HP 5372xl J4848B Manual De Usuario
Los códigos de productos
J4848B
3
• Multiple user authentication methods:
– IEEE 802.1X: industry-standard method of user
authentication using an IEEE 802.1X supplicant on
the client in conjunction with a RADIUS server
the client in conjunction with a RADIUS server
– Web-based authentication: similar to IEEE
802.1X, provides a browser-based environment to
authenticate clients that do not support the IEEE
802.1X supplicant
authenticate clients that do not support the IEEE
802.1X supplicant
– MAC-based authentication: client is
authenticated with the RADIUS server based on
the client's MAC address
the client's MAC address
• Authentication flexibility:
– Multiple IEEE 802.1X users per port:
provides authentication of multiple IEEE 802.1X
users per port; prevents user "piggybacking" on
another user's IEEE 802.1X authentication
users per port; prevents user "piggybacking" on
another user's IEEE 802.1X authentication
– Concurrent IEEE 802.1X and Web or MAC
authentication schemes per port: switch
port will accept any of IEEE 802.1X and either
Web or MAC authentications
port will accept any of IEEE 802.1X and either
Web or MAC authentications
• Access control lists (ACLs): provide IP Layer 3
filtering based on source/destination IP
address/subnet and source/destination TCP/UDP
port number
address/subnet and source/destination TCP/UDP
port number
• Identity-driven ACL: enables implementation of
a highly granular and flexible access security policy
and VLAN assignment specific to each authenticated
network user
and VLAN assignment specific to each authenticated
network user
• Port security: allows access only to specified
MAC addresses, which can be learned or specified
by the administrator
by the administrator
• MAC address lockout: prevents configured
particular MAC addresses from connecting to the
network
network
• Source-port filtering: allows only specified ports
to communicate with each other
• RADIUS/TACACS+: eases switch management
security administration by using a password
authentication server
authentication server
• Secure Shell (SSHv2): encrypts all transmitted
data for secure, remote command-line interface (CLI)
access over IP networks
access over IP networks
• Secure Sockets Layer (SSL): encrypts all HTTP
traffic, allowing secure access to the browser-based
management GUI in the switch
management GUI in the switch
• Secure FTP: allows secure file transfer to/from the
switch; protects against unwanted file downloads or
unauthorized copying of switch configuration file
unauthorized copying of switch configuration file
• Secure access to manage the ProCurve
Switch 5300xl series: all access methods--CLI,
GUI, or MIB--are securely encrypted through SSHv2,
SSL, and/or SNMPv3
GUI, or MIB--are securely encrypted through SSHv2,
SSL, and/or SNMPv3
• Switch management logon security: can
require either RADIUS or TACACS+ authentication
for secure switch CLI logon
for secure switch CLI logon
Convergence
• IP multicast routing (PIM Dense): routes IP
multicast traffic using the PIM Dense routing protocol
• IP multicast snooping and data-driven
IGMP: automatically prevents flooding of IP
multicast traffic
multicast traffic
• LLDP-MED (Media Endpoint Discovery): a
standard extension of LLDP that stores values for
parameters such as QoS and VLAN to automatically
configure network devices such as IP phones
parameters such as QoS and VLAN to automatically
configure network devices such as IP phones
Quality of Service (QoS)
• Layer 4 prioritization: enables prioritization
based on TCP/UDP port numbers
• Traffic prioritization (IEEE 802.1p): allows
real-time traffic classification into eight priority levels
mapped to eight queues
mapped to eight queues
• Class of Service (CoS): sets the IEEE 802.1p
priority tag based on IP address, IP Type of Service
(ToS), L3 protocol, TCP/UDP port number, source
port, and DiffServ
(ToS), L3 protocol, TCP/UDP port number, source
port, and DiffServ
• Bandwidth shaping:
– Rate limiting: per-port ingress-based enforced
bandwidth maximums
– Guaranteed minimums: per-port, per-queue
egress-based guaranteed bandwidth minimums