Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
1-27
Overview
Deployment Options for Routing Mode—Threat Protection
9. Configure the default gateway for the module. When the TMS zl Module
provides perimeter protection, the default gateway is typically an external
router:
a. On the TMS zl Module, associate the VLAN on which the module
connects to the default gateway with a zone (External is recom-
mended). Assign the module an IP address on this VLAN—typically,
assign the module the IP address that you removed from the host
switch.
b. On the TMS zl Module, specify the IP address of the module’s default
gateway. This address should be on the TMS VLAN that you just
added.
c. On the default gateway, create a route to the internal network. The
route’s gateway should be the TMS zl Module’s IP address on the
VLAN that you just added.
For more detailed instructions on this step, see “Configure the Default
Gateway” in Chapter 2: “Initial Setup in Routing Mode.”
If you prefer, you can now access the TMS zl Module’s Web browser interface
to complete the remaining tasks. At this point, you should access the interface
from a station in the same VLAN that you added to the module in step 8. Later,
you can associate other VLANs with this zone and manage the module from
those VLANs. You can also enable management on other zones.
10. You can now add more TMS VLANs to the module configuration. The
VLANs that you add depend in part on how you want to route and control
internal to internal traffic. You have two options:
For perimeter-only protection, route internal traffic on the host
switch or a core switch:
i. Choose one internal VLAN on which to connect the TMS zl Mod-
ule and the internal routing switch. Make sure that the host switch
supports this VLAN.
ii. On the TMS zl Module, associate this VLAN with a zone (typically,
the Internal zone) and assign the module a valid IP address on
that VLAN.
If the host switch is the internal routing switch, allow it to have
an IP address on this VLAN.
iii. On the internal routing switch, create a default route for external
traffic. Specify the IP address that you just configured on the
TMS zl Module as the next-hop router.