HP 5200zl, 3500yl manual Overview of features and benefits, Performance, Security features

Page 29

Overview of features and benefits

The HP ProCurve Switch 5400zl, 3500yl, and 6200yl series use the same software image base. For the HP ProCurve Switch 6200yl, the Premium License feature group is standard. For the HP ProCurve Switch 5400zl and 3500yl series, you have the choice of using the Intelligent Edge feature group or the Premium License feature group for an additional fee. The Premium License feature group supports additional aggregation layer features: Q-in-Q, PIM-SM, PIM-DM, OSPF-ECMP, and VRRP. The primary differences among these switch families are hardware related and include such aspects as port density and the number of power supplies and fans.

The following summary of features and benefits applies to the HP ProCurve Switch 5400zl, 3500yl, and 6200yl series. Any differences that exist among the switches are noted.

Performance

ProVision ASIC technology: powered by the ProVision ASICs, the switch families offer state-of- the-art high-capacity switch fabric performance—692 Gbps for the 5412zl, 346 Gbps for the 5406zl, 173 Gbps for the 3500yl-48G-PWR, and 115 Gbps for the 3500yl-24G-PWR and 6200yl- 24G-mGBIC.

Selectable queue configurations: increase performance by selecting the number of queues and associated memory buffer that best meet the requirements of network applications.

Security features

Virus Throttle: connection Rate Filtering thwarts virus spreading by blocking routing from certain hosts exhibiting abnormal traffic behavior

ICMP throttling: defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle ICMP traffic

Filtering capabilities: include fast, flexible Access Control Lists (ACLs), up to 3,000 per module (in later release, more precise detailed control via the fast Policy Enforcement Engine), source port, multicast MAC address, and other protocol-based filtering capabilities

Switch CPU protection: provides automatic protection against malicious network traffic trying to shut down the switch

Detection of malicious attacks: monitors ten types of network traffic and sends a warning if an anomaly occurs, signaling the detection of a potential malicious attacks

USB secure autorun: uses USB flash drive to deploy, troubleshoot, or update switches; works with secure credential to prevent tampering

STP root guard: protects STP root bridge from malicious attack or configuration mistakes

DHCP protection: blocks DHCP packets from unauthorized DHCP servers, preventing denial-of- service attack

BPDU port protection: blocks Bridge Protocol Data Unit (BPDU) on ports that do not require BPDU, preventing forged BPDU attack

Dynamic ARP protection: blocks ARP broadcast from unauthorized hosts, preventing eavesdropping or data theft of network data

Dynamic IP lockdown: works with DHCP protection to block traffic from unauthorized host, preventing IP source address spoofing

Identity Driven Manager: supports HP ProCurve Identity Driven Manager (IDM) which can dynamically apply per-user security, access, and performance settings to infrastructure devices based on approved user, location, and time

Multiple user authentication methods:

Multiple IEEE 802.1X users per port: provides authentication of multiple IEEE 802.1X users per port; prevents user “piggybacking” on another user’s IEEE 802.1X authentication

Web-based authentication: authenticates from Web browser for clients that do not support IEEE 802.1X supplicant; customized remediation can be processed on an external Web server

Concurrent IEEE 802.1X, Web, and MAC authentication schemes per port: switch port will accept up to 32 sessions of IEEE 802.1X, Web, and MAC authentications

Access control lists (ACLs): provide filtering based on the IP field, source/destination IP address/subnet, and source/destination TCP/UDP port number on a per-VLAN or per-port basis

29

Page 28 Page 30
Image 29
Page 28 Page 30
Contents HP ProCurve Switch 5400zl, 3500yl, and 6200yl Series Ospf Page Introduction Executive summaryOverview Product positioningProVision Asic architecture HP ProCurve Switch 5400zl and 3500yl SeriesHP ProCurve Switch 6200yl-24G-mGBIC Classification and lookup Inside the ProVision Asic ArchitecturePolicy Enforcement Engine Advanced capabilities of the product family Management subsystemHP ProCurve Switch 5400zl Series 5400zl chassis layout ProCurve Switch 5400zl ChassisHP ProCurve Switch 5406zl chassis layout Power supply types System PoE power Power suppliesFan tray Management module Zl modulesHP ProCurve Switch 5400zl series line interface modules Power supply configurations5406zl 5412zl Specifications Memory ProcessorConsole port Auxiliary portMini-GBICs supported ordered separately DescriptionPorts Open mini-GBIC slots Maximum distance Transceivers supported ordered separatelyHP ProCurve Radio Ports supported ordered separately HP ProCurve ONE Services zl Module J9289A DescriptionHP ProCurve Switch 3500yl Series Page Additional line interface module LED status indicatorsHP ProCurve Switch 6200yl HP ProCurve Switch 6200yl-24G-mGBIC J8992A Performance Overview of features and benefitsSecurity features QoS functions Bandwidth shaping usingConvergence Advanced classifier-based QoSBridging protocols Layer 2 switchingRouting protocols IPv6Management DiagnosticsFuture-proofing Low cost of ownershipDevice management Standards and protocolsGeneral protocols IP MulticastNetwork management MIBsPerformance and capacity Capacity and performance features comparisonQoS/Cos SecurityPer-port buffer sizes Optimizing the 10-GbE port configuration Page Throughput and latency performance data Gbps Gigabit performance traffic patterns Industry-leading warranty HP ProCurve warranty and supportIntelligent Edge and Premium License Appendix a Premium LicenseTask Manual Using Appendix B Policy Enforcement Engine Policy Enforcement Engine benefits Wire-speed performance for ACLsGranular policy enforcement Hardware-based performancePoE device types Appendix C Power over EthernetPoE negotiation Power delivery optionsAdditional PoE power-external supplies Support for pre-802.3af standard powered devices Appendix D PIM Sparse ModeAppendix E LLDP-MED Appendix F Virus Throttle security Page Response options Appendix G VrrpSensitivity Connection-rate ACLXrrp support on 5300xl switch Appendix H Ospf Equal Cost Multipath Vlan ID Appendix I Advanced Classifier-Based QoSLimitations/Restrictions Appendix J Server-to-Switch Distributed TrunkingAn example of upstream traffic forwarding is as follows Appendix K TroubleshootingLED status indicators for 5400zl series EPS LED LED status indicators for 3500yl and 6200yl series Temp On green Blinking orange Fan Status PoE Status Off Part number Component Part numbers and Field Replaceable UnitsPart number Component For more information
Top Page Image Contents