HP 2920 with layer 3 vlans

Dear Experts,

I have to configure a switch system to my company which is consist of two HP switches 2920 stacked to each other represent a core switch and six HP switches 1910 for each floor and a firewall for internet access, I want to do the following:

First configure a 12 VLANs on all the switches all vlans must not communicate with each others except the servers vlan can communicate with all the vlans using layer 3 routing.

Second all vlans must have internet connection via the connected firewall.

Third trunk connection using dynamic LACP one up-link to each 2920 switch for high availability.

Thanks,
husseinhammoudAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Craig BeckCommented:
Well the config depends on how the switches at the core actually stack.  Will you be using the dedicated stacking module in each 2920, or will you be linking them together via the existing RJ45 ports or SFPs?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
convergintCommented:
You would use access control lists to protect your VLANs.  Here's a sample config I made up.  I don't have access to a switch to ensure that my syntax is all correct but hopefully you can understand the concepts.  Like Craigbeck mentioned above, not sure how you are stacking the switches but it is really simple to enable dynamic LACP.  It's just "interface 23-24 lacp active" for example to enable port 23 and 24 for lacp.  You only need to do it on one side as typically all the ports are set for passive by default.

max-vlans 100
ip routing
ip access-list standard "VLANs-Servers"
   1 remark "Servers Subnet"
   2 permit 192.168.1.0 0.0.0.255
ip access-list standard "VLANs-Out"
   1 remark "All Subnets"
   2 permit 0.0.0.0 255.255.255.255
interface 1
   name "1910SwitchFloor1"       
interface 2
   name "1910SwitchFloor2"
interface 3
   name "1910SwitchFloor3"
interface 4
   name "1910SwitchFloor4"
interface 5
   name "1910SwitchFloor5"
interface 6
   name "1910SwitchFloor6"
interface 7
   name "Server"
interface 8
   name "Firewall"
vlan 1
   name "DEFAULT_VLAN"
   untagged 8-24
   no untagged 1-7
   exit
vlan 100
   name "Server VLAN"
   ip address 192.168.1.1 255.255.255.0
   untagged 7-8
   tagged 1-6
   exit
vlan 2
   name "VLAN2"
   ip address 192.168.2.1 255.255.255.0
   tagged 1-6
   ip access-group VLANs-Servers in
   ip access-group VLANs-Out out
   exit
vlan 3
   name "VLAN3"
   ip address 192.168.3.1 255.255.255.0
   ip access-group VLANs-Servers in
   ip access-group VLANs-Out out
   tagged 1-6
   exit
vlan 4
{continue as above for rest of vlans}
Craig BeckCommented:
Third trunk connection using dynamic LACP one up-link to each 2920 switch for high availability.
Just bear in mind that if you stack using SFPs (uplinks) not stack modules, you can't do this, even with the great example above.

You would have to use STP and no trunk for this.  This is really why it's important to know how you intend to make the stack.
convergintCommented:
If my example was useful to you and correct, I would appreciate some points awarded to my solution.  If not, I can help you with the configuration to get it working.

Thanks.
Craig BeckCommented:
@convergint - I agree.  If anything, your comment was actually a more complete solution and would likely do what the OP is asking.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.