cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
984
Views
5
Helpful
8
Replies

Converting 3560X from layer 2 to layer 3 remotely

Elton Babcock
Level 1
Level 1

Hello,

 

Currently I have a 3560X switch that is layer 2 only with "ip routing" currently disabled. At this time the switch is manageable over the network and configured with "ip default-gateway xx.xx.xx.xx" 

I need to convert this switch to layer 3 but am concerned that when I issue the "ip routing" command I am going to lose the switch as there isn't any 0.0.0.0 route configured. I already confirmed I can't add the route as routing isn't enabled. 

Has anyone had to do this before or have any experience with what to expect when making this change?

 

Thanks in advance, 

 

Elton

8 Replies 8

Jon Marshall
Hall of Fame
Hall of Fame

Haven't done it before but presumably the switch has one L3 vlan interface with an IP address and then as you say the default gateway.

If you login to the default gateway then from there login to the switch then the src and dst IPs will be in the same subnet so you shouldn't lose any connectivity when you enable ip routing. You can then ad the default route (which is your current default gateway).

You must do this from a src IP on the same subnet as the L3 SVI on the switch though ie. you can't login from your desktop directly for example as you would then lose connectivity.

Jon

  Jon is correct , you shouldn't lose connectivity if you login into the L3 device that currently doing the routing and then telnet to the 3560 .  We have done this a number of times .

Jon, 

 

Thanks for the quick reply. 

Yes the switch currently has one layer 3 SVI with the IP address. 

Unfortunately I am unable to log in to the switch from the default-gateway device as it is managed by a separate group who will not give me access to that device. 

Thanks, Elton

If you can't login to the default gateway then can you get the other group to make the change for you ?

If not then you will have to visit the switch (or talk someone on site through it) because if your src IP is not from the same subnet you will very probably lose connectivity.

Jon

Peter Paluch
Cisco Employee
Cisco Employee

Hi Elton,

You can also try using the TCL language to perform this. The idea is that you can create a script that executes multiple commands at once. Something along these lines (all executed in the privileged EXEC mode):

tclsh
foreach i {1} {
ios_config "ip routing"
ios_config "ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx"
}
tclquit

This entire script will start executing itself only after entering the closing } bracket and hitting Enter. At that point, the script contains all commands necessary for the migration to the routed mode.

Best regards,
Peter

P.S.: The foreach cycle is not really relevant in this example - it is just a workaround to group all commands into a subgroup that starts executing itself only after it is fully written. It will execute exactly once and the value of the variable i is not used anywhere.

P.P.S.: Just in case, I strongly suggest scheduling a reload in 5 minutes before trying out that TCL script. If anything goes wrong, the switch will reload so that you do not lose it permanently.

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Another way to accomplish this, is to place the necessary commands into a file placed on the device's local flash.  Then you just copy the file from flash to the running config.

Like Peter's posting, I too would recommend a timed reload.  (I also normally use a five minute time.)

This technique, or Peter's, can also be used to even change the attributes of the interface being used for remote connectivity.

Or, instead of the timed reload, he could try to "config revert" the changes:

http://packetpushers.net/cisco-configuration-archive-rollback-using-revert-instead-of-reload/

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Indeed, but does require the IOS to support the feature and requires additional configuration support.  Still, a great suggestion,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco