Help understanding HP switches, VLANs, IP helpers and ACLs
Hi all, I will start with warning you this is probably going to a rant but I need some simple advice / study material for networking, VLANs, IP Helpers and some suggestions on how to go about setting things up the right way. I know my way round servers but not so much when it comes to switches. I want to learn on HP switches as that’s what I am going to be dealing with (must be honest the cisco terminology seems a little easier lol). What I know and have tested so far:
I know how to telnet in to a switch or connect via serial and am slowly learning my way around HP’s CLI. I understand how to create VLANs and Trunks, the basics of tagged and untagged (although I must admit when I ran into the term no untagged it struck me as pointless and confusing, I guess I will learn the reason behind that at some point).
What I really need know:
How computers on different VLANs can communicate. I think the answer is with IP helpers and ACLs. However most material I come across can never seem to explain this simply and it’s usually referring to cisco kit which confuses me even more. I suppose the simpler way of putting this would be give you real life context. The setup: A network with 7 VLANs and every switch in my network knows about all 7 VLANs, is connected in a star topology by LACP Trunks, all VLANs are tagged to every trunk so all, VLANs include 1Management, 2Servers, 3Finance, 4Sales, 5warehouse, 6Voice and 7CCTV . Most of these VLANs need to get to servers running DHCP and DNS but being separate VLANs at this point they can only talk to other machines in their respective VLANs.
Assumption 1: So I need IP helpers to get traffic back to the DNS and DHCP servers on VLAN 2?
Assumption 2: In the case of something like CCTV where it can be monitored via a web browser I need to setup ACLs (access control lists) to let an IP from say VLAN5 talk to an IP on VLAN7?
Assumption 3: Layer 3 switches can “route” information between VLANs but Layer 2 switches can’t?
If all of the above assumptions are correct how would I go about setting up IP helpers and ACLs on a HP switch? If I seem to be talking rubbish could you set me straight and lastly could you point me in the direction or explain to me how to set this up and if I am missing anything? Thanks in advance and sorry for the rant lol
I know how to telnet in to a switch or connect via serial and am slowly learning my way around HP’s CLI. I understand how to create VLANs and Trunks, the basics of tagged and untagged (although I must admit when I ran into the term no untagged it struck me as pointless and confusing, I guess I will learn the reason behind that at some point).
What I really need know:
How computers on different VLANs can communicate. I think the answer is with IP helpers and ACLs. However most material I come across can never seem to explain this simply and it’s usually referring to cisco kit which confuses me even more. I suppose the simpler way of putting this would be give you real life context. The setup: A network with 7 VLANs and every switch in my network knows about all 7 VLANs, is connected in a star topology by LACP Trunks, all VLANs are tagged to every trunk so all, VLANs include 1Management, 2Servers, 3Finance, 4Sales, 5warehouse, 6Voice and 7CCTV . Most of these VLANs need to get to servers running DHCP and DNS but being separate VLANs at this point they can only talk to other machines in their respective VLANs.
Assumption 1: So I need IP helpers to get traffic back to the DNS and DHCP servers on VLAN 2?
Assumption 2: In the case of something like CCTV where it can be monitored via a web browser I need to setup ACLs (access control lists) to let an IP from say VLAN5 talk to an IP on VLAN7?
Assumption 3: Layer 3 switches can “route” information between VLANs but Layer 2 switches can’t?
If all of the above assumptions are correct how would I go about setting up IP helpers and ACLs on a HP switch? If I seem to be talking rubbish could you set me straight and lastly could you point me in the direction or explain to me how to set this up and if I am missing anything? Thanks in advance and sorry for the rant lol
ASKER
HI Don, thanks for the quick response.
So I would setup IP Routing on the distribution switches (first switches trunked back to the core) or all switches?
And an IP helper just on the core?
Do you know the HP commands to do this or can you point me a decent guide?
Do you think this all I would need to get good basic connectivity? I don't think I need ACLs and basic spanning tree doesn't seem to be much hassle (I know you can really tune it ect but I am just after the essentials atm)
So I would setup IP Routing on the distribution switches (first switches trunked back to the core) or all switches?
And an IP helper just on the core?
Do you know the HP commands to do this or can you point me a decent guide?
Do you think this all I would need to get good basic connectivity? I don't think I need ACLs and basic spanning tree doesn't seem to be much hassle (I know you can really tune it ect but I am just after the essentials atm)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks that cleared a lot up for me
No. The ACL is used (among other things) to filter or block traffic. What allows traffic to move between VLANs is (assuming we are talking about a multilayer switch or router) is enabling "ip routing" and assigning IP addresses to interfaces.
This is correct.