Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
715
Views
0
Helpful
5
Replies

core switch migration at branch site

k. cheng
Level 1
Level 1

‎09-28-2023 06:33 AM

I’m sorry for the length of this description but…. I have to replace a standalone c4507r+e (core) switch with a standalone c9407 switch at one of my company’s branch locations. So far the 9407 was powered up and connected to the 4507 via an lacp trunk with some of the 4507’s old hosts connected to it. The 4507 is reachable by gateway ip 1.1.1.1/24 and the 9407 is reachable at 1.1.1.8/24 (yes, same subnet). 70+ end hosts and infrastructure appliances (ha firewall pair, 3850 access switches, & storage servers) still have to be moved to the 9407. The 4507 has several other SVIs (ex: phone, pc, wireless, etc) and is the site’s dhcp server. For stp, the 4507 is the root because the 3850 access switches’ mac is higher (yes, I inherited these switches with the same priority) so I intentional raised the 9407’s priority to 36864 so it doesn’t become the stp root yet. I have a change window to move the 70+ end hosts today, which shouldn’t include any “excitement” and I will label the current physical connections. But I’d like your opinions on the final phase of this migration (moving the 3850s, firewalls, routers, etc to the 9407) I was thinking of these steps (in this order too):

  1. Increase the stp priority on the access switches/3850s to 61440
  2. Lower the stp priority on the 9407 to 28672
  3. Disconnect both of the 3850’s uplinks (it’s a PO) to the 4507
  4. Disconnect all of the firewalls connections (again, active-standby ha) to the 4507
  5. Disconnect all links to the storage server (also a PO) from the 4507
  6. Remove the gateway address from the SVIs on the 4507 (whether it’s “no ip add” or “ip add something else that’s not in use”)
  7. Enable the same gateway addresses on the SVIs on the 9407 (before I copied from the 4507, pasted them into the 9407, and shut them)
  8. Connect the 3850s to the 9407
  9. Connect the firewalls to the 9407
  10. Connect the storage server to the 9407

Thoughts? Comments?

Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎09-28-2023 07:53 AM

here is my comments :

  1. Increase the stp priority on the access switches/3850s to 61440  - if teh root 4500 (what priority if this 4096 - then make cat 9400 8192)
  2. Lower the stp priority on the 9407 to 28672  ( i suggested above that is best way, primary old core and alternative is cat 9400)
  3. Disconnect both of the 3850’s uplinks (it’s a PO) to the 4507  - yes keep the configuration ready on cat 9400 - unplug from old cat 4500 and plug in to cat 9400 ( and test it) - hope they are near and reachable by same cables.
  4. Disconnect all of the firewalls connections (again, active-standby ha) to the 4507   - in this i suggest to move the standby first to new Cat 9400 - and check the HA ok ? and Failover the Firewall Active to standby ( so you can move easily from cat 4K to Cat 9K)
  5. Disconnect all links to the storage server (also a PO) from the 4507  (this will have small Blip but that expected).
  6. Remove the gateway address from the SVIs on the 4507 (whether it’s “no ip add” or “ip add something else that’s not in use”) - on new cat 9K preconfigure SVI and shutdown mode - you shut 1 SVI at a time on the old cat 4K and bring up on cat 9K and test it (if you running rapid STP this will be quicker). (also some time you may clear Ip arp for the respected SVI IP on other devices (some time it stucks).
  7. Enable the same gateway addresses on the SVIs on the 9407 (before I copied from the 4507, pasted them into the 9407, and shut them) - i would suggest to preconfigure in shutdown mode and shut on old one no shut on new one (minimise downtime)
  8. Connect the 3850s to the 9407 
  9. Connect the firewalls to the 9407
  10. Connect the storage server to the 9407
 
 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

k. cheng
Level 1
Level 1

‎09-28-2023 11:35 AM

hi Balaji, thx for responding but i dont understand what you said about the stp priority on the 3850s. the 3850s use the default priority of 32768. and so did the 9407. when i compared their mac addresses, the 3850s would've won the root election. my thinking was to increase the 3850s' priority since it (being an access switch) shouldn't be the root bridge.
your suggestion about shutting the svi on the 4507 and then no shut the svi on the 9407 was my original plan. then this other post more or less said to physically move everything off of the old core without making any config changes. i'm sorry but i'm confused now.

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to k. cheng

‎09-28-2023 11:45 AM

You want change with lower downtime as you could? If yes 

Then config svi different IP and config hsrp when traffic totally pass through c9k then you can remove c4k. No down time.

Change priority keep same SVI ip not solve issue of redirect traffic I think.

One more point is dhcp' you need to make server push the new IP of SVI of new c9k.

0 Helpful

k. cheng
Level 1
Level 1

‎10-19-2023 11:00 AM

well i was given a change window (2 whole hours!!) to move 2 fiber downlinks, 2 firewall uplinks, swap 6 SVIs, correct stp priorities (on the current access switches new core) and 80 end devices where their patch cabling looks like a 3d version of prolong scribbling on a piece of paper. so in terms of downtime i had so leeway
i was able to correct the stp priority for all the VLANs (2, 4-8), move the firewall links to the new core but i hit a brickwall during the SVI swap. for that i shut int vlan4 (cisco ip phones) on the old core, saw continous pings stopped, then no shut int vlan4 on the new core. but the pings stayed down. rollback was quick and smooth, the phones came back up 2 seconds later. the layer 3 configs (no eigrp, static routes, SVIs) and VLANs are the same. i did configure a layer 2 po/trunk between the 9400/new core & 4507/old core for this migration. i didnt want to remove this trunk until everything was moved off of the 4507. what i forgot to include in the picture (i hope it shows) was the vlan2 svi details. int vlan2 on the old core is 10.1.1.1/24. int vlan2 on the new core is 10.1.1.9/24. was keeping the migration po up/up a problem? or could there have been an issue with the vlan2 svi?

bky physical topology.png
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to k. cheng

‎10-20-2023 02:58 AM

high level looks ok  but preparation and information main key when you doing cut over the services - what information you have to troubleshoot.

I configured VLAN 2 same IP address on new Core and put in shutdown mode (not wjth new IP) since most device have gateway of 1 that lead to different issue if you start using .9)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card