General Information

Manufacturer

HP Hewlett Packard

Manufacturer Part Number

J4817A#ABA

Product Name

ProCurve 2324 Switch

Features

• Remote Intelligent Mirroring: mirrors selected ingress/egress traffic based on ACL, port, MAC address, or VLAN to a local or remote 8200zl/6200yl/5400zl/3500yl switch anywhere on the network
• RMON, XRMON, and sFlow v5: provide advanced monitoring and reporting capabilities for statistics, history, alarms, and events
• IEEE 802.1AB Link Layer Discovery Protocol (LLDP): automated device discovery protocol for easy mapping by network management applications
• Uni-Directional Link Detection (UDLD): monitors cable between two switches and shuts down the ports on both ends if the cable is broken turning the bi-directional link into uni-directional; this prevents network problems such as loops
• Management simplicity: ProCurve-common networking features and CLI implementation
• Command authorization: leverages RADIUS to link a custom list of CLI commands to individual network administrator's login; also provides an audit trail
• Friendly port names: allow assignment of descriptive names to ports
• Dual flash images: provides independent primary and secondary OS files for backup while upgrading
• Multiple configuration files: multiple configuration files can be stored to the flash image
• IPv6:
  • IPv6 host: the switches can be managed and deployed at the edge of IPv6 networks
  • Dual stack (IPv4/IPv6): provides transition mechanism from IPv4 to IPv6; supports connectivity for both protocols
  • MLD snooping: forwards IPv6 multicast traffic to the appropriate interface; prevents IPv6 multicast traffic from flooding the network
  • IPv6 ACL/QoS: supports ACL and QoS for IPv6 network traffic
  • IPv6 ready: the switch hardware can support IPv6 routing, tunneling, and security; these features will be available when enabled via software update in follow-on releases
• IEEE 802.3af Power over Ethernet: provides up to 15.4 W per port to IEEE 802.3af-compliant PoE powered devices such as IP phones, wireless access points, and security cameras
• IEEE 802.3at Power Over Ethernet Plus:: provides up to 30 W per port to IEEE 802.3 for PoE/PoE+ powered devices such as video IP phones, IEEE 802.11n wireless access points, and advanced pan/zoom/tilt security cameras
• Pre-standard PoE support: detects and provides power to pre-standard PoE devices
• High-density port connectivity: up to 12 interface module slots and up to 288 wire-speed 10/100/1000 PoE-enabled ports or 48 10-GbE ports per system
• Jumbo frames: on Gigabit and 10-Gb ports, allow high-performance remote backup and disaster-recovery services
• Auto-MDIX: automatically adjusts for straight-through or crossover cables on all 10/100 and 10/100/1000 ports
• High-speed/capacity architecture: 691.2 Gbps crossbar switching fabric provides intra- and inter-module switching with 480.3 million pps throughput on the purpose-built ProVision ASICs
• Selectable queue configurations: increase performance by selecting the number of queues and associated memory buffering that best meet the requirements of your network applications
• Virtual Router Redundancy Protocol (requires Premium License): VRRP allows groups of two routers to dynamically back each other up to create highly available routed environments
• IEEE 802.1s Multiple Spanning Tree Protocol: provides high link availability in multiple VLAN environments by allowing multiple spanning trees; encompasses IEEE 802.1D Spanning Tree Protocol and IEEE 802.1w Rapid Spanning Tree Protocol
• Server-to-switch distributed trunking: allows a server to connect to two switches with one logical trunk that consists of multiple physical connections; enables load-balancing and increases resiliency
• IEEE 802.3ad Link Aggregation Control Protocol (LACP) and ProCurve trunking: support up to 60 trunks, each with up to 8 links (ports) per trunk
• Optional redundant power supply (5400zl series): provides uninterrupted power and allows hot-swapping of the redundant power supplies when installed
• Hot-swappable modules (5400zl series): permits modules, mini-GBICs, and power supplies in a redundant power supply configuration to be added or swapped without interrupting the network
• Sparing simplicity: ProCurve zl-common accessories (interface modules, power supplies)
• Layer 2 switching
  • IEEE 802.1ad Q-in-Q (requires Premium License): increases the scalability of Ethernet network by providing a hierarchical structure; connects multiple LANs on high-speed campus or metro network
  • ProCurve switch meshing: dynamically load-balances across multiple active redundant links to increase available aggregate bandwidth
  • VLAN support and tagging: supports the IEEE 802.1Q standard and 2,048 VLANs simultaneously
  • IEEE 802.1v protocol VLANs: isolate select non-IPv4 protocols automatically into their own VLANs
  • GARP VLAN Registration Protocol: allows automatic learning and dynamic assignment of VLANs
• Layer 3 services
  • UDP helper function: UDP broadcasts can be directed across router interfaces to specific IP unicast or subnet broadcast addresses and prevent server spoofing for UDP services such as DHCP
  • Loopback interface address: defines an address in RIP and OSPF that can always be reachable, improving diagnostic capability
• Layer 3 routing
  • Static IP routing: provides manually configured routing; includes ECMP capability New!
  • RIP: provides RIPv1 and RIPv2 routing
  • OSPF (requires Premium License): includes host-based ECMP to provide link redundancy/scalable bandwidth and NSSA
• Access control lists (ACLs): provide filtering based on the IP field, source/destination IP address/subnet, and source/destination TCP/UDP port number on a per-VLAN or per-port basis
• Multiple user authentication methods:
  • IEEE 802.1X users per port: provides authentication of multiple IEEE 802.1X users per port; prevents user "piggybacking" on another user's IEEE 802.1X authentication
  • Web-based authentication: authenticates from Web browser for clients that do not support IEEE 802.1X supplicant; customized remediation can be processed on an external Web server
  • MAC-based authentication: client is authenticated with the RADIUS server based on client's MAC address
  • Concurrent IEEE 802.1X, Web, and MAC authentication schemes per port: switch port will accept up to 32 sessions of IEEE 802.1X, Web, and MAC authentications
• Virus throttling: detects traffic patterns typical of WORM-type viruses and either throttles or entirely prevents the ability of the virus to spread across the routed VLANs or bridged interfaces, without requiring external appliances
• DHCP protection: blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
• Secure management access: all access methods--CLI, GUI, or MIB--are securely encrypted through SSHv2, SSL, and/or SNMPv3
• USB Secure Autorun (requires HP ProCurve Manager Plus): deploys, diagnoses, and updates switch using USB flash drive; works with secure credential to prevent tampering
• Switch CPU protection: provides automatic protection against malicious network traffic trying to shut down the switch
• ICMP throttling: defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle ICMP traffic
• Identity-driven ACL: enables implementation of a highly granular and flexible access security policy and VLAN assignment specific to each authenticated network user
• STP BPDU port protection: blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks
• Dynamic IP lockdown: works with DHCP protection to block traffic from unauthorized hosts, preventing IP source address spoofing
• Dynamic ARP protection: blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data
• STP Root Guard: protects root bridge from malicious attack or configuration mistakes
• Detection of malicious attacks: monitors 10 types of network traffic and sends a warning when an anomaly that potentially can be caused by malicious attacks is detected
• Port security: allows access only to specified MAC addresses, which can be learned or specified by the administrator
• MAC address lockout: prevents configured particular MAC addresses from connecting to the network
• Source-port filtering: allows only specified ports to communicate with each other
• RADIUS/TACACS+: eases switch management security administration by using a password authentication server
• Secure Shell (SSHv2): encrypts all transmitted data for secure, remote command-line interface (CLI) access over IP networks
• Secure Sockets Layer (SSL): encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch
• Secure FTP: allows secure file transfer to and from the switch; protects against unwanted file downloads or unauthorized copying of switch configuration file
• Management Interface Wizard: CLI-based step-by-step configuration tool to help ensure that management interfaces such as SNMP, telnet, SSH, SSL, Web, and USB are secured to desired level New!
• Switch management logon security: can require either RADIUS or TACACS+ authentication for secure switch CLI logon
• Security banner: displays a customized security policy when users log in to the switch
• IP multicast routing (requires Premium License): includes PIM Sparse and Dense modes to route IP multicast traffic
• IP multicast snooping (data-driven IGMP): automatically prevents flooding of IP multicast traffic
• LLDP-MED (Media Endpoint Discovery): a standard extension of LLDP that stores values for parameters such as QoS and VLAN to automatically configure network devices such as IP phones
• RADIUS VLAN for voice: uses standard RADIUS attribute and LLDP-MED to automatically configure VLAN for IP phones
• PoE allocations: supports multiple methods (automatic, IEEE 802.3af class, LLDP-MED, or user specified) to allocate PoE power for more efficient energy savings
• Advanced classifier-based QoS: classifies traffic using multiple match criteria based on L2/3/4 information; applies QoS policies such as setting priority level and rate limit to selected traffic per port or per VLAN New!
• Layer 4 prioritization: enables prioritization based on TCP/UDP port numbers
• Traffic prioritization: allows real-time traffic classification into eight priority levels mapped to eight queues
• Bandwidth shaping:
  • Port-based rate limiting: per-port ingress/egress enforced maximum bandwidth
  • Classifier-based rate limiting: uses ACL to enforce maximum bandwidth for ingress traffic on each port
  • Guaranteed minimum: per-port, per-queue egress-based guaranteed minimum bandwidth
• Class of Service (CoS): sets the IEEE 802.1p priority tag based on IP address, IP Type of Service (ToS), L3 protocol, TCP/UDP port number, source port, and DiffServ

Specifications