Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
369
Views
0
Helpful
7
Replies

Which first change Default route or remove route maps

Go to solution
Adam Coombs
Level 1
Level 1

‎04-24-2014 01:33 PM - edited ‎03-07-2019 07:12 PM

Ok, I have a question that is something that i need advice on.

 

We have route maps on both of our 6513 switches and 3750e with no route-maps

 

I want to change the default route on main 6513

The default route goes to the firewall that we will not need anymore.

I want the default to go the new firewall we are using that all the route maps are going to.

 

To add to this problem is the subnetting that was setup before I got here.

Firewall that I want to get rid of is a /29 and the new firewall is /28 same ip address like 172.30.0.x

Also the they are on different VLANS as well.

 

Here is pic of what i am talking about.

 

I want to remove the FW/29 from the network

I want to remove the route maps and make the FW/28 the default route

and also change the 172.30.0.x to /24

 

What advice would you give to help with this problem????

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Adam Coombs

‎04-25-2014 12:16 PM

Well, FW/28 is used in the PBR not the FW/29

Yes i understand that. I was just asking if all traffic was being redirected with PBR.

So the 3750E is using the old firewall. This would mean when you replace the default route they will lose any current connections but if it just web traffic it should not be too bad.

I would still do as i suggested ie. replace the existing default route and remove the PBR and by the sounds of it only a few users should be affected temporarily.

In terms of removing the PBR you need to remove if from the interfaces it is applied to and then remove the actual route map the way you have suggested.

Jon

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-24-2014 02:00 PM

So currently you have

172.30.0.0/29

and

172.30.0.16/28

and you are using PBR to direct certain traffic to the new firewall on both 6500s.

So some questions -

1) do you have an outage for this ?

2) are there any other vlans using part of the 172.30.0.0/24 address range

be aware that if you are changing the subnet mask then you will need to update the 6500 SVIs and also the new firewall interface IP address.

Jon

0 Helpful

Go to solution
Adam Coombs
Level 1
Level 1
In response to Jon Marshall

‎04-24-2014 05:40 PM

I currently do not have any outages, that is why i am checking what to do first 

There is no other vlan using 172.30.0.0/28 network 

I am aware that I will have to change the 6500 SVI and new firewall interface ip address, thank you 

also old firewall used a different ISP than new firewall used if that helps

 

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Adam Coombs

‎04-24-2014 06:04 PM

So are both firewalls in use at the moment or is your PBR overriding the default route and sending all traffic to the new firewall ?

If it is then you simply need to replace the existing default route with the new one. If all traffic is using PBR then this should have no effect on the current traffic.

Then once you have the new default route in place you can simply remove the PBR configuration.

Then you can look at changing the subnet mask.  Because you are simply increasing the subnet mask and because nothing else is in this vlan it should not affect traffic as long as you don't change the actual IPs assigned to the 6500 SVIs and firewall interface.

So is all traffic using PBR to the new firewall or are you using both firewalls at the moment ?

Jon

0 Helpful

Go to solution
Adam Coombs
Level 1
Level 1
In response to Jon Marshall

‎04-25-2014 10:34 AM

Well, FW/28 is used in the PBR not the FW/29

The only traffic I can see that is using the FW/29 is the 3750E since 6513 are all using PBR config that set the next hop to FW/28.  There is not a lot of people on the 3750E switch

I dont plan on changing any ip address just changing the subnetting 

do i just enter no before the PBR config on the 6513 ?

 

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Adam Coombs

‎04-25-2014 12:16 PM

Well, FW/28 is used in the PBR not the FW/29

Yes i understand that. I was just asking if all traffic was being redirected with PBR.

So the 3750E is using the old firewall. This would mean when you replace the default route they will lose any current connections but if it just web traffic it should not be too bad.

I would still do as i suggested ie. replace the existing default route and remove the PBR and by the sounds of it only a few users should be affected temporarily.

In terms of removing the PBR you need to remove if from the interfaces it is applied to and then remove the actual route map the way you have suggested.

Jon

0 Helpful

Go to solution
Adam Coombs
Level 1
Level 1
In response to Jon Marshall

‎04-25-2014 02:56 PM

Jon

Thank you very much I will schedule a RFC for this change and have cisco tac on the line just incase something weird happens.

Thank you very much for you help here I make sure I post what I have done here. 

0 Helpful

Go to solution
Adam Coombs
Level 1
Level 1
In response to Jon Marshall

‎08-19-2014 06:48 AM

Well the default was change the was done by a different tech.

Change the default route but add a different route-map in my thinking no issue expect that there was need a nat rule and acl that was need on the firewall for the old networks that did not have route maps to allow traffic for www and https weird.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card