5400R zl2 Switch Series

ManualsBrandsARUBA ManualsHardwareHPE 5412R 92GT PoE+ / 4SFP+ (No PSU) v3 zl2 switch - 92 ports - Managed - rack-mountable

Table Of Contents

QuickSpecs

Aruba 5400R zl2 Switch Series

Overview

Page

• Border Gateway Protocol (BGP)

provides IPv4 Border Gateway Protocol routing, which is scalable, robust, and flexible

Security

• Control Plane Policing set rate limit on control protocols to protect CPU overload from DOS attacks

• Access control lists (ACLs)

provide filtering based on the IP field, source/destination IP address/subnet, and source/destination TCP/UDP port

number on a per-VLAN or per-port basis

• Multiple user authentication methods

– IEEE 802.1X users per port

provides authentication of multiple IEEE 802.1X users per port

– Web-based authentication

authenticates from a Web browser for clients that do not support IEEE 802.1X supplicant

– MAC-based authentication

client is authenticated with the RADIUS server based on the client's MAC address

– Concurrent IEEE 802.1X, Web, and MAC authentication schemes per port

switch port accepts up to 32 sessions of IEEE 802.1X, Web, and MAC authentications

• Private VLAN

provides network security by restricting peer-to-peer communication to prevent a variety of malicious attacks; typically a

switch port can only communicate with other ports in the same community and/or an uplink port, regardless of VLAN ID

or destination MAC address

• DHCP protection

blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks

• Secure management access

delivers secure encryption of all access methods (CLI, GUI, or MIB) through SSHv2, SSL, and/or SNMPv3

• Switch CPU protection

provides automatic protection against malicious network traffic trying to shut down the switch

• ICMP throttling

defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle ICMP traffic

• Identity-driven ACL

enables implementation of a highly granular and flexible access security policy and VLAN

• assignment specific to each authenticated network user

• STP BPDU port protection

blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks

• Dynamic IP lockdown

works with DHCP protection to block traffic from unauthorized hosts, preventing IP source address spoofing

• Dynamic ARP protection

blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data

• STP Root Guard

protects the root bridge from malicious attacks or configuration mistakes

• Detection of malicious attacks

monitors 10 types of network traffic and sends a warning when an anomaly that potentially can be caused by malicious

attacks is detected

• Port security

allows access only to specified MAC addresses, which can be learned or specified by the administrator

• MAC address lockout

prevents particular configured MAC addresses from connecting to the network

• Source-port filtering

allows only specified ports to communicate with each other

• RADIUS/TACACS+

eases switch management security administration by using a password authentication server

• Secure Shell

encrypts all transmitted data for secure remote CLI access over IP networks