- Hewlett-Packard ProCurve Switch Specification Sheet

ManualsBrandsHP ManualsSwitch3500yl Series

1

2

3

4

5

6

7

8

9

4

ProCurve Switch 5400zl/3500yl Series

Features and benefits

(continued)

• Virus throttling: detects traffic patterns typical

of WORM-type viruses and either throttles or

entirely prevents the ability of the virus to

spread across the routed VLANs or bridged

interfaces, without requiring external

appliances

• ICMP throttling: defeats ICMP denial-of-

service attacks by enabling any switch port to

automatically throttle ICMP traffic

• Multiple user authentication methods:

– IEEE 802.1X: industry-standard way of user

authentication using an IEEE 802.1X

supplicant on the client in conjunction with a

RADIUS server

– Web-based authentication: authenticates

from Web browser for clients that do not

support 802.1X supplicant; customized

remediation can be processed on an external

Web server

– MAC-based authentication: client is

authenticated with the RADIUS server based

on client’s MAC address

• Authentication flexibility:

– Multiple IEEE 802.1X users per port:

provides authentication of multiple IEEE

802.1X users per port; prevents user

“piggybacking” on another user’s IEEE 802.1X

authentication

– Concurrent IEEE 802.1X and Web or MAC

authentication schemes per port: switch

port will accept any of IEEE 802.1X and either

Web or MAC authentications

• Access control lists (ACLs): provide filtering

based on the IP field, source/destination IP

address/subnet, and source/destination

TCP/UDP port number on a per-VLAN or per-

port basis

• Identity-driven ACL: enables implementation

of a highly granular and flexible access security

policy specific to each authenticated network

user

• DHCP protection: blocks DHCP packets from

unauthorized DHCP servers, preventing denial-

of-service attacks

• BPDU port protection: blocks Bridge Protocol

Data Units (BPDU) on ports that do not require

BPDUs, preventing forged BPDU attacks

• Dynamic IP lockdown: works with DHCP

protection to block traffic from unauthorized

host, preventing IP source address spoofing

• Dynamic ARP protection: blocks ARP

broadcasts from unauthorized hosts,

preventing eavesdropping or theft of network

data

STP Root Guard: protects root bridge from

malicious attack or configuration mistakes

• Detection of malicious attacks: monitors 10

types of network traffic and sends a warning

when an anomaly that potentially can be

caused by malicious attacks is detected

• Port security: allows access only to specified

MAC addresses, which can be learned or

specified by the administrator

• MAC address lockout: prevents configured

particular MAC addresses from connecting to

the network

• Source-port filtering: allows only specified

ports to communicate with each other

• TACACS+: eases switch management security

administration by using a password

authentication server

• Secure Shell (SSHv2): encrypts all transmitted

data for secure, remote command-line

interface (CLI) access over IP networks

• Secure Sockets Layer (SSL): encrypts all HTTP

traffic, allowing secure access to the browser-

based management GUI in the switch

NEW