| Features and Benefits |
| Management |
| Remote intelligent mirroring |
mirrors ingress/egress ACL-selected traffic from a switch port or VLAN to a local or remote8200zl/6200yl/5400zl/3500yl switch port anywhere on the network |
| RMON, XRMON, and sFlow v5 |
provide advanced monitoring and reporting capabilities for statistics, history, alarms, and events |
| IEEE 802.1AB Link Layer Discovery Protocol (LLDP) |
automated device discovery protocol for easy mapping by network management applications |
| Command authorization |
leverages RADIUS to link a custom list of CLI commands to individual network administrator's login; also provides an audit trail |
| Friendly port names |
allow assignment of descriptive names to ports |
| Dual flash images |
provides independent primary and secondary OS files for backup while upgrading or fine-tuning the switch configuration |
| Multiple configuration files |
multiple config files can be stored to flash image |
| USB support |
File copy: allows users to copy switch files to/from a USB flash drive |
| Uni-Directional Link Detection (UDLD) |
monitors a link between two switches and blocks the ports on both ends of the link if the link goes down at any point between the two devices |
| Unified Core-to-Edge features |
ProCurve portfolio-common feature implementation for faster solution deployment |
| ProCurve Core-to-Edge Device/Network Management tools |
ProCurve portfolio-common device-level tools (CLI, Web GUI, Menu) plus seamless integration into ProCurve Manager Plus (PCM+)/Identity Driven Manager (IDM) network management deployments |
| Connectivity |
| IEEE 802.3af Power over Ethernet |
provides up to 15.4 W per port to IEEE 802.3af compliant PoE powered devices such as IP phones, wireless access points, and security cameras |
| Pre-standard PoE support |
detects and provides power to pre-standard PoE devices; see list of supported devices in the product FAQ at www.procurve.com |
| Jumbo frames |
on Gigabit and 10-Gigabit ports, allow high-performance remote backup and disaster-recovery services |
| ProCurve/IEEE Auto-MDIX |
automatically adjusts for straight-through or crossover cables on all 10/100/1000 ports |
| High-density port connectivity |
12 interface module slots, up to 288 wire-speed 10/100/1000 PoE-enabled ports/48 10-GbE ports per system |
| ProCurve Core-to-Edge accessories |
ProCurve Intelligent Edge family-common interface and service modules, Gigabit optics/10-GbE transceivers, and power supplies enable sparing simplicity |
| IPv6 |
IPv6 Host: the switches can be managed and deployed at the edge of IPv6 networks |
| USB support |
Dual Stack (IPv4/IPv6): provides transition machanism from IPv4 to IPv6; supports connectivity for both protocols |
|
MLD Snooping: forwards IPv6 multicast traffic to the appropriate interface; prevents IPv6 multicast traffic from flooding the network |
|
IPv6 ready: the switch hardware can support IPv6 QoS, ACL, routing, tunneling, and security; these features will be available when enabled via software update in follow-on releases |
| Performance |
| High-speed/capacity architecture |
692 Gbps crossbar switching fabric provides intra- and inter-module switching with 428 million pps throughput on the purpose-built ProVision ASICs |
| Selectable queue configurations |
increase performance by selecting the number of queues and associated memory buffering that best meet the requirements of your network applications |
| Scalable system design |
chassis architecture/backplane provides built-in performance capacity/headroom to support next-generation high-density/high-speed connectivity |
| Resiliency and high availability |
| Proven ASIC and system architecture |
the ProCurve ProVision ASIC and platform architecture, leveraged from ProCurve'ssuccessful 5400zl/3500yl/6200yl families of switches, minimizes technology risk and ensures reliable support and flexibility |
| ProCurve zl family componentry |
employs market-proven Intelligent Edge Switch interface modules, optics, and power supplies to minimize technology risk and enhance system reliability |
| Virtual Router Redundancy Protocol |
VRRP allows groups of two routers to dynamically back each other up to create highly available routed environments |
| IEEE 802.1s Multiple Spanning Tree Protocol |
provides high link availability in multiple VLAN environments by allowing multiple spanning trees; encompasses IEEE 802.1D Spanning Tree Protocol and IEEE 802.1w Rapid Spanning Tree Protocol |
| IEEE 802.3ad Link Aggregation Control Protocol (LACP) and ProCurve trunking |
support up to 36 trunks, each with up to 8 links (ports) per trunk; trunking across modules is supported |
| Hot-swappable modules |
interface, management, and fabric modules as well as mini-GBIC optics and power supplies can be removed, swapped, or added to the system without interrupting ongoing switch operations |
| Redundant, scalable power design |
add/deploy redundant power supplies to expand power capacity and provide redundancy to ensure network productivity |
| Redundant switch fabric |
dual, performance load-sharing fabric modules provide enhanced system availability and seamless system resiliency |
| Redundant switch management |
dual management modules provide active/standby operation to enhance system availability |
| Redundant, hot-swappable cooling |
redundant fan design and hot-swappable fan tray ensure continuity of operation in case of a single fan failure |
| Passive system design |
passive chassis backplane (no traffic-forwarding active componentry) ensures system reliability and reduces impact of component failure |
| Layer 2 switching |
| ProCurve switch meshing |
dynamically load-balances across multiple active redundant links to increase available aggregate bandwidth |
| VLAN support and tagging |
supports the IEEE 802.1Q standard and 2,048 VLANs simultaneously |
| IEEE 802.1v protocol VLANs |
isolate select non-IPv4 protocols automatically into their own VLANs |
| GARP VLAN Registration Protocol |
allows automatic learning and dynamic assignment of VLANs |
| Layer 3 services |
| UDP helper function |
UDP broadcasts can be directed across router interfaces to specific IP unicast or subnet broadcast addresses and prevent server spoofing for UDP services such as DHCP |
| Loopback interface address |
defines an address in RIP and OSPF that can always be reachable, improving diagnostic capability |
| Layer 3 routing |
| Layer 3 IP routing |
Static IP routing: provides basic routing |
|
RIP: provides RIPv1 and RIPv2 routing at media speed |
|
OSPF: includes ECMP to provide link redundancy/scalable bandwidth and NSSA |
| Security |
| Switch CPU protection |
provides automatic protection against malicious network traffic trying to shut down the switch |
| Virus throttle |
detects traffic patterns typical of WORM-type viruses and either throttles or entirely prevents the ability of the virus to spread across the routed VLANs or bridged interfaces, without requiring external appliances |
| ICMP throttling |
defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle ICMP traffic |
| Multiple user authentication methods |
IEEE 802.1X: industry-standard way of user authentication using an IEEE 802.1X supplicant on the client in conjunction with a RADIUS server |
|
Web-based authentication: authenticates from web browser for clients that do not support 802.1X supplicant; customized remediation can be processed on an external web server |
|
MAC-based authentication: client is authenticated with the RADIUS server based on client's MAC address |
| Authentication flexibility |
Multiple IEEE 802.1X users per port: provides authentication of multiple IEEE 802.1X users per port; prevents user "piggybacking" on another user's IEEE 802.1X authentication |
|
Concurrent IEEE 802.1X and Web or MAC authentication schemes per port: switch port will accept any of IEEE 802.1X and either Web or MAC authentications |
| Access control lists (ACLs) |
provide filtering based on the IP field, source/destination IP address/subnet, and source/destination TCP/UDP port number on a per-VLAN or per-port basis |
| Identity-driven ACL |
enables implementation of a highly granular and flexible access security policy specific to each authenticated network user |
| DHCP protection |
blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks |
| BPDU port protection |
blocks Bridge Protocol Data Units (BPDU) on ports that do not require BPDUs, preventing forged BPDU attacks |
| Dynamic IP lockdown |
works with DHCP protection to block traffic from unauthorized host, preventing IP source address spoofing |
| Dynamic ARP protection |
blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or data theft of network data |
| Detection of malicious attacks |
monitors 10 types of network traffic and sends a warning when an anomaly that potentially can be caused by malicious attacks is detected |
| Port security |
allows access only to specified MAC addresses, which can be learned or specified by the administrator |
| MAC address lockout |
prevents configured particular MAC addresses from connecting to the network |
| TACACS+ |
eases switch management security administration by using a password authentication server |
| Secure Shell (SSHv2) |
encrypts all transmitted data for secure, remote command-line interface (CLI) access over IP networks |
| Secure Sockets Layer (SSL) |
encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch |
| Secure FTP |
allows secure file transfer to/from the switch; protects against unwanted file downloads or unauthorized copying of switch configuration file |
| Secure management access |
all access methods--CLI, GUI, or MIB--are securely encrypted through SSHv2, SSL, and/or SNMPv3 |
| Switch management logon security |
can require either RADIUS or TACACS+ authentication for secure switch CLI logon |
| Security banner |
displays a customized security policy when users log in to the switch |
| Convergence |
| IP multicast routing |
enables prioritization based on TCP/UDP port numbers |
| Traffic prioritization |
allows real-time traffic classification into 8 priority levels mapped to 8 queues |
| Bandwidth shaping |
Rate limiting: per-port ingress/egress enforced maximum bandwidth |
|
Guaranteed minimum: per-port, per-queue egress-based guaranteed minimum bandwidth |
| Class of Service (CoS) |
sets the IEEE 802.1p priority tag based on IP address, IP Type of Service (ToS), L3 protocol, TCP/UDP port number, source port, and DiffServ |
| Flexibility |
| ProCurve Wireless Edge Services zl Module |
offers secure, advanced wireless services with simplified management and unified wired and wireless operation across the network |
| Complete feature set |
Gigabit PoE for edge VoIP solutions, scalable 10-GbE for enterprise-class distribution-layer implementations, advanced wireless management for comprehensive mobility solutions, and critical high-availability features for mid-market core network deployments |
| Programmable ASIC design |
allows seamless addition of new QoS and security features over time without costly hardware upgrades |
| Industry-leading warranty |
| Lifetime warranty |
for as long as you own the product, with next-business-day advance replacement (available in most countries) |
