3
•
Multiple configuration files:
allow multiple
configuration files to be stored to flash image
•
Friendly port names:
allow assignment of
descriptive names to ports
•
Find-Fix-and-Inform:
finds and fixes common
network problems automatically, then informs
administrator
•
Software updates:
free downloads from the
Web
•
Troubleshooting:
ingress/egress port monitoring
enables network problem-solving
Layer 2 switching
•
VLAN support and tagging:
supports the IEEE
802.1Q (4,094 VLAN IDs) and 256 VLANs
simultaneously
•
GARP VLAN Registration Protocol:
allows
automatic learning and dynamic assignment of
VLANs
•
Jumbo packet support:
supports up to
9,220-byte frame size to improve performance of
large data transfers
Layer 3 routing
•
Static IP routing:
provides manually configured
routing; includes ECMP capability
•
RIP:
provides RIPv1 and RIPv2 routing
Security
•
Multiple user authentication methods:
–
IEEE 802.1X:
industry-standard method of user
authentication using an IEEE 802.1X supplicant on
the client in conjunction with a RADIUS server
–
Web-based authentication:
similar to IEEE
802.1X, provides a browser-based environment to
authenticate clients that do not support the IEEE
802.1X supplicant
–
MAC-based authentication:
client is
authenticated with the RADIUS server based on
the client's MAC address
•
Authentication flexibility:
–
Multiple IEEE 802.1X users per port:
provides authentication of up to eight IEEE 802.1X
users per port; prevents user "piggybacking" on
another user's IEEE 802.1X authentication
–
Concurrent IEEE 802.1X and Web or MAC
authentication schemes per port:
switch
port will accept any of IEEE 802.1X and either
Web or MAC authentications
•
Access control lists (ACLs):
provide IP Layer 3
filtering based on source/destination IP
address/subnet and source/destination TCP/UDP
port number
•
Identity-driven ACL:
enables implementation of
a highly granular and flexible access security policy
and VLAN assignment specific to each authenticated
network user
•
Dynamic ARP protection:
blocks ARP
broadcasts from unauthorized hosts, preventing
eavesdropping or theft of network data
•
DHCP protection:
blocks DHCP packets from
unauthorized DHCP servers, preventing
denial-of-service attacks
•
Port monitoring for network threats:
provides sampled port traffic using sFlow technology
to the HP ProCurve Network Immunity Manager
application for Network Behavior Anomaly
Detection (NBAD) analysis to detect threats and
mitigate threats at the port where the threat
originated
•
Source-port filtering:
allows only specified ports
to communicate with each other
•
RADIUS/:
eases switch management
security administration by using a password
authentication server
•
Secure Shell (SSHv2):
encrypts all transmitted
data for secure, remote command-line interface (CLI)
access over IP networks
•
Secure FTP:
allows secure file transfer to/from the
switch; protects against unwanted file downloads or
unauthorized copying of switch configuration file
•
Secure Sockets Layer (SSL):
encrypts all HTTP
traffic, allowing secure access to the browser-based
management GUI in the switch
•
Port security:
allows access only to specified
MAC addresses, which can be learned or specified
by the administrator
•
MAC address lockout:
prevents configured
particular MAC addresses from connecting to the
network
•
Switch management logon security:
can
require either RADIUS or authentication
for secure switch CLI logon
•
STP BPDU port protection:
blocks Bridge
Protocol Data Units (BPDUs) on ports that do not
require BPDUs, preventing forged BPDU attacks
•
USB Secure Autorun (requires HP ProCurve
Manager Plus):
deploys, diagnoses, and updates
switch using USB flash drive; works with secure
credential to prevent tampering
