Question : Ip Helper, protocol forwarding and routing related query

It's related to a configuration I came across on one of Foundry's NSR16 switches running on Layer 3 code and currently being used to route traffic between different VLANs.

To make the network design simple, it's comprises of two VLANs

On VLAN 220 resides hosts and servers belonging to (10.20.220./24) subnet.
On VLAN 222 resides hosts (mainly user workstations) belonging to (10.20.222./24) subnet.

The interface addresses on this switch are:
--------------------------------------------------------
interface e 1
ip address 10.20.220.1 255.255.255.0
!
interface e 2
ip address 10.20.222.1 255.255.255.0
ip helper-address 1 10.20.220.30 (* Address of the DHCP Server on VLAN 220 )
----------------------------------------------------------
The routing table (as configured on the Switch) is:
-----------------------------------------------------------
ip route 10.20.220.0 255.255.255.0 ethernet 1
ip route 10.20.222.0 255.255.255.0 ethernet 2
ip route 0.0.0.0 0.0.0.0 10.20.220.50 ( Default Gateway for the two VLANs *)
-----------------------------------------------------------
My problem is, I want to access telnet and GUI Management interface via Interface 1 and want to do the same when I come in through VLAN 220. Sitting on an IP host whose address is(say: 10.20.220.120/24), the address of my management laptop, i seek to open the GUI residing at http://10.20.220.1/24 ). Though I can ping Int1 of my NSR from anywhere on VLAN 220 hosts, but I cannot start the management GUI or telnet into it. I think it's a routing issue or maybe I have to create an ACL but need more directions.

Also, If it's true that IP forwarding of all ports is enabled by default on most L3 switches, why is there the need of "ip forward-protocol" commands? Where and when should they be used? I observed that various udp ports have been configured on this one but I can even access others (e.g Port 80,23,25 etc.,) across each sides of the two Interfaces. So what's the need of "ip forward-protocol udp " here?

The output of "sh run" on this switch, is as under:

***************************************************

abc-e12>en
Password:
abc-e12#sh run
Current configuration:
!
ver 07.1.26mT13
global-stp
global-protocol-vlan
!
!
vlan 1 name DEFAULT-VLAN by port
spanning-tree
!
enable telnet authentication
enable telnet password .....
enable super-user-password .....
hostname abc-e12
ip forward-protocol udp echo
ip forward-protocol udp 427 (* Netware SLP)
ip forward-protocol udp 524 ( Netware SLP)
ip forward-protocol udp 3017 (Netware NDPS)
ip forward-protocol udp 3396 (Netware NDPS)
ip forward-protocol udp 3014 (Netware NDPS)
ip forward-protocol udp 3016 (Netware NDPS)
ip forward-protocol udp 3018 (Netware NDPS)
ip forward-protocol udp 3019 (Netware NDPS)
ip route 10.20.220.0 255.255.254.0 ethernet 1
ip route 10.20.222.0 255.255.255.0 ethernet 2
ip route 0.0.0.0 0.0.0.0 10.20.220.50
snmp-server community ..... rw
router rip
!
interface e 1
ip address 10.20.220.1 255.255.254.0
!
interface e 2
ip address 10.20.222.1 255.255.255.0
ip helper-address 1 10.20.220.30 ( DHCP Server IP address on VLAN 220)
!
interface e 3
ip address 10.100.200.2 255.255.255.0 (* Management IP currently configured to access web GUI while a laptop is assigned an IP of 10.100.200.1/24 along with a crossover UTP*)
!
interface e 4
!
interface e 5
!
interface e 6
!
interface e 7
!
interface e 8
!
interface e 9
!
interface e 10
!
interface e 11
!
interface e 12
!
interface e 13
!
interface e 14
!
interface e 15
!
interface e 16
!
!
end

abc-e12#
************************************************************

Answer : Ip Helper, protocol forwarding and routing related query

>why is there the need of "ip forward-protocol" commands?
VLAN and Layer 3 interfaces are broadcast boundaries and we use this command to forward broadcast-centric protocols, most noteably UDP 138 for Netbios or UDP68/69 for DHCP, etc. We have applications that require broadcasts on 4 specific ports, like 6651-6653 and this command lets that through. All TCP traffic is forwarded by default, and uni-cast UDP is allowed and forwarded (like UDP/53 for DNS). In your case these are specific netware broadcast ports that need to be propogated between interfaces.

>Though I can ping Int1 of my NSR from anywhere on VLAN 220 hosts, but I cannot start the management GUI or telnet into it. I think it's a routing issue or maybe I have to create an ACL but need more directions.
If you can ping it, then routing is not the issue. I'm not familiar enough with Foundry to recognize restrictions on management access to the interfaces, but Cisco certainly has several different ways to allow/restrict access to the device's interface itself...

Random Solutions

DNS: How do I setup a testing server with same domain name as my live site?

Lotus Notes Calendar button: need to add repeating entries to workable calendar appointment, or simply multiple dates

Gridview Update with One Button Dropdownlist Template

DNS does not forward requests

limited or no newtork connection

DHCP renewal issue after disabling APIPA

Vertical (Televantage) vs ShoreTel

DNS resolution issue

how to get city or place name through latitude and longitude