Broadcast control
: allows limitation of broadcast traffic rate to cut down on unwanted broadcast traffic on the network
Security
Manager and operator privilege levels
: enables read-only (operator) and read-write (manager) access on management
interfaces
RADIUS/ for management access authentication
: eases switch management security administration by using a
password authentication server
Secure protocols for encryption of management traffic
:
Secure Shell (SSHv2): encrypts all transmitted data for secure, remote CLI access over IP networks
Secure Sockets Layer (SSL): encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in
the switch
Simple Network Management Protocol (SNMP) v3: allows encryption of traffic between switch MIBs and network
management software
Secure FTP (SFTP): encrypts uploads and downloads of configuration file
Protected ports
: prevents designated ports from communicating with each other while allowing access to unprotected ports
Port security
: allows access only to specified MAC addresses, which can be learned or specified by the administrator
MAC address lockout
: prevents particular configured MAC addresses from connecting to the network
MAC address lockdown
: allows only specified MAC addresses access to the network on a specified port
Denial-of-service
(DoS)
attack filtering
: automatically filters and drops common DoS attack traffic types
User authentication for port access
:
IEEE 802.1X
: utilizes an industry-standard user authentication with an IEEE 802.1X supplicant on the client in conjunction
with a RADIUS server
Web-based
: similar to IEEE 802.1X, it provides a browser-based environment to authenticate clients
MAC-based
: client is authenticated with the RADIUS server based on MAC address
Concurrent authentication schemes
: each switch port will accept up to two sessions of IEEE 802.1X, Web, and/or MAC
authentications concurrently
Custom banner
: displays security policy when users log in to the switch
Spanning Tree Protocol Bridge Protocol Data Unit
(BPDU)
port protection
: blocks BPDUs on ports that do not require BPDUs,
preventing forged BPDU attacks
Spanning Tree Protocol Root Guard
: when running the spanning tree protocol, protects root bridge from malicious attack or
configuration mistakes
Physical security
:
Front-panel buttons: provides the ability to disable reset and clear buttons on front panel for added security
Kensington Lock: 2520-8-PoE and 2520G-8-PoE switches include a Kensington Lock slot for securing the switches in
open-space deployments
Convergence
LLDP-MED
(Media Endpoint Discovery): is a standard extension of LLDP that automatically configures network devices such as IP
phones
IP multicast snooping and data-driven IGMP
: automatically prevents flooding of IP multicast traffic
Voice VLAN
: uses LLDP-MED to automatically configure a VLAN for IP phones
Flexibility
Quiet operation
:
Fanless design
(2520-8-PoE and 2520G-8-PoE switches): enables quiet operation for deployment in open spaces
Variable-speed fans
(2520-24-PoE switch): improves fan speed for the operating environment while lowering noise and
energy consumption levels
QuickSpecs
HP 2520 Switch Series
Overview
DA - 13525 Worldwide — Version 12 — November 12, 2013
Page 3
