Specification Sheet
DATA SHEET
ARUBA 3810 SWITCH SERIES
• Border Gateway Protocol (BGP) provides IPv4 Border Gateway
Protocol routing, which is scalable, robust, and exible
• Routing Information Protocol (RIP) provides RIPv1, RIPv2,
and RIPng
Security
• Source-port ltering allows only specied ports to
communicate with each other
• RADIUS/TACACS+ eases switch management security
administration by using a password authentication server
• Secure shell encrypts all transmitted data for secure
remote CLI access over IP networks
• Secure Sockets Layer (SSL) encrypts all HTTP trac,
allowing secure access to the browser-based management
GUI in the switch
• Port security allows access only to specied MAC addresses,
which can be learned or specied by the administrator
• MAC address lockout prevents particular congured MAC
addresses from connecting to the network
• Detection of malicious attacks monitors 10 types of
network trac and sends a warning when an anomaly that
potentially can be caused by malicious attacks is detected
• Secure FTP allows secure le transfer to and from the
switch; protects against unwanted le downloads or
unauthorized copying of a switch conguration le
• Switch management logon security helps secure switch CLI
logon by optionally requiring either RADIUS or TACACS+
authentication
• Secure management access delivers secure encryption of
all access methods (CLI, GUI, or MIB) through SSHv2, SSL,
and/or SNMPv3
• ICMP throttling defeats ICMP denial-of-service attacks
by enabling any switch port to automatically throttle
ICMP trac automatically
• Identity-driven ACL enables implementation of a highly
granular and exible access security policy and VLAN
assignment specic to each authenticated network user
• STP BPDU port protection blocks Bridge Protocol Data
Units (BPDUs) on ports that do not require BPDUs,
preventing forged BPDU attacks
• Dynamic IP lockdown works with DHCP protection to block
trac from unauthorized hosts, preventing IP source
address spoong
• DHCP protection blocks DHCP packets from unauthorized
DHCP servers, preventing denial-of-service attacks
• Dynamic ARP protection blocks ARP broadcasts from
unauthorized hosts, preventing eavesdropping or theft of
network data
• STP root guard protects the root bridge from malicious
attacks or conguration mistakes
• Management Interface Wizard helps secure management
interfaces such as SNMP, telnet, SSH, SSL, Web, and USB at
the desired level
• Security banner displays a customized security policy when
users log in to the switch
• Switch CPU protection provides automatic protection
against malicious network trac trying to shut down
the switch
• ACLs provide ltering based on the IP eld, source/
destination IP address/subnet and source/destination
TCP/UDP port number on a per-VLAN or per-port basis
• Multiple authentication methods
- IEEE 802.1X authenticates multiple IEEE 802.1X users per
port; prevents a user from “piggybacking” on another
user’s authentication
- Web-based authentication authenticates from Web
browser for clients that do not support 802.1X supplicant
- MAC-based authentication authenticates client with the
RADIUS server based on client’s MAC address
- Concurrent authentication modes enables a switch port
to accept up to 32 sessions of 802.1X, Web, and MAC
authentication
• Private VLAN provides network security by restricting peer-
to-peer communication to prevent a variety of malicious
attacks; typically a switch port can only communicate with
other ports in the same community and/or an uplink port,
regardless of VLAN ID or destination MAC address
Convergence
• IP multicast snooping (data-driven IGMP) prevents ooding
of IP multicast trac
• LLDP-MED (Media Endpoint Discovery) denes a standard
extension of LLDP that stores values for parameters such
as QoS and VLAN to congure network devices such as IP
phones automatically
• PoE allocations supports multiple methods (automatic,
IEEE 802.3af class, LLDP-MED, or user-specied) to allocate
PoE power for more ecient energy savings
• IP multicast routing includes PIM sparse and dense modes
to route IP multicast trac