Layer 2 switching
16K MAC address table
: provides access to many Layer 2 devices
VLAN support and tagging
: support IEEE 802.1Q with 4,094 simultaneous VLAN IDs
GARP VLAN Registration Protocol
: allows automatic learning and dynamic assignment of VLANs
IEEE 802.1ad QinQ and Selective QinQ
: increase the scalability of an Ethernet network by providing a hierarchical structure;
connect multiple LANs on a high-speed campus or metro network
10GbE port aggregation:
allows grouping of ports to increase overall data throughput to a remote device
Internet Group Management Protocol
(IGMP)
and Multicast Listener Discovery
(MLD)
protocol snooping
: effectively control
and manage the flooding of multicast packets in a Layer 2 network
Per-VLAN Spanning Tree Plus
(PVST+)
allows each VLAN to build a separate spanning tree to improve link bandwidth usage in network environments with multiple
VLANs
Layer 3 services
Address Resolution Protocol
(ARP): determines the MAC address of another IP host in the same subnet; supports static ARPs;
gratuitous ARP allows detection of duplicate IP addresses; proxy ARP allows normal ARP operation between subnets or when
subnets are separated by a Layer 2 network
Dynamic Host Configuration Protocol
(DHCP): simplifies the management of large IP networks; supports client; DHCP Relay
enables DHCP operation across subnets
Loopback interface address
: defines an address that can always be reachable, improving diagnostic capability
User Datagram Protocol (UDP) helper function
: allows UDP broadcasts to be directed across router interfaces to specific IP
unicast or subnet broadcast addresses and prevents server spoofing for UDP services such as DHCP
Route maps
: provide more control during route redistribution; allow filtering and altering of route
metric
Layer 3 routing
Static IP routing
: provides manually configured routing for both IPv4 and IPv6 networks
Security
Access control lists
(ACLs): provides IP Layer 2 to Layer 4 traffic filtering; supports global ACL, VLAN ACL, port ACL, and IPv6 ACL
IEEE 802.1X
: industry-standard method of user authentication using an IEEE 802.1X supplicant on the client in conjunction with
a RADIUS server
MAC-based authentication
: client is authenticated with the RADIUS server based on the client's MAC address
Identity-driven security and access control
:
Per-user ACLs: permits or denies user access to specific network resources based on user identity and time of day,
allowing multiple types of users on the same network to access specific network services without risking network
security or providing unauthorized access to sensitive data
Automatic VLAN assignment: automatically assigns users to the appropriate VLAN based on their identities
Secure management access
: securely encrypts all access methods (CLI, GUI, or MIB) through SSHv2, SSL, and/or SNMPv3
Secure FTP
: allows secure file transfer to and from the switch; protects against unwanted file downloads or unauthorized
copying of a switch configuration file
Guest VLAN
: similar to IEEE 802.1X, it provides a browser-based environment to authenticated clients
Endpoint Admission Defense
(EAD): provides security policies to users accessing a network
Port security
: allows access only to specified MAC addresses, which can be learned or specified by the administrator
Port isolation
: secures and adds privacy, and prevents malicious attackers from obtaining user information
QuickSpecs
HP 5120 EI Switch Series
Overview
DA - 13850 North America — Version 19 — August 19, 2013
Page 5