HP 2920 with layer 3 vlans

Posted on 2013-12-22
Last Modified: 2013-12-23
Dear Experts,

I have to configure a switch system to my company which is consist of two HP switches 2920 stacked to each other represent a core switch and six HP switches 1910 for each floor and a firewall for internet access, I want to do the following:

First configure a 12 VLANs on all the switches all vlans must not communicate with each others except the servers vlan can communicate with all the vlans using layer 3 routing.

Second all vlans must have internet connection via the connected firewall.

Third trunk connection using dynamic LACP one up-link to each 2920 switch for high availability.

Question by:husseinhammoud
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 46

Accepted Solution

Craig Beck earned 500 total points
ID: 39734854
Well the config depends on how the switches at the core actually stack.  Will you be using the dedicated stacking module in each 2920, or will you be linking them together via the existing RJ45 ports or SFPs?
LVL 10

Expert Comment

ID: 39735009
You would use access control lists to protect your VLANs.  Here's a sample config I made up.  I don't have access to a switch to ensure that my syntax is all correct but hopefully you can understand the concepts.  Like Craigbeck mentioned above, not sure how you are stacking the switches but it is really simple to enable dynamic LACP.  It's just "interface 23-24 lacp active" for example to enable port 23 and 24 for lacp.  You only need to do it on one side as typically all the ports are set for passive by default.

max-vlans 100
ip routing
ip access-list standard "VLANs-Servers"
   1 remark "Servers Subnet"
   2 permit
ip access-list standard "VLANs-Out"
   1 remark "All Subnets"
   2 permit
interface 1
   name "1910SwitchFloor1"       
interface 2
   name "1910SwitchFloor2"
interface 3
   name "1910SwitchFloor3"
interface 4
   name "1910SwitchFloor4"
interface 5
   name "1910SwitchFloor5"
interface 6
   name "1910SwitchFloor6"
interface 7
   name "Server"
interface 8
   name "Firewall"
vlan 1
   name "DEFAULT_VLAN"
   untagged 8-24
   no untagged 1-7
vlan 100
   name "Server VLAN"
   ip address
   untagged 7-8
   tagged 1-6
vlan 2
   name "VLAN2"
   ip address
   tagged 1-6
   ip access-group VLANs-Servers in
   ip access-group VLANs-Out out
vlan 3
   name "VLAN3"
   ip address
   ip access-group VLANs-Servers in
   ip access-group VLANs-Out out
   tagged 1-6
vlan 4
{continue as above for rest of vlans}
LVL 46

Expert Comment

by:Craig Beck
ID: 39735016
Third trunk connection using dynamic LACP one up-link to each 2920 switch for high availability.
Just bear in mind that if you stack using SFPs (uplinks) not stack modules, you can't do this, even with the great example above.

You would have to use STP and no trunk for this.  This is really why it's important to know how you intend to make the stack.
LVL 10

Expert Comment

ID: 39736477
If my example was useful to you and correct, I would appreciate some points awarded to my solution.  If not, I can help you with the configuration to get it working.

LVL 46

Expert Comment

by:Craig Beck
ID: 39736494
@convergint - I agree.  If anything, your comment was actually a more complete solution and would likely do what the OP is asking.

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VLAN Overused monitor 4 51
Can you use inline network testing tools with Cisco port security? 2 40
Home internet speed 20 45
VoIP Polycom Phones not working 30 50
The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question