To Next Page

To Previous Page

•Multipleuserauthenticationmethods:

– Multiple IEEE 802.1X users per port: provides authentication of multiple IEEE 802.1X users per port; prevents

user “piggybacking” on another user’s IEEE 802.1X authentication

– Web-based authentication: authenticates from Web browser for clients that do not support IEEE 802.1X

supplicant; customized remediation can be processed on an external Web server

– Concurrent IEEE 802.1X, Web, and MAC authentication schemes per port: switch port will accept up to 32

sessions of IEEE 802.1X, Web, and MAC authentications

•Accesscontrollists(ACLs):providefilteringbasedontheIPfield,source/destinationIPaddress/subnet,and

source/destination TCP/UDP port number on a per-VLAN or per-port basis

•Identity-drivenACL:enablesimplementationofahighlygranularandflexibleaccesssecuritypolicyspecificto

each authenticated network user

•Portsecurity:preventsunauthorizedaccessusingMACaddresslockdown

•MACaddresslockout:preventsconfiguredparticularMACaddressesfromconnectingtothenetwork

•Source-portfiltering:allowsonlyspecifiedportstocommunicatewitheachother

•Securitybanner:displayscustomizedsecuritypolicywhenuserslogintotheswitch

•ManagementInterfaceWizard:CLI-basedstep-by-stepconfigurationtooltoensurethatmanagement

interfaces such as SNMP, telnet, SSH, SSL, Web, and USB are secured to desired level

•Managementaccess:

– All access methods—CLI, GUI, or MIB—are securely encrypted through SSHv2, SSL, and/or SNMPv3

– RADIUS and TACACS+: can require either RADIUS or TACACS+ authentication for secure switch CLI logon

– Secure FTP: allows secure file transfer to/from the switch and protects against unwanted file downloads or

unauthorized copying of switch configuration file

QoS functions

Layer 4 prioritization: enables prioritization based on TCP/UDP ports

Traffic prioritization: allows real-time traffic classification into 8 priority levels mapped to 8 queues

Bandwidth shaping using:

•Ratelimiting:per-portingress-basedenforcedbandwidthmaximums

•Guaranteedminimums:per-port,per-queueegress-basedguaranteedbandwidthminimums

Class of Service (CoS): sets 802.1p priority tag based on IP address, IP Type of Service (ToS), L3 protocol, TCP/

UDP port number, source port, and DiffServ

Policy Enforcement Engine: Policy Enforcement Engine is user configured to select packets that are then

forwarded or dropped (based on ACLs, QoS, and Rate Limiting). The engine is fast and can look for multiple

variables, such as an IP address and port number, in a single pass through a packet. It provides a common

user experience regardless of which switch the user is connected to.

Advanced classifier-based QoS:

•Providesfinergranularitywithmultiplematchcriteriatoselectandprioritizenetworktraffic

•IntegratesQoSfunctions:selecttrafficforprioritizationandremotemirroring,settingpriority,QoSpolicy,and

rate limit

•QoSpolicycanbeappliedtobothIPv4andIPv6trafficforeachportorVLAN

HP ProCurve 3500-24 User Manual

Other manuals for HP ProCurve 3500-24