5400R zl2 Switch Series
Table Of Contents
QuickSpecs
Aruba 5400R zl2 Switch Series
Overview
Page
6
• Border Gateway Protocol (BGP)
provides IPv4 Border Gateway Protocol routing, which is scalable, robust, and flexible
Security
• Control Plane Policing set rate limit on control protocols to protect CPU overload from DOS attacks
• Access control lists (ACLs)
provide filtering based on the IP field, source/destination IP address/subnet, and source/destination TCP/UDP port
number on a per-VLAN or per-port basis
• Multiple user authentication methods
– IEEE 802.1X users per port
provides authentication of multiple IEEE 802.1X users per port
– Web-based authentication
authenticates from a Web browser for clients that do not support IEEE 802.1X supplicant
– MAC-based authentication
client is authenticated with the RADIUS server based on the client's MAC address
– Concurrent IEEE 802.1X, Web, and MAC authentication schemes per port
switch port accepts up to 32 sessions of IEEE 802.1X, Web, and MAC authentications
• Private VLAN
provides network security by restricting peer-to-peer communication to prevent a variety of malicious attacks; typically a
switch port can only communicate with other ports in the same community and/or an uplink port, regardless of VLAN ID
or destination MAC address
• DHCP protection
blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
• Secure management access
delivers secure encryption of all access methods (CLI, GUI, or MIB) through SSHv2, SSL, and/or SNMPv3
• Switch CPU protection
provides automatic protection against malicious network traffic trying to shut down the switch
• ICMP throttling
defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle ICMP traffic
• Identity-driven ACL
enables implementation of a highly granular and flexible access security policy and VLAN
• assignment specific to each authenticated network user
• STP BPDU port protection
blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks
• Dynamic IP lockdown
works with DHCP protection to block traffic from unauthorized hosts, preventing IP source address spoofing
• Dynamic ARP protection
blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data
• STP Root Guard
protects the root bridge from malicious attacks or configuration mistakes
• Detection of malicious attacks
monitors 10 types of network traffic and sends a warning when an anomaly that potentially can be caused by malicious
attacks is detected
• Port security
allows access only to specified MAC addresses, which can be learned or specified by the administrator
• MAC address lockout
prevents particular configured MAC addresses from connecting to the network
• Source-port filtering
allows only specified ports to communicate with each other
• RADIUS/TACACS+
eases switch management security administration by using a password authentication server
• Secure Shell
encrypts all transmitted data for secure remote CLI access over IP networks