1 / 48

H3C S3600 Series Switches

H3C S3600 Series Switches. Agenda. Market Trends S3600 Overview S3600 Key Features V1.5 New Feature IRF RPS1000-A Feature Summary End-to-End Intelligent Solution Summary. Agenda. Market Trends S3600 Overview S3600 Key Features End-to-End Intelligent Solution Summary.

dunnm
Download Presentation

H3C S3600 Series Switches

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. H3C S3600 Series Switches

  2. Agenda Market Trends S3600 Overview S3600 Key Features V1.5 New Feature IRF RPS1000-A Feature Summary End-to-End Intelligent Solution Summary

  3. Agenda Market Trends S3600 Overview S3600 Key Features End-to-End Intelligent Solution Summary

  4. How to manage/operate/control the network equipments located in different sites? How to avoid single failure on the networks ? How to Maximum the bandwidth for Voice traffic?How to ensure the critical applications? Challenges for Enterprise Networks Application server farm XE 200 Quidview Video- Server VCX How to make easy network expansion without any network interruption?

  5. Five Key Factors for Enterprise Network • Reliability • Achieving reliable networks is still a challenge • Network Management • Network management is a labor intensive and costly job • Intelligence • Effective Application-Awareness • Network Expansion • Continue to be a “puzzle” for network administrators – even the simplest expansion can bring hidden threats to reliability • Existing network expansion technologies are like adding a floor to an existing house – an “add on” but never “true part of it” • Security • To protect your network against illegal use / anonymous virus Video- Server

  6. New Generation Switches Innovation Video- Server Reliability Network Management Intelligence Network Expansion Security H3C S3600

  7. Agenda Market Trends S3600 Overview S3600 Key Features End-to-End Intelligent Solution Summary

  8. Comprehensive Switch Portfolio Core Modular Chassis Deployment Focus • Core • Distribution • Data center access/core service • High performance wiring closet • Multiple service options • Highest availability & 10/100/1000 densities • Abundant service modules • Wire-speed 10GE aggregation Video- Server S9500 Core Routing switch Mid-range Modular Chassis Deployment Focus • Medium wiring closet • Small/Medium Distribution/Core • Data center access/core • Large/Medium branch • Resilient L3 routing & Intelligent L4 services • Highest density 10/100/1000 • 10GE aggregation Gigabit / 10G S7500 modular chassis switch Advanced GE fixed configuration Deployment Focus • Resilient L3 routing & Intelligent L4 services • Medium density 10/100/1000 • Resilient stacking • 10GE uplinks • wiring closet • Middle branch office • Data center • Medium Network aggregation S5100/S5600 Intelligent Switch Optimized fixed configuration Deployment Focus • Wire-speed L2 switching and resilient L3/L4 services • 10/100 + 4 x GE uplinks • Resilient stacking • Advanced QoS mechanism • Small wiring closet • Small branch office • Small network aggregation • Desktop/Workgroup switch S3600 L2/3 Switch 10/100M Basic fixed configuration Deployment Focus • Wire-speed L2 switching • Stacking • Intelligent Service • Small wiring closet • Small branch office • Desktop/Workgroup switch S3100-SI L2 Switch

  9. S3600 FE Series Switches Video- Server S3600-52P-SI S3600-52P-EI S3600-52P- PWR-SI S3600-52P- PWR-EI S3600-28TP-SI S3600-28P-SI S3600-28P-EI S3600-28P- PWR - SI S3600-28P- PWR - EI S3600-28F-EI Switch Capacity : 12.8Gbps/17.6Gbps Forwarding rate: 9.5/11.78 Mpps • 24 / 48 10/100M Ethernet Ports • 4 x 1000 Base-X SFP Port • 802.3af POE compatible • 8 Hardware Queues • Voice VLAN • Enhanced L2-L4 functionalities • Static/RIP/OSPF(EI) • 802.1x local / external radius authentication • ACL both inbound and outbound direction Deployment Focus • Small wiring closet • Small branch office • Small network aggregation (EI) • Desktop/Workgroup switch

  10. S3600-SI Series Switches Features Switch 3600 -- The new choice for access networkdeployments Key Points Target use:Enterprise wiring closet access switch; branch office switch Availability: Simply power the switch via a standard AC input Scalability: Patented IRF technology automatically creates a stack of switches and allows single IP management; Extend connectivity with a mixture of PoE Connectivity: Each switch allows up to 4 active Gigabit ports with any combination of copper and/or fibre accepted Application-Aware: Automatically detects, prioritizes and places VoIP traffic in a separate VLAN Video- Server Includes Standard Image (SI) software IRF: Distributed Device Management Scalable to 384 10/100 + 32 SFP Built-in resilient loop stacking via SFP ports Features Highlights: 64 Static Routes Dynamic routing (RIPv1/2)– 1K entries 2K ARP Table Intelligent security services including 802.1X RADA – RADIUS Authenticated Device Access SSHv1.5 / SNMPv3 Full QoS Prioritisation and full classification 8 Egress Queues 4K Port-Based VLANs AC input 802.3ad Link Aggregation – up to 8 groups Multiple/Rapid Spanning Tree with STP Route Guard IGMP Snooping V1/V2 NTP / FTP Server and Client H3C S3600-28P(PWR) 24-Port + 4 SFP H3C S3600-28TP 24-Port + 2*10/100/1000Base-T+2SFP H3C S3600-52P(PWR) 48-Port + 4 SFP Port Configurations: 24 x 10/100 Ports + 4 SFP 48 x 10/100 Ports + 4 SFP

  11. S3600-EI Series Switches Features Switch 3600 -- The new choice for access network deployments Key Points Includes Enhanced Image (EI) software Includes ALL SI software plus: IRF Distributed Device Management Mix and match any S3600-EI product in a stack, including PWR Distributed Link Aggregation Allows up to 8 groups to be spread across any ports in the stack (8 FE / 4 GE per group) Distributed Resilient Routing All switches in the stack are actively routing and sharing LSDB and ARP tables RIP/OSPF Multicast Routing PIM Sparse Mode / Dense Mode JumboFrame AC & DC input Central MAC authentication Time-based Access Control Lists DHCP Tracker ECMP,VRRP,QinQ Traffic Redirection HWTACACS Traffic Mirroring Syslog Target use: Advanced Enterprise wiring closet access switch; small aggregation Availability: Routing functions are totally distributed across all switches in the stack massively increasing performance and uptime Scalability: Extend connectivity with a mixture of PoE and fibre switches Connectivity: Jumbo Frames are supported on all gigabit uplinks for interoperability with equipment downstream Application-Aware: Advanced Time-Based ACLs are supported that can be automatically executed on a per user or machine basis Video- Server H3C S3600-28P(PWR) 24-Port + 4 SFP H3C S3600-52P(PWR) 48-Port + 4 SFP H3C S3600-28F 24-Port + 2 SFP + 2 1000BaseT

  12. Enterprise Networking with S3600 • IP Unicast Routing • - Static, RIPv1/v2, OSPF, • IP Multicast Routing • VRRP • DTP and PAgP • Dynamic VLANs • IGMP snooping • STP enhancements • Distributed L2/L3 functions S3600 Availability 10/100M Desktops Video- Server Mission-Critical 10/100/1000M Workstations Security • MAC address notification • DHCP interface tracker • CMS security wizard • Access control lists • Private VLAN edge • Port security • SNMPv3 • 802.1x • SSH Space -Constrained Server Racks • Queue servicing: • - Shaped round robin and strict priority queuing • - Weighted tail drop • - Ingress traffic policing • - Egress traffic shaping • 802.1p CoS and DSCP • Congestion avoidance • - Granular rate limiting • - Jumbo Frames Qualityof Service Network Core

  13. Agenda Market Trends S3600 Overview S3600 Key Features V1.5 New Feature IRF RPS1000-A Feature Summary End-to-End Intelligent Solution Summary

  14. S3600 V1.5 New Features New! • 802.1X and Mac address Authentication At the Same Time/ Port • 802.1X with PEAP/TLS • Dynamic VLAN Delivery • Guest VLAN • Jumbo Frame for SI • Group Policy • Protocol Based VLAN • SSHv2 • VCT (Virtual Circuit Test) • RSPAN (Remote Port Mirroring) • HWTACACS • VRRP (EI) • HGMPv2 • DHCP-SERVER (EI) • QINQ • GVRP • MVR • DLDP • IGMP Snooping Fast Leave • DHCP Snooping Trust • DHCP Relay Security • DHCP Option 82

  15. VRRP VRRP (Virtual Router Redundancy Protocol) In the VRRP router Standby Group, there always exists a Master router to complete the task of virtual router. All other routers in the group serve as Backup to monitor the Master all the time. When the Master fails to work, the Backups will elect a new Master automatically to fulfill the task. Master Router Backup Router Benefits: • Improve the network reliability • Transparent to the end users S3600

  16. HGMPv2 HGMP (Huawei Group Management Protocol) H3C S5600 series • S5600 series are designated as command switch • S3600 series automatically join the cluster after startup as member switches • Handshake and status maintenance between S5600 and S3600 series • Alarm failure and recovery on line …… Command Switch HGMP Member Switches Benefits: • Save IP address for network management • Easy to install and maintain H3C S3600 series H3C S3600 series

  17. QinQ Without QinQ Video- Server With QinQ Benefits: • Save VLAN Resource

  18. header header user vlan user vlan data data header 20 user vlan data QinQ Application for Service Provider Video- Server VLAN 100 VLAN 200 VLAN 20 VLAN 30 VLAN 200 VLAN 30 VLAN 20 Service provider • Tunnel port for assigning or extracting exterior VLAN tag • Client side: single tag, PE side: double tags. VLAN 100

  19. 802.1X with PEAP/TLS 802.1X authentication Radius/EAP server • Efficient port/MAC based • Built-in 802.1X server • Support EAP relay function S5600 Series S3600 Authenticator Benefits: • Improve the security • Provide AAA (Authentication, Authorization, Accounting) functions PC Supplicant PC Supplicant PC Supplicant

  20. 802.1X and MAC Authentication How can PC and IP phone be authenticated on the same port? IP Phone Without 802.1X Client S3600 supports 802.1X and MAC Authentication at the Same Time on One Port Benefits: • Authenticate devices with or without 802.1x Client at the same time With 802.1X Client PC

  21. Dynamic VLAN via 802.1x 3. Authenticated by user name and password, if legality,assign the dynamic vlan Solve user roaming Video- Server DHCP Server CAMS Core 4、Authenticated legally,users accept the vlanid ,ACL,/usage parameter control sended by CAMS, and accquire the IP 5. User can access Internet after getting IP address, then IP+MAC+VLAN binding by switch. S3600 1. User authentication initiate. 2. User can’t access anywhere and get IP address before authentication. S3100

  22. VCT (Virtual Cable Test) Benefits: • Easy maintenance • Save labour H3C S3600 X

  23. Distributed Fabric Intelligent I Resilient Framework R F Flexible High efficient Cost-effective What is IRF ? Intelligent Resilient Framework • Huawei-3Com’s industry leading stacking technology • Innovationof LAN switching • Create Intelligent Resilient Framework Network • Core features: Distributed Device Management (DDM) Distributed Link Aggregation (DLA) Distributed Resilient Routing (DRR) Video- Server

  24. IRF Based Easy Management Distributed Device Management (DDM) All switches act as a single logical device Resilient architecture provides access to management in the event of ANY switch failing Rapid stack-wide feature configuration Hot-insert and removal of switches Automatic and manual stack configuration Stack up to 8 units Stack Management Single entity for SNMP, WEB and CLI Management ACL configurations in one screen with All the device View Reduces configuration time Improved monitoring responsiveness Video- Server 3 4 4 3 1 2 Only one logical device IRF fabric

  25. S3600 IRF Stacking IRF Stacking • Each switch uses the last two ports to provide a 2 * 2 Gbps stacking, • No extra hardware required • Stack up to 8 units • Automatic or manual stack configuration • A return link provides rapid fail-over in the event of a normal link or unit failing • IRF Stack units together over 70Km apart H3C S3600 Video- Server Normal Stacking Link: 1 Gbps UP / 1 Gbps DOWN Standby Stacking loop connection: 1 Gbps UP / 1 Gbps DOWN Use SFP to link the units together

  26. IRF Based Network Expansion Distributed Link Aggregation (DLA) Video- Server Creates incredibly resilient network design Allows connections from ANY port across the fabric to be connected together using IEEE 802.3ad LACP – as aggregated links  DLA will facilitate the re-distribution of traffic in case of any uplink fail H3C S5600 H3C S3600 H3C S3600 4 Gbps Load-balanced LAG

  27. ROUTER TABLE VLAN 1 0.0.0.0 255.255.0.1 IRF Based Resilient Network Distributed Resilient Routing (DRR) Changes traditional L3 forwarding of stack devices with implementing new distributed L3 forwarding procedure Each unit provides local L3 switching and holds distributed routing tables Unit failure in the IRF stack will not affect routing for the other units Master device is not required – all commands and data are synchronized across all units Video- Server Router Interface information is synchronised across all switches L3 traffic can be handled locally by the switch and intelligently passed up or down the IRF stack 1 VLAN 1 2 VLAN 2

  28. L3 forwarding Traditional stack devices IRF stack devices • Any Unit of a Fabric has a complete L3 forwarding capacity • When receiving a L3 packet to be forwarded, the Unit • directly obtains the egress port and next hop of the packets IRF Based Resilient Network Distributed Resilient Routing (DRR) Router1 IP packet Video- Server Unit1 Unit2 Router2 • Only the active unit device (Unit 1) has the L3 • forwarding capability • Other unit devices have to deliver the received packets • to the active unit device for L3 forwarding Unit4 Unit3 Router3 Normal stack Router4 Router1 IP packet Unit1 Unit2 Router2 Unit4 Unit3 Router3 IRF based Distributed forwarding Router4

  29. Basic Security Features • SNMPv3/SSHv2 • Authorized IP for management: • support 16 authorized management IP • User authentication • 802.1x • Centralized Mac authentication • Local password base authentication (128 users ) • Radius based authentication (1024 users) • Packet Filtering • L2/L3/L4 • Time-based ACLs • ACL entries per port • Others • DoS protection • DHCP security • Port Mirroring/Traffic Mirroring Video- Server

  30. Device Security Advanced Device Security Access Levels– 4 levels can be set for multiple users SNMPv3 / SSHv2 - Encrypt all SNMP and Telnet traffic to stop middle-man attacks 56bit / 168bit Authorized IP - Lock access to the management interface by routed Access Control List Switch Login (RADIUS)– Support RADIUS Authentication for CLI / Console and web interfaces. RADIUS return attribute will set individual privilege levels Denial of Service Attack Preventions– Attacks to the host CPU sub systems and memory are protected via a traffic classification queuing system Syslog - All commands can be tracked and sent to a Syslog server Video- Server

  31. Application-Aware Services • Advanced Traffic Management • Voice VLAN–All voice traffic can be automatically placed into a private secure VLAN; switch will detect VoIP phone OUI and register with the correct VLAN • Traffic Redirection / Mirror–Mirror or redirect any type of network traffic based upon an ACL to any port • Configurable Queue Processing–8 hardware-based queues;Strict Priority; Weighted Round Robin; Weighted Fair Queuing; WRED; WRR + SP • Advanced Traffic Classification–All ACL classifications are available • Traffic Actions–Remark DSCP; Drop or set the IP-Precedence, rate limit (64kbps granularity) Video- Server • Define your own • Classification rule and mask for the ACL Define ACLs based upon Ingress & Egress Control Source / Destination IP Address Source / Destination MAC address Source / Destination TCP and/or UDP Port ICMP DSCP / COS / Precedence / TOS VLAN

  32. 1. Mac address 00E0-BB00-0000 mask ffff-ff00-0000 2. Ah! It is an IP Phone of Vendor A, B, C……( Totally, 16 Vendors) 3. Put the traffic from IP Phone into Voice VLAN automatically 4. Other traffic will be processed with lower priority Voice Data Other Data Voice VLAN Voice VLAN Voice Queue Benefits: • Guarantee the QoS of voice data • Improve the security Data Queue 1 Data Queue 2

  33. RPS1000-A Front Panel

  34. RPS1000-A Rear Panel Six Outputs for Non PoE Device Only Two Outputs for PoE Device or Non PoE Device The two main inputs are for the two PSUs in the RPS1000-A rack respectively

  35. S3600 Rear Panel S3600-SI rear panel, AC input socket S3600-SI S3600-EI rear panel, AC input socket S3600-EI rear panel, DC input socket. S3600-EI RPS Connects Here! Only S3600-EI Supports RPS

  36. RPS1000-A Connects to PoE Device Two Outputs for PoE Device or Non PoE Device BOM:0404A053 - Cable with JD5 type connector for PoE switches

  37. RPS1000-A Connects to Non PoE Device Two Outputs for PoE Device or Non PoE Device Six Outputs for Non PoE Device Only BOM:0404A055 - Cable with JD5 type connector for Non-PoE switches BOM:0404A054 - Cable with JD5-A type connector for Non-PoE switches

  38. Feature Summary • Port Features • SPAN (Port Mirroring) • RSPAN (Remote Port Mirroring) New! • Port Isolation • Port Rate-limiting (64kbps) • IP + MAC + Port Binding • DUD (Disconnect Unauthorized Device) New! • DLDP (smillar to UDLD) New! • VCT (Virtual Cable Test) New! • High Performance • 4 GE uplinks • 4K VLAN/16K MAC • Jumbo Frame • High Reliability • STP/RSTP/MSTP • VRRP for S3600-EI New! • ECMP for S3600-EI • Redundant Power Supply for S3600-EI • Redundant Power Supply for S3600-EI • Distributed Layer 2 and Layer 3 IRF! • Layer 2/3 failover with nonstop forwarding IRF! • 4Gbps fault tolerant bidirectional stack interconnection IRF! • Cross-stack link aggregations technology, cross-stack QoS IRF! Video- Server

  39. Feature Summary (Cont.) • Abundant Security • SSHv2 New! • SNMPv3 • MAC Black Hole • Disconnect Unauthorized Device • 802.1X with PEAP/TLS New! • Centralized MAC Address Authentication • Enable 802.1X and MAC Authentication on the same port New! • Dynamic VLAN Delivery/Guest VLAN New! • DHCP Relay Security New! • DHCP Snooping Trust New! • Abundant QACL • WRED • 8 Queues/SP/WRR/WFQ/SP+WRR/SP+WFQ • CAR • Ingress & Egress ACL • ACL Traffic Limit • Traffic Classification/Traffic Shaping • Tail Drop • DSCP<->CoS • Voice VLAN Video- Server

  40. Feature Summary (Cont.) • Multicast • MVR New! • IGMPv1/v2 Snooping • IGMPv1/v2 Snooping Fast Leave New! • PIM-SM/PIM-DM for S3600-EI • Extends Web-based management suite • Ease Management • GVRP New! • SNMPv1/v2/v3 • HGMPv2 New! • One IP address and configuration file for entire stack IRF! • Extends Web-based management suite • Automatic stacking configuration of new units when connected to the stack IRF! • Cost Effective • PoE • QinQ New! • 802.1X Server • DHCP Option 82 New! • DHCP Server for S3600-EI New! • Return of Investment • High Performance/Cost Ratio • Seamless Network Expansion IRF! Video- Server

  41. Agenda Market Trends S3600 Overview S3600 Key Features End-to-End Intelligent Solution Summary

  42. Application server farm XE 200 Quidview Video- Server VCX IRF Stacking H3C S5600 H3C S5600 IRF Stacking H3C S3600 H3C S3600 H3C S3600 H3C S3600 S3600 Deployment Scenario • Voice VLAN • POE • IRF stacking Video- Server

  43. Best of Breed Core Performance Industry leading Terabit Performance with investment protected backplane Industry Leading Performance Unique Distributed Resilient 96Gbps link via IRF Total Flexibility Comprehensive media flexibility for abundant applications Unique Investment Protection Add Power over Ethernetanytime to the Switch S5600 Security Policy Control Security Automatic User Security Authentication, Authorisation and Accounting; Peace of mind for businesses PoE:Powered, traffic optimized and secured by Switch 3600 End-to-End Intelligent Solution Service System Fully Standards Based Infrastructure Application server farm E- mail CRM Video- Server S9500 SCM VCX Router AR4600 SecPath Security System S7500 S3600 S5600 S3600

  44. Shinsei Bank Office Building Network Backbone Network IP Phone PC Data Video- Server Multicast OSPF S9505 S9505 DHCP Server S5516 S5516 S5516 S5516 VRRP VRRP RSTP Root RSTP Root S3600-52-PWR-EI S3600-52P-PWR-EI S3600-52-PWR-EI S3600-52P-PWR-EI PC Data and IP Phone data are forwarded into different VLAN. IP Phone IP Phone Power over Ethernet S3600-52P-PWR-EI Voice VLAN method set IP Phone packets with high priority. PC PC • Shinsei Bank is one of the first group customers in Japan who introduced IP Phone Solution into their enterprises’ network. • Reliability ensured by dual-host, dual-homing, VRRP and RSTP • Voice VLAN and PoE deployment

  45. Agenda Market Trends S3600 Overview S3600 Key Features End-to-End Intelligent Solution Summary

  46. IRF based Easy management Network Application-Awareness IRF based Network Expansion H3C S3600 Advanced Network Security IRF based Resilient Network Summary • Enterprise-class services • High Availability: IP Routing, VRRP, MSTP, 802.1s/w, IGMP snooping, RPS • Security: ACL, port security, MAC address notify, RADIUS/TACAC+, 802.1x, SSHv2, SNMPv3, DUD, • Advanced QoS: Layer 2–4 QoS with CoS/DSCP, shaped round robin, WRR,strict priority queuing, Ingress and Egress ACL (only for S3600) • VOICE VLAN/PoE • Abundant Security • SSHv2/SNMPv3 • 802.1X with PEAP/TLS, Centralized MAC Address Authentication/Enable 802.1X and MAC Authentication on the same port • Dynamic VLAN Delivery/Guest VLAN • DHCP Relay Security/DHCP Snooping Trust • IRF technology • 4Gbps fault tolerant bidirectional stack interconnection • Distributed architecture • Layer 2/3 failover with nonstop forwarding • Cross-stack link aggregations technology, cross-stack QoS • Single network instance (IP, SNMP, CLI, STP, VLAN) Video- Server Low TCO

  47. IRF based Easy management Network Application-Awareness IRF based Network Expansion H3C S3600 Advanced Network Security IRF based Resilient Network Summary (Cont.) • High performance • Gigabit Ethernet and Fast Ethernet configurations provide • Distributed Layer 2 and Layer 3 • Ease of management/deployment • One IP address and configuration file for entire stack • Extends Web-based management suite to Layer 2/3/4 services • Automatic stacking configuration of new units when connected to the stack • Return of Investment • High Performance/Cost Ratio • Seamless Network Expansion Video- Server Low TCO

  48. Any Questions?

More Related