HP 5500-24G EI JG250AC 데이터 시트

4

• User Datagram Protocol (UDP) helper

function: allows UDP broadcasts to be directed
across router interfaces to specific IP unicast or
subnet broadcast addresses and prevents server
spoofing for UDP services such as DHCP

• Route maps: provide more control during route

redistribution; allow filtering and altering of route
metrics

Layer 3 routing

• IPv4 routing protocols: support static routes,

RIP, OSPF, ISIS, and BGP

• IPv6 routing protocols: provide routing of IPv6

at wire speed; support static routes, RIPng, OSPFv3,
IS-ISv6, and BGP4+ for IPv6

• Equal-Cost Multipath (ECMP): enables multiple

equal-cost links in a routing environment to increase
link redundancy and scale bandwidth

• Policy-based routing: makes routing decisions

based on policies set by the network administrator

• IGMPv1, v2, and v3: allow individual hosts to

be registered on a particular VLAN

• PIM-SSM, PIM-DM, and PIM-SM (for IPv4

and IPv6): support IP Multicast address
management and inhibition of DoS attacks

• IPv6 tunneling: allows a smooth transition from

IPv4 to IPv6 by encapsulating IPv6 traffic over an
existing IPv4 infrastructure

• Unicast Reverse Path Forwarding (uRPF): is

defined by RFC 3704 and limits erroneous or
malicious traffic

• Bidirectional Forwarding Detection (BFD):

enables link connectivity monitoring and reduces
network convergence time for RIP, OSPF, BGP, IS-IS,
VRRP, and IRF

Security

• Access control lists (ACLs): provide IP Layer 2 to

Layer 4 traffic filtering; support global ACL, VLAN
ACL, port ACL, and IPv6 ACL

• IEEE 802.1X: is an industry-standard method of

user authentication that uses an IEEE 802.1X
supplicant on the client in conjunction with a
RADIUS server

• MAC-based authentication: authenticates the

client with the RADIUS server based on the client's
MAC address

• Identity-driven security and access control:

– Per-user ACLs: permit or deny user access to

specific network resources based on user identity
and time of day, allowing multiple types of users
on the same network to access specific network
services without risking network security or
providing unauthorized access to sensitive data

– Automatic VLAN assignment: automatically

assigns users to the appropriate VLAN based on
their identities

• Secure management access: securely encrypts

all access methods (CLI, GUI, or MIB) through
SSHv2, SSL, and/or SNMPv3

• Secure FTP: allows secure file transfer to and from

the switch; protects against unwanted file
downloads or unauthorized copying of a switch
configuration file

• Guest VLAN: similar to IEEE 802.1X, it provides a

browser-based environment to authenticated clients

• Endpoint Admission Defense (EAD): provides

security policies to users accessing a network

• Port security: allows access only to specified

MAC addresses, which can be learned or specified
by the administrator

• Port isolation: secures and adds privacy, and

prevents malicious attackers from obtaining user
information

• STP BPDU port protection: blocks Bridge

Protocol Data Units (BPDUs) on ports that do not
require BPDUs, preventing forged BPDU attacks

• STP Root Guard: protects the root bridge from

malicious attacks or configuration mistakes

• DHCP protection: blocks DHCP packets from

unauthorized DHCP servers, preventing
denial-of-service attacks

• Dynamic ARP protection: blocks ARP

broadcasts from unauthorized hosts, preventing
eavesdropping or theft of network data

• IP Source Guard: helps prevent IP spoofing

attacks

• RADIUS/HWTACACS: eases switch management

security administration by using a password
authentication server

• Multiple Customer Edge (MCE): facilitates

MPLS VPN network integration with up to 64 VPNs
support