HP 3600-24-SFP v2 EI Layer 3 Switch

These are fully managed 24- or 48-port 10/100 Layer 3 wire-speed Fast Ethernet switches with four Gigabit Ethernet uplinks and full management features. The series has Layer 2 / Layer 3 switching with advanced Layer 3 routing using static routes, RIP, OSPF BGP, and multicast (PIM) routing. Fully IPv6 capable, with advanced IPv6/IPv4 routing, this series delivers a smooth transition from IPv4 to IPv6.

• Full enterprise-class management features
• Lower network administration costs
• Unified network security strategy
• Easy migration from IPv4 to IPv6

Quality of Service (QoS)

• Broadcast Control – Allows limitation of broadcast traffic rate to cut down on unwanted network broadcast traffic
• Powerful QoS Feature – Supports the following congestion actions: strict priority queuing (SP), weighted round robin (WRR), SP+WRR, and WRED
• Traffic Policing – Supports Committed Access Rate (CAR) and line rate
• Advanced Classifier-Based QoS – Classifies traffic using multiple match criteria based on Layer 2, 3, and 4 information; applies QoS policies such as setting priority level and rate limit to selected traffic on a port, VLAN, or whole switch

Management

• Friendly Port Names – Allow assignment of descriptive names to ports
• Remote Configuration and Management – Available through a secure Web browser or a command-line interface (CLI)
• Manager and Operator Privilege Levels – Enable read-only (operator) and read-write (manager) access on CLI and Web browser management interfaces
• Command Authorization – Leverages RADIUS to link a custom list of CLI commands to an individual network administrator's login; also provides an audit trail
• Secure Web GUI – Provides a secure, easy-to-use graphical interface for configuring the module via HTTPS
• Multiple Configuration Files – Can be stored to the flash image
• Complete Session Logging – Provides detailed information for problem identification and resolution
• SNMPv1, v2c, and v3 – Facilitate centralized discovery, monitoring, and secure management of networking devices
• Remote Monitoring (RMON) – Uses standard SNMP to monitor essential network functions; supports events, alarm, history, and statistics group plus a private alarm extension group
• IEEE 802.1AB Link Layer Discovery Protocol (LLDP) – Automated device discovery protocol provides easy mapping by network management applications
• sFlow (RFC 3176) – Provides scalable ASIC-based wire-speed network monitoring and accounting with no impact on network performance; this allows network operators to gather a variety of sophisticated network statistics and information for capacity planning and real-time network monitoring purposes
• Management VLAN – Segments traffic to and from management interfaces, including CLI/telnet, a Web browser interface, and SNMP
• Device Link Detection Protocol (DLDP) – Monitors cable between two switches and shuts down the ports on both ends if the cable is broken, preventing network problems such as loops
• Troubleshooting – Ingress and egress port monitoring enable network problem solving; virtual cable tests provide visibility into cable problems
• IPv6 Management – Future-proofs networking, as the switch is capable of being managed whether the attached network is running IPv4 or IPv6; supports Pingv6, Tracertv6, Telnetv6, TFTPv6, DNSv6, Syslogv6, FTPv6, SNMPv6, and ARPv6

Connectivity

• Auto-MDIX – Automatically adjusts for straight-through or crossover cables on all 10/100 and 10/100/1000 ports
• Flow Control – Using standard IEEE 802.3x, it provides back pressure to reduce congestion in heavy traffic situations
• Ethernet OAM – Provides a Layer 2 link performance and fault detection monitoring tool, which reduces failover and network convergence times
• Jumbo Packet Support – Supports up to 9216-byte frame size to improve performance of large data transfers
• Dual-Personality Functionality – Four 10/100/1000 ports or SFP slots for optional fiber connectivity such as Gigabit-SX, -LX, or -LH
• High-Density Port Connectivity – Provides up to 48 fixed 10/100BASE-T or 24 SFP 100BASE-X ports in a Layer 2/Layer 3/Layer 4 switch

Performance

• Nonblocking Architecture – Up to 17.6Gbps nonblocking switching fabric provides wire-speed switching with up to 13.1 million pps throughput
• Hardware-Based Wire-Speed Access Control Lists (ACLs) – Feature-rich ACL implementation (TCAM based) helps ensure high levels of security and ease of administration without impacting network performance

Resiliency and High Availability

• Separate Data and Control Paths – Keeps control separated from services and keeps service processing isolated; increases security and performance
• External Redundant Power Supply – Provides high reliability
• Smart Link – Allows 50 ms failover between links
• Spanning Tree/MSTP, RSTP – Provides redundant links while preventing network loops
• Rapid Ring Protection Protocol (RRPP) – Connects multiple switches in a high-performance ring using standard Ethernet technology; traffic can be rerouted around the ring in less than 50 ms, reducing the impact on traffic and applications
• Virtual Router Redundancy Protocol (VRRP) – Allows a group of routers to dynamically back each other up to create highly available routed environments

Layer 2 Switching

• 16K MAC Address Table – Provides access to many Layer 2 devices
• VLAN Support and Tagging – Support IEEE 802.1Q with 4,094 simultaneous VLAN IDs
• GARP VLAN Registration Protocol – Allows automatic learning and dynamic assignment of VLANs
• IEEE 802.1ad QinQ and Selective QinQ – Increase the scalability of an Ethernet network by providing a hierarchical structure; connect multiple LANs on a high-speed campus or metro network
• Gigabit Ethernet Port Aggregation – Allows grouping of ports to increase overall data throughput to a remote device
• Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Protocol Snooping – Effectively control and manage the flooding of multicast packets in a Layer 2 network

Layer 3 Services

• Address Resolution Protocol (ARP) – Determines the MAC address of another IP host in the same subnet
• Dynamic Host Configuration Protocol (DHCP) – Simplifies the management of large IP networks and supports client and server; DHCP Relay enables DHCP operation across subnets
• Loopback Interface Address – Defines an address in Routing Information Protocol (RIP) and OSPF that can always be reachable, improving diagnostic capability
• User Datagram Protocol Helper Function – Allows User Datagram Protocol (UDP) broadcasts to be directed across router interfaces to specific IP unicast or subnet broadcast addresses and prevents server spoofing for UDP services such as DHCP
• Route Maps – Provide more control during route redistribution; allow filtering and altering of route metrics

Layer 3 Routing

• IPv4 Routing Protocols – Supports static routes, RIP, OSPF, IS-IS, and BGP
• IPv6 Routing Protocols – Provides routing of IPv6 at wire speed; supports static routes, RIPng, OSPFv3, IS-ISv6, and BGP4+ for IPv6
• Equal-Cost Multipath (ECMP) – Enables multiple equal-cost links in a routing environment to increase link redundancy and scale bandwidth
• Policy-Based Routing – Makes routing decisions based on policies set by the network administrator
• IPv6 Tunnels over IPv4 – Allows IPv6 infrastructure to be connected over legacy IPv4 networks
• Bidirectional Forwarding Detection (BFD) – Enables link connectivity monitoring and reduces network convergence time for RIP, OSPF, BGP, static routing, and VRRP

Security

• Access Control Lists (ACLs) – Provides IP Layer 2 to Layer 4 traffic filtering; supports global ACL, VLAN ACL, port ACL, and IPv6 ACL
• IEEE 802.1X – Industry-standard method of user authentication using an IEEE 802.1X supplicant on the client in conjunction with a RADIUS server
• MAC-Based Authentication – Client is authenticated with the RADIUS server based on the client's MAC address
• Identity-Driven Security and Access Control –
  • Per-User ACLs – Permits or denies user access to specific network resources based on user identity and time of day, allowing multiple types of users on the same network to access specific network services without risk to network security or unauthorized access to sensitive data
  • Automatic VLAN Assignment – Automatically assigns users to the appropriate VLAN based on their identities
• Secure Management Access – Securely encrypts all access methods (CLI, GUI, or MIB) through SSHv2, SSL, and/or SNMPv3
• Secure FTP – Allows secure file transfer to and from the switch; protects against unwanted file downloads or unauthorized copying of a switch configuration file
• Guest VLAN – Similar to IEEE 802.1X, it provides a browser-based environment to authenticated clients
• Endpoint Admission Defense (EAD) – Provides security policies to users accessing a network
• Port Security – Allows access only to specified MAC addresses, which can be learned or specified by the administrator
• Port Isolation – Secures and adds privacy, and prevents malicious attackers from obtaining user information
• STP BPDU Port Protection – Blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks
• STP Root Guard – Protects the root bridge from malicious attack or configuration mistakes
• DHCP Protection – Blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
• Dynamic ARP Protection – Blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data
• IP Source Guard – Filters packets on a per-port basis, which prevents illegal packets from being forwarded
• RADIUS/HWTACACS – Eases switch management security administration by using a password authentication server

Convergence

• IEEE 802.1AB Link Layer Discovery Protocol (LLDP) – Is an automated device discovery protocol that provides easy mapping of network management applications
• LLDP-MED – Is a standard extension that automatically configures network devices, including LLDP-capable IP phones
• LLDP-CDP Compatibility – Receives and recognizes CDP packets from Cisco's IP phones for seamless interoperation
• Voice VLAN – Automatically assigns VLAN and priority for IP phones, simplifying network configuration and maintenance
• IP Multicast Snooping (data-driven IGMP) – Automatically prevents flooding of IP multicast traffic
• Internet Group Management Protocol (IGMP) – Is used by IP hosts to establish and maintain multicast groups; supports v1, v2, and v3; utilizes Any-Source Multicast (ASM) or Source-Specific Multicast (SSM) to manage IPv4 multicast networks
• Protocol Independent Multicast (PIM) – Is used for IPv4 and IPv6 multicast applications; supports PIM Dense Mode (DM), Sparse Mode (SM), and Source-Specific Mode (SSM)
• Multicast Source Discovery Protocol (MSDP) – Is used for inter-domain multicast applications, allowing multiple PIM-SM domains to interoperate
• Multicast VLAN – Allows multiple VLANs to receive the same IPv4 or IPv6 multicast traffic, reducing network bandwidth demand by eliminating multiple streams to each VLAN

Additional Information

• Green Initiative Support – Provides support for RoHS and WEEE regulations