HP 5120 SI Series Specification page 3

QuickSpecs
Overview
Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) protocol snooping: effectively control
and manage the flooding of multicast packets in a Layer 2 network
Layer 3 services
Address Resolution Protocol (ARP): determines the MAC address of another IP host in the same subnet; supports static ARPs;
gratuitous ARP allows detection of duplicate IP addresses
Dynamic Host Configuration Protocol (DHCP): simplifies the management of large IP networks; supports client; DHCP Relay
enables DHCP operation across subnets
Loopback interface address: defines an address in Routing Information Protocol (RIP) and OSPF that can always be reachable,
improving diagnostic capability
Layer 3 routing
Static IP routing: provides manually configured routing for both IPv4 and IPv6 networks
Security
Access control lists (ACLs): provides IP Layer 2 to Layer 4 traffic filtering; supports global ACL, VLAN ACL, port ACL, and IPv6 ACL
Identity-driven security and access control:
Per-user ACLs: permits or denies user access to specific network resources based on user identity and time of day,
allowing multiple types of users on the same network to access specific network services without risk to network security
or unauthorized access to sensitive data
Automatic VLAN assignment: automatically assigns users to the appropriate VLAN based on their identities
Secure management access: securely encrypts all access methods (CLI, GUI, or MIB) through SSHv2, SSL, and/or SNMPv3
Secure FTP: allows secure file transfer to and from the switch; protects against unwanted file downloads or unauthorized
copying of a switch configuration file
Guest VLAN: similar to IEEE 802.1X, it provides a browser-based environment to authenticated clients
Port isolation: secures and adds privacy, and prevents malicious attackers from obtaining user information
STP BPDU port protection: blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged
BPDU attacks
STP Root Guard: protects the root bridge from malicious attacks or configuration mistakes
DHCP protection: blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
Dynamic ARP protection: blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data
IP Source Guard: helps prevent IP spoofing attacks
Endpoint Admission Defense (EAD): provides security policies to users accessing a network
RADIUS/HWTACACS: eases switch management security administration by using a password authentication server
Port security: allows access only to specified MAC addresses, which can be learned or specified by the administrator
MAC-based authentication: allows or denies access to the switch based on a client MAC address
Convergence
IEEE 802.1AB Link Layer Discovery Protocol (LLDP): is an automated device discovery protocol that provides easy mapping of
network management applications
LLDP-MED: is a standard extension that automatically configures network devices, including LLDP-capable IP phones
LLDP-CDP compatibility: receives and recognizes CDP packets from Cisco's IP phones for seamless interoperation
Voice VLAN: automatically assigns VLAN and priority for IP phones, simplifying network configuration and maintenance
IP multicast snooping (data-driven IGMP): automatically prevents flooding of IP multicast traffic
Multicast VLAN: reduces network bandwidth demand by eliminating multiple streams to each VLAN
DA - 13795 Worldwide — Version 12 — November 12, 2013
HP 5120 SI Switch Series
Page 3