Huawei Quidway S5600 Series Ethernet Switches

Quidway S5600 är av den nya generationen multilayer-switchar som till fullo följer kraven för ett highly resilient nätverk.

S5600 har stöd för IRF (Intelligent Resilient Framework) och gör det enkelt för nätverkstekniker att bygga nätverk med hög pålitlighet, skalbarhet och som är lätta att hantera.

The Quidway S5600 Series Ethernet Switches are a new generation of multi-layer switches that entirely fulfills the enterprise customers’ requirement of designing and implementing a unified, highly resilient network. One of the most important and innovative highlights of the S5600 Series Ethernet Switch is the IRF (Intelligent Resilient Framework) technology which presents the very advantage of stackable technology. IRF enables network managers to build adaptable networks with high reliability, scalability and easy management. S5600 Series represents the next generation desktop switch, they provide high-density GE ports, 10GE uplink, and hot- swappable power suppliers and can be used in access layer of Gigabit Ethernet network or in aggregation layer with high availability as well as scalability.

The S5600 Series is available, offering a cost-effective path for meeting current and future service requirements from enterprises and commercial businesses. The abundant features include advanced quality of service (QoS), rate-limiting, access control lists (ACLs), static and Routing Information Protocol (RIP) routing, OSPF(Open Shortest Path First) and IRF function (distributed device management, distributed redundant routing and distributed link aggregation), QinQ (VLAN-VPN), RSPAN (Remote switched port analyzer), VCT (Virtual Cable Test), Protocol-Based VLAN and Voice VLAN, SSH V2 (Secure Shell V2), MVR (Multicast VLAN Registration), EAD (Endpoint Admission Defense), DLDP (Device Link Detection Protocol) and HGMP V2(Huawei group management protocol V2), Multicast routing, DHCP Server and VRRP (Virtual Redundancy Routing Protocol), HWTACACS, BGP,MSDP (Multicast Source Discovery Protocol), etc.

The S5600 Series Ethernet Switches include the following models: S5624P, S5624P-PWR, S5648P, S5648P-PWR and S5624F. Further more, S5624P/S5648P can be upgraded to S5624P-PWR/S5648P-PWR by replacing the power suppliers, thus great increase savings on equipment investment of customers.

S5624P/S5624P-PWR have 24 Ethernet 10/100/1000 Base-T ports, 4 1000BASE-X SFP (combo), 2 dedicated stacking ports and one expansion slot.

S5648P/S5648P-PWR have 48 Ethernet 10/100/1000Base-T ports, 4 1000BASE-X SFP (combo), 2 dedicated stacking ports and one expansion slot. S5624F has 24 Ethernet 1000Base-X SFP ports, 4 10/100/1000Base-T ports (combo), 2 dedicated stacking ports and one expansion slot. S5600-PWR model supports PoE, which transmit power over Ethernet to endpoint-devices. The combo ports in S5600 are combo of 10/100/1000BASE-T and 1000BASE-X.

Full Wire-speed, Multi-layer Switching

S5600 series switch offers L2/L3 wire-speed switching capacity. The 5600 series offers 10GE uplink speed, satisfies the most demanding.

The hardware supports L3 wire-speed switching, and is able to identify and process the traffic flows from L4-L7.

With independent packet filters, all ports distinguish different flows and forward them with corresponding priority.

Innovative IRF technology

S5600 Series adopts an innovative technology, Intelligent Resilient Framework, so bandwidth can be expanded and upgraded smoothly. With IRF technology, S5600 series switches can be stacked up to 8 units, forming a distributed switching fabric with up to 96G stacking bandwidth between any two units. From the management and configuration perspective, the distributed switches act as one switching device and run as one logical entity, while from a performance perspective,each switch in the IRF framework can make local forwarding decision both layer2 and layer3, the unit in the fabric can backup each other. Most importantly, IRF can provide the features that users are pressing for: reliability, scalability and manageability.

S5600 Series supports RMON on IRF. Customers can collect RMON history and statistics data of any units from any switch in the fabric.

HGMP V2 on IRF function allows customers to collect the information about the connection relations of the devices in a network and candidate devices, consequently maintaining and managing the cluster topology.

Peer fabric port detection function can decide whether a device can join an IRF fabric or not. The IRF technology provides: DDM (Distributed Device Management), DRR (Distributed Resilient Routing) and DLA (Distributed Link Aggregation).

Distributed Device Management(DDM) Distributed Device Management is the control system for IRF technology, responsible for distributing management and control information across the IRF Distributed Fabric. DDM allows the entire IRF Distributed Fabric to be managed as a single logical entity. Management tasks are all performed across the Distributed Fabric, minimizing complexity and administration overheads. In addition, the management IP address is shared across all units in the IRF Distributed Fabric, ensuring continuous device management and monitoring, in the event of an outage in one of the interconnected switches.

Distributed Resilient Routing (DRR) Distributed Resilient Routing is an advanced routing implementation that allows multiple interconnected switches in an IRF Distributed Fabric to behave as a single active routing entity. Unlike resilient Layer 3 implementations such as VRRP and HSRP, DRR intelligently distributes the routing load across all switches in the Distributed Fabric to optimize routing performance and make full use of bandwidth capacity.

Distributed Link Aggregation (DLA) Distributed Link Aggregation allows networks and IRF Distributed Fabrics to be coordinated with switches at the edge of the network. With the ability to multi-home across different units in the IRF Distributed Fabric, the availability of the entire network is dramatically increased. Traffic is forwarded across all links in the Aggregated Link to the fabric to optimize the use of available capacity. DLA guarantees high levels of resiliency since failure in one of the members of the Aggregated Link results in automatic redistribution of traffic across the remaining links.

Excellent PoE (Power over Ethernet) Supply Function

S5600 series supplies PoE function for endpoint devices, providing power over copper Ethernet cable to endpoint (Powered Device, such as IP phone, WLAN AP).

S5600 series switch provides up to 48 simultaneous full-powered PoE ports at 15.4W for maximum powered-device support, such as IP telephony and wireless LAN deployments. As PSE (Power Sourcing Equipment) devices, all S5600 series Switches are 802.3af compliant PoE switches.

With PoE and Voice VLAN technology, these innovative switches can provide the perfect solution for a converged voice and data network.

S5600 series switch supports PoE Profile, which means PoE policy configurations applicable to different user groups are stored in the corresponding PoE Profiles. When users connect a PD device to the port that currently has PoE Profile stored, the switch will automatically apply the PoE configuration defined in the corresponding port’s PoE Profile to the PD device.

Flexible Security Control Policies

Based on the longest match routing policy, the S5600 Series forwards packets one by one ensuring equal forwarding performance. This function can guard the network against the attack by Code Red and Worm Blaster, thereby guaranteeing equipment security.

The S5600 Series supports 802.1x authentication to identify users who attempt to access the network. With the 802.1x client version checking function enabled on a switch, the switch checks the version and validity of the 802.1x client running on supplicant systems to prevent those that use earlier versions of 802.1x client or illegal clients from logging in.

The S5600 Series supports 802.1x PEAP, With PEAP employed, a security channel is created, which is encrypted and is protected using transport level security (TLS) to ensure integrity. And authentication is carried out through a new type of EAP (extensible authentication protocol) negotiation between supplicant systems and authentication servers.

The S5600 Series supports 802.1x-trusted MAC address. Trusted MAC address here refers to the MAC address of a supplicant system that passes 802.1x authentication and MAC address-based authentication. In this case, the MAC address becomes a trusted Mac address. The 802.1x trusted MAC Address synchronization function propagates the trusted MAC addresses in IRF (intelligent resilient framework) if the corresponding supplicant systems pass the authentication performed by IRF-enabled switches.

The S5600 Series supports Centralized MAC address authentication, it controls accesses to a network through ports and MAC addresses. This kind of authentication requires no client software. When operating in centralized MAC address authentication mode, a switch begins to authenticate the user if it detects a new user MAC address. Further more, the S5600 Series can perform 802.1x authentication and MAC address-based authentication simultaneously.

The S5600 Series supports The Guest VLAN function, this function enables supplicant systems that are not authenticated to access specific resources and thus perform the corresponding operations, such as obtaining 802.1x client, upgrading client, or obtaining other upgrading programs.

The S5600 Series can also prevent unauthorized access to the network by binding any combination of MAC, IP and PORT.

Secure Shell V2 (SSH V2) offers security information protection and powerful authentication function to safeguard the Ethernet switch from attacks such as IP address spoofing and plain text cipher interception.

High Reliability

The S5600 series supports STP/RSTP and multi-VLAN based on MSTP, greatly improving redundant back-up for links and fault tolerance capability, so that the network can run with high stability.

The S5600 Series supports the optional RPS (Redundant Power Supply), thus improving the fault tolerance capability and normal network operation duration. Power module of the S5600 Series is hot-swappable.

The S5600 series switches support VRRP, and can build a VRRP back-up group with other L3 switches. They can build a redundant route topological structure when a fault occurs to guarantee communication continuity and reliability, keeping network status stable.

The S5600 series supports VRRP backup group port tracking function. With the function enabled, customers can specify to track the link state of the master’s uplink port and decrease the priority of the switch when the port fails. This in turn triggers the new master to be determined in the backup group.

The S5600 supports ECMP (Equal Cost Multi-path Protocol) routing, which can be used for load balance and routing redundancy.

Abundant QoS Policies

The S5600 Series supports L2~L4 complex flow classification based on source MAC address/destination MAC address/source IP address/destination IP address/ports/protocols.

The S5600 Series supports flexible queue scheduling algorithms, which can be set on the basis of port and queue at the same time. They support Strict Priority (SP), Weighted Round Robin (WRR) and SP+WRR; 8 priority queues and 2 drop precedence.

The S5600 Series supports Committed Access Rate (CAR) and limit the traffic speed in the 64Kbit/s granularity.

The S5600 Series supports RSPAN (Remote switched port analyzer). It breaks through the limitation that the mirrored port and the mirroring port have to be located in the same switch, and makes it possible that the mirrored and mirroring ports be located across several devices in the network, and greatly enhances the way that the network administrator can manage the switch.

The S5600 Series supports the Synchronization Feature of Queue Scheduling for Aggregation Ports. This feature provides the synchronization function of queue scheduling on each individual port of the aggregation port group.

The S5600 Series supports Delivery of ACL by RADIUS, this function requires corporation of devices and the CAMS server. Users need to first define the ACL which is of numeric type, and then deliver the ACL to the hardware of the devices in the CAMS server through the configuration of external groups.

The S5600 Series can configure the Priority for Protocol Packets. Each protocol packet has its own priority. Customers can modify the priority of the protocol packet with the help of relevant QoS commands.

The S5600 Series supports to configure the control policy over Telnet, configuring the source IP, destination IP, and source MAC to control over. Also specify whether the control action is permitting or denying access.

Diversified System Configuration and Management Modes

The S5600 Series supports Simple Network Management Protocol (SNMP) v1/v2/v3 and RMON (Remote Monitoring) v1, 1/2/3/9 groups of MIBs, they be managed by NMS. They can be managed by general network management platform such as OpenView, and QuidView network management system.

The S5600 Series supports Command Line Interface (CLI), Web based network management, and modem dial-up and TELNET which make the equipment management more convenient.

The S5600 Series supports HGMP V2 cluster management. After enabling HGMP V2, the network administrator can manage several member switches through one command switch and only the command switch need a public network IP address. It can save public IP address greatly and manage the network more efficiently.

The S5600 Series supports SNMP Agent logging. It means the network management operation logging function logs operations can perform remotely by administrators through SNMP.

Abundant System Maintenance and Debugging Methods

The S5600 Series supports System log, Hierarchical alarm management and alarm filtering, Detailed alarm/debug information output, Ping and Tracer, they also support remote maintenance via Telnet Modems and SSH.

The S5600 Series supports HWping. It is a new network diagnostic tool used to test the performance of protocols operating on network and it is an enhanced alternative to the ping command.

The S5600 Series supports DLDP (Device Link Detection Protocol). DLDP can detect the link status of the optical fiber cable or copper twisted pair. If DLDP finds a unidirectional link, it disables the related port automatically or informs users to disable it manually depending on specific configuration, to avoid potential network problems.

The S5600 Series supports Loopback detection on ports, after users enable loopback detection for Ethernet ports, the switch will monitor whether the ports have loopback on a regular basis; if the switch detects loopback for a particular port, and it will put that port under control.

The S5600 Series supports VCT (Virtual Cable Test) which is convenient for troubleshooting. Customers can start the virtual cable test (VCT) to make the system test the cable connected to the current electrical Ethernet port. The test items include: whether short or open circuit exists in the Rx/Tx direction of the cable, and what is the length of the cable in normal status or the length from the port to the fault point of the cable.