Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1121112211231124112511261127112811291130
10-44
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
c. Ensure proper connectivity between the TMS zl Module and the DNS
server by completing one of the following:
In the Web browser interface, click System > Utilities > Ping and
enter the DNS servers IP address for the Hostname/IP Address.
At the CLI, enter:
hostswitch (tms-module-C)# ping <IP_address>
d. At the CLI, enter:
hostswitch (tms-module-C)# nslookup <domain name>
If DNS-related problems seem to occur sporadically, make sure the DNS
infrastructure is up all the time and set up a process so that you are notified
if the DNS server goes down or becomes unavailable.
To follow best practices, you should consider using other types of address
objects in your access policies. Alternately, place access policies that use
domain names at the end of the access policy list. This allows you to
mitigate the effect of DNS-related failures (if one should occur).
Traffic Matches Another Access Policy. You may check the log messages
and see that the packet has matched another access policy (not the one you
intended it to match). For example, the following log message indicates that
an access policy has denied, or blocked, certain traffic.
id=fw_access_control ruleid=58 msg=”FW: access policy is deny, packets dropped”
If the traffic is matching a different access policy than the one you intended,
check the following.
Check the order of the access policies.
If the traffic is matching an access policy that is processed before the
intended access policy, you will need to change the order of the access
policies. Typically, you should put the more specific access policies first.
Ensure that the intended access policy and the matching access
policy are configured correctly.
Check both the intended access policy and the matching access policy
and make sure that the source, destination, and protocol fields are con-
figured correctly.
If you modify an access policy, retest the policy to make sure it is now
working as you want it to.