Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1125
Views
0
Helpful
4
Replies

Migrating L2 Links to L3 Between Access-layer to Dist-Layer

zekebashi
Level 4
Level 4

‎02-13-2020 10:18 AM

Hello,

 

Using this old post: https://community.cisco.com/t5/switching/moving-from-layer-2-to-layer-3-access-and-distribution-switches/td-p/901175 as a reference.

 

We have a similar situation where we have over 24 floors in the tower. Each floor has 1 or two access-layer switches which is uplinked to the a pair of NX7K switches configured in a vPC domain. Each access-layer is configured with L2 vPC ports (Port-Channel to each vPC peer switch. Each access-layer switch has a default route 0/0 to the HSRP VIP configured on both distribution switches (vPC peer members); example; 

 

Dist_01 (hsrp_01 = 10.1.250.2 Primary)     VIP: 10.1.250.1/24    Dist_02 (hsrp_02 = 10.1.250.3 Secodary)

 

Access_01: vlan 250

                   SVI; 10.1.250.51/24

                    ip route 0.0.0.0 0.0.0.0 10.1.250.1

 

The requirement is get rid of the vPC configuration (vPC Domain) and have the two dist-layer switches configured in a stand-alone design. Meaning, each dist switch will have a L2 and L3 links between them and  convert each L2 uplink (vPC links = Port-Channel) from the access-layer switch to each dist switch via L3 P2P and enable eigrp routing.

 

I am not quite sure what the best design should be to accomplish this requirement. My question is: 

 

-  If we convert the L2 uplinks to routed links (L3) between the access-layer switches to the each dist switch, what would be the default gateway for each VLAN on the access-layer switch since is no longer going to be FHRP mechanism?

 

Dist_01 Link to Access_01 = L3: 10.1.250.1/24           Dist_02 L3 Link to Access_01 = 10.1.250.3/24

 

Access_01: Link to Dist_01 = L3: 10.1.250.2/24)         Access_01: Link to Dist_01 L3 = 10.1.250.4/24

VLAN 250

SVI; 10.1.250.51/24 mgmt

                   

Thanks in advance for your input.

 

Best, ~zK

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎02-13-2020 10:39 AM

Hi,

Before you make any changes, make sure you and your organization understand the consequence of changing the routing to the access layer. The biggest issue with routing at the access layer is that you can not span a vlan between 2 switches.  So, say you have a floor with 2 closets and each closet had an access switch. In a routed access design, you have to put every closet in its own subnet/vlan and so you can not span the one vlan across multiple closet. Also, the same issue for printers. 

f we convert the L2 uplinks to routed links (L3) between the access-layer switches to the each dist switch, what would be the default gateway for each VLAN on the access-layer switch since is no longer going to be FHRP mechanism?

This is another big issue with routing at the access layer as the default gateway for all subnets/vlans will be the access switches and you will not be able to use any FHRP protocols like HSRP or VRRP as there is no layer-2 connectivity between the access switches.   

HTH

0 Helpful

zekebashi
Level 4
Level 4
In response to Reza Sharifi

‎02-14-2020 02:46 PM

I agree with you that careful considerations have to be taken when thinking about converting L2 to routed access design.

 

We have every floor/closet/access-layer switch configured with unique subnets (exp, floor 2; vlan 20, vlan 21, vlan 47, vlan 59, ...etc.)  and these vlans don't span to other closets. Each subnet is associated with a SVI/gateway which is configured on the distribution switches in HSRP fashion.

 

Access_02; vlan 20, vlan 21, vlan 47, and vlan 59

Dist_01: interface vlan 20 = ip address 10.1.20.2/24; hsrp priority 110 ip address 10.1.20.1/24

              interface vlan 21 = ip address 10.1.21.2/24; hsrp priority 110 ip address 10.1.21.1/24

              interface vlan 47 = ip address 10.1.47.2/24; hsrp priority 110 ip address 10.1.47.1/24

              interface vlan 59 = ip address 10.1.59.2/24; hsrp priority 110 ip address 10.1.59.1/24

 

Dist_02: interface vlan 20 = ip address 10.1.20.3/24; hsrp priority 110 ip address 10.1.20.1/24

              interface vlan 21 = ip address 10.1.21.3/24; hsrp priority 110 ip address 10.1.21.1/24

              interface vlan 47 = ip address 10.1.47.3/24; hsrp priority 110 ip address 10.1.47.1/24

              interface vlan 59 = ip address 10.1.59.3/24; hsrp priority 110 ip address 10.1.59.1/24

 

The plan is as follows:

    - Replace the NX7Ks with new C9500s and configure them in stand-alone design and have couple of L2 and L3 interlinks between them.

    - Configure the SVIs/gateways for each subnet on the respective access-layer switch

       

Access_02; vlan 20, vlan 21, vlan 47, and vlan 59

              interface vlan 20 = ip address 10.1.20.2/24

              interface vlan 21 = ip address 10.1.21.2/24

              interface vlan 47 = ip address 10.1.47.2/24

              interface vlan 59 = ip address 10.1.59.2/24

             L3 P2P Uplinks to Dist_01 and Dist_02

             Enable dynamic routing on each access-layer switch and advertise the 10.1.x.x/16

             0/0 default route is currently being redistributed from the core switches, so the access-layer switches will receive the default route.

 

Does this make sense? Thoughts?

 

Thanks in advance,

~zK

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to zekebashi

‎02-14-2020 04:02 PM

This looks good. This is just cosmetic but I always like to use .1 as a gateway if possible.

Access_02; vlan 20, vlan 21, vlan 47, and vlan 59

              interface vlan 20 = ip address 10.1.20.1/24

              interface vlan 21 = ip address 10.1.21.1/24

              interface vlan 47 = ip address 10.1.47.1/24

              interface vlan 59 = ip address 10.1.59.1/24

How about printers and/or phones if you are using VoIP?

HTH

 

 

0 Helpful

zekebashi
Level 4
Level 4
In response to Reza Sharifi

‎02-19-2020 08:18 AM

Thanks for your input.


I am still contemplating between using /31 vs splitting /24 to two /25 subnets (10.1.243.0/24 split to 10.1.243.0/25 and 10.1.243.128/25) for the P2P links between the access and dist switches. Is using /31 is a good idea? I've reviewed RFC 3021 and the doc doesn't raise any routing issues or cons: http://www.faqs.org/rfcs/rfc3021.html


- VoIP VLAN: VL21 is the VLAN designated for VoIP.

 

- Printers are confined within the same floor, meaning, all printers on the 4th flr are assigned to VLAN 44; SVI/default GW on Dist switches (HSRP: 10.1.44.2 on Dist_01 & 10.1.44.3 on Dist_02 --- VIP: 10.1.44.1/24), so I will be creating/moving the respective SVI/GW to the access switch (Access_01: VLAN 44; Interface VLAN44 = 10.1.44.1/24)

 

- The other concern is having to do with the WLCs. Currently, we have two L2 Port-Channel(vPC) links to each WLCs (one port-channel to link the primary WLC and the other port-channel is to link the Standby WLC). My question is will migrating the L2 Port-Channels to L3 ECMP have any adverse effect? My knowledge with CAPWAP is that it can work with L3!!

 

Thanks in advance,
~zK

0 Helpful
Top