Datasheet
source/destination TCP/UDP port number on a per-VLAN or per-port basis
Multiple user authentication methods
:
IEEE 802.1X users per port
: provides authentication of multiple IEEE 802.1X users per port; prevents user
"piggybacking" on another user's IEEE 802.1X authentication
Web-based authentication
: authenticates from Web browser for clients that do not support IEEE 802.1X
supplicant; customized remediation can be processed on an external Web server
MAC-based authentication
: client is authenticated with the RADIUS server based on client's MAC address
Concurrent IEEE 802.1X, Web, and MAC authentication schemes per port
: switch port will accept up to 32
sessions of IEEE 802.1X, Web, and MAC authentications
Virus throttling
: detects traffic patterns typical of WORM-type viruses and either throttles or entirely prevents the
virus from spreading across the routed VLANs or bridged interfaces, without requiring external appliances
DHCP protection
: blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
Secure management access
: securely encrypts all access methods (CLI, GUI, or MIB) through SSHv2, SSL, and/or
SNMPv3
USB Secure Autorun
(requires HP PCM+): deploys, diagnoses, and updates switch using a USB flash drive; works
with a secure credential to prevent tampering
Switch CPU protection
: provides automatic protection against malicious network traffic trying to shut down the switch
ICMP throttling
: defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle ICMP
traffic
Identity-driven ACL
: enables implementation of a highly granular and flexible access security policy and VLAN
assignment specific to each authenticated network user
STP BPDU port protection
: blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs,
preventing forged BPDU attacks
Dynamic IP lockdown
: works with DHCP protection to block traffic from unauthorized hosts, preventing IP source
address spoofing
Dynamic ARP protection
: blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of
network data
STP Root Guard
: protects root bridge from malicious attack or configuration mistakes
Detection of malicious attacks
: monitors 10 types of network traffic and sends a warning when an anomaly that
potentially can be caused by malicious attacks is detected
Port security
: allows access only to specified MAC addresses, which can be learned or specified by the administrator
MAC address lockout
: prevents particular configured MAC addresses from connecting to the network
Source-port filtering
: allows only specified ports to communicate with each other
RADIUS/TACACS+
: eases switch management security administration by using a password authentication server
Secure Shell
(SSHv2): encrypts all transmitted data for secure, remote command-line interface (CLI) access over IP
networks
Secure Sockets Layer
(SSL): encrypts all HTTP traffic, allowing secure access to the browser-based management
GUI in the switch
Secure File Transfer Protocol
(FTP): allows secure file transfer to and from the switch; protects against unwanted
file downloads or unauthorized copying of switch configuration file
Management Interface Wizard
: helps ensure that management interfaces such as SNMP, telnet, SSH, SSL, Web,
and USB are secured to the desired level
Switch management logon security
: can require either RADIUS or TACACS+ authentication for secure switch CLI
logon
Security banner
: displays a customized security policy when users log in to the switch
Convergence
IP multicast routing
: includes PIM Sparse and Dense modes to route IP multicast traffic
IP multicast snooping (data-driven IGMP)
: automatically prevents flooding of IP multicast traffic
LLDP-MED
(Media Endpoint Discovery)
: is a standard extension of LLDP that stores values for parameters such as
QoS and VLAN to automatically configure network devices such as IP phones
RADIUS VLAN for voice
: uses standard RADIUS attribute and LLDP-MED to automatically configure VLAN for IP
phones
PoE allocations
: support multiple methods (automatic, IEEE 802.3af class, LLDP-MED, or user specified) to allocate
PoE power for more efficient energy savings
Warranty and support
QuickSpecs
HP E5400 zl Switch Series
Overview
DA - 12436 Worldwide QuickSpecs — Version 17 — 4.14.2011
Page 4