cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3034
Views
35
Helpful
23
Replies

Question about migration between core switches

camelot1969
Level 1
Level 1

Hello, 

I am hoping that someone here can point me in the right direction.  We are currently using a Cisco Nexus 5596 as our core switch and the directive has been given to migrate to a Cisco C9407R.  Everything that I have found online in the way of facilitating this is in the opposite direction i.e. going from a regular Cisco TO a Nexus switch; not the other way around. Even the tool I did find going from a Cisco to a Nexus doesn't even cover our version/model so I can even do a reverse comparison of some kind.

I am really HOPING that this isnt a situation where we will have to do a trial and error trying to get this to work?

 

Has anyone else run into this type of situation before?

23 Replies 23

That sounds interesting...I would have NO idea how to do that though?

In interface config mode there should be a command to specify a mac address (depending on the version of code the command is likely to be mac-address). It is an interesting suggestion but I doubt that it will be needed.

I appreciate your effort to provide a better set of diagrams. But I am confused abut several things in the revised diagrams. The before CU diagram shows a single connection from ASR to firewall, but the after CU diagram seems to show 2 connections. Is that accurate? Also in both diagrams the connection of inside vlans and hosts are shown connecting to the 9407. Surely the reality is that before CU all those connections are to Nexus. Moving all those connections from Nexus to 9407 is the biggest and most challenging part of the conversion. Moving the connection to ASR should be a fairly small part of the effort (and to be relatively straight forward I believe).

Early in this discussion you said "while it will pass L2 traffic just fine; it is NOT passing L3". Is that still a concern? Or are we satisfied that L3 traffic on 9407 is okay?

HTH

Rick

Yes sir. You are correct. Again, the extra lines and things slightly out of place were just the result of my rushing to get something in front of you to visualize what I was poorly trying to convey.  Yes, everything else seems to be pretty straightforward and I discerned no issue with moving over the everything in prep for cutover.  Maybe we are thinking about L3 differently.  I could be wrong but one of the things I think about when I say L3 is the ability to communicate both within and outside the network..so with my being unable to do the latter once the Nexus is removed from the equation, I would have to say that it is still the concern.   

I am still not clear about this "so with my being unable to do the latter once the Nexus is removed". At one point the concern was "it will pass L2 traffic just fine; it is NOT passing L3". I believe that this concern has been resolved (the traceroute from 9407 did get to the Internet). Do you agree that this is resolved?

If the 9407 can get to the Internet with the Nexus in place and does not get to the Internet when Nexus is removed, then there is some problem in your setup when Nexus is removed. I have asked for more detail about your test environment, and will try again. Please tell us in the test environment with Nexus removed:

1) Is the ASR connected to the 9407?

2) if so, what interface of 9407 connects to ASR? What vlan does this interface belong in?

3) can the 9407 ping the IP address of the ASR?

4) have you changed the static default route on 9407? If so what is the new static default route?

When you have established the test environment with the Nexus removed it would be helpful to have the output of the commands I asked about earlier

show cdp neighbor

show ip interface brief

show ip route

show arp

HTH

Rick

This actually did help me isolate the issue as it turns out; or at least one of them. Spoofing the mac address did indeed work; which in turn led me to the Cisco ASA firewall (the next hop from the switch) that was still trying to communicate with the previous core switch as the old mac address was still in there. Clearing the arp cache on the ASA resolved my internet access issue once I turned off the masquerade.  I then had some ospf issues to resolve for the vlans (as it turns out those werent actually working either like they were supposed to be); but thanks again to both you (Paul) and Richard for helping me work through this. 

camelot1969
Level 1
Level 1

You may be right. It is likely time to go back to the device itself and see what I get. As that is in a datacenter a ways away from me, it will be sometime this weekend and I will give it another go. I have stared at this so long that I dont even know what I am looking at anymore. (sigh)


Maybe it IS as simple as just a missed connection.

One thng I do notice and am now unsure of is I did go back and look at the configs for where the ASR is plugged in (It IS now on the new core switch (9407); but now I am not sure I have the config language right. For example, on the Nexus it was

interface GigabitEthernet0/0/0
description ***CONNECTED TO Eth1/01 on TFC_c_sw01***
ip vrf forwarding OUTSIDE
ip flow monitor Scrutinizer_FM input
ip flow monitor Scrutinizer_FM output
ip address 174.136.151.80 255.255.255.192
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1428
ip access-group outside-in in
load-interval 30
negotiation auto

On the 9407, since I cant do vrf; I used:

!
interface GigabitEthernet2/0/1
description *** WAN 174.136.151.80***
switchport access vlan 300
switchport mode access

(vlan 300 equates to my wan subnet)

The more I look at it, the more I dont think that is correct; but then again; even if that were true, this might stop me from going out to the internet from the ASR but it wouldnt stop me from going out directly from the 9407; would it?

 

Thanks for the additional information. There is something about the topology that I do not understand. Looking at the traceroute from a previous response we have this:

1 10.1.168.1 1 msec 0 msec 1 msec
2 10.1.168.254 0 msec 0 msec 0 msec
3 174.136.151.65 9 msec 13 msec 3 msec

The first hop response (as we expected) was the Nexus. I am not clear what 10.1.168.254 at the second hop is. The third hop is an address in the WAN subnet 174.136.151.65.

Given that I would like to know what is 10.1.168.254? And why did you need to go through there if the WAN subnet is directly connected?

HTH

Rick

Good question. I basically just replicated what I saw on the Nexus to the 9407. 10.1.168.254 is eth1/1 on the firewall so what it appears to be doing is hopping to the firewall before then going out. 

 

 

Thanks for the additional information. So the traceroute shows a path that is 9407 to Nexus to Firewall. I am now not understanding how the ASR fits into this. Your diagrams seem to show that the firewall was connected to the ASR but it now appears that firewall connects to Nexus/9407. Can you provide clarification?

HTH

Rick
Review Cisco Networking for a $25 gift card