• ICMP throttling:
defeats ICMP
denial-of-service attacks by enabling any
switch port to automatically throttle ICMP
traffic
• Multiple user authentication methods:
-
IEEE 802.1X:
industry-standard way of
user authentication using an 802.1X
supplicant on the client in conjunction with
a RADIUS server
-
Web-based authentication:
similar to
802.1X, provides a browser-based
environment to authenticate clients that do
not support the 802.1X supplicant
-
MAC-based authentication:
client is
authenticated with the RADIUS server
based on the MAC address of the client;
useful for clients that have minimal or no
user interface
• Authentication flexibility:
-
Multiple 802.1X users per port:
provides
authentication of multiple 802.1X users per
port; prevents user "piggybacking" on
another user's 802.1X authentication
-
Concurrent 802.1X and Web or MAC
authentication schemes per port:
switch
port will accept any of 802.1X and either
Web or MAC authentications
• access control lists (ACLs):
provide IP Layer
3 filtering based on the IP field,
source/destination IP address/subnet, and
source/destination TCP/UDP port number
• Identity-driven ACL:
enables
implementation of a highly granular and
flexible access security policy specific to
each authenticated network user
• Port security:
prevents unauthorized access
using MAC address lockdown
• MAC address lockout:
prevents configured
particular MAC addresses from connecting to
the network
• Source-port filtering:
allows only specified
ports to communicate with each other
• :
eases switch management
security administration by using a password
authentication server
• Secure Shell (SSHv2):
encrypts all
transmitted data for secure, remote
command-line interface (CLI) access over IP
networks
• Secure Sockets Layer (SSL):
encrypts all
HTTP traffic, allowing secure access to the
browser-based management GUI in the
switch
• Secure FTP:
allows secure file transfer
to/from the switch; protects against unwanted
file downloads or unauthorized copying of
switch configuration file
• Secure management access:
all access
methods--CLI, GUI, or MIB--are securely
encrypted through SSHv2, SSL, and/or
SNMPv3
• Switch management logon security:
can
require either RADIUS or
authentication for secure switch CLI logon
• Security banner:
displays customized
security policy when users log in to the
switch
Convergence
• IP multicast routing (Premium Edge
license):
includes PIM Sparse and Dense
modes to route IP multicast traffic
• IP multicast snooping (data-driven
IGMP):
automatically prevents flooding of
IP multicast traffic
• LLDP-MED (Media Endpoint Discovery):
a
standard extension of LLDP that stores
values for parameters such as QoS and
VLAN to automatically configure network
devices such as IP phones
• iSCSI support:
enables the deployment of
Ethernet storage area network solutions using
the iSCSI standard
Quality of Service (QoS)
• Layer 4 prioritization:
enables prioritization
based on TCP/UDP port numbers
• Traffic prioritization:
allows real-time traffic
classification into 8 priority levels mapped to
8 queues
• Bandwidth shaping:
-
Rate limiting:
per-port ingress-based
ProCurve Switch 3500yl-24G-PWR
3
