How can I convert a Link Aggregation over to a VLAN with limited downtime?

I have 2 sets of LAs, one is already set up as a VLAN LA with a few VLANs on it.
The other LA is set up as a trusted network.

I need to convert that trusted network over to a VLAN then send it over the existing trusted LA untagged, then send it tagged over the other LA.

I obviously cant create the VLAN in advance as the subnet already exists.

I have a separate trusted port on the firebox for management so I can make changes without getting locked out, so I wonder if I just need to change the LA's IP to a different subnet, then create the VLAN, and then change the LA over to that VLAN.

I am trying to limit downtime, so I am wondering if this is the correct path, or if there is a different method I should do.

Best Answer

  • Answer ✓

    If you use WSM Policy Manager, you can make all of these changes prior to uploading the changed config to your firewall.

Answers

  • @Bruce_Briggs said:
    If you use WSM Policy Manager, you can make all of these changes prior to uploading the changed config to your firewall.

    I forgot about WSM...

    Ok, I have WSM on a machine within that LA's trusted network, not on my backup management port. Will it work in a "running config/backup config" sort of way where it queues all of the changes at once to the firebox and applies them as a whole? Or does it make changes sequentially?

    If sequentially, I will probably need to put WSM on a laptop on that management port so I dont get locked out halfway through.

  • It uploads whatever is in the Policy Manager config - so all changes, 1 or 1,000, are made at once.

  • @Bruce_Briggs said:
    It uploads whatever is in the Policy Manager config - so all changes, 1 or 1,000, are made at once.

    Perfect, thank you!
    I will give this a shot (making a backup first of course) and I will reply back here when it's done.

  • Well...That was much easier than expected....

    Thank you @Bruce_Briggs for you help!

Sign In to comment.