Thank You
HUAWEI TECHNOLOGIES CO., LTD.
All rights reserved
www.huawei.com
S3900 Series Switches Main Slides
HUAWEI TECHNOLOGIES CO., LTD.
Agenda
S3900 OverviewS3900 Overview
S3900 Key FeaturesS3900 Key Features
End-to-End Intelligent Solution End-to-End Intelligent Solution
SummarySummary
HUAWEI TECHNOLOGIES CO., LTD.
Five Key Factors for Enterprise Network
• ReliabilityReliability– Achieving reliable networks is still a challenge
• Network ManagementNetwork Management– Network management is a labor intensive and costly job
• IntelligenceIntelligence– Effective Application-Awareness
• Network ExpansionNetwork Expansion– Continue to be a “puzzle” for network administrators – even the
simplest expansion can bring hidden threats to reliability– Existing network expansion technologies are like adding a floor
to an existing house – an “add on” but never “true part of it”
• SecuritySecurity– To protect your network against illegal use / anonymous virus
HUAWEI TECHNOLOGIES CO., LTD.
Comprehensive Switch Portfolio
S3000-EI L2 SwitchS3000-EI L2 Switch
S3900/S3500 L2/3 SwitchS3900/S3500 L2/3 Switch
S5000/S5600 Intelligent SwitchS5000/S5600 Intelligent Switch
S6500 modular chassis switchS6500 modular chassis switch
S8500 Core Routing switchS8500 Core Routing switch
Core Modular ChassisCore Modular Chassis Deployment FocusDeployment Focus
• Multiple service options• Highest availability & 10/100/1000 densities• Abundant service modules• Wire-speed 10GE aggregation
• Core• Distribution• Data center access/core service• High performance wiring closet
Mid-range Modular ChassisMid-range Modular Chassis Deployment FocusDeployment Focus
• Resilient L3 routing & Intelligent L4 services • Highest density 10/100/1000• 10GE aggregation
• Medium wiring closet• Small/Medium Distribution/Core• Data center access/core • Large/Medium branch
Advanced GE fixed configurationAdvanced GE fixed configuration Deployment FocusDeployment Focus• Resilient L3 routing & Intelligent L4 services • Medium density 10/100/1000• Resilient stacking• 10GE uplinks
• wiring closet• Middle branch office• Data center• Medium Network aggregation
Optimized fixed configurationOptimized fixed configuration Deployment FocusDeployment Focus• Wire-speed L2 switching and resilient L3/L4 services• 10/100 + 4 x GE uplinks • Resilient stacking• Advanced QoS mechanism
• Small wiring closet• Small branch office• Small network aggregation • Desktop/Workgroup switch
Basic fixed configurationBasic fixed configuration Deployment FocusDeployment Focus• Wire-speed L2 switching • Stacking• Intelligent Service
• Small wiring closet• Small branch office• Desktop/Workgroup switch
Gig
ab
it /
10
G1
0/1
00
M
S2000-EI SwitchS2000-EI Switch
HUAWEI TECHNOLOGIES CO., LTD.
S3900 FE Series Switches
24 / 48 10/100M Ethernet Ports24 / 48 10/100M Ethernet Ports
4 x 10004 x 1000 Base-X SFP Port Base-X SFP Port
802.3af POE compatible802.3af POE compatible
8 Hardware Queues8 Hardware Queues
Voice VLANVoice VLAN
Enhanced L2-L4 functionalitiesEnhanced L2-L4 functionalities
Static/RIP/OSPF(EI)Static/RIP/OSPF(EI)
802.1x local802.1x local / external radius authentication / external radius authentication
ACL both inbound and ACL both inbound and outboundoutbound direction direction
24 / 48 10/100M Ethernet Ports24 / 48 10/100M Ethernet Ports
4 x 10004 x 1000 Base-X SFP Port Base-X SFP Port
802.3af POE compatible802.3af POE compatible
8 Hardware Queues8 Hardware Queues
Voice VLANVoice VLAN
Enhanced L2-L4 functionalitiesEnhanced L2-L4 functionalities
Static/RIP/OSPF(EI)Static/RIP/OSPF(EI)
802.1x local802.1x local / external radius authentication / external radius authentication
ACL both inbound and ACL both inbound and outboundoutbound direction direction
Switch Capacity : 12.8Gbps/17.6Gbps
Forwarding rate: 9.5/11.78 Mpps
Deployment FocusDeployment Focus
• Small wiring closetSmall wiring closet• Small branch officeSmall branch office• Small network aggregation (EI)Small network aggregation (EI)• Desktop/Workgroup switchDesktop/Workgroup switch
S3928F-EIS3928F-EI S3952P-SIS3952P-SIS3952P-EIS3952P-EIS3952P- PWR-EIS3952P- PWR-EI
S3928TP-SIS3928TP-SIS3928P-SIS3928P-SIS3928P-EIS3928P-EIS3928P- PWR - EI S3928P- PWR - EI
HUAWEI TECHNOLOGIES CO., LTD.
S3900-SI Series Switches Features
Target use: Enterprise wiring closet access switch; branch office switch
Availability: Simply power the switch via a standard AC input
Scalability: Patented IRF technology automatically creates a stack of switches and allows single IP management
Connectivity: Each switch allows up to 4 active Gigabit ports with any combination of copper and/or fibre accepted
Application-Aware: Automatically detects, prioritizes and places VoIP traffic in a separate VLAN
Port Configurations:24 x 10/100 Ports + 4 SFP48 x 10/100 Ports + 4 SFP
Includes Standard Image (SI) software
IRF: Distributed Device Management • Scalable to 384 10/100 + 32 SFP• Mix and match any 3900-SI product in a stack• Built-in resilient loop stacking via SFP ports
Features Highlights:• 64 Static Routes• Dynamic routing (RIPv1/2) – 1K entries• 2K ARP Table • Intelligent security services including 802.1X• RADA – RADIUS Authenticated Device Access• SSHv1.5 / SNMPv3• Full QoS Prioritisation and full classification• 8 Egress Queues• 4K Port-Based VLANs• AC input• 802.3ad Link Aggregation – up to 8 groups• Multiple/Rapid Spanning Tree with STP Route Guard• IGMP Snooping V1/V2• NTP / FTP Server and Client
Key Points
Switch 3900 -- The new choice for access network deployments
Quidway S3928P 24-Port + 4 SFP
Quidway S3952P 48-Port + 4 SFP
Quidway S3928TP 24-Port + 2*10/100/1000Base-T+2SFP
HUAWEI TECHNOLOGIES CO., LTD.
S3900-EI Series Switches Features
Target use: Advanced Enterprise wiring closet access switch; small aggregation
Availability: Routing functions are totally distributed across all switches in the stack massively increasing performance and uptime
Scalability: Extend connectivity with a mixture of PoE and fibre switches
Connectivity: Jumbo Frames are supported on all gigabit uplinks for interoperability with equipment downstream
Application-Aware: Advanced Time-Based ACLs are supported that can be automatically executed on a per user or machine basis
Includes Enhanced Image (EI) software• Includes ALL SI software plus:IRF• Distributed Device Management
Mix and match any S3900-EI product in a stack, including PWR
• Distributed Link AggregationAllows up to 8 groups to be spread across any ports in the stack (8 FE / 4 GE per group)
• Distributed Resilient RoutingAll switches in the stack are actively routing and sharing LSDB and ARP tablesRIP/OSPFMulticast Routing PIM Sparse Mode / Dense Mode
• JumboFrame• AC & DC input• Central MAC authentication• Time-based Access Control Lists• DHCP Tracker• ECMP,VRRP,QinQ• Traffic Redirection• Traffic Mirroring• Syslog
Key Points
Switch 3900 -- The new choice for access network deployments
Quidway S3928P 24-Port + 4 SFP
Quidway S3952P 48-Port + 4 SFP
Quidway S3928P 24-Port + 4 SFP PWR
Quidway S3952P 48-Port + 4 SFP PWR
Quidway S3928F 24-Port + 2 SFP + 2 1000BaseT
HUAWEI TECHNOLOGIES CO., LTD.
Enterprise Networking with S3900
10/100M Desktops10/100M Desktops
Space -ConstrainedSpace -ConstrainedServer RacksServer Racks
Mission-CriticalMission-Critical10/100/1000M10/100/1000MWorkstationsWorkstations
Network CoreNetwork Core
AvailabilityAvailability• IP Unicast Routing
- Static, RIPv1/v2, OSPF, • IP Multicast Routing• VRRP• DTP and PAgP• Dynamic VLANs• IGMP snooping• STP enhancements• Distributed L2/L3 functions
• MAC address notification• DHCP interface tracker• CMS security wizard• Access control lists• Private VLAN edge• Port security • SNMPv3• 802.1x• SSH
SecuritySecurity
• Queue servicing:- Shaped round robin and strict priority queuing- Weighted tail drop- Ingress traffic policing- Egress traffic shaping
• 802.1p CoS and DSCP• Congestion avoidance
- Granular rate limiting- Jumbo Frames
QualityQuality of of
ServiceService
S3900
HUAWEI TECHNOLOGIES CO., LTD.
Market TrendsMarket Trends
S3900 OverviewS3900 Overview
S3900 Key FeaturesS3900 Key Features V1.5 New FeatureV1.5 New Feature
IRFIRF
RPS1000-ARPS1000-A
Feature SummaryFeature Summary
End-to-End Intelligent Solution End-to-End Intelligent Solution
SummarySummary
Agenda
HUAWEI TECHNOLOGIES CO., LTD.
Features
S3900 Features✔VRRP (EI)
✔HGMPv2
✔DHCP-SERVER (EI)
✔QINQ
✔GVRP
✔MVR
✔DLDP
S3900 Features✔VRRP (EI)
✔HGMPv2
✔DHCP-SERVER (EI)
✔QINQ
✔GVRP
✔MVR
✔DLDP
HUAWEI TECHNOLOGIES CO., LTD.
Features (Cont.)
S3900 Features✔IGMP Snooping Fast Leave
✔DHCP Snooping Trust
✔DHCP Relay Security
✔DHCP Option 82
✔802.1X and Mac address Authentication At the Same Time/ Port
✔802.1X with PEAP/TLS
S3900 Features✔IGMP Snooping Fast Leave
✔DHCP Snooping Trust
✔DHCP Relay Security
✔DHCP Option 82
✔802.1X and Mac address Authentication At the Same Time/ Port
✔802.1X with PEAP/TLS
HUAWEI TECHNOLOGIES CO., LTD.
Features (Cont.)
S3900 Features✔Dynamic VLAN Delivery
✔Guest VLAN
✔Jumbo Frame for SI
✔Group Policy
✔Protocol Based VLAN
✔SSHv2
✔VCT (Virtual Circuit Test)
✔RSPAN (Remote Port Mirroring)
S3900 Features✔Dynamic VLAN Delivery
✔Guest VLAN
✔Jumbo Frame for SI
✔Group Policy
✔Protocol Based VLAN
✔SSHv2
✔VCT (Virtual Circuit Test)
✔RSPAN (Remote Port Mirroring)
HUAWEI TECHNOLOGIES CO., LTD.
802.1X with PEAP/TLS
802.1X authentication
PCSupplicant
S5600 Series
Radius/EAP server
EAPoL
EAPoRadiusS3900
Authenticator
PCSupplicant
PCSupplicant
Benefits: ✔ Improve the security
✔ Provide AAA (Authentication, Authorization, Accounting) functions
Benefits: ✔ Improve the security
✔ Provide AAA (Authentication, Authorization, Accounting) functions
Efficient port/MAC basedBuilt-in 802.1X serverSupport EAP relay function
HUAWEI TECHNOLOGIES CO., LTD.
802.1X and MAC Authentication
Without 802.1X Client
With 802.1X Client
How can PC and IP phone be authenticated on the same port?
IP Phone
PC
S3900 supports 802.1X and MAC Authentication at the Same Time on One Port
Benefits: ✔ Authenticate devices with or without 802.1x Client at the same time
S3900 supports 802.1X and MAC Authentication at the Same Time on One Port
Benefits: ✔ Authenticate devices with or without 802.1x Client at the same time
HUAWEI TECHNOLOGIES CO., LTD.
What is IRF ?
• Huawei-3Com’s industry leading stacking technologHuawei-3Com’s industry leading stacking technology y
• InnovationInnovation of LAN switchingof LAN switching
• CCreate Intelligent Resilient Framework Networkreate Intelligent Resilient Framework Network
• Core features:Core features:
Distributed Device Management (DDM)Distributed Device Management (DDM)
Distributed Link Aggregation (DLA)Distributed Link Aggregation (DLA)
Distributed Resilient Routing (DRR)Distributed Resilient Routing (DRR)
IIntelligent ntelligent RResilient esilient FFrameworkramework
IR F
Distributed Fabric
FlexibleHigh efficientCost-effective
HUAWEI TECHNOLOGIES CO., LTD.
IRF Based Easy Management
• All switches act as a single logical device
• Resilient architecture provides access to
management in the event of ANY switch failing
• Rapid stack-wide feature configuration
• Hot-insert and removal of switches
• Automatic and manual stack configuration
• Stack up to 8 units
• All switches act as a single logical device
• Resilient architecture provides access to
management in the event of ANY switch failing
• Rapid stack-wide feature configuration
• Hot-insert and removal of switches
• Automatic and manual stack configuration
• Stack up to 8 units
Stack Management
• Single entity for SNMP, WEB and CLI
Management
• ACL configurations in one screen with All the
device View
• Reduces configuration time
• Improved monitoring responsiveness
Stack Management
• Single entity for SNMP, WEB and CLI
Management
• ACL configurations in one screen with All the
device View
• Reduces configuration time
• Improved monitoring responsiveness
Distributed Device Management (DDM)Distributed Device Management (DDM)
1
34
Only one logical device2
3 4
IRF fabric
HUAWEI TECHNOLOGIES CO., LTD.
S3900 IRF Stacking
• Each switch uses the last two ports to provide a 2 * 2 Gbp
s stacking,
No extra hardware required
• Stack up to 8 units
• Automatic or manual stack configuration
• A return link provides rapid fail-over in the event of a normal link or unit failing
• IRF Stack units together over 70Km apart
Normal Stacking Link: 1 Gbps UP / 1 Gbps DOWN
Standby Stacking loop connection:1 Gbps UP / 1 Gbps DOWN
Quidway S3900
Use SFP to link the units together
IRF StackingIRF Stacking
HUAWEI TECHNOLOGIES CO., LTD.
Basic Security Features
• SNMPv3/ SSHv2 • Authorized IP for management:
• support 16 authorized management IP• User authentication
• 802.1x• Centralized Mac authentication • Local password base authentication (128 users )• Radius based authentication (1024 users)
• Packet Filtering• L2/L3/L4• Time-based ACLs• ACL entries per port
• Others• DoS protection• DHCP security• Port Mirroring/Traffic Mirroring
HUAWEI TECHNOLOGIES CO., LTD.
Device Security
Advanced Device SecurityAdvanced Device Security
• Access Levels – 4 levels can be set for multiple users
• SNMPv3 / SSHv2 - Encrypt all SNMP and Telnet traffic to stop middle-man attacks 56bit / 168bit
• Authorized IP - Lock access to the management interface by routed Access Control List
• Switch Login (RADIUS) – Support RADIUS Authentication for CLI / Console and web interfaces. RADIUS return attribute will set individual privilege levels
• Denial of Service Attack Preventions – Attacks to the host CPU sub systems and memory are protected via a traffic classification queuing system
• Syslog - All commands can be tracked and sent to a Syslog server
HUAWEI TECHNOLOGIES CO., LTD.
Application-Aware Services
• Advanced Traffic ManagementAdvanced Traffic Management – Voice VLAN – All voice traffic can be automatically placed
into a private secure VLAN; switch will detect VoIP phone OUI and register with the correct VLAN
– Traffic Redirection / Mirror – Mirror or redirect any type of network traffic based upon an ACL to any port
– Configurable Queue Processing – 8 hardware-based queues; Strict Priority; Weighted Round Robin; Weighted Fair Queuing; WRED; WRR + SP
– Advanced Traffic Classification – All ACL classifications are available
– Traffic Actions – Remark DSCP; Drop or set the IP-Precedence, rate limit (64kbps granularity)
Define your own Classification rule and mask for the ACL
Define ACLs based uponDefine ACLs based uponIngress & Egress ControlSource / Destination IP AddressSource / Destination MAC addressSource / Destination TCP and/or UDP PortICMPDSCP / COS / Precedence / TOSVLAN
HUAWEI TECHNOLOGIES CO., LTD.
Voice QueueVoice Queue
Data Queue 1Data Queue 1
Data Queue 2Data Queue 2
Voice VLAN1. Mac address 00E0-BB00-0000 mask ffff-ff00-00002. Ah! It is an IP Phone of Vendor A, B, C……( Totally, 16 Vendors)
3. Put the traffic from IP Phone into Voice VLAN automatically
4. Other traffic will be processed with lower priorityVoice Data
Other Data
Voice VLAN
Benefits: ✔ Guarantee the QoS of voice data
✔ Improve the security
Benefits: ✔ Guarantee the QoS of voice data
✔ Improve the security
HUAWEI TECHNOLOGIES CO., LTD.
RPS1000-A Front Panel
HUAWEI TECHNOLOGIES CO., LTD.
RPS1000-A Rear Panel
Two Outputs for PoE Device or Non PoE Device
Six Outputs for Non PoE Device Only
The two main inputs are for the two PSUs in the RPS1000-A rack
respectively
HUAWEI TECHNOLOGIES CO., LTD.
S3900 Rear Panel
(1) (2)(1) (2) S3900-EI rear panel, AC input socket
S3900-EI rear panel, DC input socket.
(1) (2) (3)(1) (2) (3)
S3900-SI rear panel, AC input socket
RPS Connects Here! Only S3900-EI Supports RPS
S3900-SI
S3900-EI
HUAWEI TECHNOLOGIES CO., LTD.
Feature Summary
• Port Features– SPAN (Port Mirroring) – RSPAN (Remote Port Mirroring)– Port Isolation– Port Rate-limiting (64kbps)– IP + MAC + Port Binding– DUD (Disconnect Unauthorized Device)– DLDP (smillar to UDLD)– VCT (Virtual Cable Test)
• High Performance– 4 GE uplinks– 4K VLAN/16K MAC– Jumbo Frame
• High Reliability– STP/RSTP/MSTP– VRRP for S3900-EI– ECMP for S3900-EI– Redundant Power Supply for S3900-EI– Redundant Power Supply for S3900-EI– Distributed Layer 2 and Layer 3 IRF!– Layer 2/3 failover with nonstop forwarding IRF!– 4Gbps fault tolerant bidirectional stack interconnection IRF!– Cross-stack link aggregations technology, cross-stack QoS IRF!
HUAWEI TECHNOLOGIES CO., LTD.
Feature Summary (Cont.)
• Abundant Security– SSHv2– SNMPv3– MAC Black Hole– Disconnect Unauthorized Device– 802.1X with PEAP/TLS– Centralized MAC Address Authentication– Enable 802.1X and MAC Authentication on the same port– Dynamic VLAN Delivery/Guest VLAN– DHCP Relay Security– DHCP Snooping Trust
• Abundant QACL – WRED– 8 Queues/SP/WRR/WFQ/SP+WRR/SP+WFQ– CAR – Ingress & Egress ACL – ACL Traffic Limit– Traffic Classification/Traffic Shaping– Tail Drop– DSCP<->CoS– Voice VLAN
HUAWEI TECHNOLOGIES CO., LTD.
Feature Summary (Cont.)• Multicast
– MVR– IGMPv1/v2 Snooping– IGMPv1/v2 Snooping Fast Leave– PIM-SM/PIM-DM for S3900-EI – Extends Web-based management suite
• Ease Management– GVRP– SNMPv1/v2/v3– HGMPv2– One IP address and configuration file for entire stack IRF! – Extends Web-based management suite– Automatic stacking configuration of new units when connected to the stack IRF!
• Cost Effective – PoE– QinQ– 802.1X Server– DHCP Option 82– DHCP Server for S3900-EI
• Return of Investment– High Performance/Cost Ratio– Seamless Network Expansion IRF!
HUAWEI TECHNOLOGIES CO., LTD.
Market TrendsMarket Trends
S3900 OverviewS3900 Overview
S3900 Key FeaturesS3900 Key Features
End-to-End Intelligent SolutionEnd-to-End Intelligent Solution
SummarySummary
Agenda
HUAWEI TECHNOLOGIES CO., LTD.
S3900 Deployment Scenario
Application server farm
Quidway S3900
IRF IRF
StackingStacking
IRF IRF
StackingStacking
Quidway S3900
Quidway S3900
Quidway S3900
Quidway S5600
Quidway S5600
Voice VLAN
POE
IRF stacking
HUAWEI TECHNOLOGIES CO., LTD.
End-to-End Intelligent Solution
Application server farm
S6500
Security Policy Control SecurityAutomatic User Security Authentication, Authorisation and Accounting; Peace of mind for businesses
PoE: Powered, traffic optimized and secured by Switch 3900
Router AR4600
Best of Breed Core PerformanceIndustry leading Terabit Performance with investment protected backplane
Industry Leading PerformanceUnique Distributed Resilient 96Gbps
link via IRF
Total FlexibilityComprehensive
media flexibility for abundant
applications
S3900
SecPath Security System
S8500
Service System Fully Standards Based Infrastructure
Unique Investment ProtectionAdd Power over Ethernet anytime to the Switch S5600
S5600
S3900
HUAWEI TECHNOLOGIES CO., LTD.
Market TrendsMarket Trends
S3900 OverviewS3900 Overview
S3900 Key FeaturesS3900 Key Features
End-to-End Intelligent Solution End-to-End Intelligent Solution
SummarySummary
Agenda
HUAWEI TECHNOLOGIES CO., LTD.
Summary
• Enterprise-class services– High Availability: IP Routing, VRRP, MSTP, 802.1s/w, IGMP snooping, RPS– Security: ACL, port security, MAC address notify, RADIUS/TACAC+, 802.1x, SSHv2,
SNMPv3, DUD,– Advanced QoS: Layer 2–4 QoS with CoS/DSCP, shaped round robin, WRR,strict pri
ority queuing, Ingress and Egress ACL (only for S3900)– VOICE VLAN/PoE
• Abundant Security– SSHv2/SNMPv3– 802.1X with PEAP/TLS, Centralized MAC Address Authentication/Enable 802.1X an
d MAC Authentication on the same port– Dynamic VLAN Delivery/Guest VLAN– DHCP Relay Security/DHCP Snooping Trust
• IRF technology– 4Gbps fault tolerant bidirectional stack interconnection– Distributed architecture– Layer 2/3 failover with nonstop forwarding– Cross-stack link aggregations technology, cross-stack QoS – Single network instance (IP, SNMP, CLI, STP, VLAN)
HUAWEI TECHNOLOGIES CO., LTD.
Summary (Cont.)
• High performance – Gigabit Ethernet and Fast Ethernet configurations provide – Distributed Layer 2 and Layer 3
• Ease of management/deployment– One IP address and configuration file for entire stack – Extends Web-based management suite to Layer 2/3/4
services– Automatic stacking configuration of new units when
connected to the stack• Return of Investment
– High Performance/Cost Ratio– Seamless Network Expansion
Thank You
www.huawei.com