HP Switch Config changes


We are in the process of changing our 3x site IPSec VPN to a stage migration to MPLS, so single firewall.

Stage one is to get site 1 on MPLS first and leverage some of the newer features of the hosted firewall while still routing traffic across the site to site vpns accordingly.

First change we (on prem) need to do is re-configure a number of ports in the switch to accomodate the new on prem router(s).

Currently we have HSRP (i think) on the CPE which terminates on the HP L3 (2920 poe) switch.  Its currently using a Vlan with no IP address associated and has a ports connected to the two routers.
The two other vlans we have are for voice and data and each vlan has a connection to the firewall which has the two vlans configured.

The new provider would like to use trunk ports to get away from the multiple ports to multiple vlans.   Any pointers here in terms of configuration on the switch and if this can be done without changing the existing config (should all go wrong)?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
Are you saying you DROP IPSEC and start MPLS?  You are aware that MPLS as such has no encryption? While IPSEC does offer that.
You may still want IPSEC to prevent eavesdropping.
CHI-LTDAuthor Commented:
Ive been told an ipsec vpn can be created on mpls
nociSoftware EngineerCommented:
Then it probably wasn't done yet... (i get from your wording...), preferably you get the IPSEC configured.

wrt. the Q, yes you can create a trunk (or portchannel in cisco speak), with multiple VLAN's across it if your router supports that.
preferably using static configurations (not LACP).   You will need to create a trunk on two ports and the same on the router and allow the needed VLAN's over it using tags. (No untagged VLAN).
CHI-LTDAuthor Commented:
okay so it will need an IP address allocated to the new vlan with the portchannel?
nociSoftware EngineerCommented:
Only if you want to be able to manage the switch from a that vlan.  
Effectively a switch can operate without IP addresses, it primarily functions on MAC addresses.

Note VLAN is a distributed over switches thing, not a connection/cable to a router.
So for example VLAN x is the same LAN even if the x is mentioned on multiple switches. (This does require that the switches are connected using a VLAN enabled trunk/portchannel connections).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.