| Features and Benefits |
| Management |
| NEW Remote intelligent mirroring |
mirrors ingress/egress ACL-selected traffic from a switch port or VLAN to a local or remote 8200/6200/5400/3500 switch port anywhere on the network |
| RMON, XRMON, and sFlow |
provide advanced monitoring and reporting capabilities for statistics, history, alarms, and events |
| IEEE 802.1AB Link Layer Discovery Protocol (LLDP) |
automated device discovery protocol for easy mapping by network management applications |
| NEW Command authorization |
leverages RADIUS to link a custom list of CLI commands to individual network administrator's login; also provides an audit trail |
| Friendly port names |
allow assignment of descriptive names to ports |
| Dual flash images |
provides independent primary and secondary OS files for backup while upgrading |
| Multiple configuration files |
multiple config files can be stored to flash image |
| NEW USB support |
File copy: allows users to copy switch files to/from a USB flash drive |
| NEW Uni-Directional Link Detection (UDLD) |
monitors a link between two switches and blocks the ports on both ends of the link if the link goes down at any point between the two devices |
| Management simplicity |
ProCurve-common networking features and CLI implementation (common across ProCurve zl and yl switches) |
| Connectivity |
| Jumbo frames |
on Gigabit and 10-Gigabit ports, allow high-performance remote backup and disaster-recovery services |
| IPv6 ready |
switch hardware is capable of supporting IPv6 host, routing, and filtering with the ProVision ASIC; IPv6 operation anddeployment will be available when enabled via a software update at a later date |
| Performance |
| Architecture |
115 Gbps backplane speed with up to 36 million pps throughput on purpose-built ProVision ASIC |
| NEW Selectable queue configurations |
increase performance by selecting the number of queues and associated memory buffering that best meet the requirements of your network applications |
| Resiliency and high availability |
| Router redundancy |
VRRP allows groups of two routers to dynamically back each other up to create highly available routed environments |
| IEEE 802.1s Multiple Spanning Tree Protocol |
provides high link availability in multiple VLAN environments by allowing multiple spanning trees; encompasses IEEE 802.1D Spanning Tree Protocol and IEEE 802.1w Rapid Spanning Tree Protocol |
| IEEE 802.3ad Link Aggregation Control Protocol (LACP) and ProCurve trunking |
support up to 36 trunks, each with up to 8 links (ports) per trunk; trunking across modules is supported |
| Layer 2 switching |
| ProCurve switch meshing |
dynamically load-balances across multiple active redundant links to increase available aggregate bandwidth |
| VLAN support and tagging |
supports complete IEEE 802.1Q standard and 2,048 VLANs simultaneously |
| IEEE 802.1v protocol VLANs |
isolate select non-IPv4 protocols automatically into their own VLANs |
| GARP VLAN Registration Protocol |
allows automatic learning and dynamic assignment of VLANs |
| Layer 3 services |
| UDP helper function |
UDP broadcasts can be directed across router interfaces to specific IP unicast or subnet broadcast addresses and prevent server spoofing for UDP services such as DHCP |
| NEW Loopback interface address |
defines an address in RIP and OSPF that can always be reachable, improving diagnostic capability |
| Layer 3 routing |
| Layer 3 IP routing |
Static IP routing: provides basic routing |
|
RIP: provides RIPv1 and RIPv2 routing at media speed |
|
OSPF: includes ECMP to provide link redundancy/scalable bandwidth and NSSA |
| Security |
| Switch CPU protection |
provides automatic protection against malicious network traffic trying to shut down the switch |
| Virus throttling |
detects traffic patterns typical of WORM-type viruses and either throttles or entirely prevents the ability of the virus to spread across the routed VLANs without requiring external appliances |
| ICMP throttling |
defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle ICMP traffic |
| Multiple user authentication methods |
IEEE 802.1X: industry-standard way of user authentication using an IEEE 802.1X supplicant on the client in conjunction with a RADIUS server |
|
Web-based authentication: similar to IEEE 802.1X, provides a browser-based environment to authenticate clients that do not support the IEEE 802.1X supplicant |
|
MAC-based authentication: client is authenticated with the RADIUS server based on client's MAC address |
| Authentication flexibility |
Multiple IEEE 802.1X users per port: provides authentication of multiple IEEE 802.1X users per port; prevents user "piggybacking" on another user's IEEE 802.1X authentication |
|
Concurrent IEEE 802.1X and Web or MAC authentication schemes per port: switch port will accept any of IEEE 802.1X and either Web or MAC authentications |
| Access control lists (ACLs) |
provide filtering based on the IP field, source/destination IP address/subnet, and source/destination TCP/UDP port number on a per-VLAN or per-port basis |
| Identity-driven ACL |
enables implementation of a highly granular and flexible access security policy specific to each authenticated network user |
| NEW DHCP protection |
blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks |
| NEW BPDU port protection |
blocks Bridge Protocol Data Units (BPDU) on ports that do not require BPDUs, preventing forged BPDU attacks |
| NEW Dynamic IP lockdown |
works with DHCP protection to block traffic from unauthorized host, preventing IP source address spoofing |
| NEW Dynamic ARP protection |
blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or data theft of network data |
| NEW Detection of malicious attacks |
monitors 10 types of network traffic and sends a warning when an anomaly that potentially can be caused by malicious attacks is detected |
| Port security |
allows access only to specified MAC addresses, which can be learned or specified by the administrator |
| MAC address lockout |
prevents configured particular MAC addresses from connecting to the network |
| Source-port filtering |
allows only specified ports to communicate with each other |
| TACACS+ |
eases switch management security administration by using a password authentication server |
| Secure Shell (SSHv2) |
encrypts all transmitted data for secure, remote command-line interface (CLI) access over IP networks |
| Secure Sockets Layer (SSL) |
encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch |
| Secure FTP |
allows secure file transfer to/from the switch; protects against unwanted file downloads or unauthorized copying of switch configuration file |
| Secure management access |
all access methods--CLI, GUI, or MIB--are securely encrypted through SSHv2, SSL, and/or SNMPv3 |
| Switch management logon security |
can require either RADIUS or TACACS+ authentication for secure switch CLI logon |
| Security banner |
displays a customized security policy when users log in to the switch |
| Convergence |
| IP multicast routing |
includes PIM Sparse and Dense modes to route IP multicast traffic |
| IP multicast snooping (data-driven IGMP) |
automatically prevents flooding of IP multicast traffic |
| LLDP-MED (Media Endpoint Discovery) |
a standard extension of LLDP that stores values for parameters such as QoS and VLAN to automatically configure network devices such as IP phones |
| Quality of Service (QoS) |
| Layer 4 prioritization |
enables prioritization based on TCP/UDP port numbers |
| Traffic prioritization |
allows real-time traffic classification into 8 priority levels mapped to 8 queues |
| Bandwidth shaping |
Rate limiting: per-port ingress/egress enforced maximum bandwidth |
|
Guaranteed minimum: per-port, per-queue egress-based guaranteed minimum bandwidth |
| Class of Service (CoS) |
sets the IEEE 802.1p priority tag based on IP address, IP Type of Service (ToS), L3 protocol, TCP/UDP port number, source port, and DiffServ |
| Industry-leading warranty |
| Lifetime warranty |
for as long as you own the product, with next-business-day advance replacement (available in most countries) |
