Riverbed® Steelhead® RiOS® Application Administrator's Guide 2010-10
23
Managing the HP AllianceONE Extended Services zl Module with the Riverbed® Steelhead® RiOS® Application
Example Deployments
To ensure that the traffic is transmitted to its intended destination, you also
have to ensure that the HP zl switch has the correct routes. In this example,
you could configure a default route through the firewall (172.30.80.2), which
connects to the Internet. In addition, you must configure specific routes that
will allow the HP zl switch to route traffic between VLANs on the internal
network. In this example, the default gateway for these routes is the WAN
router that connects to the main office (172.30.80.3). The switch has these
routes:
■ ip route 0.0.0.0 0.0.0.0 172.30.80.2
■ ip route 10.73.0.0 255.255.0.0 172.30.80.3
■ ip route 10.154.0.0 255.255.0.0 172.30.80.3
■ ip route 10.204.0.0 255.255.0.0 172.30.80.3
■ ip route 10.255.0.0 255.255.0.0 172.30.80.3
■ ip route 172.20.0.0 255.255.0.0 172.30.80.3
■ ip route 172.30.5.128 255.255.255.128 172.30.80.3
External Routing
In this deployment, the HP 5400zl or 8200zl switch has an external firewall
that is functioning as a router. For example, the switch might include an HP
Threat Management Services zl Module, which is routing traffic and providing
firewall services (as well as IPS and VPN services). The Steelhead Application
does not receive traffic directly from the outside subnet but only from the TMS
zl Module.
The HP 5400zl or 8200zl switch is configured as a routing switch and supports
multiple VLANs. However, the branch office wants to intercept only the traffic
from the untagged VLAN. Consequently, the Extended Services zl Module’s
port 2 is untagged in one VLAN only.