Datasheet

ManualsBrandsHP ManualsNetworkingJG252AC

•

User Datagram Protocol (UDP) helper

function: allows UDP broadcasts to be directed

across router interfaces to specific IP unicast or

subnet broadcast addresses and prevents server

spoofing for UDP services such as DHCP

•

Route maps: provide more control during route

redistribution; allow filtering and altering of route

metrics

Layer 3 routing

•

IPv4 routing protocols: support static routes,

RIP, OSPF, ISIS, and BGP

•

IPv6 routing protocols: provide routing of IPv6

at wire speed; support static routes, RIPng, OSPFv3,

IS-ISv6, and BGP4+ for IPv6

•

Equal-Cost Multipath (ECMP): enables multiple

equal-cost links in a routing environment to increase

link redundancy and scale bandwidth

•

Policy-based routing: makes routing decisions

based on policies set by the network administrator

•

IGMPv1, v2, and v3: allow individual hosts to

be registered on a particular VLAN

•

PIM-SSM, PIM-DM, and PIM-SM (for IPv4

and IPv6): support IP Multicast address

management and inhibition of DoS attacks

•

IPv6 tunneling: allows a smooth transition from

IPv4 to IPv6 by encapsulating IPv6 traffic over an

existing IPv4 infrastructure

•

Unicast Reverse Path Forwarding (uRPF): is

defined by RFC 3704 and limits erroneous or

malicious traffic

•

Bidirectional Forwarding Detection (BFD):

enables link connectivity monitoring and reduces

network convergence time for RIP, OSPF, BGP, IS-IS,

VRRP, and IRF

Security

•

Access control lists (ACLs): provide IP Layer 2 to

Layer 4 traffic filtering; support global ACL, VLAN

ACL, port ACL, and IPv6 ACL

•

IEEE 802.1X: is an industry-standard method of

user authentication that uses an IEEE 802.1X

supplicant on the client in conjunction with a

RADIUS server

•

MAC-based authentication: authenticates the

client with the RADIUS server based on the client's

MAC address

•

Identity-driven security and access control:

– Per-user ACLs: permit or deny user access to

specific network resources based on user identity

and time of day, allowing multiple types of users

on the same network to access specific network

services without risking network security or

providing unauthorized access to sensitive data

– Automatic VLAN assignment: automatically

assigns users to the appropriate VLAN based on

their identities

•

Secure management access: securely encrypts

all access methods (CLI, GUI, or MIB) through

SSHv2, SSL, and/or SNMPv3

•

Secure FTP: allows secure file transfer to and from

the switch; protects against unwanted file

downloads or unauthorized copying of a switch

configuration file

•

Guest VLAN: similar to IEEE 802.1X, it provides a

browser-based environment to authenticated clients

•

Endpoint Admission Defense (EAD): provides

security policies to users accessing a network

•

Port security: allows access only to specified

MAC addresses, which can be learned or specified

by the administrator

•

Port isolation: secures and adds privacy, and

prevents malicious attackers from obtaining user

information

•

STP BPDU port protection: blocks Bridge

Protocol Data Units (BPDUs) on ports that do not

require BPDUs, preventing forged BPDU attacks

•

STP Root Guard: protects the root bridge from

malicious attacks or configuration mistakes

•

DHCP protection: blocks DHCP packets from

unauthorized DHCP servers, preventing

denial-of-service attacks

•

Dynamic ARP protection: blocks ARP

broadcasts from unauthorized hosts, preventing

eavesdropping or theft of network data

•

IP Source Guard: helps prevent IP spoofing

attacks

•

RADIUS/HWTACACS: eases switch management

security administration by using a password

authentication server

•

Multiple Customer Edge (MCE): facilitates

MPLS VPN network integration with up to 64 VPNs

support