Manualshelf

Riverbed® Steelhead® RiOS® Application Administrator's Guide 2010-10

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
22
Managing the HP AllianceONE Extended Services zl Module with the Riverbed® Steelhead® RiOS® Application
Example Deployments
VLAN 6 = New Servers VLAN
VLAN 20 = Voice VLAN
VLAN 30 = Database VLAN
In this example, ports connected to endpoints are untagged members of VLAN
1. Port C2, which connects to a firewall that connects to the Internet, is also
untagged in VLAN 1.
The other VLANs support various services, including voice, and are tagged on
all switch-to-switch links as well as the uplink port that connects to the branch
office’s WAN router (C1). (In addition to being tagged members of these
VLANs, C1 and other switch-to-switch ports are untagged members of VLAN
1.)
The Steelhead Application is installed in slots D and F.
Port F2 on the Extended Services zl Module with Steelhead Application is
tagged in VLAN 2, VLAN 6, VLAN 20, and VLAN 30. (It is also untagged in VLAN
1.) This ensures that the module can handle redirected traffic that includes
the 802.1Q field, marking traffic that is in one of these VLANs.
On the HP zl switch, the zones have been defined as follows:
The Uplink zone contains C1, the uplink to the WAN router that connects
to the company’s main office.
The Internal zone contains all the ports connecting to endpoints, including
A1-A24 and B1-B24, as well as all the ports that connect to other switches,
C3-C5.
The Steelhead zone contains F2, the normal port on the Extended Services
zl Module with Steelhead Application.
The BYPASS zone contains F1, the Steelhead Application’s interception
port, and C2, the port that connects to the firewall.
The company has then created zone policies to intercept the following traffic:
Traffic sent from the Internal zone to the Uplink zone.
Traffic sent from the Uplink zone to the Internal zone.
Traffic sent from the Steelhead zone to the Uplink zone.
Traffic sent from the Uplink zone to the Steelhead zone.
Traffic sent from the Internal zone to the Steelhead zone.
These configurations allow the HP zl switch to intercept the internal traffic
that is being transmitted between the internal zone and the port that connects
to the branch office’s WAN router.