ProCurve Networking by HP announced today software upgrades, including enhanced security features and network standardization, to the HP ProCurve Switch 2600, Switch 2600-PWR and Switch 2800 series. Some important new features include Web/MAC Authentication, a Class of Service feature for enhanced VoIP service and the traffic monitoring technology sFlow, which will help to predict traffic congestion and allow the user to plan for future upgrades.
Two very interesting of note. One, is the “MAC Lockout/MAC Lockdown” feature – MAC Lockout causes the switch to drop traffic carrying a specific MAC address as either a source or destination. This is done by manually inputting MAC addresses to be ignored. MAC Lockdown permanently assigns a device MAC address to a specific port on the switch to restrict client device to a specific port. MAC Lockout secures the switch from illegal access by identifying restricted clients or devices, and it restricts a port to only one user. This will prevent users from hooking up prohibited devices onto the corporate network, such as insecure WiFi access points.
The second interesting feature is its Class of Service (CoS) support. According to their release, “DiffServ Codepoint (DSCP) Marking – L3/L4 – Differentiated Services is used for several mission-critical applications and for providing end-to-end QoS. Typically, Differentiated Services is appropriate for aggregate flows because it performs for prioritized traffic flows. With DSCP, the user is able to prioritize traffic into priority queues. This update allows customers to prioritize Voice over IP traffic for efficient IP telephony. It also sets priorities for mission-critical applications. The updates provide support for the following DSCP modes: RFC2474 DiffServ Precedence, RFC2597 DiffServ Assured Forwarding (AF), and RFC2598 DiffServ Expedited Forwarding (EF)”
Here is an abbreviated version of the release:
ProCurve Networking by HP Enhances Switch Lines with Added Security and Functionality
PALO ALTO, Calif., Oct. 4, 2004 – ProCurve Networking by HP today announced software upgrades, including enhanced security features and network standardization, to three of the company’s Ethernet switch lines: the HP ProCurve Switch 2600, Switch 2600-PWR and Switch 2800 series. The software upgrades ease integration, standardizing features across the three product lines and providing third-party interoperability to maximize flexibility for customers who demand more from their networks.
ProCurve’s commitment to command from the center with control to the edge is reflected in the added support of sFlow sampling technology for comprehensive traffic analysis across 10MB, 100MB, 1000MB, 10GB access and uplink ports. Security updates easily integrate into existing security authentication systems with 802.1X authentication; offer secure switch updates via Secure FTP, and add more control at the access point using MAC Lockout/MAC Lockdown.
Significant new features include:
• Web/MAC Authentication – The switch provides a Web browser interface for gathering user name/password for authentication and automatically intercepts the first http request from a new client to provide the login screen. The switch then provides a temporary (non-valid) IP address to the client to get to the switch’s web server, if necessary. This has the benefit of eliminating the need for the 802.1x supplicant on PC, and it is usable on operating systems not based on Windows® via a Web browser.
• 802.1s (multi-instance STP) – 802.1s, the standard which allows maximum use of all redundant links, is similar to regular spanning tree in that it implements spanning tree but on a per VLAN basis. This allows customers to allocate different paths for different VLAN paths. This feature provides multi-vendor LAN interoperability, more resiliency for convergent networks (voice, data, mobility), and the ability to balance traffic across the network.
• sFlow – sFlow, a technology for monitoring traffic in data networks containing switches and routers, defines the sampling mechanisms implemented in an sFlow Agent for monitoring traffic. When used with a network management application, sFlow provides a network-wide view of traffic patterns, which helps predict traffic congestion and allows the user to plan for future upgrades. This feature provides wirespeed traffic monitoring capability with a standard that is increasingly used by management applications.