Identity-driven ACL: enables implementation of a highly granular and flexible access security policy specific to each authenticated network user

Port security: prevents unauthorized access using MAC address lockdown

MAC address lockout: prevents configured particular MAC addresses from connecting to the network

Source-port filtering: allows only specified ports to communicate with each other

Security banner: displays customized security policy when users log in to the switch

Management Interface Wizard: CLI-based step-by-step configuration tool to ensure that management interfaces such as SNMP, telnet, SSH, SSL, Web, and USB are secured to desired level

Management access:

All access methods—CLI, GUI, or MIB—are securely encrypted through SSHv2, SSL, and/or SNMPv3

RADIUS and TACACS+: can require either RADIUS or TACACS+ authentication for secure switch CLI logon

Secure FTP: allows secure file transfer to/from the switch and protects against unwanted file downloads or unauthorized copying of switch configuration file

QoS functions

Layer 4 prioritization: enables prioritization based on TCP/UDP ports

Traffic prioritization: allows real-time traffic classification into 8 priority levels mapped to 8 queues

Bandwidth shaping using:

Rate limiting: per-port ingress-based enforced bandwidth maximums

Guaranteed minimums: per-port, per-queue egress-based guaranteed bandwidth minimums

Class of Service (CoS): sets 802.1p priority tag based on IP address, IP Type of Service (ToS), L3 protocol, TCP/UDP port number, source port, and DiffServ

Policy Enforcement Engine: Policy Enforcement Engine is user configured to select packets that are then forwarded or dropped (based on ACLs, QoS, and Rate Limiting). The engine is fast, and can look for multiple variables, such as an IP address and port number, in a single pass through a packet. It provides a common user experience regardless of which switch the user is connected to.

Advanced classifier-based QoS:

Provides finer granularity with multiple match criteria to select and prioritize network traffic

Integrates QoS functions: select traffic for prioritization and remote mirroring, setting priority, QoS policy, and rate limit

QoS policy can be applied to both IPv4 and IPv6 traffic for each port or VLAN

Convergence

IP multicast routing: includes PIM Sparse and Dense modes to route IP multicast traffic

IP multicast data-driven IGMP: automatically prevents flooding of IP multicast traffic

RADIUS VLAN for voice: uses standard RADIUS attribute and LLDP-MED to automatically configure VLAN for IP phones

LLDP-MED (Media Endpoint Discovery): a standard extension of LLDP that stores values for parameters such as QoS and VLAN to automatically configure network devices such as IP phones

PoE allocations: supports multiple methods (automatic, 802.3af class, LLDP-MED, or user specified) to allocate PoE power for optimal energy saving

iSCSI support: enables the deployment of Ethernet storage area network solutions using the iSCSI standard

L2/L3 jumbo frames: Layer 2/Layer 3 jumbo frames provide scalability in throughput.

30

Page 30
Image 30
HP 3500yl, 5200zl manual QoS functions, Convergence, Bandwidth shaping using, Advanced classifier-based QoS