Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3206
Views
0
Helpful
2
Replies

Core switch migration strategy

Go to solution
mwhite
Level 1
Level 1

‎04-16-2018 02:19 PM - last edited on ‎03-25-2019 04:47 PM by Community Manager

We have a new WS-C4507R+E to replace our WS-C4507R-E Core switch which is end of life.   Both switches are on line and trunked together and support internal traffic. Both switches are connected to our Firewall, but only the OldCore has viable (static) routes in/out of the network.   My goal is to complete a migration to the NewCore with the least amount of disruption possible to the attached hosts and VMware server farm.

 

Currently, each host at this site uses the OldCore as their gateway.  The OldCore has a static default route pointing to the Firewall for outbound traffic.  Inbound traffic is handled by static routes on the Firewall which point to the OLDcore.  As long as both switches are online, this is OK, but once I take the OldCore offline, I will need to change the static routes on the Firewall to point to the NewCore.   Simultaneously, I will need to change the VLAN ip address on the NewCore to the addresses used on the OldCore so internal clients can sent traffic outbound via their configured gateway(s).  While this seems viable, would it be smoother to enable routing protocols? If I enable OSPF on the internal interfaces of the ASA and the external interfaces of the core switches, how disruptive would that be to inbound/outbound traffic on my network?    Also, would there be any benefit to running OSPF for my internal VLANs?   In such a simple network, I’m having difficultly seeing an advantage.  Thoughts?  Thanks in advance for your input.

 

1 person had this problem
Labels:
Preview file
124 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎04-16-2018 02:33 PM

For such small environment, there is really no need for routing protocols. So, what you can do is to create a set of new static routes between the firewall and the new core and give them higher AD (100).

Once that is done, the traffic should still use the old core outbound and inbound as the default AD for the original static router is 1.  So, during migration, if you shut down the old core switch the only viable route is via the static route with a higher AD and so that should only take a few seconds. Once the old core is gone, you can remove the higher AD.

HTH

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎04-16-2018 02:33 PM

For such small environment, there is really no need for routing protocols. So, what you can do is to create a set of new static routes between the firewall and the new core and give them higher AD (100).

Once that is done, the traffic should still use the old core outbound and inbound as the default AD for the original static router is 1.  So, during migration, if you shut down the old core switch the only viable route is via the static route with a higher AD and so that should only take a few seconds. Once the old core is gone, you can remove the higher AD.

HTH

0 Helpful

Go to solution
mwhite
Level 1
Level 1
In response to Reza Sharifi

‎04-16-2018 03:01 PM

Thanks for confirming that. It has also occurred to me that all of the NAT statements on the firewall are tied to the interface connected to the OldCore. So I'll need to re-address the external interface on the NewCore regardless. The (re)addressing of the NewCore can be handled easily enough by pasting in pre-written commands to the CLI.
0 Helpful
Customers Also Viewed These Support Documents