.  This helps a lot.  We are not using NAT and our private network is only internal.

0 Helpful

Go to solution
greg8
Level 1
Level 1
In response to greg8

‎05-14-2021 08:15 AM

So there's no other config changes at the upper level for the switch for using private?  What I gather is to mimic the VLAN configs from the old switch to the new, configure the new ports, move the physical connections, and then I should have connectivity. 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to greg8

‎05-14-2021 07:42 AM 

vlan 3
!
vlan 5
!
vlan 7
!
vlan 8
!
vlan 9
!

I only see the difference here , so you do not requirement major work on nexus, just create a VLAN and move the SVI there.

if you do not like exiting nexus VLAN to talk to thease VLAN, you can have ACL to deploy locally.

 

Any if they are  "Private IP 255.255.255.0" they can not reach internet.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
greg8
Level 1
Level 1
In response to balaji.bandi

‎05-14-2021 08:02 AM

This network doesn't need to reach the internet just internal if that helps.  

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to greg8

‎05-14-2021 09:50 AM

Sure then you are good to go.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card