TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

111

112

113

114

115

116

117

118

119

120

1-80

Overview

Feature Interaction

2. The host switch receives the frame on C1, which is untagged for VLAN_7.

3. The switch forwards the frame on the TMS zl Module’s data port, which

is tagged for VLAN_7, so the switch adds the tag.

4. The TMS zl Module filters the traffic as described in the section above,

applying Zone1-to-DMZ access policies as well as other features. The

module knows that the traffic’s source zone is Zone1 because the traffic

arrived tagged for VLAN_7. In this example, Device C is in a TMS VLAN,

so this VLAN's zone is the destination zone.

If the destination device were not in a TMS VLAN, the destination zone

would be the zone for the forwarding interface in the route to the desti-

nation.

5. In this example, the packet is permitted, so the TMS zl Module routes the

packet to Device C. In this example, the route is a directly connected TMS

VLAN (VLAN_13). Therefore, the module places the Device C’s MAC

address in the frame and forwards the frame on its data port, tagging it

for VLAN 13.

If VLAN_13 were the forwarding interface for a non-connected route, the

module would place the next-hop router’s MAC address in the frame.

Other behavior would remain the same.

6. The host switch forwards the packet to device C on port C10, which is

untagged for VLAN_13.

Packet Flow in Monitor Mode

In monitor mode, the TMS zl Module acts only as an IDS. It processes traffic

as follows:

1. The TMS zl Module receives a packet on its port 1.

The module’s host switch mirrors traffic to the module’s port 1. If your

network includes other ProVision ASIC switches, which support remote

mirroring, these switches can also mirror traffic to the module’s port 1.

2. The IDS feature must be enabled (as it is by default). The TMS zl Module

checks the packet against enabled signatures and protocol anomaly

checks.

3. If the packet matches a signature or protocol anomaly, the module logs

the threat. Depending on how you have configured the log settings, the

module logs the event locally, sends a message to a syslog server, sends a

trap to an SNMP server, or sends an email.