Datasheet
3
•
Pre-standard PoE support
detects and provides power to pre-standard PoE devices; see list of
supported devices in the product FAQ at
www.hp.com/networking/support
•
Small form-factor pluggable (SFP) slots
provides fiber connectivity such as Gigabit-SX, -LX, -LH, and -BX
with four SFP slots
•
Dual-personality (RJ-45 or USB micro-B) serial console port
gives easy access to switch CLI via front switch location of
dual-personality RJ-45 or USB micro-B serial console port
Layer 2 switching
•
VLANs
provide support for 512 VLANs and 4,094 VLAN IDs
•
Jumbo packet support
supports up to 9220-byte frame size to improve the performance of
large data transfers
•
16K MAC address table
provides access to many Layer 2 devices
•
GARP VLAN Registration Protocol
allows automatic learning and dynamic assignment of VLANs
Security
•
Access control lists (ACLs)
accommodates IPv4/IPv6 port and VLAN-based ACLs
•
Source-port filtering
allows only specified ports to communicate with each other
•
RADIUS/TACACS+
eases switch management security administration by using a
password authentication server
•
Secure Sockets Layer (SSL)
encrypts all HTTP traffic, allowing secure access to the
browser-based management GUI in the switch
•
Port security
allows access only to specified MAC addresses, which can be learned
or specified by the administrator
•
MAC address lockout
prevents particular configured MAC addresses from connecting to
the network
•
Multiple user authentication methods
– IEEE 802.1X
is an industry-standard method of user authentication using an
IEEE 802.1X supplicant on the client in conjunction with a RADIUS
server
– Web-based authentication
is similar to IEEE 802.1X and provides a browser-based
environment to authenticate clients that do not support the IEEE
802.1X supplicant
– MAC-based authentication
authenticates the client with the RADIUS server based on the
client's MAC address
•
Secure shell (SSHv2; client and server)
encrypts all transmitted data for secure, remote CLI access over IP
networks
•
Secure shell
encrypts all transmitted data for secure remote CLI access over IP
networks
•
STP BPDU port protection
blocks Bridge Protocol Data Units (BPDUs) on ports that do not
require BPDUs, preventing forged BPDU attacks
•
STP Root Guard
protects the root bridge from malicious attacks or configuration
mistakes
•
Secure management access
securely encrypts all access methods (CLI, GUI, or MIB) through
SSHv2 and SNMPv3
•
Custom banner
displays security policy when users log in to the switch
•
Secure FTP
allows secure file transfer to and from the switch; protects against
unwanted file downloads or unauthorized copying of a switch
configuration file
•
Protected ports CLI
offers intuitive CLI to configure the source-port filters feature by
allowing specified ports to be isolated from all other ports on the
switch; the protected port or ports can communicate only with the
uplink or shared resources
•
Authentication flexibility
– Multiple IEEE 802.1X users per port
provides authentication of up to eight IEEE 802.1X users per port;
prevents user "piggybacking" on another user's IEEE 802.1X
authentication
– Concurrent IEEE 802.1X and Web or MAC authentication
schemes per port
switch port will accept any IEEE 802.1X and either Web or MAC
authentications
•
Switch management logon security
helps secure switch CLI logon by optionally requiring either RADIUS
or TACACS+ authentication
Convergence
•
LLDP-MED (Media Endpoint Discovery)
is a standard extension of LLDP that stores values for parameters
such as QoS and VLAN to automatically configure network devices
such as IP phones
•
IP multicast (data-driven IGMP)
automatically prevents flooding of IP multicast traffic
•
IEEE 802.1AB Link Layer Discovery Protocol (LLDP)
is an automated device discovery protocol that provides easy
mapping of network management applications