Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
301302303304305306307308309310
4-88
HP ProCurve Network Immunity Manager with HP ProCurve Security Devices
Step 3: Respond to Threats
9. For Quarantine VLAN ID, type a number, such as 50.
Figure 4-65. PCM+ <Rate Limit> Action Window in Policy Manager
10. For Port Tag Status, select Tagged or Untagged.
11. Select Create VLAN if it does not exist already.
12. For IP config, select Disabled or DHCP. If you select DHCP, type a Subnet Mask in the box
provided.
13. Click Apply.
14. Click Close.
Task: Configure Port or MAC Mirroring as an Action
When NIM or infrastructure devices detect a potential threat, you might want to send the
suspicious traffic to an IDS for further analysis. For example, you could configure an action to
mirror traffic to the TMS zl Module in monitor mode.
Before you configure port mirroring or MAC mirroring as an action, you must set up a mirror,
or destination, port on your switch or switches. You can configure the mirror port in one of the
following ways:
From the switch’s CLI
From PCM+/NIM
The next section explains how to set up a mirror port in PCM+/NIM.
Subtask: Configure a Destination Port in PCM+/NIM. This section describes how to
configure the TMS zl Module’s internal port as a mirror port. PCM+/NIM will send traffic to this
port when the action is triggered. You will configure the action in “Subtask: Configure the
Action” on page 4-90.
Complete the following steps:
1. In the navigation tree, select the switch that houses the TMS zl Module (or is connected to
a third-party IDS device).