Reduced bandwidth
: provides per-port, per-queue egress-based reduced bandwidth
Weighted random early detection (WRED)/random early detection (RED)
: delivers congestion avoidance capabilities through
the use of queue management algorithms
Powerful QoS feature
: supports the following congestion actions: strict priority (SP) queuing, weighted round robin (WRR),
weighted fair queuing (WFQ), and WRED
Traffic policing
: supports Committed Access Rate (CAR) and line rate
Intrusion detection/prevention system
(IDS/IPS)
Deep packet inspection
: module supports deep packet inspection and examines the packet payload as well as the frame and
packet headers; packets are dropped if attacks or intrusions are detected using signature-based or protocol anomaly-based
detection
Signature-based detection
: detects attacks that have known attack patterns; IPS maintains a signature database that contains
the pattern definitions for known attacks that can be automatically updated using a subscription service
Protocol anomaly-based detection
: detects attacks that use anomalies in application protocol payloads
Severity-based action policies
: involve action taken against attacks based on their severity; available actions are "allow,"
"block," and "terminate connection" to provide appropriate mitigation
Signature update service
: provides regular updates to the signature database, helping to ensure that the latest available
signatures are installed
Virtual private network
(VPN)
IPSec
: provides secure tunneling over an untrusted network such as the Internet or a wireless network; offers data
confidentiality, authenticity, and integrity between two network endpoints
Generic Routing Encapsulation
(GRE): transports Layer 2 connectivity over a Layer 3 path in a secured way; enables the
segregation of traffic from site to site
Manual or automatic Internet Key Exchange
(IKE): provides both manual or automatic key exchange required for the
algorithms used in encryption or authentication; auto-IKE allows automated management of the public key exchange, providing
the highest levels of encryption
Management
Management interface control
: provides management access through a modem port and terminal interface, as well as in-band
and out-of-band Ethernet ports; provides access through terminal interface, telnet, or secure shell (SSH)
Industry-standard CLI with a hierarchical structure
: reduces training time and expenses, and increases productivity in
multivendor installations
Management security
: restricts access to critical configuration commands; offers multiple privilege levels with password
protection; ACLs provide telnet and SNMP access; local and remote syslog capabilities allow logging of all access
SNMPv1, v2, and v3
: provide complete support of SNMP; provide full support of industry-standard Management Information
Base (MIB) plus private extensions; SNMPv3 supports increased security using encryption
Web management
: embedded HTML management tool with secure access (SSHv2)
sFlow
(RFC 3176): provides scalable ASIC-based wirespeed network monitoring and accounting with no impact on network
performance; this allows network operators to gather a variety of sophisticated network statistics and information for capacity
planning and real-time network monitoring purposes
Remote monitoring
(RMON): uses standard SNMP to monitor essential network functions; supports events, alarm, history, and
statistics group plus a private alarm extension group
FTP, TFTP, and SFTP support
: offers different mechanisms for configuration updates; FTP allows bidirectional transfers over a
TCP/IP network; trivial FTP (TFTP) is a simpler method using User Datagram Protocol (UDP); Secure File Transfer Protocol (SFTP)
runs over an SSH tunnel to provide additional security
Debug and sampler utility
: supports ping and traceroute for both IPv4 and IPv6
QuickSpecs
HP 7500 Switch Series
Overview
DA - 13805 Worldwide — Version 29 — December 9, 2013
Page 2
To Next Page
Loading...
Need help?
General