Data Sheet
Table Of Contents
QuickSpecs
Aruba 2530 Switch Series
Standard Features
Page 6
Security
• Access control lists (ACLs)
accommodate IPv4/IPv6 port and VLAN-based ACLs (IPv6 ACL is supported only on Gigabit Ethernet and 48-port models.)
• Source-port filtering
allows only specified ports to communicate with each other
• RADIUS/TACACS+
eases switch management security administration by using a password authentication server
• Secure Sockets Layer (SSL)
encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch
• Port security
allows access only to specified MAC addresses, which can be learned or specified by the administrator
• MAC address lockout
prevents particular configured MAC addresses from connecting to the network
• Multiple user authentication methods
– IEEE 802.1X
uses an IEEE 802.1X supplicant on the client in conjunction with a RADIUS server to authenticate in accordance
with industry standards
– Web-based authentication
provides a browser-
based environment, similar to IEEE 802.1X, to authenticate clients that do not support the
IEEE 802.1X supplicant
– Supports MAC-based authentication
using the client's MAC address
• Secure shell (SSH) v2
encrypts all transmitted data for secure remote CLI access over IP networks
• STP BPDU port protection
blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks
• STP root guard
protects the root bridge from malicious attacks or configuration mistakes
• Secure management access
delivers secure encryption of all access methods (CLI, GUI, or MIB) through SSHv2 and SNMPv3
• Custom banner
displays security policy when users log in to the switch
• Secure FTP
allows secure file transfer to and from the swi
tch; protects against unwanted file downloads or unauthorized copying of a
switch configuration file
• Protected ports CLI
offers intuitive CLI to configure the source-
port filter feature, by allowing specified ports to be isolated from all other ports
on the switch; the protected port or ports can communicate only with the uplink or shared resources
• Authentication flexibility
– Multiple IEEE 802.1X users per port
provides authentication for up to eight IEEE 802.1X users per port; prevents a user from "piggy
backing" on another
user's IEEE 802.1X authentication
– Concurrent IEEE 802.1X, Web or MAC authentication schemes per port
allows a switch port to accept IEEE 802.1X and either Web or MAC authentications
• Switch management logon security
helps secure switch CLI logon by optionally requiring either RADIUS or TACACS+ authentication
• DHCP protection
blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
• Dynamic ARP protection:
blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data
• Dynamic IP lockdown
works with DHCP protection to block traffic from unauthorized hosts, preventing IP source address spoofing