Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
1-16
Overview
Deployment Options for Routing Mode—Threat Protection
4. Remove all IP addresses on the selected VLANs from the host switch
except the switch’s management address.
However, if you plan to have the host switch act as the TMS zl Module’s
default gateway, also leave an IP address on the VLAN that connects to
an external router.
5. If the host switch no longer needs to route any traffic, you should disable
routing on the switch.
6. Access the TMS zl Module’s CLI through the host switch’s CLI.
7. Install the HP ProCurve TMS zl Module Product License. If you plan to
use the IDS/IPS capability, you will need to purchase and activate an IPS
subscription.
For detailed instructions on this step, see “Install the Product License
Key” in Chapter 2: “Initial Setup in Routing Mode” and “Signature Detec-
tion” in Chapter 6: “Intrusion Detection and Prevention.”
8. By default, the TMS zl Module’s operating mode is routing mode. Keep
this default setting.
See “Routing Mode” on page 1-7 for an overview and “Boot the TMS zl
Module to the Product OS” in Chapter 2: “Initial Setup in Routing Mode”
for detailed instructions.
9. Select at least one zone from which you will manage the TMS zl Module.
Add a VLAN to this zone and assign the module an IP address on the
VLAN’s subnet. Enable management access for this zone.
In Figure 1-6, the management station is on VLAN40 (subnet 10.1.40.0/24),
which is in Zone1. On the TMS zl Module, you would associate VLAN40
with Zone1 and assign the module the IP address 10.1.40.99 on this
TMS VLAN. You would then enable management access for Zone1.
When you associate a VLAN with a zone, the module’s data port (port 1)
is automatically tagged for that TMS VLAN. When you enable manage-
ment access for a zone, the module automatically creates the correct
firewall access policies to support SSH, HTTPS, and SNMP access to the
module (that is, to Self) from that zone.
For more detailed instructions on this step, see “Boot the TMS zl Module
to the Product OS” in Chapter 2: “Initial Setup in Routing Mode.”
10. Configure the default gateway for the module. The default gateway is
usually one of these devices: the host switch, a core switch, or an external
router.