Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 ā€“ 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
460
Views
3
Helpful
5
Replies

Perimeter switch migration

Go to solution
M.Sultan
Spotlight
Spotlight

ā€Ž01-04-2024 12:37 AM

Hello Guys,

 

I planned to migrate the perimeter cisco switch, One port is connect to organization fortinet fireal that port is DMZ and the other port is connect to Internet.

How to start from where ? i didn' t migrate any perimeter switch so need to be very carefull. 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP

ā€Ž01-04-2024 01:48 AM

Perimeter SW but between the ISP and FW or Edge router 
so the only think you need to care about is 
1- the VLAN use if the forti FW use VLAN SVI, if the forti use VLAN SVI you need to use trunk even if you need to allow only one VLAN in trunk this make SW push tag packet to forti
2-same as above if forti use subinterface 
3-security, we talk about l2 security the preimeter use to protect the FW or edge from DDoS and you can use strom control for this protection 

MHM 

View solution in original post

5 Replies 5

Go to solution
marce1000
VIP
VIP

ā€Ž01-04-2024 01:01 AM

 

 -  Initially   you will copy the configuration from the old switch to the new switch ; now on the new switch you may need modifications due to interface naming , VRF's ,... 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
M.Sultan
Spotlight
Spotlight
In response to marce1000

ā€Ž01-04-2024 02:08 AM

That's simple to copy and push to the new switch the main question is about how to maintain the link to stay up like VRRP GLBP HSRP ? active and standby or primary and secondry then take out the old switch.

 

0 Helpful

Go to solution
Ruben Cocheno
Spotlight
Spotlight

ā€Ž01-04-2024 01:42 AM

@M.Sultan 

Assuming you moving to a new switch (same OS platform), you need to pay attention to new default values introduced including services. Configuration wise is should be pretty much the same.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

Go to solution
MHM Cisco World
VIP
VIP

ā€Ž01-04-2024 01:48 AM

Perimeter SW but between the ISP and FW or Edge router 
so the only think you need to care about is 
1- the VLAN use if the forti FW use VLAN SVI, if the forti use VLAN SVI you need to use trunk even if you need to allow only one VLAN in trunk this make SW push tag packet to forti
2-same as above if forti use subinterface 
3-security, we talk about l2 security the preimeter use to protect the FW or edge from DDoS and you can use strom control for this protection 

MHM 

Go to solution
M.Sultan
Spotlight
Spotlight
In response to MHM Cisco World

ā€Ž01-04-2024 02:15 AM

MSultan_0-1704363201847.png

Just to give you an idea my diagram its just assuming my diagram.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card