Product Data Sheet / Brochure
Address Resolution Protocol
Address Resolution ProtocolAddress Resolution Protocol
Address Resolution Protocol
(ARP): determines the MAC address of another IP host in the same subnet
Dynamic Host Configuration Protocol
Dynamic Host Configuration ProtocolDynamic Host Configuration Protocol
Dynamic Host Configuration Protocol
(DHCP): simplifies the management of large IP networks and supports client and
server; DHCP Relay enables DHCP operation across subnets
Loopback interface address
Loopback interface addressLoopback interface address
Loopback interface address
: defines an address in Routing Information Protocol (RIP) and OSPF that can always be
reachable, improving diagnostic capability
User Datagram Protocol
User Datagram ProtocolUser Datagram Protocol
User Datagram Protocol
(UDP)
helper function
helper functionhelper function
helper function
: allows UDP broadcasts to be directed across router interfaces to specific IP
unicast or subnet broadcast addresses and prevents server spoofing for UDP services such as DHCP
Route maps
Route mapsRoute maps
Route maps
: provide more control during route redistribution; allow filtering and altering of route metrics
Layer 3 routing
Layer 3 routingLayer 3 routing
Layer 3 routing
IPv4 routing protocols
IPv4 routing protocolsIPv4 routing protocols
IPv4 routing protocols
: supports static routes, RIP, OSPF, IS-IS, and BGP
IPv6 routing protocols
IPv6 routing protocolsIPv6 routing protocols
IPv6 routing protocols
: provides routing of IPv6 at wire speed; supports static routes, RIPng, OSPFv3, IS-ISv6, and BGP4+ for
IPv6
Equal-Cost Multipath
Equal-Cost MultipathEqual-Cost Multipath
Equal-Cost Multipath
(ECMP): enables multiple equal-cost links in a routing environment to increase link redundancy and
scale bandwidth
Policy-based routing
Policy-based routingPolicy-based routing
Policy-based routing
: makes routing decisions based on policies set by the network administrator
IPv6 tunnels over IPv4
IPv6 tunnels over IPv4IPv6 tunnels over IPv4
IPv6 tunnels over IPv4
: allows IPv6 infrastructure to be connected over legacy IPv4 networks
Bidirectional Forwarding Detection
Bidirectional Forwarding DetectionBidirectional Forwarding Detection
Bidirectional Forwarding Detection
(BFD): enables link connectivity monitoring and reduces network convergence time for
RIP, OSPF, BGP, static routing, and VRRP
Security
SecuritySecurity
Security
Access control lists
Access control listsAccess control lists
Access control lists
(ACLs): provides IP Layer 2 to Layer 4 traffic filtering; supports global ACL, VLAN ACL, port ACL, and IPv6
ACL
IEEE 802.1X
IEEE 802.1XIEEE 802.1X
IEEE 802.1X
: industry-standard method of user authentication using an IEEE 802.1X supplicant on the client in conjunction
with a RADIUS server
MAC-based authentication
MAC-based authenticationMAC-based authentication
MAC-based authentication
: client is authenticated with the RADIUS server based on the client's MAC address
Identity-driven security and access control
Identity-driven security and access controlIdentity-driven security and access control
Identity-driven security and access control
:
Per-user ACLs: permits or denies user access to specific network resources based on user identity and time of day,
allowing multiple types of users on the same network to access specific network services without risk to network security
or unauthorized access to sensitive data
Automatic VLAN assignment: automatically assigns users to the appropriate VLAN based on their identities
Secure management access
Secure management accessSecure management access
Secure management access
: securely encrypts all access methods (CLI, GUI, or MIB) through SSHv2, SSL, and/or SNMPv3
Secure File Transfer Protocol
Secure File Transfer ProtocolSecure File Transfer Protocol
Secure File Transfer Protocol
(FTP): allows secure file transfer to and from the switch; protects against unwanted file
downloads or unauthorized copying of switch configuration file
Guest VLAN
Guest VLANGuest VLAN
Guest VLAN
: similar to IEEE 802.1X, it provides a browser-based environment to authenticated clients
Endpoint Admission Defense
Endpoint Admission DefenseEndpoint Admission Defense
Endpoint Admission Defense
(EAD): provides security policies to users accessing a network
Port security
Port securityPort security
Port security
: allows access only to specified MAC addresses, which can be learned or specified by the administrator
Port isolation
Port isolationPort isolation
Port isolation
: secures and adds privacy, and prevents malicious attackers from obtaining user information
STP BPDU port protection
STP BPDU port protectionSTP BPDU port protection
STP BPDU port protection
: blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged
BPDU attacks
STP Root Guard
STP Root GuardSTP Root Guard
STP Root Guard
: protects root bridge from malicious attack or configuration mistakes
DHCP protection
DHCP protectionDHCP protection
DHCP protection
: blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
Dynamic ARP protection
Dynamic ARP protectionDynamic ARP protection
Dynamic ARP protection
: blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data
IP Source Guard
IP Source GuardIP Source Guard
IP Source Guard
: filters packets on a per-port basis, which prevents illegal packets from being forwarded
RADIUS/HWTACACS
RADIUS/HWTACACSRADIUS/HWTACACS
RADIUS/HWTACACS
: eases switch management security administration by using a password authentication server
Convergence
ConvergenceConvergence
Convergence
IEEE 802.1AB Link Layer Discovery Protocol
IEEE 802.1AB Link Layer Discovery ProtocolIEEE 802.1AB Link Layer Discovery Protocol
IEEE 802.1AB Link Layer Discovery Protocol
(LLDP): is an automated device discovery protocol for easy mapping by network
management applications
QuickSpecs
HP 3610 Switch Series
HP 3610 Switch SeriesHP 3610 Switch Series
HP 3610 Switch Series
Overview
DA - 13793 Worldwide — Version 4 — November 7, 2011
Page 3