 |
| » |
|
|
| |
|
| » |
|
| » |
|
| » |
|
| » |
|
|
| |
|
| » |
|
| » |
|
| » |
|
|
| |
|
| » |
|
|
| |
|
| » |
|
|
| |
|
|
» |
|
| » |
|
|
| |
|
| » |
|
|
| | |
| | |
| |
|
|
|
 |
|
|
|
|
|
|
|
|
|
| |
Performance
- Architecture: up to 76.8 Gbps
crossbar switching fabric provides wire-speed intra- and
inter-module switching with up to 48 million pps throughput
built on ProCurve custom-designed ASIC technology
Resiliency and high
availability
- Router redundancy (XRRP): allows
groups of two routers to dynamically back each other up to
create highly available routed environments
- 802.1s Multiple Spanning Tree:
provides high link availability in multiple VLAN
environments by allowing multiple spanning trees
- 802.1w Rapid Convergence Spanning Tree
Protocol : increases network uptime through faster
recovery from failed links
- 802.3ad Link Aggregation Control
Protocol (LACP) and ProCurve trunking: support up to
36 trunks, each with up to 8 links (ports) per trunk;
trunking across modules is supported
- Hot-swappable modules: permit
modules, mini-GBICs, and one of the power supplies in a
redundant power supply configuration to be added or swapped
without interrupting the network
- Optional redundant power supply:
provides uninterrupted power; allows hot-swapping of
one of the two supplies when installed
Layer 2 switching
- ProCurve switch meshing:
dynamically load-balances across multiple active
redundant links to increase available aggregate bandwidth
- VLAN support and tagging:
support complete 802.1Q (4,096 VLAN IDs) and 256
VLANs simultaneously
- 802.1v protocol VLANs: isolate
select non-IPv4 protocols automatically into their own VLANs
- Group VLAN Registration Protocol
(GVRP): allows automatic learning and dynamic
assignment of VLANs
Layer 3
routing
- Layer 3 IP routing: provides
routing of IP at media speed; supports static routes, RIP,
RIPv2, and OSPF
- OSPF-ECMP: enables multiple
equal-cost links in OSPF environment to increase link
redundancy and scale bandwidth
Layer 3 services
- UDP helper function: UDP
broadcasts can be directed across router interfaces to
specific IP unicast or subnet broadcast addresses and
prevent server spoofing for UDP services such as DHCP
Security
- Virus throttling: detects worm
forms of network virus activity and either throttles or
entirely prevents the ability of the virus to spread across
the routed VLANs of the ProCurve 5300xl series, without
requiring external appliances
- ICMP throttling: defeats ICMP
denial-of-service attacks by enabling any switch port to
automatically throttle ICMP traffic
- Multiple user authentication methods:
- IEEE
802.1X: industry-standard way of user
authentication using an 802.1X supplicant on the client in
conjunction with a RADIUS server
- Web-based
authentication: similar to 802.1X,
provides a browser-based environment to authenticate
clients that do not support the 802.1X supplicant
- MAC-based
authentication: client is authenticated
with the RADIUS server based on the MAC address of the
client; useful for clients that have minimal or no user
interface
- Authentication flexibility:
- Multiple 802.1X users per port:
provides authentication of multiple
802.1X users per port; prevents user "piggybacking" on
another user's 802.1X authentication
- Concurrent 802.1X and Web or MAC
authentication schemes per port: switch
port will accept any of 802.1X and either Web or MAC
authentications
- Access control lists (ACLs):
provide IP Layer 3 filtering based on
source/destination IP address/subnet and source/destination
TCP/UDP port number
- Identity-driven ACL: enables
implementation of a highly granular and flexible access
security policy specific to each authenticated network user
- Port security: prevents
unauthorized access using MAC address lockdown
- MAC address lockout: prevents
configured particular MAC addresses from connecting to the
network
- Source-port filtering: allows
only specified ports to communicate with each other
- TACACS+: eases switch management
security administration by using a password authentication
server
- Secure Shell (SSHv2): encrypts
all transmitted data for secure, remote command-line
interface (CLI) access over IP networks
- Secure Sockets Layer (SSL):
encrypts all HTTP traffic, allowing secure access to
the browser-based management GUI in the switch
- Secure FTP: allows secure file
transfer to/from the switch; protects against unwanted file
downloads or unauthorized copying of switch configuration
file
- Secure access to manage the ProCurve
Switch 5300xl series: all access methods—CLI, GUI, or
MIB—are securely encrypted through SSHv2, SSL, and/or SNMPv3
- Switch management logon security:
can require either RADIUS or TACACS+ authentication
for secure switch CLI logon
Convergence
- IP multicast routing (PIM-Dense):
routes IP multicast traffic using the PIM-Dense
routing protocol
- IP multicast snooping and data-driven
IGMP: automatically prevents flooding of IP multicast
traffic
- LLDP-MED (Media Endpoint Discovery):
a standard extension of LLDP that stores values for
parameters such as QoS and VLAN to automatically configure
network devices such as IP phones
- iSCSI support: enables the
deployment of Ethernet storage area network solutions using
the iSCSI standard
Quality of
Service (QoS)
- Layer 4 prioritization: enables
prioritization based on TCP/UDP port numbers
- Traffic prioritization (802.1p):
allows real-time traffic classification into 8
priority levels mapped to 4 queues
- Class of Service (CoS): sets
802.1p priority tag based on IP address, IP Type of Service
(ToS), L3 protocol, TCP/UDP port number, source port, and
DiffServ
- Bandwidth shaping:
- Rate
limiting: per-port ingress-based
enforced bandwidth maximums
- Guaranteed
minimums: per-port, per-queue
egress-based guaranteed bandwidth minimums
Manageability
- User-driven port configuration support:
switch port configuration responds to RADIUS stored
user attributes for QoS and rate limiting when that user
authenticates; these attributes are then determined by the
user, not the switch port
- RMON, XRMON, and sFlow: provide
advanced monitoring and reporting capabilities for
statistics, history, alarms, and events
- Link Layer Discovery Protocol (802.1ab)
: automated device discovery protocol for easy
mapping by network management applications
- Friendly port names: allow
assignment of descriptive names to ports
- ProCurve/IEEE Auto-MDIX:
automatically adjusts for straight-through or
crossover cables on all 10/100/1000 ports
- Dual flash images: provide
independent primary and secondary OS and configuration files
for backup while upgrading or fine-tuning the switch
configuration
- Multiple configuration files:
allow a config file to be stored for each flash image
- Troubleshooting: ingress/egress
port monitoring enables network problem-solving
- Custom banner: displays security
policy when users log in to the switch
» Return to top
|
|
|
|
|
|
