HP A5120 SI User Manual

HP 5120 SI Switch Series

Data sheet

Product overview

The HP 5120 SI Switch Series are intelligent, fully
managed Gigabit Ethernet switches that provide high
performance, high port density and simplified
installation to maximize the value of your network
infrastructure investment. The 5120 SI is optimized for
the access layer in enterprise networks that require
Gigabit Ethernet to the desktop or at the distribution
layer in metropolitan area networks (MANs).
Wire-speed forwarding delivers optimal throughput
and the bandwidth necessary for mission-critical data
and high-speed communications. As part of their
comprehensive security control, they employ 802.1X
authentication to identify users who attempt to access
the network. These switches are highly reliable,
providing redundancy while eliminating loops in the
network. They also offer a range of management
protocols to simplify network administration.

Key features

b

Full wire-speed, multi-layer switching

b

High reliability with redundancy

b

Comprehensive security control policies

b

Diversified Quality of Service (QoS) policies

b

Excellent manageability

Features and benefits

Quality of Service (QoS)

•

Broadcast control: allows limitation of broadcast
traffic rate to cut down on unwanted network
broadcast traffic

•

Powerful QoS feature: supports the following
congestion actions: strict priority (SP) queuing,
SDWRR, and SP+SDWRR

•

Advanced classifier-based QoS: classifies
traffic using multiple match criteria based on Layer
2, 3, and 4 information; applies QoS policies such
as setting priority level and rate limit to selected
traffic on a per-port basis

Management

•

Friendly port names: allow assignment of
descriptive names to ports

•

Remote configuration and management: is
available through a secure Web browser or a
command-line interface (CLI)

•

Manager and operator privilege levels:

enable read-only (operator) and read-write
(manager) access on CLI and Web browser
management interfaces

•

Command authorization: leverages RADIUS to
link a custom list of CLI commands to an individual
network administrator's login; also provides an audit
trail

•

Secure Web GUI: provides a secure, easy-to-use
graphical interface for configuring the module via
HTTPS

•

Dual flash images: provide independent primary
and secondary operating system files for backup
while upgrading

•

Multiple configuration files: can be stored to
the flash image

•

Complete session logging: provides detailed
information for problem identification and resolution

•

SNMPv1, v2c, and v3: facilitate centralized
discovery, monitoring, and secure management of
networking devices

•

Remote monitoring (RMON): uses standard
SNMP to monitor essential network functions;
supports events, alarm, history, and statistics group
plus a private alarm extension group

•

IEEE 802.1AB Link Layer Discovery Protocol
(LLDP): automated device discovery protocol

provides easy mapping by network management
applications

•

Management VLAN: segments traffic to and
from management interfaces, including CLI/telnet, a
Web browser interface, and SNMP

•

Device Link Detection Protocol (DLDP):

monitors cable between two switches and shuts
down the ports on both ends if the cable is broken,
this prevents network problems such as loops

Connectivity

•

Auto-MDIX: automatically adjusts for
straight-through or crossover cables on all
10/100/1000 ports

•

Flow control: using standard IEEE 802.3x, it
provides back pressure to reduce congestion in
heavy traffic situations

•

Jumbo packet support: supports up to 10k byte
frame size to improve performance of large data
transfers

•

High-density port connectivity: provides up to
48 fixed 10/100/1000BASE-T ports in an
entry-level static Layer 3 switch

•

Ethernet OAM: provides a Layer 2 link
performance and fault detection monitoring tool,
which reduces failover and network convergence
times

•

Power over Ethernet Plus (PoE+) support:

provides 30W power for connected devices,
simplifies deployment and dramatically reduces
installation costs by helping to eliminate the time
and cost involved in supplying local power at each
access point location

•

IPV6:

– IPV6 Host: enables switches to be managed and

deployed at the IPv6 network's edge

– Dual Stack (IPV4 and IPV6 using BIS):

allows IPV4 hosts to communicate with IPV6 hosts

– IPV6 ACL: for filtering IPV6 network traffic

Performance

•

Nonblocking architecture: up to 104 Gbps
nonblocking switching fabric provides wire-speed
switching with up to 77.4 million pps throughput

•

Hardware-based wire-speed access control
lists (ACLs): feature-rich ACL implementation

(TCAM based) helps ensure high levels of security
and ease of administration without impacting
network performance

2

Resiliency and high availability

•

Separate data and control paths: increases
security and performance

•

Spanning Tree/MSTP, RSTP: provides
redundant links while preventing network loops

•

IEEE 802.3ad Link Aggregation Control
Protocol (LACP): supports up to 26 trunks, each

with 8 links per trunk; supports static or dynamic
groups

•

Smart link: allows 50 ms failover between links

•

Intelligent Resilient Framework (IRF): creates
virtual resilient switching fabrics, where two or more
switches perform as a single Layer 2 switch and
Layer 3 router; switches do not have to be
co-located and can be part of a disaster-recovery
system; servers or switches can be attached using
standard LACP for automatic load balancing and
high availability; simplifies network operation by
eliminating the complexity of Spanning Tree
Protocol, Equal-Cost Multipath (ECMP), or VRRP

Layer 2 switching

•

8K MAC address table: provides access to
many Layer 2 devices

•

VLAN support and tagging: support IEEE

802.1Q with 4,094 simultaneous VLAN IDs

•

IP multicast snooping: automatically prevents
flooding of IP multicast traffic

•

Internet Group Management Protocol
(IGMP) and Multicast Listener Discovery
(MLD) protocol snooping: effectively control

and manage the flooding of multicast packets in a
Layer 2 network

Layer 3 services

•

Address Resolution Protocol (ARP):

determines the MAC address of another IP host in
the same subnet; supports static ARPs; gratuitous
ARP allows detection of duplicate IP addresses

•

Dynamic Host Configuration Protocol
(DHCP): simplifies the management of large IP

networks; supports client; DHCP Relay enables
DHCP operation across subnets

•

Loopback interface address: defines an
address in Routing Information Protocol (RIP) and
OSPF that can always be reachable, improving
diagnostic capability

Layer 3 routing

•

Static IP routing: provides manually configured
routing for both IPv4 and IPv6 networks

Security

•

Access control lists (ACLs): provides IP Layer 2
to Layer 4 traffic filtering; supports global ACL,
VLAN ACL, port ACL, and IPv6 ACL

•

Identity-driven security and access control:

– Per-user ACLs: permits or denies user access to

specific network resources based on user identity
and time of day, allowing multiple types of users
on the same network to access specific network
services without risk to network security or
unauthorized access to sensitive data

– Automatic VLAN assignment: automatically

assigns users to the appropriate VLAN based on
their identities

•

Secure management access: securely encrypts
all access methods (CLI, GUI, or MIB) through
SSHv2, SSL, and/or SNMPv3

•

Secure FTP: allows secure file transfer to and from
the switch; protects against unwanted file
downloads or unauthorized copying of a switch
configuration file

•

Guest VLAN: similar to IEEE 802.1X, it provides a
browser-based environment to authenticated clients

•

Port isolation: secures and adds privacy, and
prevents malicious attackers from obtaining user
information

•

STP BPDU port protection: blocks Bridge
Protocol Data Units (BPDUs) on ports that do not
require BPDUs, preventing forged BPDU attacks

•

STP Root Guard: protects the root bridge from
malicious attacks or configuration mistakes

•

DHCP protection: blocks DHCP packets from
unauthorized DHCP servers, preventing
denial-of-service attacks

•

Dynamic ARP protection: blocks ARP
broadcasts from unauthorized hosts, preventing
eavesdropping or theft of network data

•

IP Source Guard: helps prevent IP spoofing
attacks

•

Endpoint Admission Defense (EAD): provides
security policies to users accessing a network

•

RADIUS/HWTACACS: eases switch management
security administration by using a password
authentication server

3