MAC-based VLANs, and protocol-based VLANs
GARP VLAN Registration Protocol
GARP VLAN Registration Protocol
GARP VLAN Registration Protocol
GARP VLAN Registration Protocol (GVRP): allows automatic learning and dynamic assignment of VLANs
IEEE 802.1ad QinQ and Selective QinQ
IEEE 802.1ad QinQ and Selective QinQ
IEEE 802.1ad QinQ and Selective QinQ
IEEE 802.1ad QinQ and Selective QinQ: increase the scalability of an Ethernet network by providing a hierarchical
structure; connect multiple LANs on a high-speed campus or metro network
Gigabit Ethernet port aggregation
Gigabit Ethernet port aggregation
Gigabit Ethernet port aggregation
Gigabit Ethernet port aggregation: allows grouping of ports to increase overall data throughput to a remote device
IGMP and MLD snooping
IGMP and MLD snooping
IGMP and MLD snooping
IGMP and MLD snooping: effectively control and manage the flooding of multicast packets in a Layer 2 network
Layer 3 services
Layer 3 services
Layer 3 services
Layer 3 services
Address Resolution Protocol
Address Resolution Protocol
Address Resolution Protocol
Address Resolution Protocol (ARP): determines the MAC address of another IP host in the same subnet
Dynamic Host Configuration Protocol
Dynamic Host Configuration Protocol
Dynamic Host Configuration Protocol
Dynamic Host Configuration Protocol (DHCP): simplifies the management of large IP networks and supports client and server
Loopback interface address
Loopback interface address
Loopback interface address
Loopback interface address: defines an address in Routing Information Protocol (RIP) and OSPF that can always be
reachable, improving diagnostic capability
Security
Security
Security
Security
Access control lists
Access control lists
Access control lists
Access control lists (ACLs): provide IP Layer 2 to Layer 4 traffic filtering; support global ACL, VLAN ACL, and IPv6 ACL
Multiple user authentication methods
Multiple user authentication methods
Multiple user authentication methods
Multiple user authentication methods:
IEEE 802.1X: industry-standard method of user authentication using an IEEE 802.1X supplicant on the client in
conjunction with a RADIUS server
Web-based authentication: similar to IEEE 802.1X, it provides a browser-based environment to authenticate clients that
do not support the IEEE 802.1X supplicant
MAC-based authentication: client is authenticated with the RADIUS server based on the client's MAC address
Identity-driven security and access control
Identity-driven security and access control
Identity-driven security and access control
Identity-driven security and access control:
Per-user ACLs: permits or denies user access to specific network resources based on user identity and time of day,
allowing multiple types of users on the same network to access specific network services without risk to network security
or unauthorized access to sensitive data
Automatic VLAN assignment: automatically assigns users to the appropriate VLAN based on their identities
Secure management access
Secure management access
Secure management access
Secure management access: securely encrypts all access methods (CLI, GUI, or MIB) through SSHv2, SSL, and/or SNMPv3
Secure File Transfer Protocol
Secure File Transfer Protocol
Secure File Transfer Protocol
Secure File Transfer Protocol (FTP): allows secure file transfer to and from the switch; protects against unwanted file
downloads or unauthorized copying of switch configuration file
Guest VLAN
Guest VLAN
Guest VLAN
Guest VLAN: similar to IEEE 802.1X, it provides a browser-based environment to authenticated clients
Endpoint Admission Defense
Endpoint Admission Defense
Endpoint Admission Defense
Endpoint Admission Defense (EAD): provides security policies to users accessing a network
Port security
Port security
Port security
Port security: allows access only to specified MAC addresses, which can be learned or specified by the administrator
Port isolation
Port isolation
Port isolation
Port isolation: secures and adds privacy, and prevents malicious attackers from obtaining user information
STP BPDU port protection
STP BPDU port protection
STP BPDU port protection
STP BPDU port protection: blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged
BPDU attacks
STP Root Guard
STP Root Guard
STP Root Guard
STP Root Guard: protects root bridge from malicious attack or configuration mistakes
DHCP protection
DHCP protection
DHCP protection
DHCP protection: blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
Dynamic ARP protection
Dynamic ARP protection
Dynamic ARP protection
Dynamic ARP protection: blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data
IP Source Guard
IP Source Guard
IP Source Guard
IP Source Guard: filters packets on a per-port basis, which prevents illegal packets from being forwarded
RADIUS/HWTACACS
RADIUS/HWTACACS
RADIUS/HWTACACS
RADIUS/HWTACACS: eases switch management security administration by using a password authentication server
Convergence
Convergence
Convergence
Convergence
IEEE 802.1AB Link Layer Discovery Protocol
IEEE 802.1AB Link Layer Discovery Protocol
IEEE 802.1AB Link Layer Discovery Protocol
IEEE 802.1AB Link Layer Discovery Protocol (LLDP): is an automated device discovery protocol for easy mapping by network
management applications
LLDP-MED
LLDP-MED
LLDP-MED
LLDP-MED: is a standard extension that automatically configures network devices, including LLDP-capable IP phones
LLDP-CDP compatibility
LLDP-CDP compatibility
LLDP-CDP compatibility
LLDP-CDP compatibility: receives and recognizes CDP packets from Cisco's IP phones for seamless interoperation
IEEE 802.3af Power over Ethernet
IEEE 802.3af Power over Ethernet
IEEE 802.3af Power over Ethernet
IEEE 802.3af Power over Ethernet: provides up to 15.4 W per port to PoE-powered devices such as IP phones, wireless
access points, and video cameras
PoE allocations
PoE allocations
PoE allocations
PoE allocations: support multiple methods (automatic, IEEE 802.3af class, LLDP-MED, or user specified) to allocate PoE
QuickSpecs
HP A3100 EI Switch Series
HP A3100 EI Switch Series
HP A3100 EI Switch Series
HP A3100 EI Switch Series
Overview
DA - 13848 Worldwide — Version 3 — September 28, 2011
Page 3
