Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1161116211631164116511661167116811691170
10-46
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Check the intended access policy to see if it includes a schedule.
The network administrator who created the access policy may have
configured a schedule for it so that traffic is allowed only at certain times.
If user authentication is enabled, ensure that it is set up correctly,
and the user authenticates successfully.
You may also want to see if user authentication is enabled. If it is, make
sure it is set up correctly. For example, you must set up the appropriate
access policies, and ensure that the user authenticated successfully.
Create a temporary access policy to allow any services from the
host to any destination.
Again, you might want to open the firewall—creating an access policy that
allows all traffic between the two zones or two VLANs—so that you can
distinguish between misconfigured access policies and other Layer 3
problems such as missing routes.
This temporary access policy could weaken security, so be sure to remove
it as soon as you have finished troubleshooting.
Check to see if the intended access policy or one above it contains
a domain name that cannot be resolved.
If the traffic does not match an access policy and the access policy seems
to be correct, check to see if this policy or one that is processed before
this policy contains a domain name. If the TMS zl Module processes an
access policy containing a domain name that cannot be resolved, the
module immediately stops processing access policies and drops the
packet. As a result of this safeguard, a DNS failure can deny traffic that
may otherwise be allowed by that access policy or any subsequent access
policy.
The TMS zl Module may not be able to resolve a domain name if:
The DNS settings on the module are configured incorrectly.
The DNS server is unreachable.
The DNS server does not have a record for the domain name.
You may also encounter a problem if a domain name matches multiple IP
addresses. In this case, instead of creating an access policy for the domain
name, you should create separate access polices for each IP address.