Data Sheet

ManualsBrandsHewlett Packard Enterprise ManualsElectronicsHPE Aruba 2530 24G Switch

Table Of Contents

QuickSpecs

Aruba 2530 Switch Series

Standard Features

Page 6

Security

• Access control lists (ACLs)

accommodate IPv4/IPv6 port and VLAN-based ACLs (IPv6 ACL is supported only on Gigabit Ethernet and 48-port models.)

• Source-port filtering

allows only specified ports to communicate with each other

• RADIUS/TACACS+

eases switch management security administration by using a password authentication server

• Secure Sockets Layer (SSL)

encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch

• Port security

allows access only to specified MAC addresses, which can be learned or specified by the administrator

• MAC address lockout

prevents particular configured MAC addresses from connecting to the network

• Multiple user authentication methods

– IEEE 802.1X

uses an IEEE 802.1X supplicant on the client in conjunction with a RADIUS server to authenticate in accordance

with industry standards

– Web-based authentication

provides a browser-

based environment, similar to IEEE 802.1X, to authenticate clients that do not support the

IEEE 802.1X supplicant

– Supports MAC-based authentication

using the client's MAC address

• Secure shell (SSH) v2

encrypts all transmitted data for secure remote CLI access over IP networks

• STP BPDU port protection

blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks

• STP root guard

protects the root bridge from malicious attacks or configuration mistakes

• Secure management access

delivers secure encryption of all access methods (CLI, GUI, or MIB) through SSHv2 and SNMPv3

• Custom banner

displays security policy when users log in to the switch

• Secure FTP

allows secure file transfer to and from the swi

tch; protects against unwanted file downloads or unauthorized copying of a

switch configuration file

• Protected ports CLI

offers intuitive CLI to configure the source-

port filter feature, by allowing specified ports to be isolated from all other ports

on the switch; the protected port or ports can communicate only with the uplink or shared resources

• Authentication flexibility

– Multiple IEEE 802.1X users per port

provides authentication for up to eight IEEE 802.1X users per port; prevents a user from "piggy

backing" on another

user's IEEE 802.1X authentication

– Concurrent IEEE 802.1X, Web or MAC authentication schemes per port

allows a switch port to accept IEEE 802.1X and either Web or MAC authentications

• Switch management logon security

helps secure switch CLI logon by optionally requiring either RADIUS or TACACS+ authentication

• DHCP protection

blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks

• Dynamic ARP protection:

blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data

• Dynamic IP lockdown

works with DHCP protection to block traffic from unauthorized hosts, preventing IP source address spoofing