PDF(304.4 KB) View with Adobe Reader on a variety of devices
ePub(374.0 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(240.3 KB) View on Kindle device or Kindle app on multiple devices
Updated:August 28, 2021
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes the guidelines and recommendations when a user tries to migrate legacy catalyst switches 3k/4k/6k that run the SD-Access fabric network to Catalyst 9k switches.
Cisco Software-Defined Access (SD-Access), a solution within Cisco Digital Network Architecture (Cisco DNA) which is built on intent-based network principles, provides a transformational shift in building, managing, and securing networks, making them faster and easier to operate, with improved business efficiency. By decoupling network functions from hardware, it creates a virtual overlay over the underlying physical network infrastructure.
The SD-Access network is up with Cisco Digital Network Architecture Center (DNAC) and Catalyst switches. The Catalyst switches are deployed in either one of the fabric roles such as Border, Control Plane and Edge. The network availability for the client endpoints can be disrupted and there are no critical workloads that cannot be a teardown. The physical connectivity from the new Edge nodes to client endpoints and new Border/Control plane nodes to the external networks must be established. Also, the new device added to the network has connectivity to DNAC through the underlay network.
Migration from legacy Catalyst 3k/4k/6k switches to Catalyst 9k switches can be a challenge. It is important to select the right model of new switches for the fabric device roles in the migration plan.
The need for migration to a newer platform could be for different reasons in the network. New features in the SD-Access fabric are not supported on the legacy catalyst platforms. Some of the examples are listed here:
Fabric in a Box (FIAB) is not supported as shown in the image.
SDA features post DNAC release 2.1.2.x are not supported as shown in the image. For example, Directed Broadcast.
Cisco DNAC that manages SD-Access Fabric switches currently doesn’t support migration of the fabric devices to new platforms. However, SD-Access fabric devices can be replaced with a similar device and model with the RMA workflow wizard in DNAC.
Navigate to Manage your Inventory > Replace a Faulty device for details.
Migration from legacy switches to Catalyst 9k:
Different legacy Fabric device roles that can be migrated to new catalyst 9k switches are listed here.
Edge Node (Catalyst 9200, 9300, 9400 and 9500 series switches are recommended)
Border Node (Catalyst 9300, 9400, 9500 and 9600 series switches are recommended)
Control plane Node (Catalyst 9300, 9400, 9500 and 9600 series switches are recommended)
Remove the device from SD-Access fabric:
You need to remove the legacy Catalyst 3k/4k/6k switch from the fabric first. The legacy catalyst fabric devices can be deleted from the fabric and inventory before the addition of the new device. Based on the fabric device role, select the option.
Follow these steps in order to remove the device from the fabric
1. Take a snapshot of the Fabric device configuration.
2. Some of the examples would be
2.1. Edge – Static port assignments, any authentication methods on the ports
2.2. Borders – Layer2 / Layer3 Handoff configuration for the Virtual Networks that connect to an external network.
The port assignment for the host onboard needs to be cleared before the delete of an edge node from the fabric. Remove the extended Node/Policy Extended node/IoT devices from the Edge node before the edge node removal. Remove Fabric Edge from Fabric as shown in the image.
Error with ports assigned as shown in the image:
Fabric Border/Control Plane: The fabric border/Control plane can be removed from the fabric with external handoffs configured.
Delete the device from the inventory: Once the device is removed from the fabric, the switch needs to be removed from the inventory. Select the configuration cleanup option in order to wipe off the configuration from the deleted device in the delete operation.
At this point, the legacy switch can be physically removed from the fabric and replaced with Cat 9K.
New Device Discovery: Use the LAN Automation option in order to discover the new switches.
Cisco LAN Automation provides key benefits to Enterprise customers. Refer to the guide in order to discover new switches with LAN automation. The recommended way to discover switches for SD-Access fabric.
The new switches that need to be replaced with old switches can be discovered manually on the DNAC by the configuration of the Management interface, Loopback, CLI, SNMP, VTY and neighbor interface IP address/route to have reachability from the DNAC to switches. This is not a recommended method because it involves a lot of manual configuration and is more prone to errors.
Network/Fabric configuration: Provision of the discovered new switches to the Fabric site. Follow the fabric device provision guide to deploy the fabric node based on the fabric device role.
Some of the key things to remember:
Edge Nodes - Connect the endpoints to the Edge node. Do host onboard with the VLAN, scalable group and authentication methods that existed before.
Internal Border/Control Plane nodes – Configure the Layer3/Layer2 Handoff for the Virtual Networks to the internal Datacenter/traditional Layer2 network.
External Border nodes – Configure the Handoff and IP connectivity between the Peer transit routers.
If there are templates pushed to fabric devices earlier it needs to be pushed again.