|
Key features
|
-
Access layer cost-effective switch.
-
Layer 2 plus static IP routing.
-
Scalable 10/100 connectivity.
-
Gigabit fiber uplinks.
-
Enterprise-class features.
|
|
Connectivity
|
-
IEEE 802.3af Power over Ethernet: Provides up to 15.4 W per port to IEEE 802.3af compliant PoE powered devices such as IP phones, wireless access points, and security cameras.
-
Pre-standard PoE support:
-
Gigabit Uplink Connectivity: Two 10/100/1000BASE-T ports and two mini-GBIC ports for connectivity such as Gigabit (SX, LX, LH, 1000BaseT) and 100Base-FX.
-
Auto-MDIX: Automatically adjusts for straight-through or crossover cables on all 10/100 ports.
-
Jumbo packet support: Supports up to 9,216 byte frame size to improve performance of large data transfers.
|
|
Resiliency and high availability
|
-
IEEE 802.3ad Link Aggregation Protocol (LACP) and ProCurve trunking: Support up to 24 trunks, each with up to 8 links (ports) per trunk.
-
IEEE 802.1s Multiple Spanning Tree: Provides high link availability in multiple VLAN environments by allowing multiple spanning trees; provides legacy support for IEEE 802.1d and IEEE 802.1w.
-
Optional redundant power supply: Provides uninterrupted power (Provided by ProCurve 600 RPS/EPS).
|
|
Layer 3 switching
|
-
VLAN support and tagging: Supports the IEEE 802.1Q (4,096 VLAN IDs) and 256 VLANs simultaneously.
-
GARP VLAN registration protocol (GVRP): Allows automatic learning and dynamic assignment of VLANs.
-
IEEE 802.1v protocol VLANs: Isolate select non-IPv4 protocols automatically into their own VLANs.
|
|
Layer 3 routing
|
Basic IP routing: Enables automatic routing to the connected VLANs and up to 16 static routes–including one default route–in IP networks.
|
|
Convergence
|
-
IEEE 802.1AB Link Layer Discovery Protocol (LLDP): Automated device discovery protocol for easy mapping by network management applications.
-
LLDP-MED (Media Endpoint Discovery): A standard extension of LLDP that stores values for parameters such as QoS and VLAN to automatically configure network devices such as IP phones.
-
IP multicast snooping and data-driven IGMP: Automatically prevents flooding of IP multicast traffic.
|
|
Monitor and diagnostics
|
Port mirroring: Enables traffic on a port to be simultaneously sent to a network analyzer for monitoring.
|
|
Quality of Service (QoS)
|
-
Class of Service (CoS): Sets the IEEE 802.1p priority tag based on IP address, IP Type of Service (ToS), L3 protocol, TCP/UDP port number, source port, and DiffServ.
-
Layer 4 prioritization: Enables prioritization based on TCP/UDP port numbers.
-
Traffic prioritization (IEEE 802.1p): Allows real-time traffic classification into eight priority levels mapped to four queues.
|
|
Manageability
|
-
RMON, XRMON, and sFlow: Provide advanced monitoring and reporting capabilities for statistics, history, alarms, and events.
-
Uni-Directional Link Detection (UDLD): Monitors a link between two switches and blocks the ports on both ends of the link if the link goes down at any point between the two devices.
-
Command authorization: Leverages RADIUS to link a custom list of CLI commands to individual network administrator’s login; also provides an audit trail.
-
Multiple configuration files: Allow multiple configuration files to be stored to flash image.
-
Dual flash images: Provides independent primary and secondary operating system files for backup while upgrading.
-
Single IP Address Management: Single IP address management for a virtual stack of up to 16 switches.
Friendly port names: Allow assignment of descriptive names to ports.
-
Find-Fix-and-Inform: Finds and fixes common network problems automatically, then informs administrator.
-
Software updates: Free downloads from the Web.
-
Troubleshooting: Ingress/egress port monitoring enables network problem-solving.
|
|
Security
|
-
Multiple user authentication methods:
-
IEEE 802.1X: Industry-standard method of user authentication using an IEEE 802.1X supplicant on the client in conjunction with a RADIUS server.
-
Web-based authentication: Similar to IEEE 802.1X, provides a browser-based environment to authenticate clients that do not support the IEEE 802.1X supplicant.
-
MAC-based authentication: Client is authenticated with the RADIUS server based on client’s MAC address.
-
Authentication flexibility:
-
Multiple IEEE 802.1X users per port: Provides authentication of up to 8 IEEE 802.1X users per port; prevents user “piggybacking” on another user’s IEEE 802.1X authentication.
-
Concurrent IEEE 802.1X and Web or MAC authentication schemes per port: Switch port will accept any of IEEE 802.1X and either Web or MAC authentications.
-
Access control lists (ACLs): Provide IP Layer 3 filtering based on source/destination IP address/subnet and source/destination TCP/UDP port number.
-
Identity-driven ACL: Enables implementation of a highly granular and flexible access security policy and VLAN assignmentspecific to each authenticated network user.
-
Dynamic ARP protection: Blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data.
-
Port security: Allows access only to specified MAC addresses, which can be learned or specified by the administrator.
-
MAC address lockout: Prevents configured particular MAC addresses from connecting to the network.
-
Source-port filtering: Allows only specified ports to communicate with each other.
-
RADIUS/TACACS+: Eases switch management security administration by using a password authentication server.
-
Secure Shell (SSHv2): Encrypts all transmitted data for secure, remote command-line interface (CLI) access over IP networks.
-
Port monitoring for network threats: Provides sampled port traffic using sFlow technology to the HP ProCurve Network Immunity Manager application for Network Behavior Anomaly Detection (NBAD) analysis to detect threats and mitigate threats at the port where the threat originated.
-
Secure Sockets Layer (SSL): Encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch.
-
Secure FTP: Allows secure file transfer to/from the switch; protects against unwanted file downloads or unauthorized copying of switch configuration file.
-
Switch management logon security: Can require either RADIUS or TACACS+ authentication for secure switch CLI logon.
-
DHCP protection: Blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks.
-
STP BPDU port protection: Blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks.
-
STP root guard: Protects root bridge from malicious attack or configuration mistakes.
|
