ProCurve Switch 5400zl/3500yl Series
Features and benefits
(continued)
• Virus throttling: detects traffic patterns typical
of WORM-type viruses and either throttles or
entirely prevents the ability of the virus to
spread across the routed VLANs or bridged
interfaces, without requiring external
appliances
• ICMP throttling: defeats ICMP denial-of-
service attacks by enabling any switch port to
automatically throttle ICMP traffic
• Multiple user authentication methods:
– IEEE 802.1X: industry-standard way of user
authentication using an IEEE 802.1X
supplicant on the client in conjunction with a
RADIUS server
– Web-based authentication: authenticates
from Web browser for clients that do not
support 802.1X supplicant; customized
remediation can be processed on an external
Web server
– MAC-based authentication: client is
authenticated with the RADIUS server based
on client's MAC address
• Authentication flexibility:
– Multiple IEEE 802.1X users per port:
provides authentication of multiple IEEE
802.1X users per port; prevents user
"piggybacking" on another user's IEEE 802.1X
authentication
– Concurrent IEEE 802.1X and Web or MAC
authentication schemes per port: switch
port will accept any of IEEE 802.1X and either
Web or MAC authentications
• Access control lists (ACLs): provide filtering
based on the IP field, source/destination IP
address/subnet, and source/destination
TCP/UDP port number on a per-VLAN or per-
port basis
4
• Identity-driven ACL: enables implementation
of a highly granular and flexible access security
policy specific to each authenticated network
user
• DHCP protection: blocks DHCP packets from
unauthorized DHCP servers, preventing denial-
of-service attacks
• BPDU port protection: blocks Bridge Protocol
Data Units (BPDU) on ports that do not require
BPDUs, preventing forged BPDU attacks
• Dynamic IP lockdown: works with DHCP
protection to block traffic from unauthorized
host, preventing IP source address spoofing
• Dynamic ARP protection: blocks ARP
broadcasts from unauthorized hosts,
preventing eavesdropping or theft of network
data
STP Root Guard: protects root bridge from
NEW
malicious attack or configuration mistakes
• Detection of malicious attacks: monitors 10
types of network traffic and sends a warning
when an anomaly that potentially can be
caused by malicious attacks is detected
• Port security: allows access only to specified
MAC addresses, which can be learned or
specified by the administrator
• MAC address lockout: prevents configured
particular MAC addresses from connecting to
the network
• Source-port filtering: allows only specified
ports to communicate with each other
• TACACS+: eases switch management security
administration by using a password
authentication server
• Secure Shell (SSHv2): encrypts all transmitted
data for secure, remote command-line
interface (CLI) access over IP networks
• Secure Sockets Layer (SSL): encrypts all HTTP
traffic, allowing secure access to the browser-
based management GUI in the switch
Sayfayı Yazdır