TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

991

992

993

994

995

996

997

998

999

1000

D-39

Troubleshooting

Troubleshooting the TMS zl Module in Routing Mode

Define the Problem. When you define the problem, you should determine

exactly what traffic is being handled incorrectly. List the source and destina-

tion addresses, the VLANs, the zones, and the type of traffic (both protocol

and port). Then, list the exact problem, as you understand it at this point.

As you begin to troubleshoot, you will gather additional information about the

problem—clarifying it even further—until you find a solution. You may want

to create a troubleshooting table to help you record all this information, as

shown in Table D-6. Then, when you are finished, you will have a record of

the problem, the steps you took to discover its cause, and the solution. This

documentation may help you resolve other problems in the future.

Table D-6. Defining the Problem and Documenting the Troubleshooting Process

Enable Logging and View Logs. After you record your initial analysis of

the problem, you should enable logging for the intended access policy.

Depending on the problem, you may want to enable logging on all the access

policies defined in the traffic’s corresponding policy set. For example, if the

traffic is being sent from the Faculty VLAN, which is in the Internal zone, to

the Server VLAN, which is in Zone1, the traffic’s policy set would be listed on

the Firewall > Access Policies > Unicast window under Internal to Zone1.

You should also change the logging level to Information, as described in

“Changing the Log Level” on page D-28.

Source (IP

Address,

VLAN, Zone)

Destination (IP

Address,

VLAN, Zone)

Type of Traffic Definition of the

Problem

Troubleshooting

Steps

Solution

• 10.1.10.0/24

• Faculty

VLAN

(VLAN 10)

• Internal

zone

• 192.168.2.20

•Server

VLAN

(VLAN 50)

• Zone1

FTP, port 21 Traffic is being denied

but should be

permitted.

1. Enabled logging for

all the access

policies in the

traffic’s policy set.

2. Changed the logging

level to Information.

3. Checked the logs and

found the traffic was

matching a different

access policy.

4. Checked the

intended access

policy to make sure it

was configured

correctly.

5. Checked the order in

which policies are

processed.

Re-ordered the access

policies so the intended

access policy is

processed before the

access policy that was

matching the traffic and

denying it.