Upgrade core switches.

Guys,
The core of our network, basically a LAN, consists of two Cisco switches 6509 / sup1, run with HSRP. The distribution layer consists of about 20 4912 switches. We’re going to replace them with two new 6509 /720 Sup. Although I’ve done something similar, I’ve never done an upgrade same as this.
I post my idea here and I’d like you guys give me some opinions as whether it is feasible or whether there is another better way and what should be carefully dealt with.
These are the steps with which I want to implement the upgrade. Let’s use New-6509 as two new 6509, Old-6509 reference the two old ones that are running on our network.
1. Install the two New-6509/SUP720 physically.
2. Configure the tow New-6509, making them have the similar setting as the Old-6509.
3. put them into the HSRP group;
4. connect distribution lay to the two New-6509;
5. test and observe;
6. if the network is stable, change the HSRP server in the HSRP group from one of the Old-6509 to one of the New-6509;
7. test and observe;
8. if the network runs fine, get the Old-6509 one by one.
One of the steps that I am worried is Step 4, because this cost another 2 set of cables and ports to distribution layers.
Thanks,
Han,

That sounds OK to me...
If you configure them as you say in a fully redundant confuration you should not have many problems.
Pull the active HRSP router across with preempt, make sure all your new uplinks contain all your vlans. You could trim the VLANs out of your old uplinks one by one to have less impact in case anything goes wrong.
Dave

Similar Messages

  • Steps to upgrade Cisco MDS core switch

    Hello,
    We wanted to upgrade our Cisco SAN core switch firmware. Currently we are running below firmware version. We wanted to go to latest version NX OS 5.2 (x) but as per the white paper i need to go to 5.0 (X) and after that i need to upgrade it to 5.2 (x). Can some help me with the steps to follow the upgrade. I have th cook book but just need the main steps to perform the upgrade.
    kickstart: version 4.1(1c)
      system:    version 4.1(1c)

    are you using IVR non-NAT, if you are you need to convert to IVR-NAT before you go to 5.2. Other than that you just follow the  normal procedure, look at the release notes for each firmware to make sure your hardware is supported and then do the usual
    install all system bootflash:m9x00-xxx.bin kickstart bootflash:m9x00-xxx-kickstart-xx.bin
    as a side note, i know you don't mark people replies to your questions as helpful/correct on EMC ECN ..at least do it here to show your appreciation.
    @dynamoxxx

  • 2911 ISR G2 as a core switch in campus network?

    Hello experts,
    Just wonder about having a Cisco 2911 ISR G2 router with Cisco SM-X Layer 2/3 EtherSwitch Service Module (16 port) can be used as a core switch in a campus network. Possible? Our goal is to find a way to simplify our company's network infrastructure by re-using/re-assigning/upgrade some of our existing Cisco network devices in order to reduce cost.
    Kindly advice.
    Regards,
    Alex

    1Gbps backbone between the switch and router? Where can I find the information?
    Go HERE.  
    The interface communication between router-to-module may be 1 Gbps but you won't be able to push 1 Gbps.  

  • How to create a Access list on core switch to bloxk all Internet Traffic & allow some specific Internet Traffic

    Hellp Everyone,
    I am trying to create a Access-List on my Core Switch, in which I want to allow few internet website & block the rest of them.
    I want to allow the whole Intranet but few intranet websites also needs access to the internet.
    Can we create such Access-List with the above requirement.
    I tried to create the ACL on the switch but it blocks the whole internet access.
    i want to do it for a subnet not for a specific IP.
    Can someone help me in creating such access list.
    Thanks in Advance

    The exact syntax depends on your subnets and how they connect to the Internet. If you can share a simple diagram that would be much more informative.
    In general just remember that access-lists are parsed from the top down and as soon as a match is found, the processing stops. So you put the most specific rules at the top. also, once you add an access-list, there is an implicit "deny any any" at the end.
    The best approach is to create some network object-groups and then refer to them in your access list. From your description, that would be something like three object-groups - one for the Intranet (Intranet), one for the allowed servers that can use Internet (allowed_servers), and a third for the permitted Internet sites (allowed_sites).
    You would then use them as follows:
    ip access-list extended main_acl
    permit any object-group intranet any
    permit object-group allowed_servers object-group allowed_sites any
    interface vlan
    ip access-group main_acl in
    More details on the syntax and examples can be found here:
    http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-2mt/sec-object-group-acl.html#GUID-BE5C124C-CCE0-423A-B147-96C33FA18C66

  • Difference between core switch types WS-C3750X-12S-S and N3K-C3524P-10G?

    Hello All,
    I am new to this domain and yet have to look after the setup of our datacenter for a new branch. Could any one of you provide difference between core switch types WS-C3750X-12S-S and N3K-C3524P-10G!
    Thanks in advance!!

    N3K-C3524P-10G
    24 fixed 1/10-Gbps SFP+ ports; upgradeable to 48 with a valid license
    Line-rate Layer 2 and Layer 3 throughput of up to 480 Gbps
    Compact 1RU form factor
    Dual redundant color-coded power supplies
    Four redundant color-coded fans

  • Core switch and sub switch gateway

    I have a Layer 3 core switch(backbone) 10.18.16.0/24, and the core switch needs to connect to multiple Layer 2 sub switches.
    The Layer 2  sub switches will connect to multiple workstations. The sub switches network will be 172.20.10.0/24, 172.20.40/24 and so on.
     I use core switch IP 10.18.16.11 to connect to sub switch 172.20.10.0/24. Which gateway IP  should I use for 172.20.10.0/24 ? Should I use 172.20.10.1 or 10.18.16.11 ?
    Thank you for your help in advance.

    I am not sure what you mean by "sup switches", but usually you need a management IP/vlan segment, so you can use it to access the devices.  So if your management segment is 172.20.10.0/24 you assign an SVI to every layer-2 switch and give it an IP in this range and the gateway for all the SVIs should be on the core (172.20.10.1/24
    example:
    access switch-1 172.20.10.11/24
    access switch-2 172.20.10.12/24
    access switch-3 172.20.10.13/24
    and so on
    The default gateway for all your layer-2 switches should be the SVI on the core (172.20.10.1/24)
    HTH

  • Connecting core switch to the internet ?

    Hi,
    We have 2 6506's connected through an ether-channel trunk.
    On these 6506's we have configured a vlan, vlan interface and 2 access ports for 2 ASA's.
    These ASA's run in failover mode but only one ASA is physically connected at the moment.
    We want to be more resilient so our provider has provided us with a redundant setup of routers for our internet connection.
    However, for this construction they would need a layer 2 connection on our side to have HSRP running.
    There are 2 options in my opinion :
    - Buy a set of switches to facilitate the layer-2 connection between te routers and to connect the outside of the ASA's.
    - Instead of buying 2 new switches, create a new unrouted vlan on our core 6506's and use access-ports for the routers and the ASA's.
    But how safe is it to connected the core switch with an unrouted vlan to the internet router ?
    In terms of vlan hopping or other possible attacks ?
    I think i have to disable DTP, Spanning-Tree, CDP and maybe a lot more ?

    I am as far as applying this to secure the port :
    switchport
    switchport mode access
    switchport access vlan X
    switchport nonegotiate
    spanning-tree bpdufilter enable
    spanning-tree portfast edge
    switchport port-security
    switchport port-security maximum 3
    switchport port-security violation restrict
    no cdp enable
    Any additions to this ?

  • Choosing a Core Switch

    Hi,
    What are the criterias when choosing a core switch? For example, in the Cisco product pages - the Catalyst 4500 and 6500 are already distribution/core switches while the Catalyst 3750 are access/edge switches.
    Can I make a stack of Catalyst 3750 my core switch? What makes a core switch a "core" switch - what features does it have, performance, etc.?
    Does Cisco have a guide - for example, you have X number of users - use Cisco Y model as your core switch?
    Thanks,
    Tony

    There's many criteria one can use choosing a core device, but since such a device, by being at the center of your network, may carry the most traffic, performance is often given additional weight for core device choice.
    With regard to making a choice on some X number of users, choice of core is often made more toward bandwidth usage of core ports. There's often a large difference between the nomimal bandwidth of a port and the substainable bandwidth to/from a port. (E.g. the difference between a 6500 with Sup32 and 6148 10/100/1000 Ethernet vs. 6500 with Sup720 with 6748 and DFC 10/100/1000 Ethernet. The former is suited as an edge device, the latter more suited for core device.)
    A stack of 3750 might be used as a core for a very small and/or light usage network. Consider that a single 48 port 3750, I believe, is not an every port wire rate device, and the performance limitation of the stack ring. However similar performance limitations are also true for certain 4500 or 6500 hardware configurations.
    Although performance is often a major factor, other considerations, such as other features, might be important too. For instance, a dual 48 port 3750G stack might be a viable choice vs. a 6704 with dual Sup32s and two 6148 line cards, but the 6500 likely will offer features not available with the 3750. For instance, believe 3750s only support 32 HSRP groups and don't support GLBP.

  • Core switches experience High CPU while generating syslog report from LMS

    Hi Everyone,
    Are there anyone who experience that the CPU utilization of some devices went up while generating a report from RME. Basing from other monitoring tool SNMP is taking up a huge cpu process. Any idea why this happened considering that the report is generated daily but only on one instance it caused the core switches to be paralyze due to high cpu. Changing the SNMP community string is the immediate action that resolve the issue to disconnect it from LMS.
    BTW, this is LMS 2.6.
    Thank you.

    The problem did not reoccurred any more. When I checked on the Syslogcollector.log it appeared that it is unable to subscribe. I assumed that the reason why snmp packets were flooded during the time that it they experience high cpu is because the client is generating syslog report for all devices while the syslog collector is not subscribe. Is this possible?
    Thanks

  • Hyper-v cluster with core switch downtime... what to do?

    Is there a way to essentially "pause" the hyper-v cluster and keep things running but do NOT attempt to failover anything for any reason?
    We have one Procurve 5412zl switch with two c7000 enclosures. In each c7000 enclosure there are two switches that connect all the blade servers within the enclosure. Those two switches are interconnected internally so they can communicate within the enclosure.
    So if the core switch goes down the hyper-v servers in the same c7000 enclosure can still communicate but they will be seperated from the others in the other enclosure.
    So we have 4 hyper-v servers in one enclosure and 3 in another. If i disconnect the core switch i'm wondering what will happen (if I reboot the switch which is what I need to do).
    How can I avoid having to shut down everything for this and just tell hyper-v cluster to not do anything when the network is lost?

    Hi Quadrantids,
    " to essentially "pause" the hyper-v cluster and keep things running but
    do NOT attempt to failover anything for any reason"
    Based on my understanding  you need to keep cluster running on the same C7000 enclosure , in another words before you cut the connection between the C7000 enclosures  you may migrate VMs to same enclosure to keep running (I assume that the
    storage will not be affected by the restart ).
    Best Regards
    Elton Ji
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • LAN design - how to implement a core switch?

    Hi all,
    First post here so please be gentle :-)
    I'm looking for a bit of advice with a LAN setup I've been tasked with.
    The basic requirements are to have a demonstration suite of servers/storage devices networked with internet access with certain devices segmented in different VLANs. Also, a separate VLAN is required for training and meeting rooms which will receive DHCP addresses from a WIN2K3 server.
    The kit I've inherited consists of:
    1 ADSL Modem/Router
    1 2611XM router
    2 Catalyst 4006 switches with Supervisor II engines (CatOS :-( ), one with a layer 3 routing module
    Several Catalyst 2950/3500xl switches
    Netscreen 100 Firewall
    F5 Firepass for VPN
    After a lot of fun resetting devices I've currently setup the LAN with a router on a stick configuration which routes between different VLANs (on the 3500/2950s) and which has internet access via the 2611 and ADSL modem router in turn. That's about as far as my current knowledge goes I'm afraid!
    What I have to do is incorporate the 4006s but I don't really know how to go about it or what's the best way to use them. How would I use them as core switches?
    I was hoping someone could point me in the right direction on the best way to connect the switches up, i.e. network design, cabling (fibre uplinks between switches) and some basic configuration advice with the layer 3 routing module.
    Any advice will be most appreciated!! It's my first networking job and I'm a bit lost.
    Thanks.

    Peter,
    I would do the same - with a twist...
    Have 1 4006 as a VTP server, also the spanningtree root for all vlans.
    Have a trunk between the two 4006's - and make it an etherchannel 2 or 3 ethernet links (redundancy).
    Make the second 4006 also a vtp server (redundancy) and have that 4006 the secondary 4006 for spanningtree (more redundancy!)
    That way if you decide to have a distribution layer - you have 2 uplinks into the core 1 into 4006-1 as the primary, and the second 4006-2 as the secondary.
    You could then have a trunk (etherchannel) between the distribution switches, then have a access layer into the distribution layer with duel links. This way you could have multiple switch and or link failures and still work!!!
    You use the layer 3 module to do the inter-vlan routing - correct. Then have your adsl modem/router as the gateway to the internet - you put a default route in the layer 3 module point to the adsl modem! then you have the routes for the various vlan subnets pointing from the modem back to the layer 3 module......done!
    HTH.

  • 6509 core switch

    Hello,
    I'm configuring a 6509 core switch that has 4 blades and each blade has 48 ports by default the ports are shutdown.  I know I can do a port range with a no shutdown command to brings all ports up for each blade. However is there only one command that can make all ports active on each blade or a module command that can bring all ports for each 48 port blade?
    Thanks,

    Horacio
    From memory the int range command can be used to specify ports on different linecards so you could try one command that includes the range for all ports on all linecards. Cant say for sure it will work but i seem to remember doing something like this before.
    Jon

  • Where to install CCM, access or core switch?

    What's the recommendation on where the CCM server should be, in access switch or core switch? Based on ipt readiness assessment seems servers should be on access switch. Thanks

    If you have many wiring closets (access layer) that has phones plugged into them, its better to centrally colocate CCM and such to the core, or in a distribution block that is connected to the core.
    HTh
    Sankar.
    PS: please remember to rate posts!

  • ISE wireless with HP core switch

    Hi all,
    We are planning to implement ISE for Wireless users. Our core switch is HP and our WLC is 5500.
    I would like to know if we need to change our core switch so that we can use ISE or there is no need to change it.

    You'd need 2 separate SSIDs as the access method will be different for each, e.g:
    Employee - WPA2 and 802.1x
    Guest - Webauth
    You don't have to have a quarantine, we do but it's not essential.
    For your employee WLAN you could have just one VLAN or you could have multiple. We started off with just one for our employee WLAN but now we've got several on each WLC (laptops, medical devices, etc.). I would suggest starting off simple with one.
    Your employee WLAN clients won't get an address until after they authenticate so you don't need a VLAN before then.

  • UCS C 220 server teaming on two core switches.

    Hello Everyone,
    I am using UCS C 220 M3 server and it has 8 HDD. I created RAID for redundancy and installed call manager custom software on it. Now in the network topology there are two core switches. I connected the UCS server on first core switch from Gig port 1 of the server.
    Now client is Demanding to connect on other core switch also. I am aware of the concept of teaming and i did it many times on microsoft server but either on the single switch or on the VSS system
    Here the scenario is core switch 1 and cor switch 2 are two seperate device. Indeed there is a ether channel between them but these switches are not virtual.
    Kindly suggest the solution how i can achieve the redundancy for UCS 220 server.
    Thanks in Advance.
    Please reply.

    Hello again, Im stuck
    This is what I have done. I have created the vPC between my esx host and my two nexus 5000 switches, but it doesnt seem to come up:
    S02# sh port-channel summary
    Flags:  D - Down        P - Up in port-channel (members)
            I - Individual  H - Hot-standby (LACP only)
            s - Suspended   r - Module-removed
            S - Switched    R - Routed
            U - Up (port-channel)
            M - Not in use. Min-links not met
    Group Port-       Type     Protocol  Member Ports
          Channel
    4     Po4(SD)     Eth      LACP      Eth1/9(D)
    vPC info:
    S02# sh vpc 4
    vPC status
    id     Port        Status Consistency Reason                     Active vlans
    4      Po4         down*  success     success                    -
    vPC config:
    interface port-channel4
      switchport mode trunk
      switchport trunk allowed vlan 20,27,30,50,100,500-501
      spanning-tree port type edge trunk
      vpc 4
    interface Ethernet1/9
      switchport mode trunk
      switchport trunk allowed vlan 20,27,30,50,100,500-501
      spanning-tree port type edge trunk
      channel-group 4 mode active
    Im unsure what I must configure on the cisco 240M3(esx host) side to make this work. I only have the two default interfaces(eth0 and eth1) on the vic-1225 installed in the esx host, and both have the vlan mode is set to TRUNK.
    Any ideas on what I am missing?
    Message was edited by: HDA

Maybe you are looking for

  • Bc4j/oc4j/petstore problem

    After installing BC4J runtime on top of OC4J running on Win2k and Sun JDK1.3.1, bc4j demo is OK. the Sun's J2EE demo petstore stops working. Any idea? Thx. Request URI:/apps/petstore/template.jsp Exception: oracle.jsp.parse.JspParseException: Line #

  • Media disconnected in FCP7, corrupt Xsan?

    Hi folks, I posted this in the FCP7 community as well, but am unsure if it's an FCP or an Xsan issue... I ran across this issue a month or two ago with one of my student workers.  We were able to fix the problem on the fly and I just assumed it was u

  • New nanp

    How many hours do i need to charge for the first time?

  • Visual Studio 2003 - Empty subreport, but the rows are there....

    I'm building a report and I have two subreports. The first subreport has single datafields and works perfectly, the second one has a table to show multiple line with articles data. The dataset beeing used has the data. I confirmed it by debugging the

  • HT4623 sound on my I phone 4 is not working on you tubes ????????

    Sound on I Phone is not working on you tube ?????