Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
1-25
Overview
Deployment Options for Routing Mode—Threat Protection
9. Configure the default gateway for the module. When the TMS zl Module
provides perimeter protection, the default gateway is typically an external
router:
a. On the TMS zl Module, associate the VLAN on which the module
connects to the default gateway with a zone (External is recom-
mended). Assign the module an IP address on this VLAN—typically,
assign the module the IP address that you removed from the host
switch.
b. On the TMS zl Module, specify the IP address of the module’s default
gateway. This address should be on the TMS VLAN that you just
added.
c. On the default gateway, create a route to the internal network. The
route’s next hop should be the TMS zl Module’s IP address on the
VLAN that you just added.
For more detailed instructions on this step, see “Boot the TMS zl Module
to the Product OS” in Chapter 2: “Initial Setup in Routing Mode.”
If you prefer, you can now access the TMS zl Module’s Web browser
interface to complete the remaining tasks. At this point, you should
manage the TMS zl Module from a station in the same VLAN that you
added to the module in step 8. Later, you can associate other VLANs with
this zone and manage the module from those VLANs. You can also enable
management on other zones.
10. You can now add more TMS VLANs to the module configuration. The
VLANs that you add depend in part on how you want to route and control
internal to internal traffic. You have two options:
For perimeter-only protection, route internal traffic on the host
switch or a core switch:
i. Choose one internal VLAN on which to connect the TMS zl Mod-
ule and the internal routing switch. Make sure that the host switch
supports this VLAN.
ii. On the TMS zl Module, associate this VLAN with a zone (typically,
the Internal zone) and assign the module a valid IP address on
that VLAN.
If the host switch is the internal routing switch, allow it to have
an IP address on this VLAN.
iii. On that switch, create a default route for external traffic. Specify
the IP address that you just configured on the TMS zl Module as
the next-hop router.
For perimeter and internal protection, route internal traffic on the
TMS zl Module.