HP 3500yl, 5400zl User Manual

ProCurve Switch 5406zl-48G
Intelligent Edge (J8699A)

ProCurve Switch
3500yl-24G-PWR
Intelligent Edge (J8692A)

ProCurve Switch 5412zl-96G
Intelligent Edge (J8700A)

ProCurve Switch 5400zl/3500yl Series

ProCurve Switch 5406zl
Intelligent Edge (J8697A)

ProCurve Switch 5412zl
Intelligent Edge (J8698A)

ProCurve Switch
3500yl-48G-PWR
Intelligent Edge (J8693A)

The ProCurve Switch 5400zl/3500yl series consists of the most
advanced intelligent edge switches in the ProCurve Networking product
line. The 5400zl series includes 6-slot and 12-slot chassis and
associated zl modules and bundles, and the 3500yl series includes
24-port and 48-port stackables. The foundation for all these switches
is a purpose-built, programmable ProVision ASIC that allows the most
demanding networking features, such as QoS and security, to be
implemented in a scalable yet granular fashion. With a variety of Gigabit
interfaces, integrated PoE on all 10/100/1000Base-T ports, 10-GbE
capability, and a choice of form factors, the 5400zl/3500yl switches
offer excellent investment protection, flexibility, and scalability, as well
as ease of deployment, operation, and maintenance.

22

ProCurve Switch 5400zl/3500yl Series

Features and benefits

Industry-leading warranty

Management

Remote intelligent mirroring: mirrors

selected ingress/egress traffic based on ACL,
port, MAC address, or VLAN to a local or remote
8200zl/6200yl/5400zl/3500yl switch anywhere
on the network

• RMON, XRMON, and sFlow v5: provide

advanced monitoring and reporting
capabilities for statistics, history, alarms, and
events

• IEEE 802.1AB Link Layer Discovery Protocol
(LLDP): automated device discovery protocol for
easy mapping by network management
applications

• Command authorization: leverages RADIUS
to link a custom list of CLI commands to
individual network administrator’s login;
also provides an audit trail

• Friendly port names: allow assignment of
descriptive names to ports

• Dual flash images: provides independent
primary and secondary OS files for backup
while upgrading

• Multiple configuration files: multiple config
files can be stored to the flash image

• Uni-Directional Link Detection (UDLD):
monitors a link between two switches and
blocks the ports on both ends of the link if the
link goes down at any point between the two
devices

• Management simplicity: ProCurve-common

networking features and CLI implementation
(common across ProCurve zl and yl switches)

Connectivity

IPv6:

– IPv6 Host: the switches can be managed and

deployed at the edge of IPv6 networks

– Dual Stack (IPv4/IPv6): provides transition

mechanism from IPv4 to IPv6; supports
connectivity for both protocols

– MLD Snooping: forwards IPv6 multicast

traffic to the appropriate interface; prevents
IPv6 multicast traffic from flooding the
network

– IPv6 ready: the switch hardware can support

IPv6 QoS, ACL, routing, tunneling, and
security; these features will be available
when enabled via software update in follow­on releases

• IEEE 802.3af Power over Ethernet: provides up

to 15.4 W per port to IEEE 802.3af compliant
PoE powered devices such as IP phones,
wireless access points, and security cameras

• Pre-standard PoE support: detects and

provides power to pre-standard PoE devices;
see list of supported devices in the product FAQ
at www.procurve.com

• Jumbo frames: on Gigabit and 10-Gigabit

ports, allow high-performance remote backup
and disaster-recovery services

• Auto-MDIX: automatically adjusts for straight-

through or crossover cables on all 10/100/1000
ports

Performance

• 5400zl/3500yl architecture: 115 to 692 Gbps

crossbar switching fabric provides intra- and
inter-module switching with 36 to 428 million
pps throughput on the purpose-built ProVision
ASICs

NEW

NEW

♦

For as long as you own the product, with next-business-day advance
replacement (available in most countries). For details, refer to the
ProCurve Software Licence, Warranty and Suppor t booklet at

www.procurve.eu/warranty

3

ProCurve Switch 5400zl/3500yl Series

• Selectable queue configurations: increase

performance by selecting the number of
queues and associated memory buffering that
best meet the requirements of your network
applications

Resiliency and high availability

• Virtual Router Redundancy Protocol (requires
Premium License): VRRP allows groups of two

routers to dynamically back each other up to
create highly available routed environments

• IEEE 802.1s Multiple Spanning Tree Protocol:
provides high link availability in multiple
VLAN environments by allowing multiple
spanning trees; encompasses IEEE 802.1D
Spanning Tree Protocol and IEEE 802.1w Rapid
Spanning Tree Protocol

• IEEE 802.3ad Link Aggregation Control
Protocol (LACP) and ProCurve trunking:
support up to 36 trunks, each with up to 8 links
(ports) per trunk; trunking across modules is
supported

• Hot-swappable modules (5400zl series):
permits modules, mini-GBICs, and power
supplies in a redundant power supply
configuration to be added or swapped without
interrupting the network

• Optional redundant power supply (5400zl
series): provides uninterrupted power and
allows hot-swapping of the redundant power
supplies when installed

• Sparing simplicity: ProCurve zl-common
accessories (interface modules, power supplies)

Layer 2 switching

IEEE 802.1ad Q-in-Q (requires Premium

License): increases the scalability of Ethernet

network by providing a hierarchical structure;
connects multiple LANs on high-speed campus
or metro network

• ProCurve switch meshing: dynamically load-

balances across multiple active redundant links
to increase available aggregate bandwidth

• VLAN support and tagging: supports the

IEEE 802.1Q standard and 2,048 VLANs
simultaneously

• IEEE 802.1v protocol VLANs: isolate select

non-IPv4 protocols automatically into their
own VLANs

• GARP VLAN Registration Protocol: allows

automatic learning and dynamic assignment
of VLANs

Layer 3 services

• UDP helper function: UDP broadcasts can be

directed across router interfaces to specific IP
unicast or subnet broadcast addresses and
prevent server spoofing for UDP services such
as DHCP

• Loopback interface address: defines an

address in RIP and OSPF that can always be
reachable, improving diagnostic capability

Layer 3 routing

• Static IP routing: provides manually

configured routing

• RIP: provides RIPv1 and RIPv2 routing at media

speed

• OSPF (requires Premium License): includes

host-based ECMP to provide link
redundancy/scalable bandwidth and NSSA

Security

USB Secure Autorun* (requires ProCurve

Manager Plus): deploys, diagnoses, and

updates switch using USB flash drive; works
with secure credential to prevent tampering

• Switch CPU protection: provides automatic

protection against malicious network traffic
trying to shut down the switch

NEW

NEW

∗

A

vailability targeted for the second quar ter of 2008.

4

ProCurve Switch 5400zl/3500yl Series

Features and benefits
(continued)

• Virus throttling: detects traffic patterns typical

of WORM-type viruses and either throttles or
entirely prevents the ability of the virus to
spread across the routed VLANs or bridged
interfaces, without requiring external
appliances

• ICMP throttling: defeats ICMP denial-of-

service attacks by enabling any switch port to
automatically throttle ICMP traffic

• Multiple user authentication methods:

– IEEE 802.1X: industry-standard way of user

authentication using an IEEE 802.1X
supplicant on the client in conjunction with a
RADIUS server

– Web-based authentication: authenticates

from Web browser for clients that do not
support 802.1X supplicant; customized
remediation can be processed on an external
Web server

– MAC-based authentication: client is

authenticated with the RADIUS server based
on client’s MAC address

• Authentication flexibility:

– Multiple IEEE 802.1X users per port:

provides authentication of multiple IEEE

802.1X users per port; prevents user
“piggybacking” on another user’s IEEE 802.1X
authentication

– Concurrent IEEE 802.1X and Web or MAC

authentication schemes per port: switch
port will accept any of IEEE 802.1X and either
Web or MAC authentications

• Access control lists (ACLs): provide filtering

based on the IP field, source/destination IP
address/subnet, and source/destination
TCP/UDP port number on a per-VLAN or per­port basis

• Identity-driven ACL: enables implementation

of a highly granular and flexible access security
policy specific to each authenticated network
user

• DHCP protection: blocks DHCP packets from

unauthorized DHCP servers, preventing denial­of-service attacks

• BPDU port protection: blocks Bridge Protocol

Data Units (BPDU) on ports that do not require
BPDUs, preventing forged BPDU attacks

• Dynamic IP lockdown: works with DHCP

protection to block traffic from unauthorized
host, preventing IP source address spoofing

• Dynamic ARP protection: blocks ARP

broadcasts from unauthorized hosts,
preventing eavesdropping or theft of network
data

STP Root Guard: protects root bridge from

malicious attack or configuration mistakes

• Detection of malicious attacks: monitors 10

types of network traffic and sends a warning
when an anomaly that potentially can be
caused by malicious attacks is detected

• Port security: allows access only to specified

MAC addresses, which can be learned or
specified by the administrator

• MAC address lockout: prevents configured

particular MAC addresses from connecting to
the network

• Source-port filtering: allows only specified

ports to communicate with each other

• TACACS+: eases switch management security

administration by using a password
authentication server

• Secure Shell (SSHv2): encrypts all transmitted

data for secure, remote command-line
interface (CLI) access over IP networks

• Secure Sockets Layer (SSL): encrypts all HTTP

traffic, allowing secure access to the browser­based management GUI in the switch

NEW

5

ProCurve Switch 5400zl/3500yl Series

• Secure FTP: allows secure file transfer to/from
the switch; protects against unwanted file
downloads or unauthorized copying of switch
configuration file

• Secure management access: all access
methods—CLI, GUI, or MIB—are securely
encrypted through SSHv2, SSL, and/or SNMPv3

• Switch management logon security:
can require either RADIUS or TACACS+
authentication for secure switch CLI logon

• Security banner: displays a customized
security policy when users log in to the switch

Convergence

• IP multicast routing (Premium License):
includes PIM Sparse and Dense modes to route
IP multicast traffic

• IP multicast snooping (data-driven IGMP):
automatically prevents flooding of IP multicast
traffic

• LLDP-MED (Media Endpoint Discovery):
a standard extension of LLDP that stores values
for parameters such as QoS and VLAN to
automatically configure network devices such
as IP phones

RADIUS VLAN for voice: uses standard

RADIUS attribute and LLDP to automatically
configure VLAN for IP phones

PoE allocations: supports multiple methods

(automatic, 802.3af class, LLDP-MED, or user
specified) to allocate PoE power for optimal
energy saving

Quality of Service (QoS)

• Layer 4 prioritization: enables prioritization
based on TCP/UDP port numbers

• Traffic prioritization: allows real-time traffic
classification into 8 priority levels mapped to
8 queues

• Bandwidth shaping:

– Port-based rate limiting: per-port

ingress/egress enforced maximum
bandwidth

– Classified-based rate limiting: use ACL to

enforce maximum bandwidth for ingress
traffic on each port

– Guaranteed minimum: per-port, per-queue

egress-based guaranteed minimum
bandwidth

• Class of Service (CoS): sets the IEEE 802.1p

priority tag based on IP address, IP Type of
Service (ToS), L3 protocol, TCP/UDP port
number, source port, and DiffServ

Services

ProCurve Switch 3500yl-24G-PWR Intelligent
Edge

• 3-year, 4-hour onsite, 13x5 coverage for
hardware (U2855E)

• 3-year, 4-hour onsite, 24x7 coverage for
hardware (U2856E)

• 3-year, 4-hour onsite, 24x7 coverage for
hardware, 24x7 software phone support
(U6304E)

• 3-year, 24x7 software phone support, software
updates (UE262E)

• Installation with minimum configuration,
system-based pricing (U4826E)

• Installation with HP-provided configuration,
system-based pricing (U4830E)

NEW

NEW