HP HSR6802 JG361A 사용자 설명서
제품 코드
JG361A
QuickSpecs
HP HSR6800 Router Series
Overview
c04111425 — DA – 14543 Worldwide — Version 10 — July 3, 2014
Page 4
is a tunnel-less VPN technology that allows for native end-to-end security for a full meshed network; is suitable for an
enterprise running encryption over a private Multiprotocol Label Switching (MPLS)/IP-based core network, as well as for
enterprise running encryption over a private Multiprotocol Label Switching (MPLS)/IP-based core network, as well as for
encrypting multicast traffic
Stateful VPN firewall
provides enhanced stateful packet inspection and filtering; supports flexible security zones and virtual firewall
containment; delivers advanced VPN services with Triple DES (3DES) and Advanced Encryption Standard (AES) encryption
at high performance and low latency; offers Web content filtering; allows for application prioritization and enhancement
Access control list (ACL)
supports powerful ACLs for both IPv4 and IPv6; ACLs are used for filtering traffic to prevent unauthorized users from
accessing the network, or for controlling network traffic to save resources; rules can either deny or permit traffic to be
forwarded; rules can be based on a Layer 2 header or a Layer 3 protocol header; rules can be set to operate on specific
dates or times
Unicast Reverse Path Forwarding (URPF)
allows normal packets to be forwarded correctly, but discards the attaching packet due to lack of reverse path route or
incorrect inbound interface; prevents source spoofing and distributed attacks; supports distributed UFPF
Secure shell (SSHv2)
uses external servers to securely log in to a remote device; with authentication and encryption, it protects against IP
spoofing and plain-text password interception; increases the security of Secure FTP (SFTP) transfers
spoofing and plain-text password interception; increases the security of Secure FTP (SFTP) transfers
Remote Authentication Dial-In User Service (RADIUS)
eases switch security access administration by using a password authentication server
Terminal Access Controller Access-Control System (TACACS+)
is an authentication tool using TCP with encryption of the full authentication request, which provides additional security
Network address translation (NAT)
supports repeated multiplexing of a port and automatic 5-tuple collision detection, enabling NAPT to support unlimited
connections; supports blacklist in NAT/NAPT/internal server, a limit on the number of connections, session log, and multi-
instance
instance
Quality of Service (QoS)
HQoS/Nested QoS
allows for precise and flexible traffic classification and scheduling
Traffic policing
supports Committed Access Rate (CAR) and line rate
Congestion management
supports FIFO, PQ, CQ, WFQ, CBQ, and RTPQ
Congestion avoidance
Weighted Random Early Detection (WRED)/Random Early Detection (RED)
Other QoS technologies
support traffic shaping, FR QoS, MPLS QoS, and MP QoS/LFI
Management
Industry-standard CLI with a hierarchical structure
reduces training time and expenses, and increases productivity in multivendor installations
SNMPv1, v2, and v3
provide complete support of SNMP; provide full support of industry-standard Management Information Base (MIB) plus
private extensions; SNMPv3 supports increased security using encryption
private extensions; SNMPv3 supports increased security using encryption
Management interface control
each of the following interfaces can be enabled or disabled depending on security preferences: console port, telnet port,
or reset button
or reset button
Remote monitoring (RMON)
uses standard SNMP to monitor essential network functions; supports events, alarm, history, and statistics group plus a
private alarm extension group
Management security