Ethernet
Switches
Quidway S5600 Intelligent
and Resilient Series Switches
Overview
The Quidway S5600 Series
Ethernet Switches are a new generation of multi-layer
switches that entirely fulfills the enterprise
customers' requirement of designing and implementing
a unified, highly resilient network. One of the
most important and innovative highlights of the
S5600 Series Ethernet Switch is the IRF (Intelligent
Resilient Framework) technology which presents
the very advantage of stackable technology. IRF
enables network managers to build adaptable networks
with high reliability, scalability and easy management.
S5600 Series represents the next generation desktop
switch, they provide high-density GE ports, 10GE
uplink, and hot-swappable power suppliers and
can be used in access layer of Gigabit Ethernet
network or in aggregation layer with high availability
as well as scalability.
The S5600 Series is available, offering a cost-effective
path for meeting current and future service requirements
from enterprises and commercial businesses. The
abundant features include advanced quality of
service (QoS), rate-limiting, access control lists
(ACLs), static and Routing Information Protocol
(RIP) routing, OSPF(Open Shortest Path First)
and IRF function (distributed device management,
distributed redundant routing and distributed
link aggregation), QinQ (VLAN-VPN), RSPAN (Remote
switched port analyzer), VCT (Virtual Cable Test),
Protocol-Based VLAN and Voice VLAN, SSH V2 (Secure
Shell V2), MVR (Multicast VLAN Registration),
EAD (Endpoint Admission Defense), DLDP (Device
Link Detection Protocol) and HGMP V2(Huawei group
management protocol V2), Multicast routing, DHCP
Server and VRRP (Virtual Redundancy Routing Protocol),
HWTACACS, BGP,MSDP (Multicast Source Discovery
Protocol), etc.
The S5600 Series Ethernet Switches include the
following models: S5624P, S5624P-PWR, S5648P,
S5648P-PWR and S5624F. Further more, S5624P/S5648P
can be upgraded to S5624P-PWR/S5648P-PWR by replacing
the power suppliers, thus great increase savings
on equipment investment of customers.

S5624P/S5624P-PWR have 24 Ethernet 10/100/1000
Base-T ports, 4 1000BASE-X SFP (combo), 2 dedicated
stacking ports and one expansion slot.
S5648P/S5648P-PWR have 48 Ethernet 10/100/1000Base-T
ports, 4 1000BASE-X SFP (combo), 2 dedicated stacking
ports and one expansion slot. S5624F has 24 Ethernet
1000Base-X SFP ports, 4 10/100/1000Base-T ports
(combo), 2 dedicated stacking ports and one expansion
slot. S5600-PWR model supports PoE, which transmit
power over Ethernet to endpoint-devices. The combo
ports in S5600 are combo of 10/100/1000BASE-T
and 1000BASE-X.
Features
Full Wire-speed, Multi-layer Switching
* S5600 series switch offers L2/L3 wire-speed
switching capacity. The 5600 series offers 10GE
uplink speed, satisfies the most demanding.
* The hardware supports L3 wire-speed switching,
and is able to identify and process the traffic
flows from L4-L7.
* With independent packet filters, all ports
distinguish different flows and forward them with
corresponding priority.
Innovative IRF technology
S5600 Series adopts an innovative technology,
Intelligent Resilient Framework, so bandwidth
can be expanded and upgraded smoothly. With IRF
technology, S5600 series switches can be stacked
up to 8 units, forming a distributed switching
fabric with up to 96G stacking bandwidth between
any two units. From the management and configuration
perspective, the distributed switches act as one
switching device and run as one logical entity,
while from a performance perspective,each switch
in the IRF framework can make local forwarding
decision both layer2 and layer3, the unit in the
fabric can backup each other. Most importantly,
IRF can provide the features that users are pressing
for: reliability, scalability and manageability.
* S5600 Series supports RMON on IRF. Customers
can collect RMON history and statistics data of
any units from any switch in the fabric.
* HGMP V2 on IRF function allows customers to
collect the information about the connection relations
of the devices in a network and candidate devices,
consequently maintaining and managing the cluster
topology.
* Peer fabric port detection function can decide
whether a device can join an IRF fabric or not.
The IRF technology provides: DDM (Distributed
Device Management), DRR (Distributed Resilient
Routing) and DLA (Distributed Link Aggregation).
* Distributed Device Management(DDM)
Distributed Device Management is the control system
for IRF technology, responsible for distributing
management and control information across the
IRF Distributed Fabric. DDM allows the entire
IRF Distributed Fabric to be managed as a single
logical entity. Management tasks are all performed
across the Distributed Fabric, minimizing complexity
and administration overheads. In addition, the
management IP address is shared across all units
in the IRF Distributed Fabric, ensuring continuous
device management and monitoring, in the event
of an outage in one of the interconnected switches.
* Distributed Resilient Routing (DRR)
Distributed Resilient Routing is an advanced routing
implementation that allows multiple interconnected
switches in an IRF Distributed Fabric to behave
as a single active routing entity. Unlike resilient
Layer 3 implementations such as VRRP and HSRP,
DRR intelligently distributes the routing load
across all switches in the Distributed Fabric
to optimize routing performance and make full
use of bandwidth capacity.
* Distributed Link Aggregation (DLA)
Distributed Link Aggregation allows networks and
IRF Distributed Fabrics to be coordinated with
switches at the edge of the network. With the
ability to multi-home across different units in
the IRF Distributed Fabric, the availability of
the entire network is dramatically increased.
Traffic is forwarded across all links in the Aggregated
Link to the fabric to optimize the use of available
capacity. DLA guarantees high levels of resiliency
since failure in one of the members of the Aggregated
Link results in automatic redistribution of traffic
across the remaining links.
Excellent PoE (Power over Ethernet) Supply
Function
S5600 series supplies PoE function for endpoint
devices, providing power over copper Ethernet
cable to endpoint (Powered Device, such as IP
phone, WLAN AP).
* S5600 series switch provides up to 48 simultaneous
full-powered PoE ports at 15.4W for maximum powered-device
support, such as IP telephony and wireless LAN
deployments. As PSE (Power Sourcing Equipment)
devices, all S5600 series Switches are 802.3af
compliant PoE switches.
* With PoE and Voice VLAN technology, these
innovative switches can provide the perfect solution
for a converged voice and data network.
* S5600 series switch supports PoE Profile,
which means PoE policy configurations applicable
to different user groups are stored in the corresponding
PoE Profiles. When users connect a PD device to
the port that currently has PoE Profile stored,
the switch will automatically apply the PoE configuration
defined in the corresponding port’s PoE Profile
to the PD device.
Flexible Security Control Policies
* Based on the longest match routing policy,
the S5600 Series forwards packets one by one ensuring
equal forwarding performance. This function can
guard the network against the attack by Code Red
and Worm Blaster, thereby guaranteeing equipment
security.
* The S5600 Series supports 802.1x authentication
to identify users who attempt to access the network.
With the 802.1x client version checking function
enabled on a switch, the switch checks the version
and validity of the 802.1x client running on supplicant
systems to prevent those that use earlier versions
of 802.1x client or illegal clients from logging
in.
* The S5600 Series supports 802.1x PEAP, With
PEAP employed, a security channel is created,
which is encrypted and is protected using transport
level security (TLS) to ensure integrity. And
authentication is carried out through a new type
of EAP (extensible authentication protocol) negotiation
between supplicant systems and authentication
servers.
* The S5600 Series supports 802.1x-trusted MAC
address. Trusted MAC address here refers to the
MAC address of a supplicant system that passes
802.1x authentication and MAC address-based authentication.
In this case, the MAC address becomes a trusted
Mac address. The 802.1x trusted MAC Address synchronization
function propagates the trusted MAC addresses
in IRF (intelligent resilient framework) if the
corresponding supplicant systems pass the authentication
performed by IRF-enabled switches.
* The S5600 Series supports Centralized MAC
address authentication, it controls accesses to
a network through ports and MAC addresses. This
kind of authentication requires no client software.
When operating in centralized MAC address authentication
mode, a switch begins to authenticate the user
if it detects a new user MAC address. Further
more, the S5600 Series can perform 802.1x authentication
and MAC address-based authentication simultaneously.
* The S5600 Series supports The Guest VLAN function,
this function enables supplicant systems that
are not authenticated to access specific resources
and thus perform the corresponding operations,
such as obtaining 802.1x client, upgrading client,
or obtaining other upgrading programs.
* The S5600 Series can also prevent unauthorized
access to the network by binding any combination
of MAC, IP and PORT.
* Secure Shell V2 (SSH V2) offers security information
protection and powerful authentication function
to safeguard the Ethernet switch from attacks
such as IP address spoofing and plain text cipher
interception.
High Reliability
* The S5600 series supports STP/RSTP and multi-VLAN
based on MSTP, greatly improving redundant back-up
for links and fault tolerance capability, so that
the network can run with high stability.
* The S5600 Series supports the optional RPS
(Redundant Power Supply), thus improving the fault
tolerance capability and normal network operation
duration. Power module of the S5600 Series is
hot-swappable.
* The S5600 series switches support VRRP, and
can build a VRRP back-up group with other L3 switches.
They can build a redundant route topological structure
when a fault occurs to guarantee communication
continuity and reliability, keeping network status
stable.
* The S5600 series supports VRRP backup group
port tracking function. With the function enabled,
customers can specify to track the link state
of the master’s uplink port and decrease the priority
of the switch when the port fails. This in turn
triggers the new master to be determined in the
backup group.
* The S5600 supports ECMP (Equal Cost Multi-path
Protocol) routing, which can be used for load
balance and routing redundancy.
Abundant QoS Policies
* The S5600 Series supports L2~L4 complex flow
classification based on source MAC address/destination
MAC address/source IP address/destination IP address/ports/protocols.
* The S5600 Series supports flexible queue scheduling
algorithms, which can be set on the basis of port
and queue at the same time. They support Strict
Priority (SP), Weighted Round Robin (WRR) and
SP+WRR; 8 priority queues and 2 drop precedence.
* The S5600 Series supports Committed Access
Rate (CAR) and limit the traffic speed in the
64Kbit/s granularity.
* The S5600 Series supports RSPAN (Remote switched
port analyzer). It breaks through the limitation
that the mirrored port and the mirroring port
have to be located in the same switch, and makes
it possible that the mirrored and mirroring ports
be located across several devices in the network,
and greatly enhances the way that the network
administrator can manage the switch.
* The S5600 Series supports the Synchronization
Feature of Queue Scheduling for Aggregation Ports.
This feature provides the synchronization function
of queue scheduling on each individual port of
the aggregation port group.
* The S5600 Series supports Delivery of ACL
by RADIUS, this function requires corporation
of devices and the CAMS server. Users need to
first define the ACL which is of numeric type,
and then deliver the ACL to the hardware of the
devices in the CAMS server through the configuration
of external groups.
* The S5600 Series can configure the Priority
for Protocol Packets. Each protocol packet has
its own priority. Customers can modify the priority
of the protocol packet with the help of relevant
QoS commands.
* The S5600 Series supports to configure the
control policy over Telnet, configuring the source
IP, destination IP, and source MAC to control
over. Also specify whether the control action
is permitting or denying access.
Diversified System Configuration and
Management Modes
* The S5600 Series supports Simple Network Management
Protocol (SNMP) v1/v2/v3 and RMON (Remote Monitoring)
v1, 1/2/3/9 groups of MIBs, they be managed by
NMS. They can be managed by general network management
platform such as OpenView, and Quidway network
management system.
* The S5600 Series supports Command Line Interface
(CLI), Web based network management, and modem
dial-up and TELNET which make the equipment management
more convenient.
* The S5600 Series supports HGMP V2 cluster
management. After enabling HGMP V2, the network
administrator can manage several member switches
through one command switch and only the command
switch need a public network IP address. It can
save public IP address greatly and manage the
network more efficiently.
* The S5600 Series supports SNMP Agent logging.
It means the network management operation logging
function logs operations can perform remotely
by administrators through SNMP.
Abundant System Maintenance and Debugging
Methods
* The S5600 Series supports System log, Hierarchical
alarm management and alarm filtering, Detailed
alarm/debug information output, Ping and Tracer,
they also support remote maintenance via Telnet
Modems and SSH.
* The S5600 Series supports NQA. It is a new
network diagnostic tool used to test the performance
of protocols operating on network and it is an
enhanced alternative to the ping command.
* The S5600 Series supports DLDP (Device Link
Detection Protocol). DLDP can detect the link
status of the optical fiber cable or copper twisted
pair. If DLDP finds a unidirectional link, it
disables the related port automatically or informs
users to disable it manually depending on specific
configuration, to avoid potential network problems.
* The S5600 Series supports Loopback detection
on ports, after users enable loopback detection
for Ethernet ports, the switch will monitor whether
the ports have loopback on a regular basis; if
the switch detects loopback for a particular port,
and it will put that port under control.
* The S5600 Series supports VCT (Virtual Cable
Test) which is convenient for troubleshooting.
Customers can start the virtual cable test (VCT)
to make the system test the cable connected to
the current electrical Ethernet port. The test
items include: whether short or open circuit exists
in the Rx/Tx direction of the cable, and what
is the length of the cable in normal status or
the length from the port to the fault point of
the cable.
|