 |
| » |
|
|
| |
|
| » |
|
| » |
|
| » |
|
| » |
|
|
| |
|
| » |
|
| » |
|
| » |
|
|
| |
|
| » |
|
|
| |
|
| » |
|
|
| |
|
|
» |
|
| » |
|
|
| |
|
| » |
|
|
| | |
| | |
| |
|
|
 |
|
|
|
|
|
|
|
|
|
| |
Performance
- 5400zl/3500yl architecture: 115 to 692 Gbps crossbar switching fabric provides intra- and inter-module switching with 36 to 428 million pps throughput on the purpose-built ProVision ASICs
- Selectable queue configurations: increase performance by selecting the number of queues and associated memory buffering that best meet the requirements of your network applications. NEW!
Connectivity
- IEEE 802.3af Power over Ethernet: provides up to 15.4 W per port to power compliant PoE devices such as IP phones, wireless access points, and security cameras
- Pre-standard PoE support: detects and provides power to pre-standard PoE devices; see list of supported devices in the product FAQ at www.procurve.com
- Jumbo frames: on Gigabit and 10-Gigabit ports, allow high-performance remote backup and disaster-recovery services
- ProCurve/IEEE Auto-MDIX: automatically adjusts for straight-through or crossover cables on all 10/100/1000 ports
- IPv6 ready: switch hardware is capable of supporting IPv6 host, routing, and filtering with the ProVision ASIC; IPv6 operation and deployment will be available when enabled via a software update at a later date.
Resiliency and high availability
- Virtual Router Redundancy Protocol (requires Premium license): VRRP allows groups of two routers to dynamically back each other up to create highly available routed environments
- IEEE 802.1s Multiple Spanning Tree Protocol: provides high link availability in multiple VLAN environments by allowing multiple spanning trees; encompasses IEEE 802.1D Spanning Tree Protocol and IEEE 802.1w Rapid Spanning Tree Protocol
- IEEE 802.3ad Link Aggregation Control Protocol (LACP) and ProCurve trunking: support up to 36 trunks, each with up to 8 links (ports) per trunk; trunking across modules is supported
- Hot-swappable modules (5400zl series): permits modules, mini-GBICs, and power supplies in a redundant power supply configuration to be added or swapped without interrupting the network
- Optional redundant power supply (5400zl series): provides uninterrupted power and allows hot-swapping of the redundant power supplies when installed
Layer 2 switching
- ProCurve switch meshing: dynamically load-balances across multiple active redundant links to increase available aggregate bandwidth
- VLAN support and tagging: support complete IEEE 802.1Q standard and 2,048 VLANs simultaneously
- IEEE 802.1v protocol VLANs: isolate select non-IPv4 protocols automatically into their own VLANs
- GARP VLAN Registration Protocol: allows automatic learning and dynamic assignment of VLANs
Layer 3 routing
- Layer 3 IP routing:
- Static IP routing: provides basic routing
- RIP: provides RIPv1 and RIPv2 routing at media speed
- OSPF (requires Premium license) includes ECMP to provide link redundancy/scalable bandwidth and NSSA
Layer 3 services
- UDP helper function: UDP broadcasts can be directed across router interfaces to specific IP unicast or subnet broadcast addresses and prevent server spoofing for UDP services such as DHCP
- Loopback interface address: defines an address in RIP and OSPF that can always be reachable, improving diagnostic capability NEW!
Security
- Switch CPU protection: provides automatic protection against malicious network traffic trying to shut down the switch
- Virus throttle: detects traffic patterns typical of WORM-type viruses and either throttles or entirely prevents the ability of the virus to spread across the routed VLANs or bridged interfaces, without requiring external appliances
- ICMP throttling: defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle ICMP traffic
- Multiple user authentication methods:
- IEEE 802.1X: industry-standard way of user authentication using an IEEE 802.1X supplicant on the client in conjunction with a RADIUS server
- Web-based authentication: similar to IEEE 802.1X, provides a browser-based environment to authenticate clients that do not support the IEEE 802.1X supplicant
- MAC-based authentication: client is authenticated with the RADIUS server based on the MAC address of the client
- Authentication flexibility:
- Multiple IEEE 802.1X users per port: provides authentication of multiple IEEE 802.1X users per port; prevents user "piggybacking" on another user's IEEE 802.1X authentication
- Concurrent IEEE 802.1X and Web or MAC authentication schemes per port: switch port will accept any of IEEE 802.1X and either Web or MAC authentications
- Access Control Lists (ACLs): provide filtering based on the IP field, source/destination IP address/subnet, and source/destination TCP/UDP port number on a per-VLAN or per-port basis
- Identity-driven ACL: enables implementation of a highly granular and flexible access security policy specific to each authenticated network user
- DHCP protection: blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks NEW!
- BPDU port protection: blocks Bridge Protocol Data Units (BPDU) on ports that do not require BPDUs, preventing forged BPDU attacks NEW!
- Dynamic IP lockdown: works with DHCP protection to block traffic from unauthorized host, preventing IP source address spoofing NEW!
- Dynamic ARP protection: blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or data thief of network data NEW!
- Detection of malicious attacks: monitors 10 types of network traffic and sends a warning when anomoly that potentially can be caused by malicious attacks is detected NEW!
- Port security: allows access only to specified MAC addresses, which can be learned or specified by the administrator
- MAC address lockout: prevents configured particular MAC addresses from connecting to the network
- Source-port filtering: allows only specified ports to communicate with each other
- TACACS+: eases switch management security administration by using a password authentication server
- Secure Shell (SSHv2): encrypts all transmitted data for secure, remote command-line interface (CLI) access over IP networks
- Secure Sockets Layer (SSL): encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch
- Secure FTP: allows secure file transfer to/from the switch; protects against unwanted file downloads or unauthorized copying of switch configuration file
- Secure management access: all access methods—CLI, GUI, or MIB—are securely encrypted through SSHv2, SSL, and/or SNMPv3
- Switch management logon security: can require either RADIUS or TACACS+ authentication for secure switch CLI logon
- Security banner: displays a customized security policy when users log in to the switch
Convergence
- IP multicast routing (Premium license): includes PIM Sparse and Dense modes to route IP multicast traffic
- IP multicast snooping (data-driven IGMP): automatically prevents flooding of IP multicast traffic
- LLDP-MED (Media Endpoint Discovery): a standard extension of LLDP that stores values for parameters such as QoS and VLAN to automatically configure network devices such as IP phones
- iSCSI support: enables the deployment of Ethernet storage area network solutions using the iSCSI standard
Quality of Service (QoS)
- Layer 4 prioritization: enables prioritization based on TCP/UDP port numbers
- Traffic prioritization: allows real-time traffic classification into 8 priority levels mapped to 8 queues
- Bandwidth shaping:
- Rate limiting: per-port ingress/egress enforced maximum bandwidth
- Guaranteed minimum: per-port, per-queue egress-based guaranteed minimum bandwidth
- Class of Service (CoS): sets the IEEE 802.1p priority tag based on IP address, IP Type of Service (ToS), L3 protocol, TCP/UDP port number, source port, and DiffServ
Management
- Remote intelligent mirroring: mirrors ingress/egress ACL-selected traffic from a switch port or VLAN to a local or remote 5400/3500 switch port anywhere on the network NEW!
- RMON, XRMON, and sFlow v5: provide advanced monitoring and reporting capabilities for statistics, history, alarms, and events
- IEEE 802.1AB Link Layer Discovery Protocol (LLDP): automated device discovery protocol for easy mapping by network management applications
- Command authorization: leverages RADIUS to link a custom list of CLI commands to individual network administrator's login; also provides an audit trail NEW!
- Friendly port names: allow assignment of descriptive names to ports
- Dual flash images: provides independent primary and secondary OS files for backup while upgrading
- Multiple configuration files: multiple config files can be stored to flash image
- USB support: NEW!
- File copy: allows users to copy switch files to/from a USB device
- Uni-Directional Link Detection (UDLD): monitors a link between two switches and blocks the ports on both ends of the link if the link goes down at any point between the two devices NEW!
» Return to top
|
|
|
|
|
|
|
|
