Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
1-26
Overview
Deployment Options for Routing Mode—Threat Protection
4. On the host switch, remove the IP address from the VLAN that connects
to the external router. If the host switch is the router for the internal
network, leave its other IP addresses intact.
Note If you want the TMS zl Module to provide internal protection as well as
perimeter protection, you should remove all IP addresses from the host
switch except its management address and make the TMS zl Module the
router for the internal network. See “Internal Threat Protection” on
page 1-14.
5. Access the TMS zl Module’s CLI through the host switch’s CLI.
6. Install the HP ProCurve TMS zl Module Product License. If you plan to
use the IDS/IPS capability, install an HP ProCurve IPS subscription
license.
For more detailed instructions on this step, see “Activate the TMS zl
Module” on page 2-20 in Chapter 2: “Initial Setup in Routing Mode.”
7. By default, the TMS zl Module’s operating mode is routing mode. Keep
this setting.
See “Routing Mode” on page 1-7 for a description.
8. Select at least one zone from which you will manage the TMS zl Module.
Add a VLAN to this zone and assign the module an IP address on the subnet
associated with the VLAN. Enable management access for this zone.
For example, suppose that the management station is on VLAN40 (subnet
10.1.40.0/24). On the TMS zl Module, you could associate VLAN40 with the
Internal zone and assign the module IP address 10.1.40.99 on this VLAN.
You would then enable management for the Internal zone.
When you associate a VLAN with a zone, the modules data port (port 1)
is automatically tagged for that VLAN. When you enable management
access for a zone, the module automatically creates the correct firewall
access policies to support SSH, HTTPS, and SNMP access to the module
(that is, to its Self zone) from that zone. (Other access policies are created
as well. See “Management-Access Zones” on page 2-10 in Chapter 2:
“Initial Setup in Routing Mode.”)
For more detailed instructions on this step, see “Associate a VLAN with a
Zone” in Chapter 2: “Initial Setup in Routing Mode.”