Layer 3 Services; Layer 3 Routing - HP ProCurve 5406zl-48G Intelligent Edge Datasheet

HP ProCurve Switch 5400zl/3500yl Series
• IEEE 802.1v protocol VLANs: isolate select non-IPv4 protocols
automatically into their own VLANs
• GARP VLAN Registration Protocol: allows automatic learning
and dynamic assignment of VLANs

Layer 3 services

• UDP helper function: UDP broadcasts can be directed across
router interfaces to specific IP unicast or subnet broadcast
addresses and prevent server spoofing for UDP services such as
DHCP
• Loopback interface address: defines an address in RIP and
OSPF that can always be reachable, improving diagnostic
capability

Layer 3 routing

• Static IP routing: provides manually configured routing; includes
ECMP capability
• RIP: provides RIPv1 and RIPv2 routing
• OSPF (requires Premium License): includes host-based ECMP
to provide link redundancy/scalable bandwidth and NSSA
Security
USB Secure Autorun (requires HP ProCurve Manager
NEW
Plus): deploys, diagnoses, and updates switch using USB flash
drive; works with secure credential to prevent tampering
• Switch CPU protection: provides automatic protection against
malicious network traffic trying to shut down the switch
• Virus throttling: detects traffic patterns typical of WORM-type
viruses and either throttles or entirely prevents the ability of the
virus to spread across the routed VLANs or bridged interfaces,
without requiring external appliances
• ICMP throttling: defeats ICMP denial-of-service attacks by
enabling any switch port to automatically throttle ICMP traffic
• Multiple user authentication methods:
- IEEE 802.1X: industry-standard way of user authentication using
an IEEE 802.1X supplicant on the client in conjunction with a
RADIUS server
- Web-based authentication: authenticates from Web browser
for clients that do not support 802.1X supplicant; customized
remediation can be processed on an external Web server
- MAC-based authentication: client is authenticated with the
RADIUS server based on client's MAC address
• Authentication flexibility:
- Multiple IEEE 802.1X users per port: provides authentication of
multiple IEEE 802.1X users per port; prevents user "piggybacking"
on another user's IEEE 802.1X authentication
- Concurrent IEEE 802.1X, Web, and MAC authentication
schemes per port: switch port will accept up to 32 sessions of
IEEE 802.1X, Web, and MAC authentications
• Access control lists (ACLs): provide filtering based on the IP
field, source/destination IP address/subnet, and source/destination
TCP/UDP port number on a per-VLAN or per-port basis
• Identity-driven ACL: enables implementation of a highly
granular and flexible access security policy and VLAN assignment
specific to each authenticated network user
• DHCP protection: blocks DHCP packets from unauthorized
DHCP servers, preventing denial-of-service attacks
• STP BPDU port protection: blocks Bridge Protocol Data Units
(BPDUs) on ports that do not require BPDUs, preventing forged
BPDU attacks
• Dynamic IP lockdown: works with DHCP protection to block
traffic from unauthorized hosts, preventing IP source address
spoofing
• Dynamic ARP protection: blocks ARP broadcasts from
unauthorized hosts, preventing eavesdropping or theft of network
data
STP Root Guard: protects root bridge from malicious attack
NEW
or configuration mistakes
• Detection of malicious attacks: monitors ten types of network
traffic and sends a warning when an anomaly that potentially can
be caused by malicious attacks is detected
• Port security: allows access only to specified MAC addresses,
which can be learned or specified by the administrator
• MAC address lockout: prevents configured particular MAC
addresses from connecting to the network
• Source-port filtering: allows only specified ports to
communicate with each other
• RADIUS/TACACS+: eases switch management security
administration by using a password authentication server
• Secure Shell (SSHv2): encrypts all transmitted data for secure,
remote command-line interface (CLI) access over IP networks
• Secure Sockets Layer (SSL): encrypts all HTTP traffic, allowing
secure access to the browser-based management GUI in the
switch
• Secure FTP: allows secure file transfer to/from the switch;
protects against unwanted file downloads or unauthorized copying
of switch configuration file
3