Comware Based
1748052 Members
4881 Online
108758 Solutions
New Discussion юеВ

Re: vLAN based network (HP V1910 / A5120)

 
Octavio_Rocha
Occasional Contributor

vLAN based network (HP V1910 / A5120)

Hi everyone!

 

I'm planning a topology for the new site office of my enterprise and I would appreciate some tips on how to configure the Vlans for my needs.

What i'm intend to do is to set the tagged ports for each Vlan on the A5120 Core Switch, and distribute each one to the corresponding V1910 switches that will connect the end devices (workstations, laptops, printers, servers, etc), also the Vlan traffic will be managed by a Firewall (Juniper SRX 240H in this case), so I can let space for growing on my network.

This scenario will work for me?

If I let the V1910 ports as default I can connect any device that i want to belong to the subnet in the specific switch, right?

So, can anyone help me on this?

PS: I don't need help with the Juniper configurations, only with the Vlans design.

PS.2: I'm sending a draw of my plan attached.

Thanks in advance.

6 REPLIES 6
Vince-Whirlwind
Honored Contributor

Re: vLAN based network (HP V1910 / A5120)

If you tag the uplink port on the "Core" then you need to tag the 1920 switchport it connects to the same. Then you need to put all ports on the 1920 as "untagged" in the VLAN it is getting from the "Core".

Vince-Whirlwind
Honored Contributor

Re: vLAN based network (HP V1910 / A5120)

I see you are spanning each VLAN to both the access switches as well as to the firewall.

Does this mean your "Core" is not doing the routing for each VLAN's subnet?

Octavio_Rocha
Occasional Contributor

Re: vLAN based network (HP V1910 / A5120)

Hi Vince,

Yes, all the traffic between Vlans are being controlled by Juniper SRX Firewall, with an interface (and zone) for each one, so i can manage wich data is passing from one to another.

By the way, what do you think of this topology, is this the better way to do?

Thanks for you help.

Vince-Whirlwind
Honored Contributor

Re: vLAN based network (HP V1910 / A5120)

Yes, if you want the VLANs firewalled from each other, then spanning them all to the firewall is the way to go.

A slightly different option would be to use a single link to the firewall carrying all VLANs and have the SRX use sub-interfaces (or "units" from memory) to join each VLAN to its Zone.

Octavio_Rocha
Occasional Contributor

Re: vLAN based network (HP V1910 / A5120)

Hi Vince.

I have just one more little doubt.

What is the traffic limmits, if there's any, in using a trunk port to carry all Vlans from the Core Switch to Firewall?

 

Thanks a lot.

Vince-Whirlwind
Honored Contributor

Re: vLAN based network (HP V1910 / A5120)

I wouldn't do it unless I had an aggregated pair of 10Gb ports to do it with.