Address Resolution Protocol (ARP)
determines the MAC address of another IP host in the same subnet; supports static ARPs; gratuitous ARP allows detection of
duplicate IP addresses; proxy ARP allows normal ARP operation between subnets or when subnets are separated by a Layer 2
network
Dynamic Host Configuration Protocol (DHCP)
simplifies the management of large IP networks; supports client; DHCP Relay enables DHCP operation across subnets
Loopback interface address
defines an address that can always be reachable, improving diagnostic capability
User Datagram Protocol (UDP) helper function
allows UDP broadcasts to be directed across router interfaces to specific IP unicast or subnet broadcast addresses and prevents
server spoofing for UDP services such as DHCP
Route maps
provide more control during route redistribution; allow filtering and altering of route metrics
Layer 3 routing
Static IP routing
provides manually configured routing for both IPv4 and IPv6 networks
Security
Access control lists (ACLs)
provides IP Layer 2 to Layer 4 traffic filtering; supports global ACL, VLAN ACL, port ACL, and IPv6 ACL
IEEE 802.1X
industry-standard method of user authentication using an IEEE 802.1X supplicant on the client in conjunction with a RADIUS
erver
MAC-based authentication
client is authenticated with the RADIUS server based on the client's MAC address
Identity-driven security and access control
Per-user ACLs
permits or denies user access to specific network resources based on user identity and time of day, allowing multiple types of
users on the same network to access specific network services without risking network security or providing unauthorized
access to sensitive data
Automatic VLAN assignment
automatically assigns users to the appropriate VLAN based on their identities
Secure management access
delivers secure encryption of all access methods (CLI, GUI, or MIB) through SSHv2, SSL, and/or SNMPv3
Secure FTP
allows secure file transfer to and from the switch; protects against unwanted file downloads or unauthorized copying of a switch
configuration file
Guest VLAN
provides a browser-based environment to authenticated clients that is similar to IEEE 802.1X
Endpoint Admission Defense (EAD)
provides security policies to users accessing a network
Port security
allows access only to specified MAC addresses, which can be learned or specified by the administrator
Port isolation
secures and adds privacy, and prevents malicious attackers from obtaining user information
STP BPDU port protection
blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks
QuickSpecs
HP 5120 EI Switch Series
Overview
DA - 13850 Worldwide — Version 26 — April 15, 2014
Page 6
