The HP Switch 3500 Series consists of the most advanced intelligent edge switches. The 3500 series includes 48-port stackable. The foundation for all these switches is a purpose-built, programmable ProVision ASIC that allows the most demanding networking features, such as Quality of Service (QoS) and security, to be implemented in a scalable yet granular fashion. With a variety of Gigabit and 10/100 interfaces, integrated PoE option, 10-GbE capability on Gigabit switches, the 3500 switches offer excellent investment protection, flexibility, and scalability, as well as ease of deployment, operation, and maintenance.
Remote intelligent mirroring
Mirrors selected ingress/egress traffic based on ACL, port, MAC address, or VLAN to a local or remote 3500 switch anywhere on the network.
RMON, XRMON, and sFlow v5
Provide advanced monitoring and reporting capabilities for statistics, history, alarms, and events.
IEEE 802.1AB Link Layer Discovery Protocol (LLDP)
Automated device discovery protocol for easy mapping by network management applications.
Uni-Directional Link Detection (UDLD)
Monitors cable between two switches and shuts down the ports on both ends if the cable is broken turning the bi-directional link into uni-directional; this prevents network problems such as loops.
Leverages RADIUS to link a custom list of CLI commands to individual network administrator's login; also provides an audit trail.
Friendly port names
Allow assignment of descriptive names to ports.
Dual flash images
Provides independent primary and secondary OS files for backup while upgrading.
Multiple configuration files
Multiple configuration files can be stored to the flash image.
The switches can be managed and deployed at the edge of IPv6 networks.
Dual stack (IPv4/IPv6)
Provides transition mechanism from IPv4 to IPv6; supports connectivity for both protocols.
Forwards IPv6 multicast traffic to the appropriate interface; prevents IPv6 multicast traffic from flooding the network.
IEEE 802.3af Power over Ethernet
Provides up to 15.4 W per port to IEEE 802.3af-compliant PoE powered devices such as IP phones, wireless access points, and security cameras.
Pre-standard PoE support
Detects and provides power to pre-standard PoE devices.
On Gigabit and 10-Gigabit ports, allow high-performance remote backup and disaster-recovery services.
Automatically adjusts for straight-through or crossover cables on all 10/100 and 10/100/1000 ports.
153.6 Gbps crossbar switching fabric provides intra- and inter-module switching with 111.5 million pps throughput on the purpose-built ProVision ASICs.
Selectable queue configurations
Increase performance by selecting the number of queues and associated memory buffering that best meet the requirements of your network applications.
Virtual Router Redundancy Protocol (requires Premium License)
VRRP allows groups of two routers to dynamically back each other up to create highly available routed environments.
IEEE 802.1s multiple spanning tree protocol
Provides high link availability in multiple VLAN environments by allowing multiple spanning trees; encompasses IEEE 802.1D Spanning Tree Protocol and IEEE 802.1w Rapid Spanning Tree Protocol.
Server-to-switch distributed trunking
Allow a server to connect to two switches with one logical trunk that consists of multiple physical connections; enables load-balancing and increases resiliency.
IEEE 802.1ad Q-in-Q (requires Premium License)
Increases the scalability of Ethernet network by providing a hierarchical structure; connects multiple LANs on high-speed campus or metro network.
VLAN support and tagging
Supports the IEEE 802.1Q standard and 2,048 VLANs simultaneously.
IEEE 802.1v protocol VLANs
Isolate select non-IPv4 protocols automatically into their own VLANs.
GARP VLAN Registration Protocol
Allows automatic learning and dynamic assignment of VLANs.
UDP helper function
UDP broadcasts can be directed across router interfaces to specific IP unicast or subnet broadcast addresses and prevent server spoofing for UDP services such as DHCP.
Loopback interface address
Defines an address in RIP and OSPF that can always be reachable, improving diagnostic capability.
Static IP routing
Provides manually configured routing; includes ECMP capability.
Provides RIPv1 and RIPv2 routing.
Access control lists (ACLs)
Provide filtering based on the IP field, source/destination IP address/subnet, and source/destination TCP/UDP port number on a per-VLAN or per-port basis.
IEEE 802.1X users per port
Provides authentication of multiple IEEE 802.1X users per port; prevents user "piggybacking" on another user's IEEE 802.1X authentication.
Authenticates from Web browser for clients that do not support IEEE 802.1X supplicant; customized remediation can be processed on an external Web server.
Client is authenticated with the RADIUS server based on client's MAC address.
Concurrent IEEE 802.1X, Web, and MAC authentication schemes per port
Switch port will accept up to 32 sessions of IEEE 802.1X, Web, and MAC authentications.
Detects traffic patterns typical of WORM-type viruses and either throttles or entirely prevents the ability of the virus to spread across the routed VLANs or bridged interfaces, without requiring external appliances.
Blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks.
Secure management access
All access methods - CLI, GUI, or MIB - are securely encrypted through SSHv2, SSL, and/or SNMPv3.
Switch CPU protection
Provides automatic protection against malicious network traffic trying to shut down the switch.
Defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle ICMP traffic.
Enables implementation of a highly granular and flexible access security policy and VLAN assignment specific to each authenticated network user.
STP BPDU port protection
Blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks.
Dynamic IP lockdown
Works with DHCP protection to block traffic from unauthorized hosts, preventing IP source address spoofing.
Dynamic ARP protection
Blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data.
Detection of malicious attacks
Monitors ten types of network traffic and sends a warning when an anomaly that potentially can be caused by malicious attacks is detected.
Allows access only to specified MAC addresses, which can be learned or specified by the administrator.
MAC address lockout
Prevents configured particular MAC addresses from connecting to the network.
Allows only specified ports to communicate with each other.
Eases switch management security administration by using a password authentication server.
Secure Shell (SSHv2)
Encrypts all transmitted data for secure, remote command-line interface (CLI) access over IP networks.
Secure Sockets Layer (SSL)
Encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch.
Allows secure file transfer to/from the switch; protects against unwanted file downloads or unauthorized copying of switch configuration file.
Switch management logon security
Can require either RADIUS or TACACS+ authentication for secure switch CLI logon.
Security bannerProduct Highlights
Displays a customized security policy when users log in to the switch.
- Advanced access layer & small distribution
- Enterprise-class performance and security
- Intelligent edge feature set with L2-L4
- Scalable 10/100/1000 & 10/100 PoE connectivity