4
Data sheet | HP 2620 Switch Series
•
Secure sockets layer (SSL)
Encrypts all HTTP traffic, enabling secure access to the browser-based management GUI in
the switch
•
Port security
Allows access only to specified MAC addresses, which can be learned or specified by
the administrator
•
MAC address lockout
Helps prevent certain configured MAC addresses from connecting to the network
•
Secure FTP
Allows secure file transfer to and from the switch; and protects against unwanted file
downloads or unauthorized copying of a switch configuration file
•
Custom banner
Displays the security policy when users log in to the switch
•
Identity-driven ACL
Enables implementation of a highly granular and flexible access security policy and VLAN
assignment—specific to each authenticated network user
•
STP BPDU port protection
Blocks bridge protocol data units (BPDUs) on ports that do not require BPDUs, mitigating
forged BPDU attacks
•
STP root guard
Protects the root bridge from malicious attacks or configuration mistakes
•
DHCP protection
Blocks DHCP packets from unauthorized DHCP servers, mitigating denial-of-service attacks
•
Dynamic ARP protection
Blocks ARP broadcasts from unauthorized hosts, helping prevent eavesdropping or theft of
network data
•
Multiple user authentication methods
–
IEEE 802.1X
Uses an IEEE 802.1X supplicant on the client, in conjunction with a RADIUS server, to
authenticate in accordance with industry standards
–
Web-based authentication
Provides a browser-based environment, similar to IEEE 802.1X, to authenticate clients that
do not support the IEEE 802.1X supplicant
–
MAC-based authentication
Authenticates the client with the RADIUS server, based on the client’s MAC address
•
Authentication flexibility
–
Multiple IEEE 802.1X users per port
Enables authentication of multiple IEEE 802.1X users per port; and helps prevent a user from
“piggybacking” on another user’s IEEE 802.1X authentication
–
Concurrent IEEE 802.1X, Web, and MAC authentication schemes per port
Allows a switch port to accept up to 32 sessions of IEEE 802.1X, Web, and MAC authentications
•
Port mirroring for network threats
Provides sampled port traffic, using sFlow technology, to the HP Network Immunity Manager
application for network-behavior-anomaly-detection analysis—to detect and mitigate threats
at the ports where the threats originate
•
Per-port broadcast throttling
Selectively configures broadcast control on heavy traffic port uplinks
