HP Switch Config changes


We are in the process of changing our 3x site IPSec VPN to a stage migration to MPLS, so single firewall.

Stage one is to get site 1 on MPLS first and leverage some of the newer features of the hosted firewall while still routing traffic across the site to site vpns accordingly.

First change we (on prem) need to do is re-configure a number of ports in the switch to accomodate the new on prem router(s).

Currently we have HSRP (i think) on the CPE which terminates on the HP L3 (2920 poe) switch.  Its currently using a Vlan with no IP address associated and has a ports connected to the two routers.
The two other vlans we have are for voice and data and each vlan has a connection to the firewall which has the two vlans configured.

The new provider would like to use trunk ports to get away from the multiple ports to multiple vlans.   Any pointers here in terms of configuration on the switch and if this can be done without changing the existing config (should all go wrong)?

Who is Participating?
nociSoftware EngineerCommented:
Only if you want to be able to manage the switch from a that vlan.  
Effectively a switch can operate without IP addresses, it primarily functions on MAC addresses.

Note VLAN is a distributed over switches thing, not a connection/cable to a router.
So for example VLAN x is the same LAN even if the x is mentioned on multiple switches. (This does require that the switches are connected using a VLAN enabled trunk/portchannel connections).
nociSoftware EngineerCommented:
Are you saying you DROP IPSEC and start MPLS?  You are aware that MPLS as such has no encryption? While IPSEC does offer that.
You may still want IPSEC to prevent eavesdropping.
CHI-LTDAuthor Commented:
Ive been told an ipsec vpn can be created on mpls
nociSoftware EngineerCommented:
Then it probably wasn't done yet... (i get from your wording...), preferably you get the IPSEC configured.

wrt. the Q, yes you can create a trunk (or portchannel in cisco speak), with multiple VLAN's across it if your router supports that.
preferably using static configurations (not LACP).   You will need to create a trunk on two ports and the same on the router and allow the needed VLAN's over it using tags. (No untagged VLAN).
CHI-LTDAuthor Commented:
okay so it will need an IP address allocated to the new vlan with the portchannel?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.