HP 3600-48-PoE EI JD328A Scheda Tecnica

4

• IPv6 routing protocols: provide routing of IPv6

at wire speed; support static routes, RIPng, OSPFv3,
ISIS for IPv6, and BGP4+ for IPv6

• Equal-Cost Multipath (ECMP): enables multiple

equal-cost links in a routing environment to increase
link redundancy and scale bandwidth

• PIM-SSM, PIM-DM, and PIM-SM (for IPv4

and IPv6): support IP Multicast address
management and inhibition of DoS attacks

• Multicast Source Discovery Protocol

(MSDP): is used for inter-domain multicast
applications, allowing multiple PIM-SM domains to
interoperate

• Bidirectional Forwarding Detection (BFD):

enables link connectivity monitoring and reduces
network convergence time for RIP, OSPF, BGP, IS-IS,
VRRP, and IRF

• IGMPv1, v2, and v3: allow individual hosts to

be registered on a particular VLAN

• IPv6 tunneling: allows a smooth transition from

IPv4 to IPv6 by encapsulating IPv6 traffic over an
existing IPv4 infrastructure

Security

• Access control lists (ACLs): provides IP Layer 2

to Layer 4 traffic filtering; supports VLAN ACL and
port ACL

• Multiple user authentication methods:

– IEEE 802.1X: is an industry-standard method of

user authentication using an IEEE 802.1X
supplicant on the client in conjunction with a
RADIUS server

– Web-based authentication: similar to IEEE

802.1X, it provides a browser-based environment
to authenticate clients that do not support the IEEE
802.1X supplicant

– MAC-based authentication: client is

authenticated with the RADIUS server based on
the client's MAC address

• Identity-driven security and access control:

– Per-user ACLs: permits or denies user access to

specific network resources based on user identity
and time of day, allowing multiple types of users
on the same network to access specific network
services without risk to network security or
unauthorized access to sensitive data

– Automatic VLAN assignment: automatically

assigns users to the appropriate VLAN based on
their identities

• Secure management access: securely encrypts

all access methods (CLI, GUI, or MIB) through
SSHv2, SSL, and/or SNMPv3

• Secure FTP: allows secure file transfer to and from

the switch; protects against unwanted file
downloads or unauthorized copying of a switch
configuration file

• Guest VLAN: similar to IEEE 802.1X, it provides a

browser-based environment to authenticated clients

• Endpoint Admission Defense (EAD): provides

security policies to users accessing a network

• Port security: allows access only to specified

MAC addresses, which can be learned or specified
by the administrator

• Port isolation: secures and adds privacy, and

prevents malicious attackers from obtaining user
information

• ICMP throttling: defeats ICMP denial-of-service

attacks by enabling any switch port to automatically
throttle ICMP traffic

• STP BPDU port protection: blocks Bridge

Protocol Data Units (BPDUs) on ports that do not
require BPDUs, preventing forged BPDU attacks

• STP Root Guard: protects the root bridge from

malicious attacks or configuration mistakes

• DHCP protection: blocks DHCP packets from

unauthorized DHCP servers, preventing
denial-of-service attacks

• Dynamic ARP protection: blocks ARP

broadcasts from unauthorized hosts, preventing
eavesdropping or theft of network data

• IP Source Guard: helps prevent IP spoofing

attacks

• RADIUS/HWTACACS: eases switch management

security administration by using a password
authentication server

• Multiple Customer Edge (MCE): facilitates

MPLS VPN network integration with support for up
to 63 VPNs

Convergence

• IEEE 802.1AB Link Layer Discovery Protocol

(LLDP): is an automated device discovery protocol
that provides easy mapping of network
management applications

• LLDP-MED: is a standard extension that

automatically configures network devices, including
LLDP-capable IP phones

• LLDP-CDP compatibility: receives and

recognizes CDP packets from Cisco's IP phones for
seamless interoperation