En-s3900-sld-s3900 Series Switches Main Slides Issue 1
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View En-s3900-sld-s3900 Series Switches Main Slides Issue 1 as PDF for free.
More details
- Words: 2,641
- Pages: 34
S3900 Series Switches Thank You Main Slides www.huawei.com
HUAWEI TECHNOLOGIES CO., LTD.
All rights reserved
Agenda
S3900 Overview S3900 Key Features End-to-End Intelligent Solution Summary
HUAWEI TECHNOLOGIES CO., LTD.
Five Key Factors for Enterprise Network • Reliability
– Achieving reliable networks is still a challenge
• Network Management
– Network management is a labor intensive and costly job
• Intelligence
– Effective Application-Awareness
• Network Expansion
– Continue to be a “puzzle” for network administrators – even the simplest expansion can bring hidden threats to reliability – Existing network expansion technologies are like adding a floor to an existing house – an “add on” but never “true part of it”
• Security
– To protect your network against illegal use / anonymous virus HUAWEI TECHNOLOGIES CO., LTD.
Gigabit / 10G
Comprehensive Switch Portfolio
S8500 Core Routing switch
S6500 modular chassis switch
10/100M
S5000/S5600 Intelligent Switch
S3900/S3500 L2/3 Switch
S3000-EI L2 Switch S2000-EI Switch
Core Modular Chassis • Multiple service options • Highest availability & 10/100/1000 densities • Abundant service modules • Wire-speed 10GE aggregation
Deployment Focus • Core • Distribution • Data center access/core service • High performance wiring closet
Mid-range Modular Chassis
Deployment Focus • Resilient L3 routing & Intelligent L4 • Medium wiring closet • Small/Medium Distribution/Core services • Data center access/core • Highest density 10/100/1000 • Large/Medium branch • 10GE aggregation Advanced GE fixed configuration Deployment Focus • Resilient L3 routing & Intelligent L4 • wiring closet services • Middle branch office • Medium density 10/100/1000 • Data center • Medium Network aggregation • Resilient stacking • 10GE uplinks Optimized fixed configuration Deployment Focus • Wire-speed L2 switching and • Small wiring closet resilient L3/L4 services • Small branch office • 10/100 + 4 x GE uplinks • Small network aggregation • Resilient stacking • Desktop/Workgroup switch • Advanced QoS mechanism Basic fixed configuration Deployment Focus • Wire-speed L2 switching • Small wiring closet • Stacking • Small branch office • Intelligent Service • Desktop/Workgroup switch
HUAWEI TECHNOLOGIES CO., LTD.
S3900 FE Series Switches
S3928TP-SI S3928P-SI S3928P-EI S3928P- PWR - EI
S3928F-EI
S3952P-SI S3952P-EI S3952P- PWR-EI
24 / 48 10/100M Ethernet Ports
Switch Capacity : 12.8Gbps/17.6Gbps
4 x 1000 Base-X SFP Port
Forwarding rate: 9.5/11.78 Mpps
802.3af POE compatible
8 Hardware Queues
Deployment Focus
Voice VLAN
Enhanced L2-L4 functionalities
Static/RIP/OSPF(EI)
802.1x local / external radius authentication
• Small wiring closet • Small branch office • Small network aggregation (EI) • Desktop/Workgroup switch
ACL both inbound and outbound direction HUAWEI TECHNOLOGIES CO., LTD.
S3900-SI Series Switches Features Switch 3900 -- The new choice for access network deployments Key Points Includes Standard Image (SI) software Quidway S3928P 24-Port + 4 SFP Quidway S3928TP 24-Port + 2*10/100/1000Base-T+2SFP Quidway S3952P 48-Port + 4 SFP
Port Configurations: 24 x 10/100 Ports + 4 SFP 48 x 10/100 Ports + 4 SFP
IRF: Distributed Device Management • Scalable to 384 10/100 + 32 SFP • Mix and match any 3900-SI product in a stack • Built-in resilient loop stacking via SFP ports Features Highlights: • 64 Static Routes • Dynamic routing (RIPv1/2) – 1K entries • 2K ARP Table • Intelligent security services including 802.1X • RADA – RADIUS Authenticated Device Access • SSHv1.5 / SNMPv3 • Full QoS Prioritisation and full classification • 8 Egress Queues • 4K Port-Based VLANs • AC input • 802.3ad Link Aggregation – up to 8 groups • Multiple/Rapid Spanning Tree with STP Route Guard • IGMP Snooping V1/V2 • NTP / FTP Server and Client
HUAWEI TECHNOLOGIES CO., LTD.
Target use: Enterprise wiring closet access switch; branch office switch Availability: Simply power the switch via a standard AC input Scalability: Patented IRF technology automatically creates a stack of switches and allows single IP management Connectivity: Each switch allows up to 4 active Gigabit ports with any combination of copper and/or fibre accepted Application-Aware: Automatically detects, prioritizes and places VoIP traffic in a separate VLAN
S3900-EI Series Switches Features Switch 3900 -- The new choice for access network deployments Key Points Includes Enhanced Image (EI) software • Includes ALL SI software plus: Quidway S3952P 48-Port + 4 SFP IRF • Distributed Device Management Quidway S3928P 24-Port + 4 SFP Mix and match any S3900-EI product in a stack, PWR including PWR Quidway S3952P 48-Port + 4 SFP • Distributed Link Aggregation PWR Allows up to 8 groups to be spread across any Quidway S3928F 24-Port + 2 SFP + 2 ports in the stack (8 FE / 4 GE per group) 1000BaseT • Distributed Resilient Routing All switches in the stack are actively routing and sharing LSDB and ARP tables RIP/OSPF Multicast Routing PIM Sparse Mode / Dense Mode • JumboFrame • AC & DC input • Central MAC authentication • Time-based Access Control Lists • DHCP Tracker • ECMP,VRRP,QinQ • Traffic Redirection • Traffic Mirroring • Syslog Quidway S3928P 24-Port + 4 SFP
HUAWEI TECHNOLOGIES CO., LTD.
Target use: Advanced Enterprise wiring closet access switch; small aggregation Availability: Routing functions are totally distributed across all switches in the stack massively increasing performance and uptime Scalability: Extend connectivity with a mixture of PoE and fibre switches Connectivity: Jumbo Frames are supported on all gigabit uplinks for interoperability with equipment downstream Application-Aware: Advanced Time-Based ACLs are supported that can be automatically executed on a per user or machine basis
Enterprise Networking with S3900 Availability
Security
Quality of Service
• IP Unicast Routing - Static, RIPv1/v2, OSPF, • IP Multicast Routing • VRRP • DTP and PAgP • Dynamic VLANs • IGMP snooping • STP enhancements • Distributed L2/L3 functions • MAC address notification • DHCP interface tracker • CMS security wizard • Access control lists • Private VLAN edge • Port security • SNMPv3 • 802.1x • SSH
S3900 10/100M Desktops
Mission-Critical 10/100/1000M Workstations
Space -Constrained Server Racks
• Queue servicing: - Shaped round robin and strict priority queuing - Weighted tail drop - Ingress traffic policing - Egress traffic shaping • 802.1p CoS and DSCP • Congestion avoidance - Granular rate limiting - Jumbo Frames
HUAWEI TECHNOLOGIES CO., LTD.
Network Core
Agenda
Market Trends S3900 Overview S3900 Key Features V1.5 New Feature IRF RPS1000-A Feature Summary
End-to-End Intelligent Solution Summary
HUAWEI TECHNOLOGIES CO., LTD.
Features S3900 Features ✔VRRP (EI) ✔HGMPv2 ✔DHCP-SERVER (EI) ✔QINQ ✔GVRP ✔MVR ✔DLDP
HUAWEI TECHNOLOGIES CO., LTD.
Features (Cont.) S3900 Features ✔IGMP Snooping Fast Leave ✔DHCP Snooping Trust ✔DHCP Relay Security ✔DHCP Option 82 ✔802.1X and Mac address Authentication At the Same Time/ Port ✔802.1X with PEAP/TLS
HUAWEI TECHNOLOGIES CO., LTD.
Features (Cont.) S3900 Features ✔Dynamic VLAN Delivery ✔Guest VLAN ✔Jumbo Frame for SI ✔Group Policy ✔Protocol Based VLAN ✔SSHv2 ✔VCT (Virtual Circuit Test) ✔RSPAN (Remote Port Mirroring)
HUAWEI TECHNOLOGIES CO., LTD.
802.1X with PEAP/TLS Radius/EAP server
802.1X authentication Efficient port/MAC based Built-in 802.1X server Support EAP relay function
S5600 Series S3900 Authenticator
EAPoRadius
Benefits: ✔ Improve the security ✔ Provide AAA (Authentication, Authorization, Accounting) functions
EAPoL PC Supplicant
PC Supplicant
HUAWEI TECHNOLOGIES CO., LTD.
PC Supplicant
802.1X and MAC Authentication How can PC and IP phone be authenticated on the same port?
IP Phone
Without 802.1X Client
S3900 supports 802.1X and MAC Authentication at the Same Time on One Port PC
With 802.1X Client
Benefits: ✔ Authenticate devices with or without 802.1x Client at the same time
HUAWEI TECHNOLOGIES CO., LTD.
What is IRF ? Intelligent Resilient Framework •
Huawei-3Com’s industry leading stacking technology
•
Innovation of LAN switching
•
Create Intelligent Resilient Framework Network
•
Core features:
Distributed Device Management (DDM) Distributed Link Aggregation (DLA) Distributed Resilient Routing (DRR)
HUAWEI TECHNOLOGIES CO., LTD.
Distributed Fabric
I
R F Flexible High efficient Cost-effective
IRF Based Easy Management Distributed Device Management (DDM) •
All switches act as a single logical device
Stack Management
•
Resilient architecture provides access to
•
Single entity for SNMP, WEB and CLI Management
management in the event of ANY switch failing •
•
Rapid stack-wide feature configuration
•
Hot-insert and removal of switches
•
Automatic and manual stack configuration
•
Reduces configuration time
•
Stack up to 8 units
•
Improved monitoring responsiveness
3
ACL configurations in one screen with All the device View
4 4
3
1
2
Only one logical device
IRF fabric
HUAWEI TECHNOLOGIES CO., LTD.
S3900 IRF Stacking IRF Stacking •
Each switch uses the last two ports to provide a 2 * 2 Gbps stacking,
No extra hardware required •
Stack up to 8 units
•
Automatic or manual stack configuration
•
A return link provides rapid fail-over in the event of a normal link or unit failing
•
IRF Stack units together over 70Km apart
Normal Stacking Link: 1 Gbps UP / 1 Gbps DOWN Standby Stacking loop connection: 1 Gbps UP / 1 Gbps DOWN
Use SFP to link the units together
HUAWEI TECHNOLOGIES CO., LTD.
Quidway S3900
Basic Security Features • SNMPv3/ SSHv2 • Authorized IP for management: • support 16 authorized management IP
• User authentication • 802.1x • Centralized Mac authentication • Local password base authentication (128 users ) • Radius based authentication (1024 users)
• Packet Filtering • L2/L3/L4 • Time-based ACLs • ACL entries per port
• Others • DoS protection • DHCP security • Port Mirroring/Traffic Mirroring HUAWEI TECHNOLOGIES CO., LTD.
Device Security Advanced Device Security •
Access Levels – 4 levels can be set for multiple users
•
SNMPv3 / SSHv2 - Encrypt all SNMP and Telnet traffic to stop middle-man attacks 56bit / 168bit
•
Authorized IP - Lock access to the management interface by routed Access Control List
•
Switch Login (RADIUS) – Support RADIUS Authentication for CLI / Console and web interfaces. RADIUS return attribute will set individual privilege levels
•
Denial of Service Attack Preventions – Attacks to the host CPU sub systems and memory are protected via a traffic classification queuing system
•
Syslog - All commands can be tracked and sent to a Syslog server
HUAWEI TECHNOLOGIES CO., LTD.
Application-Aware Services • Advanced Traffic Management – Voice VLAN – All voice traffic can be automatically placed into a private secure VLAN; switch will detect VoIP phone OUI and register with the correct VLAN
– Traffic Redirection / Mirror – Mirror or redirect any type of network traffic based upon an ACL to any port
– Configurable Queue Processing – 8 hardware-
Define your own Classification rule and mask for the ACL
based queues; Strict Priority; Weighted Round Robin; Weighted Fair Queuing; WRED; WRR + SP
– Advanced Traffic Classification – All ACL classifications are available
– Traffic Actions – Remark DSCP; Drop or set the IPPrecedence, rate limit (64kbps granularity)
HUAWEI TECHNOLOGIES CO., LTD.
Define ACLs based upon Ingress & Egress Control Source / Destination IP Address Source / Destination MAC address Source / Destination TCP and/or UDP Port ICMP DSCP / COS / Precedence / TOS VLAN
Voice VLAN 1. Mac address 00E0-BB00-0000 mask ffff-ff00-0000 Voice VLAN 2. Ah! It is an IP Phone of Vendor A, B, C……( Totally, 16 Vendors) 3. Put the traffic from IP Phone into Voice VLAN automatically 4. Other traffic will be processed with lower priority
Voice Data Other Data
Voice Queue Data Queue 1 Data Queue 2
HUAWEI TECHNOLOGIES CO., LTD.
Benefits: ✔ Guarantee the QoS of voice data ✔ Improve the security
RPS1000-A Front Panel
HUAWEI TECHNOLOGIES CO., LTD.
RPS1000-A Rear Panel Two Outputs for PoE Device or Non PoE Device
The two main inputs are for the two PSUs in the RPS1000-A rack respectively
HUAWEI TECHNOLOGIES CO., LTD.
Six Outputs for Non PoE Device Only
S3900 Rear Panel S3900-SI rear panel, AC input socket
S3900-SI (1)
(2)
S3900-EI rear panel, AC input socket
S3900-EI rear panel, DC input socket.
S3900-EI (1)
(2)
RPS Connects Here! Only S3900-EI Supports RPS
HUAWEI TECHNOLOGIES CO., LTD.
(3)
Feature Summary •
•
•
Port Features – SPAN (Port Mirroring) – RSPAN (Remote Port Mirroring) – Port Isolation – Port Rate-limiting (64kbps) – IP + MAC + Port Binding – DUD (Disconnect Unauthorized Device) – DLDP (smillar to UDLD) – VCT (Virtual Cable Test) High Performance – 4 GE uplinks – 4K VLAN/16K MAC – Jumbo Frame High Reliability – STP/RSTP/MSTP – VRRP for S3900-EI – ECMP for S3900-EI – Redundant Power Supply for S3900-EI – Redundant Power Supply for S3900-EI – Distributed Layer 2 and Layer 3 IRF! – Layer 2/3 failover with nonstop forwarding IRF! – 4Gbps fault tolerant bidirectional stack interconnection IRF! – Cross-stack link aggregations technology, cross-stack QoS IRF!
HUAWEI TECHNOLOGIES CO., LTD.
Feature Summary (Cont.) •
•
Abundant Security – SSHv2 – SNMPv3 – MAC Black Hole – Disconnect Unauthorized Device – 802.1X with PEAP/TLS – Centralized MAC Address Authentication – Enable 802.1X and MAC Authentication on the same port – Dynamic VLAN Delivery/Guest VLAN – DHCP Relay Security – DHCP Snooping Trust Abundant QACL – WRED – 8 Queues/SP/WRR/WFQ/SP+WRR/SP+WFQ – CAR – Ingress & Egress ACL – ACL Traffic Limit – Traffic Classification/Traffic Shaping – Tail Drop – DSCP<->CoS – Voice VLAN
HUAWEI TECHNOLOGIES CO., LTD.
Feature Summary (Cont.) •
•
•
•
Multicast – MVR – IGMPv1/v2 Snooping – IGMPv1/v2 Snooping Fast Leave – PIM-SM/PIM-DM for S3900-EI – Extends Web-based management suite Ease Management – GVRP – SNMPv1/v2/v3 – HGMPv2 – One IP address and configuration file for entire stack IRF! – Extends Web-based management suite – Automatic stacking configuration of new units when connected to the stack IRF! Cost Effective – PoE – QinQ – 802.1X Server – DHCP Option 82 – DHCP Server for S3900-EI Return of Investment – High Performance/Cost Ratio – Seamless Network Expansion IRF!
HUAWEI TECHNOLOGIES CO., LTD.
Agenda
Market Trends S3900 Overview S3900 Key Features End-to-End Intelligent Solution Summary
HUAWEI TECHNOLOGIES CO., LTD.
S3900 Deployment Scenario Voice VLAN
Application server farm
POE IRF stacking
IRF king Stac
Quidway S5600
Quidway S5600
IRF king Stac
Quidway S3900 Quidway S3900 Quidway S3900
HUAWEI TECHNOLOGIES CO., LTD.
Quidway S3900
End-to-End Intelligent Solution Service System
Fully Standards Based Infrastructure Best of Breed Core Performance Industry leading Terabit Performance with investment protected backplane
Application server farm
S8500 Router AR4600
Industry Leading Performance Unique Distributed Resilient 96Gbps link via IRF Total Flexibility Comprehensive media flexibility for abundant applications
SecPath Security System
Unique Investment Protection S6500 Add Power over Ethernet anytime to the Switch S5600 S3900 S5600 Security Policy Control Security Automatic User Security Authentication, Authorisation and Accounting; Peace of mind for businesses
HUAWEI TECHNOLOGIES CO., LTD.
S3900 PoE: Powered, traffic optimized and secured by Switch 3900
Agenda
Market Trends S3900 Overview S3900 Key Features End-to-End Intelligent Solution Summary
HUAWEI TECHNOLOGIES CO., LTD.
Summary •
•
•
Enterprise-class services – High Availability: IP Routing, VRRP, MSTP, 802.1s/w, IGMP snooping, RPS – Security: ACL, port security, MAC address notify, RADIUS/TACAC+, 802.1x, SSHv2, SNMPv3, DUD, – Advanced QoS: Layer 2–4 QoS with CoS/DSCP, shaped round robin, WRR,strict priority queuing, Ingress and Egress ACL (only for S3900) – VOICE VLAN/PoE Abundant Security – SSHv2/SNMPv3 – 802.1X with PEAP/TLS, Centralized MAC Address Authentication/Enable 802.1X and MAC Authentication on the same port – Dynamic VLAN Delivery/Guest VLAN – DHCP Relay Security/DHCP Snooping Trust IRF technology – 4Gbps fault tolerant bidirectional stack interconnection – Distributed architecture – Layer 2/3 failover with nonstop forwarding – Cross-stack link aggregations technology, cross-stack QoS – Single network instance (IP, SNMP, CLI, STP, VLAN)
HUAWEI TECHNOLOGIES CO., LTD.
Summary (Cont.) • High performance – Gigabit Ethernet and Fast Ethernet configurations provide – Distributed Layer 2 and Layer 3 • Ease of management/deployment – One IP address and configuration file for entire stack – Extends Web-based management suite to Layer 2/3/4 services – Automatic stacking configuration of new units when connected to the stack • Return of Investment – High Performance/Cost Ratio – Seamless Network Expansion
HUAWEI TECHNOLOGIES CO., LTD.
Thank You www.huawei.com
HUAWEI TECHNOLOGIES CO., LTD.
All rights reserved
Agenda
S3900 Overview S3900 Key Features End-to-End Intelligent Solution Summary
HUAWEI TECHNOLOGIES CO., LTD.
Five Key Factors for Enterprise Network • Reliability
– Achieving reliable networks is still a challenge
• Network Management
– Network management is a labor intensive and costly job
• Intelligence
– Effective Application-Awareness
• Network Expansion
– Continue to be a “puzzle” for network administrators – even the simplest expansion can bring hidden threats to reliability – Existing network expansion technologies are like adding a floor to an existing house – an “add on” but never “true part of it”
• Security
– To protect your network against illegal use / anonymous virus HUAWEI TECHNOLOGIES CO., LTD.
Gigabit / 10G
Comprehensive Switch Portfolio
S8500 Core Routing switch
S6500 modular chassis switch
10/100M
S5000/S5600 Intelligent Switch
S3900/S3500 L2/3 Switch
S3000-EI L2 Switch S2000-EI Switch
Core Modular Chassis • Multiple service options • Highest availability & 10/100/1000 densities • Abundant service modules • Wire-speed 10GE aggregation
Deployment Focus • Core • Distribution • Data center access/core service • High performance wiring closet
Mid-range Modular Chassis
Deployment Focus • Resilient L3 routing & Intelligent L4 • Medium wiring closet • Small/Medium Distribution/Core services • Data center access/core • Highest density 10/100/1000 • Large/Medium branch • 10GE aggregation Advanced GE fixed configuration Deployment Focus • Resilient L3 routing & Intelligent L4 • wiring closet services • Middle branch office • Medium density 10/100/1000 • Data center • Medium Network aggregation • Resilient stacking • 10GE uplinks Optimized fixed configuration Deployment Focus • Wire-speed L2 switching and • Small wiring closet resilient L3/L4 services • Small branch office • 10/100 + 4 x GE uplinks • Small network aggregation • Resilient stacking • Desktop/Workgroup switch • Advanced QoS mechanism Basic fixed configuration Deployment Focus • Wire-speed L2 switching • Small wiring closet • Stacking • Small branch office • Intelligent Service • Desktop/Workgroup switch
HUAWEI TECHNOLOGIES CO., LTD.
S3900 FE Series Switches
S3928TP-SI S3928P-SI S3928P-EI S3928P- PWR - EI
S3928F-EI
S3952P-SI S3952P-EI S3952P- PWR-EI
24 / 48 10/100M Ethernet Ports
Switch Capacity : 12.8Gbps/17.6Gbps
4 x 1000 Base-X SFP Port
Forwarding rate: 9.5/11.78 Mpps
802.3af POE compatible
8 Hardware Queues
Deployment Focus
Voice VLAN
Enhanced L2-L4 functionalities
Static/RIP/OSPF(EI)
802.1x local / external radius authentication
• Small wiring closet • Small branch office • Small network aggregation (EI) • Desktop/Workgroup switch
ACL both inbound and outbound direction HUAWEI TECHNOLOGIES CO., LTD.
S3900-SI Series Switches Features Switch 3900 -- The new choice for access network deployments Key Points Includes Standard Image (SI) software Quidway S3928P 24-Port + 4 SFP Quidway S3928TP 24-Port + 2*10/100/1000Base-T+2SFP Quidway S3952P 48-Port + 4 SFP
Port Configurations: 24 x 10/100 Ports + 4 SFP 48 x 10/100 Ports + 4 SFP
IRF: Distributed Device Management • Scalable to 384 10/100 + 32 SFP • Mix and match any 3900-SI product in a stack • Built-in resilient loop stacking via SFP ports Features Highlights: • 64 Static Routes • Dynamic routing (RIPv1/2) – 1K entries • 2K ARP Table • Intelligent security services including 802.1X • RADA – RADIUS Authenticated Device Access • SSHv1.5 / SNMPv3 • Full QoS Prioritisation and full classification • 8 Egress Queues • 4K Port-Based VLANs • AC input • 802.3ad Link Aggregation – up to 8 groups • Multiple/Rapid Spanning Tree with STP Route Guard • IGMP Snooping V1/V2 • NTP / FTP Server and Client
HUAWEI TECHNOLOGIES CO., LTD.
Target use: Enterprise wiring closet access switch; branch office switch Availability: Simply power the switch via a standard AC input Scalability: Patented IRF technology automatically creates a stack of switches and allows single IP management Connectivity: Each switch allows up to 4 active Gigabit ports with any combination of copper and/or fibre accepted Application-Aware: Automatically detects, prioritizes and places VoIP traffic in a separate VLAN
S3900-EI Series Switches Features Switch 3900 -- The new choice for access network deployments Key Points Includes Enhanced Image (EI) software • Includes ALL SI software plus: Quidway S3952P 48-Port + 4 SFP IRF • Distributed Device Management Quidway S3928P 24-Port + 4 SFP Mix and match any S3900-EI product in a stack, PWR including PWR Quidway S3952P 48-Port + 4 SFP • Distributed Link Aggregation PWR Allows up to 8 groups to be spread across any Quidway S3928F 24-Port + 2 SFP + 2 ports in the stack (8 FE / 4 GE per group) 1000BaseT • Distributed Resilient Routing All switches in the stack are actively routing and sharing LSDB and ARP tables RIP/OSPF Multicast Routing PIM Sparse Mode / Dense Mode • JumboFrame • AC & DC input • Central MAC authentication • Time-based Access Control Lists • DHCP Tracker • ECMP,VRRP,QinQ • Traffic Redirection • Traffic Mirroring • Syslog Quidway S3928P 24-Port + 4 SFP
HUAWEI TECHNOLOGIES CO., LTD.
Target use: Advanced Enterprise wiring closet access switch; small aggregation Availability: Routing functions are totally distributed across all switches in the stack massively increasing performance and uptime Scalability: Extend connectivity with a mixture of PoE and fibre switches Connectivity: Jumbo Frames are supported on all gigabit uplinks for interoperability with equipment downstream Application-Aware: Advanced Time-Based ACLs are supported that can be automatically executed on a per user or machine basis
Enterprise Networking with S3900 Availability
Security
Quality of Service
• IP Unicast Routing - Static, RIPv1/v2, OSPF, • IP Multicast Routing • VRRP • DTP and PAgP • Dynamic VLANs • IGMP snooping • STP enhancements • Distributed L2/L3 functions • MAC address notification • DHCP interface tracker • CMS security wizard • Access control lists • Private VLAN edge • Port security • SNMPv3 • 802.1x • SSH
S3900 10/100M Desktops
Mission-Critical 10/100/1000M Workstations
Space -Constrained Server Racks
• Queue servicing: - Shaped round robin and strict priority queuing - Weighted tail drop - Ingress traffic policing - Egress traffic shaping • 802.1p CoS and DSCP • Congestion avoidance - Granular rate limiting - Jumbo Frames
HUAWEI TECHNOLOGIES CO., LTD.
Network Core
Agenda
Market Trends S3900 Overview S3900 Key Features V1.5 New Feature IRF RPS1000-A Feature Summary
End-to-End Intelligent Solution Summary
HUAWEI TECHNOLOGIES CO., LTD.
Features S3900 Features ✔VRRP (EI) ✔HGMPv2 ✔DHCP-SERVER (EI) ✔QINQ ✔GVRP ✔MVR ✔DLDP
HUAWEI TECHNOLOGIES CO., LTD.
Features (Cont.) S3900 Features ✔IGMP Snooping Fast Leave ✔DHCP Snooping Trust ✔DHCP Relay Security ✔DHCP Option 82 ✔802.1X and Mac address Authentication At the Same Time/ Port ✔802.1X with PEAP/TLS
HUAWEI TECHNOLOGIES CO., LTD.
Features (Cont.) S3900 Features ✔Dynamic VLAN Delivery ✔Guest VLAN ✔Jumbo Frame for SI ✔Group Policy ✔Protocol Based VLAN ✔SSHv2 ✔VCT (Virtual Circuit Test) ✔RSPAN (Remote Port Mirroring)
HUAWEI TECHNOLOGIES CO., LTD.
802.1X with PEAP/TLS Radius/EAP server
802.1X authentication Efficient port/MAC based Built-in 802.1X server Support EAP relay function
S5600 Series S3900 Authenticator
EAPoRadius
Benefits: ✔ Improve the security ✔ Provide AAA (Authentication, Authorization, Accounting) functions
EAPoL PC Supplicant
PC Supplicant
HUAWEI TECHNOLOGIES CO., LTD.
PC Supplicant
802.1X and MAC Authentication How can PC and IP phone be authenticated on the same port?
IP Phone
Without 802.1X Client
S3900 supports 802.1X and MAC Authentication at the Same Time on One Port PC
With 802.1X Client
Benefits: ✔ Authenticate devices with or without 802.1x Client at the same time
HUAWEI TECHNOLOGIES CO., LTD.
What is IRF ? Intelligent Resilient Framework •
Huawei-3Com’s industry leading stacking technology
•
Innovation of LAN switching
•
Create Intelligent Resilient Framework Network
•
Core features:
Distributed Device Management (DDM) Distributed Link Aggregation (DLA) Distributed Resilient Routing (DRR)
HUAWEI TECHNOLOGIES CO., LTD.
Distributed Fabric
I
R F Flexible High efficient Cost-effective
IRF Based Easy Management Distributed Device Management (DDM) •
All switches act as a single logical device
Stack Management
•
Resilient architecture provides access to
•
Single entity for SNMP, WEB and CLI Management
management in the event of ANY switch failing •
•
Rapid stack-wide feature configuration
•
Hot-insert and removal of switches
•
Automatic and manual stack configuration
•
Reduces configuration time
•
Stack up to 8 units
•
Improved monitoring responsiveness
3
ACL configurations in one screen with All the device View
4 4
3
1
2
Only one logical device
IRF fabric
HUAWEI TECHNOLOGIES CO., LTD.
S3900 IRF Stacking IRF Stacking •
Each switch uses the last two ports to provide a 2 * 2 Gbps stacking,
No extra hardware required •
Stack up to 8 units
•
Automatic or manual stack configuration
•
A return link provides rapid fail-over in the event of a normal link or unit failing
•
IRF Stack units together over 70Km apart
Normal Stacking Link: 1 Gbps UP / 1 Gbps DOWN Standby Stacking loop connection: 1 Gbps UP / 1 Gbps DOWN
Use SFP to link the units together
HUAWEI TECHNOLOGIES CO., LTD.
Quidway S3900
Basic Security Features • SNMPv3/ SSHv2 • Authorized IP for management: • support 16 authorized management IP
• User authentication • 802.1x • Centralized Mac authentication • Local password base authentication (128 users ) • Radius based authentication (1024 users)
• Packet Filtering • L2/L3/L4 • Time-based ACLs • ACL entries per port
• Others • DoS protection • DHCP security • Port Mirroring/Traffic Mirroring HUAWEI TECHNOLOGIES CO., LTD.
Device Security Advanced Device Security •
Access Levels – 4 levels can be set for multiple users
•
SNMPv3 / SSHv2 - Encrypt all SNMP and Telnet traffic to stop middle-man attacks 56bit / 168bit
•
Authorized IP - Lock access to the management interface by routed Access Control List
•
Switch Login (RADIUS) – Support RADIUS Authentication for CLI / Console and web interfaces. RADIUS return attribute will set individual privilege levels
•
Denial of Service Attack Preventions – Attacks to the host CPU sub systems and memory are protected via a traffic classification queuing system
•
Syslog - All commands can be tracked and sent to a Syslog server
HUAWEI TECHNOLOGIES CO., LTD.
Application-Aware Services • Advanced Traffic Management – Voice VLAN – All voice traffic can be automatically placed into a private secure VLAN; switch will detect VoIP phone OUI and register with the correct VLAN
– Traffic Redirection / Mirror – Mirror or redirect any type of network traffic based upon an ACL to any port
– Configurable Queue Processing – 8 hardware-
Define your own Classification rule and mask for the ACL
based queues; Strict Priority; Weighted Round Robin; Weighted Fair Queuing; WRED; WRR + SP
– Advanced Traffic Classification – All ACL classifications are available
– Traffic Actions – Remark DSCP; Drop or set the IPPrecedence, rate limit (64kbps granularity)
HUAWEI TECHNOLOGIES CO., LTD.
Define ACLs based upon Ingress & Egress Control Source / Destination IP Address Source / Destination MAC address Source / Destination TCP and/or UDP Port ICMP DSCP / COS / Precedence / TOS VLAN
Voice VLAN 1. Mac address 00E0-BB00-0000 mask ffff-ff00-0000 Voice VLAN 2. Ah! It is an IP Phone of Vendor A, B, C……( Totally, 16 Vendors) 3. Put the traffic from IP Phone into Voice VLAN automatically 4. Other traffic will be processed with lower priority
Voice Data Other Data
Voice Queue Data Queue 1 Data Queue 2
HUAWEI TECHNOLOGIES CO., LTD.
Benefits: ✔ Guarantee the QoS of voice data ✔ Improve the security
RPS1000-A Front Panel
HUAWEI TECHNOLOGIES CO., LTD.
RPS1000-A Rear Panel Two Outputs for PoE Device or Non PoE Device
The two main inputs are for the two PSUs in the RPS1000-A rack respectively
HUAWEI TECHNOLOGIES CO., LTD.
Six Outputs for Non PoE Device Only
S3900 Rear Panel S3900-SI rear panel, AC input socket
S3900-SI (1)
(2)
S3900-EI rear panel, AC input socket
S3900-EI rear panel, DC input socket.
S3900-EI (1)
(2)
RPS Connects Here! Only S3900-EI Supports RPS
HUAWEI TECHNOLOGIES CO., LTD.
(3)
Feature Summary •
•
•
Port Features – SPAN (Port Mirroring) – RSPAN (Remote Port Mirroring) – Port Isolation – Port Rate-limiting (64kbps) – IP + MAC + Port Binding – DUD (Disconnect Unauthorized Device) – DLDP (smillar to UDLD) – VCT (Virtual Cable Test) High Performance – 4 GE uplinks – 4K VLAN/16K MAC – Jumbo Frame High Reliability – STP/RSTP/MSTP – VRRP for S3900-EI – ECMP for S3900-EI – Redundant Power Supply for S3900-EI – Redundant Power Supply for S3900-EI – Distributed Layer 2 and Layer 3 IRF! – Layer 2/3 failover with nonstop forwarding IRF! – 4Gbps fault tolerant bidirectional stack interconnection IRF! – Cross-stack link aggregations technology, cross-stack QoS IRF!
HUAWEI TECHNOLOGIES CO., LTD.
Feature Summary (Cont.) •
•
Abundant Security – SSHv2 – SNMPv3 – MAC Black Hole – Disconnect Unauthorized Device – 802.1X with PEAP/TLS – Centralized MAC Address Authentication – Enable 802.1X and MAC Authentication on the same port – Dynamic VLAN Delivery/Guest VLAN – DHCP Relay Security – DHCP Snooping Trust Abundant QACL – WRED – 8 Queues/SP/WRR/WFQ/SP+WRR/SP+WFQ – CAR – Ingress & Egress ACL – ACL Traffic Limit – Traffic Classification/Traffic Shaping – Tail Drop – DSCP<->CoS – Voice VLAN
HUAWEI TECHNOLOGIES CO., LTD.
Feature Summary (Cont.) •
•
•
•
Multicast – MVR – IGMPv1/v2 Snooping – IGMPv1/v2 Snooping Fast Leave – PIM-SM/PIM-DM for S3900-EI – Extends Web-based management suite Ease Management – GVRP – SNMPv1/v2/v3 – HGMPv2 – One IP address and configuration file for entire stack IRF! – Extends Web-based management suite – Automatic stacking configuration of new units when connected to the stack IRF! Cost Effective – PoE – QinQ – 802.1X Server – DHCP Option 82 – DHCP Server for S3900-EI Return of Investment – High Performance/Cost Ratio – Seamless Network Expansion IRF!
HUAWEI TECHNOLOGIES CO., LTD.
Agenda
Market Trends S3900 Overview S3900 Key Features End-to-End Intelligent Solution Summary
HUAWEI TECHNOLOGIES CO., LTD.
S3900 Deployment Scenario Voice VLAN
Application server farm
POE IRF stacking
IRF king Stac
Quidway S5600
Quidway S5600
IRF king Stac
Quidway S3900 Quidway S3900 Quidway S3900
HUAWEI TECHNOLOGIES CO., LTD.
Quidway S3900
End-to-End Intelligent Solution Service System
Fully Standards Based Infrastructure Best of Breed Core Performance Industry leading Terabit Performance with investment protected backplane
Application server farm
S8500 Router AR4600
Industry Leading Performance Unique Distributed Resilient 96Gbps link via IRF Total Flexibility Comprehensive media flexibility for abundant applications
SecPath Security System
Unique Investment Protection S6500 Add Power over Ethernet anytime to the Switch S5600 S3900 S5600 Security Policy Control Security Automatic User Security Authentication, Authorisation and Accounting; Peace of mind for businesses
HUAWEI TECHNOLOGIES CO., LTD.
S3900 PoE: Powered, traffic optimized and secured by Switch 3900
Agenda
Market Trends S3900 Overview S3900 Key Features End-to-End Intelligent Solution Summary
HUAWEI TECHNOLOGIES CO., LTD.
Summary •
•
•
Enterprise-class services – High Availability: IP Routing, VRRP, MSTP, 802.1s/w, IGMP snooping, RPS – Security: ACL, port security, MAC address notify, RADIUS/TACAC+, 802.1x, SSHv2, SNMPv3, DUD, – Advanced QoS: Layer 2–4 QoS with CoS/DSCP, shaped round robin, WRR,strict priority queuing, Ingress and Egress ACL (only for S3900) – VOICE VLAN/PoE Abundant Security – SSHv2/SNMPv3 – 802.1X with PEAP/TLS, Centralized MAC Address Authentication/Enable 802.1X and MAC Authentication on the same port – Dynamic VLAN Delivery/Guest VLAN – DHCP Relay Security/DHCP Snooping Trust IRF technology – 4Gbps fault tolerant bidirectional stack interconnection – Distributed architecture – Layer 2/3 failover with nonstop forwarding – Cross-stack link aggregations technology, cross-stack QoS – Single network instance (IP, SNMP, CLI, STP, VLAN)
HUAWEI TECHNOLOGIES CO., LTD.
Summary (Cont.) • High performance – Gigabit Ethernet and Fast Ethernet configurations provide – Distributed Layer 2 and Layer 3 • Ease of management/deployment – One IP address and configuration file for entire stack – Extends Web-based management suite to Layer 2/3/4 services – Automatic stacking configuration of new units when connected to the stack • Return of Investment – High Performance/Cost Ratio – Seamless Network Expansion
HUAWEI TECHNOLOGIES CO., LTD.
Thank You www.huawei.com
Related Documents
En-s3900-sld-s3900 Series Switches Main Slides Issue 1
November 2019 0
En-s8500 Ethernet Switches Main Slides Issue 1
November 2019 0
En-s6500 Ethernet Switches Main Slides Issue 1
November 2019 0
Main Slides
May 2020 3
Series Tl 3301 Switches
June 2020 1