HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

241

242

243

244

245

246

247

248

249

250

4-32

HP ProCurve Network Immunity Manager with HP ProCurve Security Devices

Step 2: Detect Threats

6. Configure an IP address for the TMS zl Module’s interface on that VLAN.

hostswitch(tms-module-C:config)# vlan <VLAN_ID> ip address

<IP_address> <subnet_mask>

7. Optionally, you can configure a priority VLAN to ensure that you can always access the

Web browser interface (even if the TMS zl Module is handling an extremely high volume

of traffic).

hostswitch(tms-module-C:config)# management priority-vlan

<VLAN_ID>

8. Determine the VLAN on which the TMS zl Module connects to its default gateway.

• When an external router is the default gateway, this VLAN is the VLAN on which the

host switch connects to the external router.

• If the module’s host switch is the default gateway, this VLAN is typically the VLAN on

which the host switch connects to the external router. Make sure that the switch has

an IP address on that VLAN.

• If a core switch is the default gateway, this VLAN is typically the VLAN on which the

module’s host switch connects to the core switch.

In the example network, the default gateway is in VLAN 32.

9. If the default gateway is on the VLAN you have already added to the management access

zone, skip this step and continue with step 10. Otherwise, complete this step.

a. Associate the VLAN on which the TMS zl Module connects to its default gateway with

a zone (often the External zone).

hostswitch(tms-module-C:config)# vlan <VLAN_ID> zone <zone>

For the example network, you would associate VLAN 32 with the External zone:

hostswitch(tms-module-C:config)# vlan 32 zone external

Remember, if you want the host switch to have an IP address on that VLAN, you must

include the allow-switch-ip option.

b. Assign the module an IP address on the subnet that is associated with that VLAN.

hostswitch(tms-module-C:config)# vlan <VLAN_ID> ip address

<IP_address> <subnet_mask>

10. Define a default gateway:

hostswitch(tms-module-C:config)# ip route 0.0.0.0/0 <next-hop

address>

Replace <next-hop address> with the IP address of the default gateway for the module.

11. Ping the default gateway to verify connectivity.

If the default gateway is in the management access zone you defined, complete step 11a.

If the default gateway is not in the management access zone you defined, complete

step 11b.

a. Because the default gateway’s zone is a management access zone, the TMS zl Module

automatically created a firewall access policy that allows Internet Control Message

Protocol (ICMP) echo packets between the Self zone (the module) and that zone. You

can simply ping the default gateway.

hostswitch (tms-module-C:config)# ping <default gateway>