Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
171172173174175176177178179180
2-57
Initial Setup in Routing Mode
Configure Management Access
Table 2-11. Services Permitted from a Management-Access Zone to Self
Table 2-12. Services Permitted from Self to a Management-Access Zone
You can delete or modify these policies to further restrict access to the
module’s management interface. For example, if you do not want to allow
management through the Web browser interface, you can disable or delete the
policy. Also, if you want to lock the system so that only certain IP addresses
can access management interfaces, you can edit the policy to specify the
source IP addresses. You can configure different access settings for each zone
that is enabled for management access. The other preconfigured policies can
also be edited or deleted. See “Firewall Access Policies” in Chapter 4: “Fire-
wall” for instructions.
Note When you set a management-access zone, you open your module to potential
attacks from malicious users. For instructions on limiting this risk see “Pre-
venting DoS Attacks on the TMS zl Module from a Management-Access Zone”
in Chapter 4: “Firewall.”
Priority VLAN
When you select a priority VLAN, management traffic from that VLAN to Self
is guaranteed a connection even when connection limits have been reached
and CPU cycles are at maximum. Typically, the priority VLAN should be in a
management-access zone. However, you should be able to always reach the
module through the priority VLAN, regardless of whether it is in a manage-
ment-access zone (as long as the correct access policies are in place).
1. From the Priority VLAN list, select a VLAN to be given priority over all other
VLANs.
2. Click Apply My Changes.
3. Click Save.
ICMP/echo snmp
bootpc snmptrap
bootps ssh
https
bootpc ftp radius snmptrap
bootps http radius-acct ssh
dns-tcp https smtp syslog
dns-udp ICMP/echo snmp tftp