Converting L3 to L2 in between distribution to core

lokesh279 · ‎05-03-2018

Hi , Need an help regarding my work

WE have total 2 Core switches and 3 Distribution switches where the 2 core switches are connected in L3 and also each distribution switch will connect to both core switches in L3 connection.

Now the task is

The current scenario in which traffic is flowing is the traffic will come from access to distribution which is a L2 connection where in distribution it have the SVI's the traffic will reach there and from access and it will reach the core switch from distribution which is a L3 connection in between them.

Now we planning of removing those SVI's in distribution and want to convert the connection between distribution and core from L3 to L2. We will test after converting to L2 and if it works properly everything then we will remove the SVI's. Need an solution regarding config how to convert these from L3 to L2.

Appreciate you solution, Thanks.

Reza Sharifi · ‎05-03-2018

Hi,

Warning, if you are doing this in production, it will cause downtime, so you need a maintenance window to perform this task.

As for the config, during the window:

1-Delete all SVIs from the distros except the management. This way you can access the switch.

2-Convert the layer-3 interface to layer-2 by deleting the IP and changing the ports from routed to a trunk on both sides of the connection.

3-Create the same SVIs on the core switches.

4-Test connectivity and redundancy

HTH

lokesh279 · ‎05-03-2018

Hi,

First we don't want to delete the SVIs from distribution. First we want to convert all l3 links to l2 links and test whether it is working properly or not. Later when it is working properly we want to shift those SVIs to different production and depart firewalls not on to the core switches. and we want to create a new VRF(OSPF Routing) in core switches to connect the new firewalls. Firewall runs on OSPF routing and globally we want to Static routes.

Firewall ( Checkpoints)

Core (Cisco 6807)

So, when we shift SVIs to firewalls we need the traffic to flow in this following manner

Access--> Distro--->Core---> Respective SVI Firewall---> Core(Prod VRF)---> Core FW---> Border Firewall---> Enterprise. (Globally)

Access--> Distro--->Core---> Respective SVI Firewall---> Core(Prod VRF)---> Core FW--> Other Production Firewall. (Internally)

Like this the traffic flow will be.

Can you suggest me how to do with this, How to give the ospf areas for firewalls and core switches. and also how to write the ospf routing for core switch and firewall. and also about the config how to convet the l3 to l2.

Appreciate a lot with you help, Thanks.

Reza Sharifi · ‎05-03-2018

Hi,

Can you explain if you are trying to do all of these in a maintenance window or during production?

From the sound of it, it appears that you want to do this during productions, if this is the case, I can tell you that you will have downtime during this conversion.

HTH

lokesh279 · ‎05-03-2018

we will do this in maintenance window not during the production.

Reza Sharifi · ‎05-03-2018

ok, so, if you are doing this in a maintenance window and simply want to move the SVIs from distro to core, it is much easier to do it the way I explained it in my first post instead of doing all these workarounds with firewalls, vrf, OSPF, etc..

HTH

lokesh279 · ‎05-03-2018

we want to move the SVIs to different set of production and depart firewalls not to the core, because we are bringing new 7 firewalls for this into the production