HP E5400 zl Series Datasheet page 4

• Multiple user authentication methods:
– IEEE 802.1X users per port: provides
authentication of multiple IEEE 802.1X users per
port; prevents user "piggybacking" on another
user's IEEE 802.1X authentication
– Web-based authentication: authenticates
from Web browser for clients that do not support
IEEE 802.1X supplicant; customized remediation
can be processed on an external Web server
– MAC-based authentication: client is
authenticated with the RADIUS server based on
client's MAC address
– Concurrent IEEE 802.1X, Web, and MAC
authentication schemes per port: switch
port will accept up to 32 sessions of IEEE 802.1X,
Web, and MAC authentications
• Virus throttling: detects traffic patterns typical of
WORM-type viruses and either throttles or entirely
prevents the virus from spreading across the routed
VLANs or bridged interfaces, without requiring
external appliances
• DHCP protection: blocks DHCP packets from
unauthorized DHCP servers, preventing
denial-of-service attacks
• Secure management access: securely encrypts
all access methods (CLI, GUI, or MIB) through
SSHv2, SSL, and/or SNMPv3
• USB Secure Autorun (requires HP PCM+):
deploys, diagnoses, and updates switch using a
USB flash drive; works with a secure credential to
prevent tampering
• Switch CPU protection: provides automatic
protection against malicious network traffic trying to
shut down the switch
• ICMP throttling: defeats ICMP denial-of-service
attacks by enabling any switch port to automatically
throttle ICMP traffic
• Identity-driven ACL: enables implementation of
a highly granular and flexible access security policy
and VLAN assignment specific to each authenticated
network user
• STP BPDU port protection: blocks Bridge
Protocol Data Units (BPDUs) on ports that do not
require BPDUs, preventing forged BPDU attacks
• Dynamic IP lockdown: works with DHCP
protection to block traffic from unauthorized hosts,
preventing IP source address spoofing
• Dynamic ARP protection: blocks ARP
broadcasts from unauthorized hosts, preventing
eavesdropping or theft of network data
• STP Root Guard: protects root bridge from
malicious attack or configuration mistakes
• Detection of malicious attacks: monitors 10
types of network traffic and sends a warning when
an anomaly that potentially can be caused by
malicious attacks is detected
• Port security: allows access only to specified
MAC addresses, which can be learned or specified
by the administrator
• MAC address lockout: prevents particular
configured MAC addresses from connecting to the
network
• Source-port filtering: allows only specified ports
to communicate with each other
• RADIUS/TACACS+: eases switch management
security administration by using a password
authentication server
• Secure Shell (SSHv2): encrypts all transmitted
data for secure, remote command-line interface (CLI)
access over IP networks
• Secure Sockets Layer (SSL): encrypts all HTTP
traffic, allowing secure access to the browser-based
management GUI in the switch
• Secure File Transfer Protocol (FTP): allows
secure file transfer to and from the switch; protects
against unwanted file downloads or unauthorized
copying of switch configuration file
• Management Interface Wizard: helps ensure
that management interfaces such as SNMP, telnet,
SSH, SSL, Web, and USB are secured to the desired
level
• Switch management logon security: can
require either RADIUS or TACACS+ authentication
for secure switch CLI logon
• Security banner: displays a customized security
policy when users log in to the switch
Convergence
• IP multicast routing : includes PIM Sparse and
Dense modes to route IP multicast traffic
• IP multicast snooping (data-driven IGMP):
automatically prevents flooding of IP multicast traffic
• LLDP-MED (Media Endpoint Discovery): is a
standard extension of LLDP that stores values for
parameters such as QoS and VLAN to automatically
configure network devices such as IP phones
• RADIUS VLAN for voice: uses standard RADIUS
attribute and LLDP-MED to automatically configure
VLAN for IP phones
4