MAC-based authentication
client is authenticated with the RADIUS server based on client's MAC authentication
Concurrent IEEE 802.1X, Web, and MAC authentication schemes per port
switch port accepts up to 32 sessions of IEEE 802.1X, Web, and MAC authentications
Virus throttling
detects traffic patterns typical of worm-type viruses and either throttles or entirely prevents the virus from spreading across the
routed VLANs or bridged interfaces without requiring external appliances
DHCP protection
blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
Secure management access
delivers secure encryption of all access methods (CLI, GUI, or MIB) through SSHv2, SSL, and/or SNMPv3
USB Secure Autorun (requires HP PCM+)
deploys, diagnoses, and updates a switch using a USB flash drive; works with a secure credential to prevent tampering
Switch CPU protection
provides automatic protection against malicious network traffic trying to shut down the switch
ICMP throttling
defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle ICMP traffic
Identity-driven ACL
enables implementation of a highly granular and flexible access security policy and VLAN assignment specific to each
authenticated network user
STP BPDU port protection
blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks
Dynamic IP lockdown
works with DHCP protection to block traffic from unauthorized hosts, preventing IP source address spoofing
Dynamic ARP protection
blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data
STP Root Guard
protects the root bridge from malicious attacks or configuration mistakes
Detection of malicious attacks
monitors 10 types of network traffic and sends a warning when an anomaly that potentially can be caused by malicious attacks
is detected
Port security
allows access only to specified MAC addresses, which can be learned or specified by the administrator
MAC address lockout
prevents particular configured MAC addresses from connecting to the network
Source-port filtering
allows only specified ports to communicate with each other
RADIUS/
eases switch management security administration by using a password authentication server
Secure Shell
encrypts all transmitted data for secure remote CLI access over IP networks
Secure Sockets Layer (SSL)
encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch
Secure FTP
allows secure file transfer to and from the switch; protects against unwanted file downloads or unauthorized copying of a switch
configuration file
Management Interface Wizard
helps secure management interfaces such as SNMP, telnet, SSH, SSL, Web, and USB at the desired level
Switch management logon security
helps secure switch CLI logon by optionally requiring either RADIUS or authentication
QuickSpecs
HP 3500 and 3500 yl Switch Series
Overview
DA - 13282 North America — Version 20 — January 17, 2014
Page 5
