Solved: Moving Core of the network to a new Switch

darinheilman · ‎06-30-2025

I'm looking for confirmation of my thinking being correct, or corrections where wrong.

Here is my situation: Large School District with construction nearing completion of a new building where the core of our network will be moved. Right now we have a 4510R that is doing ospf routing and is a vtp server. This will remain up for a time to service the building it is currently housed in but only as a switch going forward. The new core area has a 9410R that i am programming now.

I will have time over a weekend where both can be down when needed since its summertime. I'm thinking of taking the 4510 off network, moving the routing to the 9400, making it a vtp server, manually copying VLAN information, (along with all other configuration, but these i think are the most important ones initially) and then patching it into the network.

Then making the 4510 just a vtp client, removing any routing configuration (and any other configuration it wont need just to be a switch hanging off the 9410) then patching it back on network.

Am i making this too simple? is there more that needs to be done?

Thanks in advance.

Giuseppe Larosa · ‎07-04-2025

Hello @darinheilman ,

L3 configuration has to be inserted manually on new core switch.

Be careful about access-lists and filtering commands . You should define the ACLs before adding the commands that invoke them under each SVI L3 interface.

A non existing ACL is like a permit any any but as soon as you configure the first line of the ACL it is applied directly. This can have an impact.

VTP protocol provides only synchronization of OSI L2 information the list of VLANs ( VLAN database).

To be noted with VTP version 3, there is an option to support an additional database to carry MST configuration on it.

This may be handy if you use MST.

Also if the Cat4510 remains for some time you can consider to use it as secondary core switch both at L2 for STP and at L3 if you implement HSRP or VRRP in eacn user facing VLAN.

Hope to help

Giuseppe

View solution in original post

marce1000 · ‎06-30-2025

- @darinheilman Besides those , you have not mentioned changing bridge root priority for spanning tree to point to the new core

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Elliot Dierksen · ‎06-30-2025

You can have more than 1 VTP server in a network. You should have the 9410R join as a VTP client. Once you have confirmed it has all the VLAN's and that the revision number matches the one in the 4510, you can make the 9410R a VTP server. @marce1000 makes excellent points (as always) about the spanning tree root priority.

You will also have to figure out how to move the default gateway functions. That will vary depending on whether the default gateway is an HSRP address in the 4510 or if it is the native IP of the SVI's in the 4510.

Joseph W. Doherty · ‎06-30-2025

Ah, Elliot beat me to mentioning adding 9410 to the network it should be able to pick up the VTP database, assuming we're dealing with VTP versions 1 or 2. (VTP V3 is more complex, for the rest of this reply I'll assume V3 isn't being used.)

Elliot is correct you can easily have multiple VTP servers but the 9410 can be either a client or server, nor is a server even required for VTP replication. (Server role allows manual VTP changes.)

On the subject of STP root (which with PVST, would be configured for each VLAN), possibly it was never assigned on the 4510, and if not, it probably should be STP primary and secondary roots normally align with VLAN gateways. Additionally, as you mention retaining the 4510 on the network, if it has STP root assignments, you'll want to remove those.

darinheilman · ‎07-03-2025

Spanning tree is MST so I'll make the new switch a low priority so it becomes root.

However, I'm still wondering how the 9410 will get the VLAN Interface information (IP address and ACL assignment) that is housed on the 4510 if i simply make it a client first to sync, then turn it into a vtp server. Once i make the 9410 a vtp server, does that information also sync?

Joseph W. Doherty · ‎07-03-2025

@darinheilman wrote:

Spanning tree is MST so I'll make the new switch a low priority so it becomes root.

However, I'm still wondering how the 9410 will get the VLAN Interface information (IP address and ACL assignment) that is housed on the 4510 if i simply make it a client first to sync, then turn it into a vtp server. Once i make the 9410 a vtp server, does that information also sync?

VTP, at least in versions 1 and 2, only passes about VLAN existence information, not device port VLAN configs or ACLs. For the latter, you'll need to manually configure.

Giuseppe Larosa · ‎07-04-2025