Qos Functions - HP ProCurve 3500-24 Reference Manual

44
• Multiple user authentication methods:
– Multiple IEEE 802 . 1 X users per port: provides authentication of multiple IEEE 802 . 1 X users per port; prevents
user "piggybacking" on another user's IEEE 802 . 1 X authentication
– Web-based authentication: authenticates from Web browser for clients that do not support IEEE 802 . 1 X
supplicant; customized remediation can be processed on an external Web server
– Concurrent IEEE 802 . 1 X, Web, and MAC authentication schemes per port: switch port will accept up to 32
sessions of IEEE 802 . 1 X, Web, and MAC authentications
• Access control lists (ACLs): provide filtering based on the IP field, source/destination IP address/subnet, and
source/destination TCP/UDP port number on a per-VLAN or per-port basis
• Identity-driven ACL: enables implementation of a highly granular and flexible access security policy specific to
each authenticated network user
• Port security: prevents unauthorized access using MAC address lockdown
• MAC address lockout: prevents configured particular MAC addresses from connecting to the network
• Source-port filtering: allows only specified ports to communicate with each other
• Security banner: displays customized security policy when users log in to the switch
• Management Interface Wizard: CLI-based step-by-step configuration tool to ensure that management
interfaces such as SNMP, telnet, SSH, SSL, Web, and USB are secured to desired level
• Management access:
– All access methods—CLI, GUI, or MIB—are securely encrypted through SSHv2, SSL, and/or SNMPv3
– RADIUS and TACACS+: can require either RADIUS or TACACS+ authentication for secure switch CLI logon
– Secure FTP: allows secure file transfer to/from the switch and protects against unwanted file downloads or
unauthorized copying of switch configuration file

QoS functions

Layer 4 prioritization: enables prioritization based on TCP/UDP ports
Traffic prioritization: allows real-time traffic classification into 8 priority levels mapped to 8 queues
Bandwidth shaping using:
• Rate limiting: per-port ingress-based enforced bandwidth maximums
• Guaranteed minimums: per-port, per-queue egress-based guaranteed bandwidth minimums
Class of Service (CoS): sets 802 . 1 p priority tag based on IP address, IP Type of Service (ToS), L3 protocol, TCP/
UDP port number, source port, and DiffServ
Policy Enforcement Engine: Policy Enforcement Engine is user configured to select packets that are then
forwarded or dropped (based on ACLs, QoS, and Rate Limiting) . The engine is fast and can look for multiple
variables, such as an IP address and port number, in a single pass through a packet . It provides a common
user experience regardless of which switch the user is connected to .
Advanced classifier-based QoS:
• Provides finer granularity with multiple match criteria to select and prioritize network traffic
• Integrates QoS functions: select traffic for prioritization and remote mirroring, setting priority, QoS policy, and
rate limit
• QoS policy can be applied to both IPv4 and IPv6 traffic for each port or VLAN