Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
111112113114115116117118119120
2-10
Initial Setup in Routing Mode
Deploying the TMS zl Module in Routing Mode
Figure 2-5. Filtering Traffic for VLANs That Are Not TMS VLANs
Figure 2-5 shows an example. VLANs 2 through 8 are configured on switch A,
but only VLAN 2 is configured on switch B, which hosts the module. If VLAN 3
is to be checked by the module, you must configure switch A to specify the
TMS zl Module as the next-hop router for VLAN 3. For the module to route
traffic back to VLAN 3, you must designate switch A as the next-hop router
for VLAN 3 on the module.
Zone Best Practices
Which zones you use will depend on both the size and security needs of your
network. Below are a few practices that will suit any network:
Use the External zone for VLANs that handle traffic to the Internet or
another untrusted network.
Use DMZ for VLANs that contain publicly available resources such as Web
services and FTP.
Use the Internal zone for VLANs that are inside the corporate LAN.
For an extremely simple network configuration, put all of your internal
VLANs in the Internal zone and all of the VLANs that connect to external
resources in the External zone.
If you choose to put your wireless traffic and wired traffic in different
VLANs, you can also put wireless VLANs and wired VLANs in separate
zones. (However, you can also put your wireless and wired traffic in the
same VLAN and zone.)
You might consider putting high-security VLANs in a separate zone from
lower-security VLANs.
Put your guests and temporary employees into separate VLANs, and then
put the VLANs in a separate zone. This will allow you to create rules that
are more specifically tailored to limited access.