HP 3600 SI User Manual

Data sheet

HP 3600 SI Switch Series

Key features

•

Robust switching at the enterprise network edge

•

Static and RIP Layer 3 routing

•

Automatic stacking with IRF

•

Integrated and distributed security enforcement

•

Enterprise-level nonblocking performance

Product overview

The HP 3600 SI Switch Series delivers intelligent, resilient
performance, security, and reliability for robust switching at the
enterprise network edge. The series consists of Fast Ethernet and
PoE/PoE+ switches, with features that can accommodate large
enterprise and SMB applications. Secure, resilient connectivity, as well
as the latest traffic-prioritization technologies, enhance converged
networks. The switches are designed for improved flexibility and
scalability.

Features and benefits

Quality of Service (QoS)

•

Broadcast control

allows limitation of broadcast traffic rate to cut down on unwanted
network broadcast traffic

•

Advanced classifier-based QoS

classifies traffic using multiple match criteria based on Layer 2, 3,
and 4 information; applies QoS policies such as setting priority level
and rate limit to selected traffic on a per-port or per-VLAN basis

•

Powerful QoS feature

supports the following congestion actions: strict priority (SP)
queuing, weighted round robin (WRR), weighted fair queuing (WFQ),
and WRED

•

Traffic policing

supports Committed Access Rate (CAR) and line rate

Management

•

Friendly port names

allow assignment of descriptive names to ports

•

Remote configuration and management

is available through a secure Web browser or a CLI

•

Manager and operator privilege levels

enable read-only (operator) and read/write (manager) access on CLI
and Web browser management interfaces

•

Command authorization

leverages HWTACACS to link a custom list of CLI commands to an
individual network administrator's login; also provides an audit trail

•

Secure Web GUI

provides a secure, easy-to-use graphical interface for configuring
the module via HTTPS

•

Multiple configuration files

can be stored to the flash image

•

Complete session logging

provides detailed information for problem identification and
resolution

•

SNMPv1, v2c, and v3

facilitate centralized discovery, monitoring, and secure
management of networking devices

•

Remote monitoring (RMON)

uses standard SNMP to monitor essential network functions;
supports events, alarm, history, and statistics group plus a private
alarm extension group

•

IEEE 802.1AB Link Layer Discovery Protocol (LLDP)

advertises and receives management information from adjacent
devices on a network, facilitating easy mapping by network
management applications

•

Management VLAN

segments traffic to and from management interfaces, including
CLI/telnet, a Web browser interface, and SNMP

•

Local and remote intelligent mirroring

mirror traffic from a switch port to a remote switch port anywhere
on the network, or mirror ACL-selected traffic to a local switch port

•

Device Link Detection Protocol (DLDP)

monitors a cable between two switches and shuts down the ports
on both ends if the cable is broken, preventing network problems
such as loops

•

Troubleshooting

ingress and egress port monitoring enable network problem
solving; virtual cable tests provide visibility into cable problems

•

sFlow (RFC 3176)

provides scalable ASIC-based wire-speed network monitoring and
accounting with no impact on network performance; this allows
network operators to gather a variety of sophisticated network
statistics and information for capacity planning and real-time
network monitoring purposes

•

Remote Intelligent Mirroring

mirrors ingress/egress ACL-selected traffic from a switch port or
VLAN to a local or remote switch port anywhere on the network

•

IPv6 management

future-proofs networking, as the switch is capable of being
managed whether the attached network is running IPv4 or IPv6;
supports pingv6, tracertv6, Telnetv6, TFTPv6, DNSv6, syslogv6,
FTPv6, SNMPv6, DHCPv6, and RADIUS for IPv6

Connectivity

•

NEW IPv6 (on v2 products)

– Telnet v6

to allow IPv6 management

– DNS v6 Client

for IPv6 host management

– SNMP v6

for IPv6 switch management

– DHCP v6 Client

for auto IPv6 address configuration of a switch

•

Auto-MDIX

automatically adjusts for straight-through or crossover cables on
all 10/100 and 10/100/1000 ports

•

Jumbo packet support

supports up to 9216-byte frame size to improve the performance of
large data transfers

•

Gigabit Ethernet uplinks

are dual-personality ports for either 10/100/1000 or mini-GBIC SFP
connectivity for increased connectivity flexibility

•

High-density access

provides up to 48 fixed 10/100BASE-T PoE or non-PoE ports in a
Layer 2 or Layer 3 switch

2

•

IEEE 802.3af Power over Ethernet (PoE) support

simplifies deployment and dramatically reduces installation costs
by helping to eliminate the time and cost involved in supplying local
power at each access point location

•

Ethernet OAM (IEEE 802.3ah)

operations, administration and maintenance (OAM) management
capability detects data link layer problems that occurred in the "last
mile"; monitors the status of the link between the two devices

Performance

•

Nonblocking performance

up to 17.6 Gbps nonblocking switching fabric provides wire-speed
intra- and inter-module switching with up to 11.78 million pps
throughput

•

Gigabit Ethernet interface

provides a connection to the network that eliminates the network as
a bottleneck

•

Hardware-based wire-speed access control lists

feature-rich ACL implementation helps ensure high levels of
security and ease of administration without impacting network
performance

Resiliency and high availability

•

Separate data and control paths

keep control separated from services and keep service processing
isolated; increase security and performance

•

External redundant power supply

provides high reliability

•

Smart link

allows 50 ms failover between links

•

Spanning Tree/MSTP, RSTP

provides redundant links while preventing network loops

•

Intelligent Resilient Framework (IRF) Technology

allows customers to build a simple and reliable architecture,
reducing the number of IP addresses and configuration files to
manage; RVSF addresses the OPEX problem that many customers
are facing by simplifying the task of managing multiple devices, as
well as eliminates the need for legacy protocols like STP, RSTP,
MSPT, and VRRP, providing an active-active mode of operation for
both Layer 2 and Layer 3 at every layer in the network

•

IEEE 802.3ad Link Aggregation Control Protocol (LACP)

supports up to 26 trunks, each with 8 links per trunk; supports static
or dynamic groups

•

Virtual Router Redundancy Protocol (VRRP)

allows a group of routers to dynamically back each other up to
create highly available routed environments

•

Ring Resiliency Protection Protocol (RRPP)

provides standard sub 50 ms recovery for ring Ethernet-based
topology

Manageability

•

RMON (remote monitoring)

provides advanced monitoring and reporting capabilities for
statistics, history, alarms, and events

Layer 2 switching

•

16/32K MAC address table

provides access to many Layer 2 devices

•

VLAN support and tagging

support IEEE 802.1Q with 4,094 simultaneous VLAN IDs

•

GARP VLAN Registration Protocol

allows automatic learning and dynamic assignment of VLANs

•

IEEE 802.1ad QinQ and Selective QinQ

increase the scalability of an Ethernet network by providing a
hierarchical structure; connect multiple LANs on a high-speed
campus or metro network

•

Gigabit Ethernet port aggregation

allows grouping of ports to increase overall data throughput to a
remote device

•

IP multicast snooping

automatically prevents flooding of IP multicast traffic

•

Internet Group Management Protocol (IGMP) and Multicast
Listener Discovery (MLD) protocol snooping

effectively control and manage the flooding of multicast packets in
a Layer 2 network

Layer 3 services

•

Address Resolution Protocol (ARP)

determines the MAC address of another IP host in the same subnet

•

Dynamic Host Configuration Protocol (DHCP)

simplifies the management of large IP networks; supports client;
DHCP Relay enables DHCP operation across subnets

•

Loopback interface address

defines an address in RIP that can always be reachable, improving
diagnostic capability

•

User Datagram Protocol (UDP) helper function

allows UDP broadcasts to be directed across router interfaces to
specific IP unicast or subnet broadcast addresses and prevents
server spoofing for UDP services such as DHCP

•

Route maps

provide more control during route redistribution; allow filtering and
altering of route metrics

Layer 3 routing

•

IPv4 routing protocols

support static routes and RIP

•

IPv6 routing protocols

provide routing of IPv6 at wire speed; support static routes and
RIPng

3

•

Bidirectional Forwarding Detection (BFD)

enables link connectivity monitoring and reduces network
convergence time for VRRP, static routing, and IRF

•

IPv6 tunneling

allows a smooth transition from IPv4 to IPv6 by encapsulating IPv6
traffic over an existing IPv4 infrastructure

Security

•

Access control lists (ACLs)

provides IP Layer 2 to Layer 4 traffic filtering; supports VLAN ACL
and port ACL

•

Multiple user authentication methods

– IEEE 802.1X

is an industry-standard method of user authentication using an
IEEE 802.1X supplicant on the client in conjunction with a RADIUS
server

– Web-based authentication

is similar to IEEE 802.1X and provides a browser-based
environment to authenticate clients that do not support the IEEE

802.1X supplicant

– MAC-based authentication

authenticates the client with the RADIUS server based on the
client's MAC address

•

Identity-driven security and access control

– Per-user ACLs

permits or denies user access to specific network resources based
on user identity and time of day, allowing multiple types of users
on the same network to access specific network services without
risk to network security or unauthorized access to sensitive data

– Automatic VLAN assignment

automatically assigns users to the appropriate VLAN based on
their identities

•

Secure management access

securely encrypts all access methods (CLI, GUI, or MIB) through
SSHv2, SSL, and/or SNMPv3

•

Secure FTP

allows secure file transfer to and from the switch; protects against
unwanted file downloads or unauthorized copying of a switch
configuration file

•

Guest VLAN

similar to IEEE 802.1X, it provides a browser-based environment to
authenticated clients

•

Endpoint Admission Defense (EAD)

provides security policies to users accessing a network

•

Port security

allows access only to specified MAC addresses, which can be learned
or specified by the administrator

•

Port isolation

secures and adds privacy, and prevents malicious attackers from
obtaining user information

•

STP BPDU port protection

blocks Bridge Protocol Data Units (BPDUs) on ports that do not
require BPDUs, preventing forged BPDU attacks

•

STP Root Guard

protects the root bridge from malicious attacks or configuration
mistakes

•

DHCP protection

blocks DHCP packets from unauthorized DHCP servers, preventing
denial-of-service attacks

•

Dynamic ARP protection

blocks ARP broadcasts from unauthorized hosts, preventing
eavesdropping or theft of network data

•

IP Source Guard

filters packets on a per-port basis, which prevents illegal packets
from being forwarded

•

RADIUS/HWTACACS

eases switch management security administration by using a
password authentication server

•

Multiple Customer Edge (MCE)

facilitates MPLS VPN network integration with support for up to 63
VPNs

Convergence

•

IEEE 802.1AB Link Layer Discovery Protocol (LLDP)

is an automated device discovery protocol that provides easy
mapping of network management applications

•

LLDP-MED

is a standard extension that automatically configures network
devices, including LLDP-capable IP phones

•

LLDP-CDP compatibility

receives and recognizes CDP packets from Cisco's IP phones for
seamless interoperation

•

PoE allocations

support multiple methods (automatic, IEEE 802.3af class,
LLDP-MED, or user specified) to allocate PoE power for more
efficient energy savings

•

Voice VLAN

automatically assigns VLAN and priority for IP phones, simplifying
network configuration and maintenance

•

IP multicast snooping (IGMP snooping)

automatically prevents flooding of IP multicast traffic

•

Multicast VLAN

allows multiple VLANs to receive the same multicast traffic,
reducing network bandwidth demand by eliminating multiple
streams to each VLAN

Device support

•

Cisco prestandard PoE support

detects and provides power to Cisco's prestandard PoE devices such
as wireless LAN access points and IP phones

4