Specifications
29
Feature Benefits
Performance
ProVision ASIC technology Powered by the ProVision ASICs, the switch families offer state-of-the-art, high capacity, switch fabric
performance.
Selectable queue
configurations
Increase performance by selecting the number of hardware-forwarding queues and associated memory buffer
that best meet the requirements of network applications.
Security enabled
Source port filtering Allows customers to control port access at the physical level—increasing security in a Layer 2 environment.
IP and MAC lockdown/
lockout
Provides protection against known unauthorized hosts accessing the network.
Virus throttle Connection rate-filtering thwarts viruses from spreading by blocking routing from certain hosts exhibiting
abnormal traffic behavior.
ICMP rate limiting Throttles denial-of-service (DoS) attacks or other malicious behavior that uses high-volume ICMP traffic.
Switch CPU protection Provides automatic protection against malicious network traffic trying to shut down the switch.
Detection of malicious
attacks
Monitors 10 types of network traffic and sends warnings when anomalies potentially caused by malicious attacks
are detected.
DHCP protection Blocks DHCP response packets from being forwarded if received from an unauthorized port.
BPDU port protection Blocks Bridge Protocol Data Unit (BPDU) on ports that should not be receiving BPDUs, preventing forged BPDU
attack.
Dynamic ARP protection Blocks ARP broadcast from unauthorized hosts, preventing eavesdropping or data theft of network data.
Dynamic IP lockdown Works with DHCP protection to block traffic from unauthorized host, preventing IP source address spoofing.
Filtering capabilities Include fast, flexible access control lists (up to 3,000) filtering on such parameters as source port, multicast MAC
address, and other protocols.
ProCurve Identity Driven
Manager (IDM)
ProCurve IDM to dynamically apply security, access, and performance settings to infrastructure devices based on
approved user, location, and time.
Port security Port security, MAC lockdown, and MAC lockout protection for restricting access to the network through a switch
port.
Multiple user authentication
methods
Client-based access control using IEEE 802.1X, Web-based, MAC-based authentication, RADIUS, and TACACS+.
At initial release, the combinations of authentication methods allowed simultaneously on a port are IEEE 802.1X/
Web and 802.1X/MAC.
Secure management access SSH, SSL, TACACS+, and Secure FTP encryption of switch management and configuration traffic—secures the
network infrastructure from unauthorized access.
Redundancy and high availability
Redundancy protocols Protocols providing high availability include IEEE 802.1Q Multiple Spanning Tree Protocol, Switch Meshing, and
Virtual Router Redundancy Protocol (Premium License).
Operational Intelligence
Policy Enforcement Engine Policy Enforcement Engine is user-configured to select packets that are then forwarded or dropped (based on
ACLs, QoS, and rate limiting). The engine is fast and can look for multiple variables, such as an IP address and
port number, in a single pass through a packet. Provides a common user experience regardless of which switch
the user is connected.
Operational flexibility
L3 services at L2 Enforce ACLs, QoS, and other features using Layer 2/3/4 source, destination, and port addresses without
needing an expensive software license.
Premium License Flexible approach to licensing. The 6600 switches can run the base feature group initially and then be upgraded
later to run the Premium License feature group, if advanced Layer 3 features are needed. The Layer 3 features
include VRRP, PIM-SM, PIM-DM, and OSPF-ECMP. A Premium License can be transferred to another switch, as
long as the license remains in the same hardware family.
QoS enforcement
Bandwidth shaping/control Guaranteed minimums can be applied to traffic that must always get through the switch. Enforced maximums can
be used to limit problem clients’ bandwidth to no more than a set amount.
Multiple QoS parameters QoS based on TCP/UDP ports and other variables allows precise control of packet priority—providing timely
delivery of mission-critical data. Eight priority levels mapped to eight hardware queues can be used to set
outgoing IP priority.