Filter
Top Products
29
Overview of features and benefits
The HP ProCurve Switch 5400zl, 3500yl, and 6200yl series use the same software image base. For the
HP ProCurve Switch 6200yl, the Premium License feature group is standard. For the HP ProCurve
Switch 5400zl and 3500yl series, you have the choice of using the Intelligent Edge feature group or the
Premium License feature group for an additional fee. The Premium License feature group supports
additional aggregation layer features: Q-in-Q, PIM-SM, PIM-DM, OSPF-ECMP, and VRRP. The
primary differences among these switch families are hardware related and include such aspects as port
density and the number of power supplies and fans.
The following summary of features and benefits applies to the HP ProCurve Switch 5400zl, 3500yl,
and 6200yl series. Any differences that exist among the switches are noted.
Performance
• ProVision ASIC technology: powered by the ProVision ASICs, the switch families offer state-of-
the-art high-capacity switch fabric performance—692 Gbps for the 5412zl, 346 Gbps for the
5406zl, 173 Gbps for the 3500yl-48G-PWR, and 115 Gbps for the 3500yl-24G-PWR and 6200yl-
24G-mGBIC.
• Selectable queue configurations: increase performance by selecting the number of queues and
associated memory buffer that best meet the requirements of network applications.
Security features
• Virus Throttle: connection Rate Filtering thwarts virus spreading by blocking routing from certain
hosts exhibiting abnormal traffic behavior
• ICMP throttling: defeats ICMP denial-of-service attacks by enabling any switch port to
automatically throttle ICMP traffic
• Filtering capabilities: include fast, flexible Access Control Lists (ACLs), up to 3,000 per module (in
later release, more precise detailed control via the fast Policy Enforcement Engine), source port,
multicast MAC address, and other protocol-based filtering capabilities
• Switch CPU protection: provides automatic protection against malicious network traffic trying to
shut down the switch
• Detection of malicious attacks: monitors ten types of network traffic and sends a warning if an
anomaly occurs, signaling the detection of a potential malicious attacks
• USB secure autorun: uses USB flash drive to deploy, troubleshoot, or update switches; works with
secure credential to prevent tampering
• STP root guard: protects STP root bridge from malicious attack or configuration mistakes
• DHCP protection: blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-
service attack
• BPDU port protection: blocks Bridge Protocol Data Unit (BPDU) on ports that do not require
BPDU, preventing forged BPDU attack
• Dynamic ARP protection: blocks ARP broadcast from unauthorized hosts, preventing
eavesdropping or data theft of network data
• Dynamic IP lockdown: works with DHCP protection to block traffic from unauthorized host,
preventing IP source address spoofing
• Identity Driven Manager: supports HP ProCurve Identity Driven Manager (IDM) which can
dynamically apply per-user security, access, and performance settings to infrastructure devices
based on approved user, location, and time
• Multiple user authentication methods:
– Multiple IEEE 802.1X users per port: provides authentication of multiple IEEE 802.1X users per
port; prevents user “piggybacking” on another user’s IEEE 802.1X authentication
– Web-based authentication: authenticates from Web browser for clients that do not support IEEE
802.1X supplicant; customized remediation can be processed on an external Web server
– Concurrent IEEE 802.1X, Web, and MAC authentication schemes per port: switch port will
accept up to 32 sessions of IEEE 802.1X, Web, and MAC authentications
• Access control lists (ACLs): provide filtering based on the IP field, source/destination IP
address/subnet, and source/destination TCP/UDP port number on a per-VLAN or per-port basis