HP 2620-24-PPoE+ + X121 1G SFP LC SX J9624A?KIT データシート

3

Security

• Access control lists (ACLs): provide IP Layer 3

filtering based on source/destination IP
address/subnet and source/destination TCP/UDP
port number

• Source-port filtering: allows only specified ports

to communicate with each other

• RADIUS/TACACS+: eases switch management

security administration by using a password
authentication server

• Secure Shell: encrypts all transmitted data for

secure remote CLI access over IP networks

• Secure Sockets Layer (SSL): encrypts all HTTP

traffic, allowing secure access to the browser-based
management GUI in the switch

• Port security: allows access only to specified

MAC addresses, which can be learned or specified
by the administrator

• MAC address lockout: prevents particular

configured MAC addresses from connecting to the
network

• Secure FTP: allows secure file transfer to and from

the switch; protects against unwanted file
downloads or unauthorized copying of a switch
configuration file

• Custom banner: displays security policy when

users log in to the switch

• Identity-driven ACL: enables implementation of

a highly granular and flexible access security policy
and VLAN assignment specific to each authenticated
network user

• STP BPDU port protection: blocks Bridge

Protocol Data Units (BPDUs) on ports that do not
require BPDUs, preventing forged BPDU attacks

• DHCP protection: blocks DHCP packets from

unauthorized DHCP servers, preventing
denial-of-service attacks

• Dynamic ARP protection: blocks ARP

broadcasts from unauthorized hosts, preventing
eavesdropping or theft of network data

• Multiple user authentication methods:

– IEEE 802.1X: is an industry-standard method of

user authentication using an IEEE 802.1X
supplicant on the client in conjunction with a
RADIUS server

– Web-based authentication: similar to IEEE

802.1X, it provides a browser-based environment
to authenticate clients that do not support the IEEE
802.1X supplicant

– MAC-based authentication: client is

authenticated with the RADIUS server based on
the client's MAC address

• STP Root Guard: protects the root bridge from

malicious attack or configuration mistakes

• Authentication flexibility:

– Multiple IEEE 802.1X users per port:

provides authentication of multiple IEEE 802.1X
users per port; prevents user "piggybacking" on
another user's IEEE 802.1X authentication

– Concurrent IEEE 802.1X, Web, and MAC

authentication schemes per port: switch
port will accept up to 32 sessions of IEEE 802.1X,
Web, and MAC authentications

• Port mirroring for network threats: provides

sampled port traffic using sFlow technology to the
HP Network Immunity Manager (NIM) application
for Network Behavior Anomaly Detection (NBAD)
analysis to detect threats and mitigate threats at the
port where the threat originated

• Per-port broadcast throttling: selectively

configures broadcast control on heavy traffic port
uplinks

Convergence

• IP multicast snooping and data-driven

IGMP: automatically prevent flooding of IP multicast
traffic

• LLDP-MED (Media Endpoint Discovery): is a

standard extension of LLDP that stores values for
parameters such as QoS and VLAN to automatically
configure network devices such as IP phones

• IEEE 802.1AB Link Layer Discovery Protocol

(LLDP): is an automated device discovery protocol
that provides easy mapping of network
management applications

• PoE and PoE+ allocations: support multiple

methods (automatic, IEEE 802.3at dynamic,
LLDP-MED fine grain, IEEE 802.3af device class, or
user specified) to allocate and manage PoE/PoE+
power for more efficient energy savings