 |
| » |
|
|
| |
|
| » |
|
| » |
|
| » |
|
| » |
|
|
| |
|
| » |
|
| » |
|
| » |
|
|
| |
|
| » |
|
|
| |
|
| » |
|
|
| |
|
|
» |
|
| » |
|
|
| |
|
| » |
|
|
| | |
| | |
| |
|
|
 |
|
|
|
|
|
|
|
|
|
| |
Management
-
Remote intelligent mirroring:
mirrors ingress/egress ACL-selected traffic from a switch port or VLAN to a local or remote 5400/3500 switch port anywhere on the network
NEW!
-
RMON, XRMON, and sFlow:
provide advanced monitoring and reporting capabilities for statistics, history, alarms, and events
-
IEEE 802.1AB Link Layer Discovery Protocol (LLDP):
automated device discovery protocol for easy mapping by network management applications
-
Command authorization:
leverages RADIUS to link a custom list of CLI commands to individual network administrator's login; also provides an audit trail
NEW!
-
Friendly port names:
allow assignment of descriptive names to ports
-
Dual flash images:
provide independent primary and secondary OS and configuration files for backup while upgrading or fine-tuning the switch configuration
-
Multiple configuration files:
multiple config files can be stored to flash image
-
USB support:
NEW!
-
File copy
allows users to copy switch files to/from an USB flash drive
-
Uni-Directional Link Detection (UDLD):
monitors a link between two switches and blocks the ports on both ends of the link if the link goes down at any point between the two devices
NEW!
Connectivity
-
Jumbo frames:
on Gigabit and 10-Gigabit ports, allow high-performance remote backup and disaster-recovery services
-
IPv6 ready:
switch hardware is capable of supporting IPv6 host, routing, and filtering with the ProVision ASIC; IPv6 operation and deployment will be available when enabled via a software update at a later date.
Performance
-
Architecture:
115 Gbps backplane speed with up to 36 million pps throughput on purpose-built ProVision ASIC
-
Selectable queue configurations:
increase performance by selecting the number of queues and associated memory buffering that best meet the requirements of your network applications.
NEW!
Resiliency and high availability
-
Router redundancy:
VRRP allows groups of two routers to dynamically back each other up to create highly available routed environments
-
IEEE 802.1s Multiple Spanning Tree Protocol:
provides high link availability in multiple VLAN environments by allowing multiple spanning trees; encompasses IEEE 802.1D Spanning Tree Protocol and IEEE 802.1w Rapid Spanning Tree Protocol
-
IEEE 802.3ad Link Aggregation Control Protocol (LACP) and ProCurve trunking:
support up to 36 trunks, each with up to 8 links (ports) per trunk; trunking across modules is supported
Layer 2 switching
-
ProCurve switch meshing:
dynamically load-balances across multiple active redundant links to increase available aggregate bandwidth
-
VLAN support and tagging:
supports complete IEEE 802.1Q standard and 2,048 VLANs simultaneously
-
IEEE 802.1v protocol VLANs:
isolate select non-IPv4 protocols automatically into their own VLANs
-
GARP VLAN Registration Protocol:
allows automatic learning and dynamic assignment of VLANs
Layer 3 services
-
UDP helper function:
UDP broadcasts can be directed across router interfaces to specific IP unicast or subnet broadcast addresses and prevent server spoofing for UDP services such as DHCP
-
Loopback interface address:
defines an address in RIP and OSPF that can always be reachable, improving diagnostic capability
NEW!
Layer 3 routing
-
Layer 3 IP routing:
-
Static IP routing
provides basic routing
-
RIP
provides RIPv1 and RIPv2 routing at media speed
-
OSPF
includes ECMP to provide link redundancy/scalable bandwidth and NSSA
Security
-
Switch CPU protection:
provides automatic protection against malicious network traffic trying to shut down the switch
-
Virus throttle:
detects traffic patterns typical of WORM-type viruses and either throttles or entirely prevents the ability of the virus to spread across the routed VLANs or bridged interfaces, without requiring external appliances
-
ICMP throttling:
defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle ICMP traffic
-
Multiple user authentication methods:
-
IEEE 802.1X
industry-standard way of user authentication using an IEEE 802.1X supplicant on the client in conjunction with a RADIUS server
-
Web-based authentication
similar to IEEE 802.1X, provides a browser-based environment to authenticate clients that do not support the IEEE 802.1X supplicant
-
MAC-based authentication
client is authenticated with the RADIUS server based on the MAC address of the client
-
Authentication flexibility:
-
Multiple IEEE 802.1X users per port
provides authentication of multiple IEEE 802.1X users per port; prevents user "piggybacking" on another user's IEEE 802.1X authentication
-
Concurrent IEEE 802.1X and Web or MAC authentication schemes per port
switch port will accept any of IEEE 802.1X and either Web or MAC authentications
-
Access Control Lists (ACLs):
provide filtering based on the IP field, source/destination IP address/subnet, and source/destination TCP/UDP port number on a per-VLAN or per-port basis
-
Identity-driven ACL:
enables implementation of a highly granular and flexible access security policy specific to each authenticated network user
-
DHCP protection:
blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
NEW!
-
BPDU port protection:
blocks Bridge Protocol Data Units (BPDU) on ports that do not require BPDUs, preventing forged BPDU attacks
NEW!
-
Dynamic IP lockdown:
works with DHCP protection to block traffic from unauthorized host, preventing IP source address spoofing
NEW!
-
Dynamic ARP protection:
blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or data thief of network data
NEW!
-
Detection of malicious attacks:
monitors 10 types of network traffic and sends a warning when an anomaly that potentially may be caused by malicious attacks is detected
NEW!
-
Port security:
allows access only to specified MAC addresses, which can be learned or specified by the administrator
-
MAC address lockout:
prevents configured particular MAC addresses from connecting to the network
-
Source-port filtering:
allows only specified ports to communicate with each other
-
TACACS+:
eases switch management security administration by using a password authentication server
-
Secure Shell (SSHv2):
encrypts all transmitted data for secure, remote command-line interface (CLI) access over IP networks
-
Secure Sockets Layer (SSL):
encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch
-
Secure FTP:
allows secure file transfer to/from the switch; protects against unwanted file downloads or unauthorized copying of switch configuration file
-
Secure management access:
all access methods--CLI, GUI, or MIB--are securely encrypted through SSHv2, SSL, and/or SNMPv3
-
Switch management logon security:
can require either RADIUS or TACACS+ authentication for secure switch CLI logon
-
Security banner:
displays customized security policy when users log in to the switch
Convergence
-
IP multicast routing:
includes PIM Sparse and Dense modes to route IP multicast traffic
-
IP multicast snooping (data-driven IGMP):
automatically prevents flooding of IP multicast traffic
-
LLDP-MED (Media Endpoint Discovery):
a standard extension of LLDP that stores values for parameters such as QoS and VLAN to automatically configure network devices such as IP phones
-
iSCSI support:
enables the deployment of Ethernet storage area network solutions using the iSCSI standard
Quality of Service (QoS)
-
Layer 4 prioritization:
enables prioritization based on TCP/UDP port numbers
-
Traffic prioritization:
allows real-time traffic classification into 8 priority levels mapped to 8 queues
-
Bandwidth shaping:
-
Rate limiting
per-port ingress/egress enforced maximum bandwidth
-
Guaranteed minimum
per-port, per-queue egress-based guaranteed minimum bandwidth
-
Class of Service (CoS):
sets the IEEE 802.1p priority tag based on IP address, IP Type of Service (ToS), L3 protocol, TCP/UDP port number, source port, and DiffServ
» Return to top
|
|
|
|
|
|
|
