Access control list (ACL)
supports powerful ACLs for both IPv4 and IPv6; ACLs are used for filtering traffic to prevent unauthorized users from accessing
the network, or for controlling network traffic to save resources; rules can either deny or permit traffic to be forwarded; rules
can be based on a Layer 2 header or a Layer 3 protocol header; rules can be set to operate on specific dates or times
Terminal Access Controller Access-Control System ()
delivers an authentication tool using TCP with encryption of the full authentication request, providing additional security
Network login
allows authentication of multiple users per port using the IEEE 802.1X standard
RADIUS login
eases security access administration by using a password authentication server
Network address translation (NAT)
supports one-to-one NAT, many-to-many NAT, and NAT control, enabling NAT-PT to support multiple connections; supports
blacklist in NAT/NAT-PT, a limit on the number of connections, session logs, and multi-instances
Secure Shell (SSHv2)
uses external servers to securely log in to a remote device or securely log in to MSR from a remote location; with authentication
and encryption, it protects against IP spoofing and plain text password interception; increases the security of SFTP transfers
Unicast Reverse Path Forwarding (URPF)
allows normal packets to be forwarded correctly, but discards the attaching packet due to lack of reverse path route or incorrect
inbound interface; prevents source spoofing and distributed attacks
IPSec VPN
supports DES, 3DES, and AES 128/192/256 encryption, and MD5 and SHA-1 authentication
Dynamic Virtual Private Network (DVPN)
collects, maintains, and distributes dynamic public addresses through the VPN Address Management (VAM) protocol, making
VPN establishment available between enterprise branches that use dynamic addresses to access the public network; compared
to traditional VPN technologies, DVPN technology is more flexible and has richer features, such as NAT traversal of DVPN
packets, AAA identity authentication, IPSec protection of data packets, and multiple VPN domains
Convergence
Internet Group Management Protocol (IGMP)
utilizes Any-Source Multicast (ASM) or Source-Specific Multicast (SSM) to manage IPv4 multicast networks; supports IGMPv1, v2,
and v3
Protocol Independent Multicast (PIM)
defines modes of Internet IPv4 and IPv6 multicasting to allow one-to-many and many-to-many transmission of information;
supports PIM Dense Mode (DM), Sparse Mode (SM), and Source-Specific Mode (SSM)
Multicast Source Discovery Protocol (MSDP)
allows multiple PIM-SM domains to interoperate; is used for inter-domain multicast applications
Multicast Border Gateway Protocol (MBGP)
allows multicast traffic to be forwarded across BGP networks and kept separate from unicast traffic
Internet Group Management Protocol (IGMP) snooping and proxy
monitors and observes IGMP network traffic, allowing the network device to listen in on the IGMP conversation between
hosts and routers, enabling better IP multicast stream control
allows a multicast router to learn multicast group membership information and enables it to forward multicast packets
Multicast VPN and bidirectional protocol
independent-multicasting (PIM)
allows rich multicast services such as video conferencing and data sharing amongst enterprise VPN-based deployments
improves scalability of various applications through the use of bidirectional PIM
Integration
Embedded NetStream
QuickSpecs
HP MSR93x Series
Overview
DA - 14559 Worldwide — Version 2 — September 30, 2013
Page 5