Manualshelf

Management and Configuration Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
71727374757677787980
Access control lists (ACL)
Quality-of-service (QoS), including device and application port priority, ICMP rate-limiting,
and QoS policies
Dynamic assignment of per-port or per-user ACLs and QoS through RADIUS authentication
designated as “IDM”, with or without the optional identity-driven management (IDM) application
Virus throttling (VT) using connection-rate filtering
Mirroring policies, including switch configuration as an endpoint for remote intelligent mirroring
Other features, including:
Management VLAN
DHCP snooping
Dynamic ARP protection
Jumbo IP-MTU
When insufficient resources are available
The switch has ample resources for configuring features and supporting:
RADIUS-authenticated clients (with or without the optional IDMapplication)
VT and blocking on individual clients.
NOTE: Virus throttling does not operate on IPv6 traffic.
If the resources supporting these features become fully subscribed:
The current feature configuration, RADIUS-authenticated client sessions, and VT instances
continue to operate normally.
The switch generates anevent log notice to say that current resources are fully subscribed.
Currently engaged resources must be released before any of the following actions are
supported:
Modifying currently configured ACLs, IDM, VT, and other software features, such as
Management VLAN, DHCP snooping, and dynamic ARP protection.
You can modify currently configured classifier-base QoS and mirroring policies if a policy
has not been applied to an interface. However, sufficient resources must be available
when you apply a configured policy to an interface.
Acceptance of new RADIUS-based client authentication requests (displayed as a new
resource entry for IDM.)
Failure to authenticate a client that presents valid credentials may indicate that insufficient
resources are available for the features configured for the client in the RADIUS server. To
troubleshoot, check the event log.
Throttling or blocking of newly detected clients with high rate-of-connection requests (as
defined by the current VT configuration.)
The switch continues to generate Event Log notifications (and SNMP trap notification, if
configured) for new instances of high-connection-rate behavior detected by the VT feature.
Policy enforcement engine
The policy enforcement engine is the hardware element in the switch that manages QoS, mirroring,
and ACL policies, as well as other software features, using the rules that you configure. Resource
72 Time Protocols