HP 5200zl, 3500yl manual Overview of features and benefits, Performance, Security features

Overview of features and benefits

The HP ProCurve Switch 5400zl, 3500yl, and 6200yl series use the same software image base. For the HP ProCurve Switch 6200yl, the Premium License feature group is standard. For the HP ProCurve Switch 5400zl and 3500yl series, you have the choice of using the Intelligent Edge feature group or the Premium License feature group for an additional fee. The Premium License feature group supports additional aggregation layer features: Q-in-Q, PIM-SM, PIM-DM, OSPF-ECMP, and VRRP. The primary differences among these switch families are hardware related and include such aspects as port density and the number of power supplies and fans.

The following summary of features and benefits applies to the HP ProCurve Switch 5400zl, 3500yl, and 6200yl series. Any differences that exist among the switches are noted.

Performance

•ProVision ASIC technology: powered by the ProVision ASICs, the switch families offer state-of- the-art high-capacity switch fabric performance—692 Gbps for the 5412zl, 346 Gbps for the 5406zl, 173 Gbps for the 3500yl-48G-PWR, and 115 Gbps for the 3500yl-24G-PWR and 6200yl- 24G-mGBIC.

•Selectable queue configurations: increase performance by selecting the number of queues and associated memory buffer that best meet the requirements of network applications.

Security features

•Virus Throttle: connection Rate Filtering thwarts virus spreading by blocking routing from certain hosts exhibiting abnormal traffic behavior

•ICMP throttling: defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle ICMP traffic

•Filtering capabilities: include fast, flexible Access Control Lists (ACLs), up to 3,000 per module (in later release, more precise detailed control via the fast Policy Enforcement Engine), source port, multicast MAC address, and other protocol-based filtering capabilities

•Switch CPU protection: provides automatic protection against malicious network traffic trying to shut down the switch

•Detection of malicious attacks: monitors ten types of network traffic and sends a warning if an anomaly occurs, signaling the detection of a potential malicious attacks

•USB secure autorun: uses USB flash drive to deploy, troubleshoot, or update switches; works with secure credential to prevent tampering

•STP root guard: protects STP root bridge from malicious attack or configuration mistakes

•DHCP protection: blocks DHCP packets from unauthorized DHCP servers, preventing denial-of- service attack

•BPDU port protection: blocks Bridge Protocol Data Unit (BPDU) on ports that do not require BPDU, preventing forged BPDU attack

•Dynamic ARP protection: blocks ARP broadcast from unauthorized hosts, preventing eavesdropping or data theft of network data

•Dynamic IP lockdown: works with DHCP protection to block traffic from unauthorized host, preventing IP source address spoofing

•Identity Driven Manager: supports HP ProCurve Identity Driven Manager (IDM) which can dynamically apply per-user security, access, and performance settings to infrastructure devices based on approved user, location, and time

•Multiple user authentication methods:

–Multiple IEEE 802.1X users per port: provides authentication of multiple IEEE 802.1X users per port; prevents user “piggybacking” on another user’s IEEE 802.1X authentication

–Web-based authentication: authenticates from Web browser for clients that do not support IEEE 802.1X supplicant; customized remediation can be processed on an external Web server

–Concurrent IEEE 802.1X, Web, and MAC authentication schemes per port: switch port will accept up to 32 sessions of IEEE 802.1X, Web, and MAC authentications

•Access control lists (ACLs): provide filtering based on the IP field, source/destination IP address/subnet, and source/destination TCP/UDP port number on a per-VLAN or per-port basis

29