Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
1-11
Overview
Operating Modes
Internal Ports in Monitor Mode
In monitor mode, the two internal ports operate differently than they do in
routing mode.
Port 1—This port is used for data that is to be analyzed for threats. When
operating in monitor mode, the data that the TMS zl Module receives on
this port is mirrored traffic.
Port 2—This port is used for management traffic. When you configure
the management VLAN for the TMS zl Module, port 2 automatically
becomes an untagged member of the management VLAN. For example, if
you configure VLAN 2 as the management VLAN and the TMS zl Module
is installed in slot C, the internal port C2 is an untagged member of VLAN 2.
By default, port 2 is an untagged member of VLAN 1, the default VLAN,
which means that this VLAN is the management VLAN. Best practices
dictate that you change the management VLAN to a different VLAN.
Mirroring Traffic to the Internal Data Port (Port 1)
The TMS zl Module monitors all traffic that it receives on its data port (internal
port 1). You must mirror to this port the traffic that you want analyzed. For
example, you could configure uplink ports on the modules host switch as the
sources of the mirror. The module’s internal port 1 is the mirror destination,
or exit port.
Figure 1-3. Traffic Mirrored to the TMS zl Module in Monitor Mode
Figure 1-3 shows how traffic from switch ports that are marked for mirroring
is forwarded to the TMS zl Module. The module can monitor traffic that is
mirrored from the host switch, which is called local mirroring.