Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
971972973974975976977978979980
D-24
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Move to the module’s global configuration mode and remove this policy,
using the following command:
hostswitch(tms-module-C:config)# no access-policy
<zone> self <position>
Replace <position> with the number listed at the beginning of the access
policy. For the example below, you would type 7.
7 access-policy INTERNAL SELF permit service https any
any <ID: 51>
Enter the following command to allow HTTPS access to the module and
disable IPS on this access policy:
hostswitch(tms-module-C:config)# access-policy
internal self permit service https any any ips-off
To avoid having IPS block management traffic, you may want to create a
dedicated management access policy, which permits HTTPS from certain
management stations (IP addresses) to the TMS zl Module (the Self zone).
Then, you could disable IPS for just this access policy, limiting the traffic
that is not checked by the IPS.
From the TMS zl Module, ping the default gateway.
If the default gateway is in the management-access zone, there is already
an access policy in place to allow ICMP echo packets. If the default
gateway is not in a management-access zone, you will need to create this
policy.
Once the policy has been created, verify connectivity by entering:
hostswitch(tms-module-C)# ping <default gateway>
Ensure that the module’s data port (port 1) is a tagged member of
the management station’s VLAN.
When you create a TMS VLAN (by adding the VLAN to a zone), the TMS
zl Module’s data port is automatically tagged for that VLAN on the host
switch. Although this is the default setting, you should double-check that
it has not been changed.