5
Layer 3 routing
• Static IP routing
provides manually congured routing for both IPv4 and IPv6 networks
Security
• Access control lists (ACLs)
provides IP Layer 2 to Layer 4 traic ltering; supports global ACL, VLAN ACL, port ACL,
and IPv6 ACL
• IEEE 802.1X
industry-standard method of user authentication using an IEEE 802.1X supplicant on the client
in conjunction with a RADIUS server
• MAC-based authentication
client is authenticated with the RADIUS server based on the client’s MAC address
• Identity-driven security and access control
– Per-user ACLs
permits or denies user access to specic network resources based on user identity and time
of day, allowing multiple types of users on the same network to access specic network
services without risking network security or providing unauthorized access to sensitive data
– Automatic VLAN assignment
automatically assigns users to the appropriate VLAN based on their identities
• Secure management access
delivers secure encryption of all access methods (CLI, GUI, or MIB) through SSHv2, SSL,
and/or SNMPv3
• Secure FTP
allows secure le transfer to and from the switch; protects against unwanted le downloads or
unauthorized copying of a switch conguration le
• Guest VLAN
provides a browser-based environment to authenticated clients that is similar to IEEE 802.1X
• Endpoint Admission Defense (EAD)
provides security policies to users accessing a network
• Port security
allows access only to specied MAC addresses, which can be learned or specied by the
administrator
• Port isolation
secures and adds privacy, and prevents malicious attackers from obtaining user information
• STP BPDU port protection
blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing
forged BPDU attacks
• STP root guard
protects the root bridge from malicious attacks or conguration mistakes
• DHCP protection
blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
• IP source guard
helps prevent IP spoong attacks
• Dynamic ARP protection
blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of
network data
• RADIUS/HWTACACS
eases switch management security administration by using a password authentication server
Data sheet | HP 5120 EI Switch Series
To Next Page
Loading...
