Ethernet
Switches
Quidway S3500-EA
Series Ethernet Switches
Overview
Quidway S3500-EA Series
Ethernet Switches (the S3500-EA Series) are wire
speed L3 multi protocols intelligent switches
developed by Huawei Technologies. They are intelligent
network management switches intended for a network
environment where abundant features, high performance
and dense port distribution are required.
The Quidway S3500-EA Series are designed to accommodate
the convergence on Intranets and metropolitan
area networks (MANs) and to meet the requirements
at the access layer. Supporting IPv4/IPv6 double
stack, they offer abundant service features and
routing functionalities.
The S3500-EA Series Ethernet Switches include
the following models: S3528P-EA, S3528F-EA, S3552P-EA
and S3552F-EA.

Key Features and Benefits
Comprehensive Support to IPv6 - Protect customer's
investment effectively
Based on IPv4/IPv6 double stack, the Quidway
S3500-EA Series can support various IPv6 features
comprehensively, which makes them adapt well to
IPv4-only, IPv6-only and hybrid networks.
Abundant IPv6 routing protocols
Except Neighbor Discovery Protocol(NDP) and Path
Maximum Transport Unit(PMTU), the Quidway S3500-EA
Series also supports abundant IPv6 routing protocols,
mainly including: BGP4+, IS-IS v6, OSPFv3 and
RIPng.
IPv6 over IPv4 tunnel
The Quidway S3500-EA Series supports all main
IPv6 tunnels, including: 6to4 tunnel, ISATAP tunnel,
IPv4 compatible tunnel and manually configured
tunnel.
IPv6 multicast
* IGMP Snooping
* IGMPv1/v2/v3
* PIM-DM/SM
* Multicast Source Discovery Protocol
* MLDv1 snooping
IPv6 ACL
The Quidway S3500-EA Series supports traffic
classification based on source IPv6 address, destination
IPv6 address, Layer 4 port, protocol type, and
so on.
* Numeric basic IPv6 ACLs
Rules are defined based on Lay 3 source IPv6 address.
The value range for basic IPv6 ACL numbers is
2000 to 2999.
* Numeric advanced IPv6 ACLs
Rules are defined based on L3 source IP address,
destination IP address, source port, and destination
port. The value range for numeric advanced IPv6
ACL numbers is 3000 to 3999.
VRRPv3
VRRP is a fault-tolerant protocol that can improve
the reliability of the connection between a router
and an external network by providing a backup
mechanism.
VRRP ensures reliability by assigning the routers
on a LAN segment to a standby group. In this group,
there always exists a Master router to complete
the task of virtual router. All other routers
in the group serve as Backup to monitor the Master
all the time. When the Master fails to work, the
Backups will elect a new Master automatically
to provide routing services for the hosts on the
network segment.
IPv6 applications
The Quidway S3500-EA Series supports a range
of IPv6 applications on IPv6 network, such as
Ping IPv6, Tracert IPv6, IPv6 telnet and IPv6
TFTP.
Excellent Service Deployment and Guarantee Capability----Boost
customer's network usability and security greatly
Strong Multicast Capabilities (supporting IPv4/IPv6
multicast)
Quidway S3500-EA Series supports abundant
IPv4 and IPv6 multicast features, including:
* IGMPv3 Snooping
* IGMPv1/v2/v3
* PIM-DM/SM
* Multicast Source Discovery Protocol
Through these features, S3500-EA Series can greatly
save customer's network bandwidth and enable customer
to deploy a wide range of key network services.
VLAN VPN (QinQ, Selective QinQ)/VLAN
Translation Functionalities
VLAN VPN enables VLAN Tags of private networks
to be inserted in those of the public networks
so that the packets can travel across carrier's
network (public network) with double VLAN tag
carried. VLAN VPN is also known as QinQ. When
a packet of this type travels across the public
network, only the outer VLAN Tag (that is, the
public network VLAN Tag) is used and that of the
private network remains intact.
Compared with MPLS-based L2 VPN, VLAN
VPN has the following features:
* It provides simpler L2 VPN tunnels.
* It can be implemented through full-static configuration,
without the need of a signaling protocol.
Selective QinQ is also known as VLAN-based QinQ.
It determines whether or not an outer VLAN tag
is inserted into a packet on the user side. It
also determines the outer VLAN tag to be inserted
into a packet by the VLAN tag the packet carries.
VLAN Translation, also known as VLAN mapping
or VLAN switch, is mainly used in L2 networks.
A switch with VLAN translation enabled can translate
the VLAN IDs carried in the data packets it receives
from private networks into those used in the carrier's
network.
On the basis of strong VLAN features, on one
hand, Quidway S3500-EA Series is more cost-saving
and cost-effective for customer, since based on
Quidway S3500-EA Series powerful VLAN features,
customer can design and divide their network at
random according to their current and future needs
without purchasing more network devices. On the
other hand, Quidway S3500-EA Series provides customer
with great flexibility to deploy various key network
applications based on VLAN, such as internet access
and Video on Demand, and excellent network expandability
for further growth.
Diverse QoS/ACL Functionalities
Quidway S3500-EA Series supports powerful
ACL features, including:
* Numeric basic ACLs
Rules are defined based on L3 source IP address
only. The value range for numeric basic ACL numbers
is 2000 to 2999.
* Numeric advanced ACLs
Rules are defined based on L3 source IP address,
destination IP address, source port, and destination
port. The value range for numeric advanced ACL
numbers is 3000 to 3999.
* Numeric L2 ACLs
Rules are defined based on protocol type, 802.1p
priority, source MAC address, and destination
MAC address. The value range for numeric L2 ACL
numbers is 4000 to 4999.
* Numeric user-defined ACLs
A user-defined ACL performs a match on any byte
of the first 80 bytes in a L2 data packet and
then the packet is processed accordingly. The
value range for numeric user-defined ACL numbers
is 5000 to 5999.
Quidway S3500-EA Series supports the
following two types of ACL flow templates:
* User-defined flow templates, which are used
to in combination to implement user-defined ACLs.
* Default flow templates, which contain basic
fields except user-defined ACLs.
Through these ACLs, Quidway S3500-EA Series can
screen a wide range of invalid and vicious accesses
to protected customer's network and greatly enhancing
customer's networks security.
Quidway S3500-EA Series Ethernet Switches
support diverse QoS features, including:
* Flow-based traffic rate limit
By issuing the corresponding command, Customer
can configure a flow-based traffic rate limit
that limits the mean rate, peak rate, burst size,
maximum burst size, priority of traffic not exceeding
the threshold, and the priority of excessive traffic
of a specific flow. This prevents a data flow
from occupying all system bandwidth, thus avoiding
data flow congestion.
* Flow-based priority tag
This feature enables the switch to automatically
set IP priority, differentiated services code
point (DSCP) priority, 802.1P priority, and discard
priority for the data based on the type of flow
entering the port, so that a specific type of
data is processed in preference to others.
* Flow-based packet VLAN ID change
Customer can configure the switch to change the
VLAN ID of the specified type of incoming data
packets, so as to implement VLAN-based packet
redirection.
* Flow-based redirection of packets to another
port or IP next hop
This feature enables the switch to redirect incoming
packets to another port or IP next hop based on
the flow type of these packets. The S3500 series
supports packet redirection to IPv4 next hop and
IPv6 next hop.
* Flow-based traffic statistics
The switch can implement the traffic statistics
feature on a port to take statistics of the specified
type of incoming/outgoing flows that exceed or
do not exceed the traffic limit.
* Flow-based traffic mirroring
Customer can configure the switch to mirror the
specified type of traffic to another port so that
Customer can monitor and manage the data on the
network by using a traffic monitoring tool.
* Port-based queue scheduling
Queue scheduling addresses the resource contention
when the switch forwards multiple packets. There
are three queue scheduling algorithms: Strict
Priority (SP) and Weighted Round Robin (WRR).
Algorithms forward the packets in the egress queues
in their own principles.
* Port mirroring and RSPAN
Port mirroring is used to copy the data on the
monitored port to the specified monitoring port
for data analysis and monitoring.
Remote switched port analyzer (RSPAN) implements
remote port mirroring. It allows the mirrored
port and the mirroring port to be configured on
different switches.
* Port-based and queue-based traffic shaping
Traffic shaping is used to control traffic output
rate so that packets are output at an even rate.
* Port-based congestion avoidance
When congestion occurs, the switch releases queue
resources by dropping packets, while avoiding
putting packets in high-delay queues, thereby
eliminating the congestion.
High Security and Reliability -Guarantee customer's
network security and stability highly
Quidway S3500-EA Series provides overall
measures to meet customer's requirements for security,
mainly including:
* Hierarchical management and password protection
of users: S3500-EA Series divides command lines
into four levels: visitor, monitor, operator,
and administrator, in ascending order, which ensure
that different users get only their designated
privileges.
* IEEE 802.1X compliant access user authentication
enables the network access server (NAS) on a LAN
authenticate and control the connected customer
premises equipment (CPE) at the port level. In
implementing 802.1X, the S3500-EA Series not only
supports the port-based access authentication,
but also extends and optimizes it by:
a) Allowing a physical port to be connected
to several terminals
b) Supporting access control (namely, user authentication)
based on MAC address in addition to port
c) Binding the MAC address and IP address of an
authenticated user host to a VLAN
This greatly enhances the security,
operability and manageability of the system.
* AAA and RADIUS authentication
* HWTacacs+: primarily implements AAA for multiple
types of users in the server/client mode. It can
be used to authenticate, authorize, and account
PPP and VPDN access users and login users.
Besides, HWTacacs implements more reliable transmission
and encryption than RADIUS and therefore is more
suitable for security control.
* MAC-based centralized authentication maintains
a table of user MAC addresses. Upon detecting
a new user (by examining the source MAC address
of the packets), the switch enabled with this
function carries the MAC address as the username
and password for authenticating the new user.
If a match is found, the MAC address is added
to the corresponding port. This means the user
is authenticated. If no match is found, the packet
is discarded and user authentication fails.
* Port isolation means isolation of the ports
of a switch so that packets cannot be forwarded
between a port and another port (or another group
of ports). This prevents visiting between the
ports, secures user network, and allows a low-cost
intelligent community network to be built while
effectively controlling unnecessary broadcasting
and increasing the network throughput.
* IP + MAC + port binding
Customer can configure IPv4 addresses, MAC addresses,
and port binding on the S3500 series. If the IP
address or MAC address bound to a port is changed,
no packet with that MAC address or IP address
can be forwarded through the port.
* VRPP: VRRP is a fault-tolerant protocol that
can improve the reliability of the connection
between a router and an external network. VRRP
ensures reliability by assigning the routers on
a LAN segment to a standby group. In this group,
there always exists a Master router to complete
the task of virtual router. All other routers
in the group serve as Backup to monitor the Master
all the time. When the Master fails to work, the
Backups will elect a new Master automatically
to provide routing services for the hosts on the
network segment.
S3500-EA Series supports both VRPP v2
and v3, which are based on IPv4 and IPv6 respectively.
* Two power supply modules: allows for power
load balancing and redundant backup.
100M Downlink Access and 1,000M Uplink Access
and Hardware Forwarding----Improve customer's
network performance greatly
The Quidway S3500-EA Series provides 100 M downlink
access up to 52 and 1,000 Mbps uplink access up
to 4, which guarantee sufficient access bandwidth
and service quality of bandwidth-intensive and
time-sensitive network applications.
In addition, Quidway S3500-EA Series also supports
hardware forwarding, which breaks through the
bottle-neck of performance and thus greatly improving
customer's network performance.
Superior Manageability and Maintainability----Reduce
customer deployment and maintenance cost sharply
The Quidway S3500-EA Series provides various
simple and effective methods to facilitate customer
to manage and maintain network.
* Supporting SNMP: Simple Network Management
Protocol (SNMP) is currently the most widely used
network management protocol. It adopts a polling
mechanism and offers an underlying function set,
which is suitable for a networking environment
requiring a small size, high speed, and low cost.
* Supporting RMON: RMON is implemented on the
basis of the SNMP architecture and compatible
with the current SNMP framework, requiring no
modification to the protocol. RMON enables SNMP
to monitor remote network devices more effective
and actively. This provides a means of high-efficient
monitoring of subnet operation. Additionally,
RMON can also reduce the traffic between the network
management station and agents, thereby allowing
for simple and yet powerful management of large-scale
internets.
* Supporting HGMPv2:
HGMPv2 has the following advantages:
a) It simplifies configuration and management.
b) It enables topology discovery and display,
which facilitates network monitoring and debugging.
c) It allows customer to upgrade software and
configure parameters on multiple switches at the
same time.
d) It does not depend on network topology or distance.
e) It saves IP address.
* Supporting Virtual Cable Test (VCT): With
this way, Customer can conveniently test whether
a cable is short circuited or open and test the
length of faulty portion of the cable, so as to
locate the network fault.
* Supporting Secure Shell (SSH): SSH offers
security protection and powerful authentication
function to safeguard the router from attacks
such as IP address spoofing and plain text cipher
interception when a user logs in to a router from
an insecure network.
In addition, S3500-EA Series also supports Network
Time Protocol (NTP), Debug Information Output,
Ping and Tracert Command, NQA. These ways provide
powerful support to customer to administrate and
monitor network, as well to facilitate customer
to diagnose network fault quickly and conveniently.
|