ProCurve Switch 5400zl/3500yl Series
features

Series support

• Remote Intelligent Mirroring: mirrors selected ingress/egress traffic based on ACL, port, MAC address, or VLAN to a local or remote 8200zl/6200yl/5400zl/3500yl switch anywhere on the network  NEW! 

• RMON, XRMON, and sFlow v5: provide advanced monitoring and reporting capabilities for statistics, history, alarms, and events

• IEEE 802.1AB Link Layer Discovery Protocol (LLDP): automated device discovery protocol for easy mapping by network management applications

• Command authorization: leverages RADIUS to link a custom list of CLI commands to individual network administrator's login; also provides an audit trail

• Friendly port names: allow assignment of descriptive names to ports

• Dual flash images: provides independent primary and secondary OS files for backup while upgrading

• Multiple configuration files: multiple config files can be stored to the flash image

• Uni-Directional Link Detection (UDLD): monitors a link between two switches and blocks the ports on both ends of the link if the link goes down at any point between the two devices

• Management simplicity: ProCurve-common networking features and CLI implementation (common across ProCurve zl and yl switches)

• IPv6:  NEW! 
  • IPv6 Host the switches can be managed and deployed at the edge of IPv6 networks
  • Dual Stack (IPv4/IPv6) provides transition mechanism from IPv4 to IPv6; supports connectivity for both protocols
  • MLD Snooping forwards IPv6 multicast traffic to the appropriate interface; prevents IPv6 multicast traffic from flooding the network
  • IPv6 ready the switch hardware can support IPv6 QoS, ACL, routing, tunneling, and security; these features will be available when enabled via software update in follow-on releases

• IEEE 802.3af Power over Ethernet: provides up to 15.4 W per port to IEEE 802.3af compliant PoE powered devices such as IP phones, wireless access points, and security cameras

• Pre-standard PoE support: detects and provides power to pre-standard PoE devices; see list of supported devices in the product FAQ at www.procurve.com

• Jumbo frames: on Gigabit and 10-Gigabit ports, allow high-performance remote backup and disaster-recovery services

• Auto-MDIX: automatically adjusts for straight-through or crossover cables on all 10/100/1000 ports

• 5400zl/3500yl architecture: 115 to 692 Gbps crossbar switching fabric provides intra- and inter-module switching with 36 to 428 million pps throughput on the purpose-built ProVision ASICs

• Selectable queue configurations: increase performance by selecting the number of queues and associated memory buffering that best meet the requirements of your network applications

• Virtual Router Redundancy Protocol (requires Premium License): VRRP allows groups of two routers to dynamically back each other up to create highly available routed environments

• IEEE 802.1s Multiple Spanning Tree Protocol: provides high link availability in multiple VLAN environments by allowing multiple spanning trees; encompasses IEEE 802.1D Spanning Tree Protocol and IEEE 802.1w Rapid Spanning Tree Protocol

• IEEE 802.3ad Link Aggregation Control Protocol (LACP) and ProCurve trunking: support up to 36 trunks, each with up to 8 links (ports) per trunk; trunking across modules is supported

• Hot-swappable modules (5400zl series): permits modules, mini-GBICs, and power supplies in a redundant power supply configuration to be added or swapped without interrupting the network

• Optional redundant power supply (5400zl series): provides uninterrupted power and allows hot-swapping of the redundant power supplies when installed

• Sparing simplicity: ProCurve zl-common accessories (interface modules, power supplies)

• IEEE 802.1ad Q-in-Q (requires Premium License): increases the scalability of Ethernet network by providing a hierarchical structure; connects multiple LAN's on high-speed campus or metro network NEW! 

• ProCurve switch meshing: dynamically load-balances across multiple active redundant links to increase available aggregate bandwidth

• VLAN support and tagging: supports the IEEE 802.1Q standard and 2,048 VLANs simultaneously

• IEEE 802.1v protocol VLANs: isolate select non-IPv4 protocols automatically into their own VLANs

• GARP VLAN Registration Protocol: allows automatic learning and dynamic assignment of VLANs

• UDP helper function: UDP broadcasts can be directed across router interfaces to specific IP unicast or subnet broadcast addresses and prevent server spoofing for UDP services such as DHCP

• Loopback interface address: defines an address in RIP and OSPF that can always be reachable, improving diagnostic capability

• Static IP routing: provides manually configured routing

• RIP: provides RIPv1 and RIPv2 routing at media speed

• OSPF (requires Premium License): includes host-based ECMP to provide link redundancy/scalable bandwidth and NSSA

• USB Secure Autorun (requires ProCurve Manager Plus): deploys, diagnoses, and updates switch using USB flash drive; works with secure credential to prevent tampering  NEW! 

• Switch CPU protection: provides automatic protection against malicious network traffic trying to shut down the switch

• Virus throttling: detects traffic patterns typical of WORM-type viruses and either throttles or entirely prevents the ability of the virus to spread across the routed VLANs or bridged interfaces, without requiring external appliances

• ICMP throttling: defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle ICMP traffic

• Multiple user authentication methods:
  • IEEE 802.1X industry-standard way of user authentication using an IEEE 802.1X supplicant on the client in conjunction with a RADIUS server
  • Web-based authentication authenticates from Web browser for clients that do not support 802.1X supplicant; customized remediation can be processed on an external Web server
  • MAC-based authentication client is authenticated with the RADIUS server based on client's MAC address

• Authentication flexibility:
  • Multiple IEEE 802.1X users per port provides authentication of multiple IEEE 802.1X users per port; prevents user "piggybacking" on another user's IEEE 802.1X authentication
  • Concurrent IEEE 802.1X and Web or MAC authentication schemes per port switch port will accept any of IEEE 802.1X and either Web or MAC authentications

• Access control lists (ACLs): provide filtering based on the IP field, source/destination IP address/subnet, and source/destination TCP/UDP port number on a per-VLAN or per-port basis

• Identity-driven ACL: enables implementation of a highly granular and flexible access security policy specific to each authenticated network user

• DHCP protection: blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks

• BPDU port protection: blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks

• Dynamic IP lockdown: works with DHCP protection to block traffic from unauthorized host, preventing IP source address spoofing

• Dynamic ARP protection: blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data

• STP Root Guard: protects root bridge from malicious attack or configuration mistakes NEW! 

• Detection of malicious attacks: monitors 10 types of network traffic and sends a warning when an anomaly that potentially can be caused by malicious attacks is detected

• Port security: allows access only to specified MAC addresses, which can be learned or specified by the administrator

• MAC address lockout: prevents configured particular MAC addresses from connecting to the network

• Source-port filtering: allows only specified ports to communicate with each other

• TACACS+: eases switch management security administration by using a password authentication server

• Secure Shell (SSHv2): encrypts all transmitted data for secure, remote command-line interface (CLI) access over IP networks

• Secure Sockets Layer (SSL): encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch

• Secure FTP: allows secure file transfer to/from the switch; protects against unwanted file downloads or unauthorized copying of switch configuration file

• Secure management access: all access methods--CLI, GUI, or MIB--are securely encrypted through SSHv2, SSL, and/or SNMPv3

• Switch management logon security: can require either RADIUS or TACACS+ authentication for secure switch CLI logon

• Security banner: displays a customized security policy when users log in to the switch

• IP multicast routing (Premium License): includes PIM Sparse and Dense modes to route IP multicast traffic

• IP multicast snooping (data-driven IGMP): automatically prevents flooding of IP multicast traffic

• LLDP-MED (Media Endpoint Discovery): a standard extension of LLDP that stores values for parameters such as QoS and VLAN to automatically configure network devices such as IP phones

• RADIUS VLAN for voice: uses standard RADIUS attribute and LLDP-MED to automatically configure VLAN for IP phones  NEW! 

• PoE allocations: supports multiple methods (automatic, 802.3af class, LLDP-MED, or user specified) to allocate PoE power for optimal energy saving NEW! 

• Layer 4 prioritization: enables prioritization based on TCP/UDP port numbers

• Traffic prioritization: allows real-time traffic classification into 8 priority levels mapped to 8 queues

• Bandwidth shaping:
  • Port-based rate limiting per-port ingress/egress enforced maximum bandwidth
  • Classifier-based rate limiting use ACL to enforce maximum bandwidth for ingress traffic on each port
  • Guaranteed minimum per-port, per-queue egress-based guaranteed minimum bandwidth

• Class of Service (CoS): sets the IEEE 802.1p priority tag based on IP address, IP Type of Service (ToS), L3 protocol, TCP/UDP port number, source port, and DiffServ

» Return to top 

» Download Adobe Acrobat Reader