Professional Documents
Culture Documents
v1910 24G
In the last how to, we performed the firmware upgrade
and initial configuration on the HP v1910 24G.
Its now time to start placing some VLANs onto our switch. A good
starting point is why do we use VLANs?
Well a VLAN enables us to:
way that ESXi allows you to run multiple virtual machines on the
same physical hardware.
Create logical boundaries so that traffic from one VLAN to
Management
iSCSI
vMotion
Backup
HP Fail Over Manager
With this in mind, I would highly recommend creating a network
table containing your VLAN Names, VLAN ID, Subnet and Switch IP
Address. You may ask why do you bother? Well I deal with large
number of clients infrastructure and I often find that I get confused as
what subnets are doing what!
Cool, lets test it. Change a computer to use the HP v1910 24G switch
as its default gateway.
We should now be able to ping the switch, the switches next hop and
also something out on the internet.
My first VLAN ID is 10, so we enter this and click Create to the left
hand side. Next Modify the VLAN description from VLAN 0010 to
iSCSI and then click Apply.
Rinse and repeat until you have entered all of your VLANs into the
switch. Heres one I made earlier.
TOP TIP, dont forget to click Save in the top right hand corner
on a regular basis.
Great, we have created the VLANs now we need to assign them to
some switch ports. We need to understand what happens when we
change the port characteristics. The options we have are:
You will receive a pop up letting you know that Access Ports
will change to Hybrid Ports, we are cool with this, so Click OK.
To verify the VLANs have been set correctly, go to Port Detail and
choose Select All, it should show the following.
Rinse and repeat for the rest of your VLANs. To make sure everything
is tickety boo click on Summary and you should be greeted with a
page similar to this.
Time to test. So from your computer you should now be able to ping
each VLAN IP address on the switch.
Dont worry, the VLAN is still in play, we just have removed the ability
to route between subnets. Now if we ping the same device we get an
epic fail.
Now we have a choice from Basic ACLs, Advanced ACLs and Ethernet
Frame Header ACLs. OK what are the differences?
Basic ACL these only match source IPv4 addresss
Advanced ACL these match source and destination IPv4 addresss
and also protocols on different port numbers e.g. TCP 80
Ethernet Frame Header ACL these match source and destination
MAC addresses
With this is in mind, we are going to use Advanced ACLs as we want
to match interesting traffic from source to destination.
In the ACL Number section, type in 3001 and we want the match
order to be Config and click Apply
You will see the ACL Number appear in the bottom table, notice we
have no rules applied against it yet.
Next we want to go onto the Advanced Setup Tab at the top. We are
going to enter the following information:
I want to back track slightly on some of the entries we made into the
Advanced ACL, to make sure you are clear on what we did.
Rule ID this is the order in which the rules are read we entered in
number 10, so this rule is read first, if you added a rule ID 9 this
would get read before rule ID 10.
Wildcard this is the reverse of a normal subnet mask e.g.
255.255.255.0 becomes 0.0.0.255
TOP TIP: At the end of every Access List is always a silent
deny, which means you dont see the traffic being dropped it
just happens!
Lets see if it works shall we? Lets ping from my laptop to a HP
StoreVirtual VSA 10.37.20.1 success, what about the Windows 7 on
10.37.20.211, err also success, thats not right!
https://vmfocus.com/2012/09/26/how-to-configure-layer-3-static-routesvlans-on-hp-v1910-24g/
https://vmfocus.com/2012/10/14/how-to-configure-access-lists-routebetween-vlans-on-hp-v1910-24g/