product description - Üdvözöljük a...

Quidway S2300 Series Ethernet SwitchesV100R005C01

Product Description

Issue 02

Date 2010-12-01

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2010. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respective holders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees or representationsof any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute the warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://www.huawei.com

Email: [email protected]

Issue 02 (2010-12-01) Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

i

http://www.huawei.com

mailto:[email protected]

About This Document

Intended AudienceThis document describes the positioning, characteristics, architecture, link features, servicefeatures, application scenarios, operation and maintenance functions, and technicalspecifications of the S2300.

This document helps you understand the characteristics and features of the S2300.

This document is intended for:

l Network planning engineers

l Hardware installation engineers

l Commissioning engineers

l Data configuration engineers

l On-site maintenance engineers

l Network monitoring engineers

l System maintenance engineers

Symbol ConventionsThe symbols that may be found in this document are defined as follows.

Symbol Description

DANGERIndicates a hazard with a high level of risk, which if notavoided, will result in death or serious injuries.

WARNINGIndicates a hazard with a medium or low level of risk, whichif not avoided, could result in minor or moderate injuries.

CAUTIONIndicates a potentially hazardous situation that, if notavoided, could cause device damage, data loss, andperformance degradation, or unexpected results.

TIP Indicates a tip that may help you solve a problem or save youtime.

Quidway S2300 Series Ethernet SwitchesProduct Description About This Document


iii

Symbol Description

NOTE Provides additional information to emphasize or supplementimportant points of the main text.

Command ConventionsConvention Description

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italic.

[ ] Items (keywords or arguments) in square brackets [ ] are optional.

{ x | y | ... } Alternative items are grouped in braces and separated by verticalbars. One is selected.

[ x | y | ... ] Optional items are grouped in brackets and separated by verticalbars. One item is selected or no item is selected.

{ x | y | ... } * Alternative items are grouped in braces and separated by verticalbars. A minimum of one or a maximum of all can be selected.

[ x | y | ... ] * Optional items are grouped in brackets and separated by verticalbars. Several items or no item can be selected.

Update HistoryUpdates between document issues are cumulative. Therefore, the latest document versioncontains all updates made to previous versions.

Updates in Issue 02 (2010-12-01)This is the second release.

Compared with issue 01, the changes of this version are as follows:l 7.1 Physical Specifications

Updates in Issue 01 (2010-08-15)Initial commercial release.

About This DocumentQuidway S2300 Series Ethernet Switches

Product Description

iv Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

Issue 02 (2010-12-01)

Contents

About This Document...................................................................................................................iii

1 Product Positioning and Characteristics................................................................................1-11.1 Product Positioning.........................................................................................................................................1-21.2 Product Characteristics....................................................................................................................................1-2

1.2.1 Carrier-Class Maintainability.................................................................................................................1-21.2.2 Powerful Multi-service Access Capabilities..........................................................................................1-31.2.3 Flexible Networking Capability.............................................................................................................1-31.2.4 Network-Level QoS Guarantee..............................................................................................................1-31.2.5 High Extensibility..................................................................................................................................1-31.2.6 Comprehensive Security Measures........................................................................................................1-41.2.7 Convenient Operation and Maintenance................................................................................................1-41.2.8 Energy-Saving Design............................................................................................................................1-41.2.9 Advanced Lightning Protection Technologies.......................................................................................1-51.2.10 Convenient PoE Power Supply............................................................................................................1-5

2 Product Architecture..................................................................................................................2-12.1 Introduction.....................................................................................................................................................2-22.2 Device Architecture.........................................................................................................................................2-22.3 Hardware Modules..........................................................................................................................................2-4

2.3.1 SCU........................................................................................................................................................2-52.3.2 Power Supply.........................................................................................................................................2-62.3.3 Fan..........................................................................................................................................................2-6

2.4 Software Architecture.....................................................................................................................................2-6

3 Link Features...............................................................................................................................3-13.1 Ethernet Features.............................................................................................................................................3-2

3.1.1 Link Aggregation...................................................................................................................................3-23.1.2 Flow Control on an Interface.................................................................................................................3-23.1.3 VLAN.....................................................................................................................................................3-23.1.4 QinQ.......................................................................................................................................................3-43.1.5 GVRP.....................................................................................................................................................3-4

3.2 STP/RSTP/MSTP............................................................................................................................................3-43.2.1 STP and RSTP........................................................................................................................................3-43.2.2 MSTP.....................................................................................................................................................3-5

Quidway S2300 Series Ethernet SwitchesProduct Description Contents


v

3.2.3 MSTP Protection....................................................................................................................................3-53.2.4 Partitioned STP and BPDU Tunnel........................................................................................................3-5

3.3 SEP..................................................................................................................................................................3-63.4 Interface Security............................................................................................................................................ 3-63.5 Link Detection.................................................................................................................................................3-7

4 Service Features..........................................................................................................................4-14.1 IPv6................................................................................................................................................................. 4-24.2 Multicast..........................................................................................................................................................4-2

4.2.1 IGMP Snooping......................................................................................................................................4-24.2.2 Prompt Leave of Multicast Member Interfaces......................................................................................4-24.2.3 Multicast Traffic Control....................................................................................................................... 4-24.2.4 Controllable Multicast............................................................................................................................4-3

4.3 QoS..................................................................................................................................................................4-34.3.1 Traffic Classification..............................................................................................................................4-34.3.2 Access Control and Re-marking............................................................................................................ 4-34.3.3 Traffic Policing...................................................................................................................................... 4-44.3.4 Congestion Management........................................................................................................................4-44.3.5 Rate Limit on an Interface......................................................................................................................4-44.3.6 Aggregate CAR......................................................................................................................................4-4

4.4 Security............................................................................................................................................................4-54.4.1 Device Security......................................................................................................................................4-54.4.2 Service Security......................................................................................................................................4-64.4.3 Security Authentication..........................................................................................................................4-6

4.5 Reliability........................................................................................................................................................4-74.6 LLDP...............................................................................................................................................................4-74.7 NQA................................................................................................................................................................4-74.8 Cluster Management....................................................................................................................................... 4-84.9 Stacking...........................................................................................................................................................4-84.10 Web Server....................................................................................................................................................4-8

5 Networking and Applications.................................................................................................5-15.1 Application in a MAN.....................................................................................................................................5-25.2 VLAN Mapping.............................................................................................................................................. 5-25.3 Application in IPTV Services......................................................................................................................... 5-35.4 End-to-End QoS..............................................................................................................................................5-45.5 Partitioned STP at Access and Convergence Layers.......................................................................................5-55.6 Cluster Management....................................................................................................................................... 5-6

6 Maintenance and Network Management System................................................................6-16.1 Maintenance and Management........................................................................................................................6-2

6.1.1 Various Configuration Methods.............................................................................................................6-26.1.2 Monitoring and Maintenance.................................................................................................................6-26.1.3 Diagnosis and Debugging...................................................................................................................... 6-3

ContentsQuidway S2300 Series Ethernet Switches

Product Description

vi Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

Issue 02 (2010-12-01)

6.1.4 Software Upgrade and In-Service Patching........................................................................................... 6-46.1.5 Hardware Fault Handling.......................................................................................................................6-4

6.2 U2000 Network Management System............................................................................................................6-46.2.1 Network Management Modes................................................................................................................6-56.2.2 U2000.....................................................................................................................................................6-5

7 System Technical Specifications.............................................................................................7-17.1 Physical Specifications....................................................................................................................................7-27.2 Optical Module Attributes...............................................................................................................................7-37.3 System Configuration......................................................................................................................................7-67.4 List of Software Features................................................................................................................................7-7

Quidway S2300 Series Ethernet SwitchesProduct Description Contents


vii

Figures

Figure 2-1 Appearance of the S2309TP-SI/EI.....................................................................................................2-2Figure 2-2 Appearance of the S2318TP-SI/EI.....................................................................................................2-2Figure 2-3 Appearance of the S2326TP-SI/EI.....................................................................................................2-3Figure 2-4 Appearance of the S2352P-EI............................................................................................................ 2-3Figure 2-5 Appearance of the S2309TP-PWR-EI................................................................................................2-3Figure 2-6 Appearance of the S2326TP-PWR-EI................................................................................................2-4Figure 2-7 Logical structure of hardware modules of the S2300.........................................................................2-5Figure 5-1 Application of the S2300 in a MAN...................................................................................................5-2Figure 5-2 VLAN mapping networking...............................................................................................................5-3Figure 5-3 Application of the S2300 in IPTV services........................................................................................5-4Figure 5-4 End-to-end QoS provided by the S2300.............................................................................................5-5Figure 5-5 Partitioned STP supported by the S2300............................................................................................5-6Figure 5-6 Cluster management provided by the S2300......................................................................................5-7

Quidway S2300 Series Ethernet SwitchesProduct Description Figures


ix

Tables

Table 7-1 Physical specifications.........................................................................................................................7-2Table 7-2 Attributes of the SFP (FE) optical module...........................................................................................7-3Table 7-3 Attributes of the ESFP (FE) optical module........................................................................................7-4Table 7-4 Attributes of the ESFP (GE) optical module........................................................................................7-4Table 7-5 Attributes of the ESFP (CWDM) optical module................................................................................7-5Table 7-6 System configuration........................................................................................................................... 7-6Table 7-7 List of software features.......................................................................................................................7-7

Quidway S2300 Series Ethernet SwitchesProduct Description Tables


xi

1 Product Positioning and Characteristics

About This Chapter

1.1 Product Positioning

1.2 Product Characteristics

Quidway S2300 Series Ethernet SwitchesProduct Description 1 Product Positioning and Characteristics


1-1

1.1 Product Positioning

CAUTIONTheQuidway S2300 series Ethernet switches are class A products. The switches that are operatingmay cause radio interference. Customers need to take prevention measures.

The Quidway S2300 series Ethernet switches (hereinafter referred to as the S2300) provide theaccess and data transport functions. They are developed by Huawei to meet the requirementsfor reliable access and high-quality transmission of multiple services on the metropolitan areanetwork (MAN).

Positioned for the access layer or aggregation layer of the multi-service MAN, the S2300provides large capacity, high port density, and cost-effective packet forwarding capabilities. Inaddition, the S2300 provides multi-service access capabilities, excellent extensibility, quality ofservice (QoS) guarantee, powerful multicast replication, and carrier-class security, and can beused to build ring topologies of high reliability.

The switches are classified into SI switches and EI switches. The EI switches provide morepowerful VLAN, QoS, multicast,, security, authentication, and reliability functions than SIswitches.

1.2 Product Characteristics

1.2.1 Carrier-Class Maintainability

1.2.2 Powerful Multi-service Access Capabilities

1.2.3 Flexible Networking Capability

1.2.4 Network-Level QoS Guarantee

1.2.5 High Extensibility

1.2.6 Comprehensive Security Measures

1.2.7 Convenient Operation and Maintenance

1.2.8 Energy-Saving Design

1.2.9 Advanced Lightning Protection Technologies

1.2.10 Convenient PoE Power Supply

1.2.1 Carrier-Class Maintainabilityl The carrier-class design of the S2300 is as follows:

1 Product Positioning and CharacteristicsQuidway S2300 Series Ethernet Switches

Product Description

1-2 Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

Issue 02 (2010-12-01)

– The small chassis effectively saves the space in an equipment room and reduces theCapital Expenditure (CAPEX). The chassis can be easily installed in various types ofcabinets.

– The fan modules and power supplies are field-replaceable, which facilitatesmaintenance.

l The S2300 provides in-service patching and upgrading of the system software.

1.2.2 Powerful Multi-service Access CapabilitiesThe S2300 is usually deployed on the access layer of the MAN to aggregate service traffic fromdownstream devices such as the access media gateway (AMG), digital subscriber line accessmultiplexer (DSLAM), and LAN switch (LSW) to upstream devices. It supports the followingservices:

l Voice services of the next generation network (NGN)l IPTV and video-on-demand (VoD) servicesl Broadband access services

The S2300 adopts the mature and economical IP core technology and the high-performanceApplication Specific Integrated Circuit (ASIC) chip to provide a large switching capacity, thussatisfying the requirements for low delay and high reliability of traditional telecommunicationsservices. In addition, the S2300 guarantees high bandwidth and supports multi-service accessby:

l Adopting the Ethernet networkingl Supporting multicast servicesl Providing QoS guarantee mechanisms and various protective switchover technologies

1.2.3 Flexible Networking CapabilityThe S2300 provides 10/100BASE-T Ethernet electrical interfaces, 10/100/1000BASE-Telectrical interfaces, and 100/1000BASE-X Ethernet optical interfaces. It supports multipleinterface types such as access, trunk, and hybrid.

The S2300 provides swappable Small Form-Factor Pluggable (SFP) optical modules for opticalfiber connections.The length of optical fibers can be selected according to the transmissiondistance.

The S2300 can be used to construct a tree, star, or ring Ethernet network. For the ring Ethernet,the S2300 supports the Spanning Tree Protocol (STP) to prevent loops and provide rapidswitchover.

1.2.4 Network-Level QoS GuaranteeThe S2300 provides comprehensive QoS mechanisms. It can intelligently identify services andclassify traffic according to Layer 2 to Layer 4 information in the Open System Interconnection(OSI) model. Then, it provides various polices such as access traffic filter, traffic policing, andqueue scheduling to provide differentiated services.

1.2.5 High ExtensibilityBased on the Huawei proprietary Versatile Routing Platform (VRP), the S2300 provides high-speed switching and various service features by integrating network management technologies.



1-3

1.2.6 Comprehensive Security MeasuresThe S2300 guarantees the security of network devices and data transmission. It provides thefollowing security measures to protect the network against attacks initiated by malicious users:

l Packet filtering based on MAC addresses

l Various ACL policies

l Mechanism of searching the forwarding table based on VLAN IDs and MAC addresses

l Traffic suppression

In addition, the S2300 provides the following functions to ensure secure login of users:

l Providing login passwords and password encryption for login users

l Protecting commands through users levels and command levels

l Locking the configuration terminal through a certain command to prevent illegal use of thedevice

l Displaying confirm or prompt information for important commands that affect systemperformance

The S2300 provides the Automatic Laser Shutdown (ALS) function. That is, when the fiber isbroken, the S2300 stops transmitting laser. This protects users against the laser.

1.2.7 Convenient Operation and MaintenanceIn addition to collecting traffic statistics based on interfaces and VLANs, the S2300 providesfault detection and location tools such as ping and traceroute on an IP network. It can also workwith the Huawei U2000 network management system (NMS) to implement performancemonitoring, alarm report, and fast fault location.

Through the U2000, you can configure and manage the S2300, for example, manage interfaces,VLANs, multicast services, software upgrading, and configuration files. The U2000 supportsvarious personalized configuration modes such as end-to-end configuration, batch configuration,and configuration wizard. In addition, it provides default configuration templates formanagement functions.

The S2300 supports the Huawei Group Management Protocol (HGMP). Through HGMP, anS2300 can manage multiple Layer 2 switches by automatically collecting topology informationand using a uniform management channel.

1.2.8 Energy-Saving DesignThe S2300 adopts the following measures to save energy:

l It adopts natural heat dissipation so that power consumed by fans is saved.

NOTE

Currently, only the S2309TP-PWR-EI, S2309TP-SI/EI, S2318TP-SI/EI, and S2326TP-SI/EIsupports natural heat dissipation.

l The chip switches to the power saving mode when no connected device is detected on aservice interface, that is, the interface is idle.

l It uses highly-integrated and energy-saving chips produced through advanced processingtechniques. With the help of the intelligent device management system, the chips not only

1 Product Positioning and CharacteristicsQuidway S2300 Series Ethernet Switches

Product Description


Issue 02 (2010-12-01)

improve system performance but also greatly reduce power consumption of the entiresystem.

Natural heat dissipation has the following advantages:l The product reliability is high.l There is no noise pollution.l You do not need to maintain the fans, which saves the maintenance cost.l The system does not have additional power consumption generated by fans, which improves

the power efficiency.l Boards are prevented from being eroded.

1.2.9 Advanced Lightning Protection TechnologiesThe S2300 adopts the Huawei patented lightning protection technologies to protect theequipment in atrocious environments, for example, when cables are laid outdoor without cablingracks. The lightning protection technologies reduce the probability of damages caused bylightning and increase the safety factor by 30 times, thus greatly improving the device reliability.

1.2.10 Convenient PoE Power SupplyThe S2300 has the PoE function. It provides centralized power supply for the attached IP phone,wireless access point (AP), portable device charger, POS machine, camera, and data collectorthrough twisted pairs.

The PoE function of the S2300 complies with IEEE 802.3af and IEEE 802.3at. The S2300 canprovide power for the devices of different vendors remotely. In IEEE 802.3at, the maximumpower supply capability is 30 W. This capability ensures adequate power for IP video phone,dualband WiFi AP, IP camera, multi-function STB11, and RFID and simplifies the network.

The S2300 has the ability to control power supply based on time range, thus effectively managingnetwork devices, reducing power consumption, and lowering the OPEX.



1-5

2 Product Architecture

About This Chapter

2.1 Introduction

2.2 Device Architecture

2.3 Hardware Modules

2.4 Software Architecture

Quidway S2300 Series Ethernet SwitchesProduct Description 2 Product Architecture


2-1

2.1 IntroductionThe S2300 series adopt the integrated hardware platform and have the front-access structure.The hardware consists of the chassis, power supply, fan, and SCU. The width of the S2300complies with the industry standards, and the S2300 can be installed in an IEC 297 cabinet oran ETSI cabinet.

The S2300 series include the S2309TP-SI, S2309TP-EI, S2318TP-SI, S2318TP-EI, S2326TP-SI, S2326TP-EI, S2352P-EI, S2309TP-PWR-EI, and S2326TP-PWR-EI.

2.2 Device Architecture

Appearance of the S2309TP-SI/EIFigure 2-1 shows the appearance of the S2309TP-SI/EI.

Figure 2-1 Appearance of the S2309TP-SI/EI

The chassis of the S2309TP-SI/EI is 1 U (1 U = 44.45 mm) high and its dimensions are 250.0mm x 180.0 mm x 43.6 mm (width x depth x height).

The power module is on the left side of the S2309TP-SI/EI and the SCU is at the center of thechassis.l The S2309TP-SI/EI uses either an AC power supply or a DC power supply.l The SCU provides one console port, eight 10/100BASE-T ports, and one GE combo port

(10/100/1000BASE-T+100/1000BASE-X).




The power module is on the left side of the S2318TP-SI/EI and the SCU is at the center of thechassis.

2 Product ArchitectureQuidway S2300 Series Ethernet Switches

Product Description


Issue 02 (2010-12-01)

l The S2318TP-SI/EI uses either an AC power supply or a DC power supply.l The SCU provides one console port, sixteen 10/100BASE-T ports, and two GE combo

ports (10/100/1000BASE-T+100/1000BASE-X).




The power module is on the left side of the S2326TP-SI/EI and the SCU is at the center of thechassis.l The S2326TP-SI/EI uses either an AC power supply or a DC power supply.l The SCU provides one console port, twenty-four 10/100BASE-T ports, and two GE combo


Appearance of the S2352P-EIFigure 2-4 shows the appearance of the S2352P-EI.

Figure 2-4 Appearance of the S2352P-EI

The chassis of the S2352P-EI is 1 U (1 U = 44.45 mm) high and its dimensions are 442.0 mmx 220.0 mm x 43.6 mm (width x depth x height).

The power supply is on left-rear side of the chassis.l The S2352P-EI uses either an AC power supply or a DC power supply.l The SCU provides one console port, forty-eight 10/100BASE-T ports, two

100/1000BASE-X optical ports, and two GE SFP ports.

Appearance of the S2309TP-PWR-EIFigure 2-5 shows the appearance of the S2309TP-PWR-EI.

Figure 2-5 Appearance of the S2309TP-PWR-EI



2-3

The chassis of the S2309TP-PWR-EI is 1 U (1 U = 44.45 mm) high and its dimensions are 320.0mm x 220.0 mm x 43.6 mm (width x depth x height).

The power supply is on the left side of the S2309TP-PWR-EI and the SCU is at the center ofthe chassis.l The S2309TP-PWR-EI uses the AC power supply.l The eight downlink electrical ports support PoE. The maximum power of each port is 30

W. The PoE power supply complies with IEEE 802.3at. The S2309TP-PWR-EI can providethe maximum power for only four ports.

l The SCU provides one console port, eight 10/100BASE-T ports, and one GE combo port(10/100/1000BASE-T+100/1000BASE-X).

Appearance of the S2326TP-PWR-EIFigure 2-6 shows the appearance of the S2326TP-PWR-EI.

Figure 2-6 Appearance of the S2326TP-PWR-EI

The chassis of the S2326TP-PWR-EI is 1 U (1 U = 44.45 mm) high and its dimensions are 442.0mm x 420.0 mm x 43.6 mm (width x depth x height).

The two power supplies are on left-rear side of the chassis, and the fan is at the center of thechassis.l The S2326TP-PWR-EI uses the AC power supply.l The twenty -four downlink electrical ports support PoE. The maximum power of each port

is 30 W. The PoE power supply complies with IEEE 802.3at.l The SCU provides one console port, twenty-four 10/100BASE-T ports, and two GE combo


2.3 Hardware ModulesFigure 2-7 shows the logical structure of hardware modules of the S2300.


Product Description


Issue 02 (2010-12-01)

Figure 2-7 Logical structure of hardware modules of the S2300

Data bus Control bus

SCU

Controlunit

……

Switchunit

Powersupply

Portmodule

Fiber/Cable

Hardware modules of the S2300 refer to the SCU, power supply, and fan.

2.3.1 SCU

2.3.2 Power Supply

2.3.3 Fan

2.3.1 SCUThe SCU is fixed on the S2300. Each S2300 has one SCU.

The SCU is responsible for packet switching and device management. It integrates multiplefunctional modules, namely, the main control module, switching module, and interface module.

Main Control ModuleThe main control module implements the following functions:l Processing protocolsl Functioning as an agent of the user to manage the system and monitor the system

performance according to instructions of the user, and report the running status of the deviceto the user

l Monitoring and maintaining the interface module and switching module on the SCU.

Switching ModuleThe switching module, also called the switching fabric, is responsible for packet exchange,multicast replication, QoS scheduling, and access control on the interface module of the SCU.

The switching module adopts high performance ASIC chips to implement line-speed forwardingand fast switching of data with different priorities.



2-5

Interface ModuleThe interface module provides Ethernet interfaces for accessing Ethernet services.

2.3.2 Power SupplyThe S2300 can use either the DC power supply or the AC power supply. The S2326TP-PWR-EI supports 1:1 backup power supplies.

The S2300 of the PWR type supports only the AC power supply.

2.3.3 FanThe fans forcibly cool the system.

The S2326TP-PWR-EI supports the hot pluggable fans. The fans can be replaced on site andmaintained in service.

2.4 Software ArchitectureThe S2300 runs on the latest VRP version 5 (VRPv5) to provide various features. VRPv5 consistsof the following parts:

l System service planeThis plane provides task and memory management, timer, software loading and patchingon the basis of the operating system. In addition, it enhances modular technology tofacilitate system upgrade and customization.

l General control planeThis plane is the core of the VRP data communication platform, providing linkmanagement, IP protocol stack, and routing protocol processing, and implementing thesecurity and QoS functions. It is used to control the data forwarding plane and implementfunctions of the device.

l Data forwarding planeThis plane forwards data under the control of the general control plane. The VRPv5 supportsdata forwarding based on software and hardware.

l Service control planeThis plane controls and manages services based on users or interfaces. It implements theauthentication, authorization, and accounting for users through DHCP Option 82 andimplements authentication for access interfaces through IEEE 802.1x.

l System management planeThis plane provides a graphic user interface and manages the input and output informationfor network management and maintenance.


Product Description


Issue 02 (2010-12-01)

3 Link Features

About This Chapter

3.1 Ethernet Features

3.2 STP/RSTP/MSTP

3.3 SEP

3.4 Interface Security

3.5 Link Detection

Quidway S2300 Series Ethernet SwitchesProduct Description 3 Link Features


3-1

3.1 Ethernet Features

3.1.1 Link Aggregation

3.1.2 Flow Control on an Interface

3.1.3 VLAN

3.1.4 QinQ

3.1.5 GVRP

3.1.1 Link AggregationLink aggregation is a function that binds multiple physical interfaces on one device into a logicalinterface (such as an Eth-Trunk). This logical interface is also called a load balancing group ora link aggregation group.

After multiple physical interfaces are bound into a logical interface, the S2300 load balances thetraffic passing through the logical interface among the member interfaces. When a memberinterface fails, the traffic on this interface is shared by the other member interfaces withoutinterrupting services. When the faulty interface recovers, the traffic is balanced among allinterfaces again.

Currently, the S2300 implements link aggregation between GE interfaces or FE interfaces. Loadbalancing can be implemented based on the following information:l Source MAC addressl Destination MAC addressl Source MAC address and destination MAC address

Using the link aggregation technology, you can increase the bandwidth and improve linkreliability without upgrading the hardware, thus saving costs.

3.1.2 Flow Control on an InterfaceFlow control on an interface is a method of congestion management. It applies to all types offlows. The S2300 implements flow control on an interface by using the hardware backpressuremechanism. When an interface works in full duplex mode, the S2300 implements flow controlcomplying with IEEE 802.3x. When the interface works in half duplex mode, the S2300implements flow control through the backpressure mechanism.

When congestion occurs, the S2300 sends continuous Pause frames to the upstream device,requesting it to stop sending data for a specified period of time. When the upstream devicereceives the pause frames, it reduces the volume of traffic sent from its outbound interface. Flowcontrol on an interface does not identify flow types.

3.1.3 VLANA local area network (LAN) can be divided into several logical LANs. Each logical LAN is abroadcast domain, which is called a virtual LAN (VLAN). To put it simply, devices on a LANare logically grouped into different LAN segments, irrespective of their physical locations. Inthis manner, VLANs isolate broadcast domains on a LAN.

3 Link FeaturesQuidway S2300 Series Ethernet Switches

Product Description


Issue 02 (2010-12-01)

Methods to Define VLANs

A physical LAN can be divided into several VLANs, and several physical LANs can be groupedinto a VLAN. Devices on a VLAN belong to the same broadcast domain and can communicatewith each other. Different VLANs are isolated from each other, so devices on different VLANscannot communicate with each other.

The S2300 supports the following methods to define VLANs:

l Based on interfaces

After an interface is added to a VLAN, packets received by the interface are sent on theVLAN.

l Based on MAC addresses

VLAN members are defined according to source MAC addresses of packets. When aninterface of the S2300 receives a packet, the S2300 determines the VLAN ID of the packetaccording to the source MAC address of the packet and sends the packet on thecorresponding VLAN.

VLAN Aggregation

To implement communication between VLANs on the S2300, you need to configure VLANIFinterfaces and assign an IP address to each VLANIF interfaces. Therefore, this wastes IPaddresses when there are many VLANs. VLAN aggregation can solve this problem.

VLAN aggregation means that multiple VLANs are aggregated into a super-VLAN. The VLANsthat form the super-VLAN is called sub-VLANs.

Voice VLAN

A voice VLAN is used to transmit voice data flows. You can create a voice VLAN and add theinterface connected to the voice device to the voice VLAN. Then voice data flows can betransmitted on the voice VLAN.

You can apply special QoS configuration to the voice data packets transmitted on the voiceVLAN so that voice data packets are transmitted with high priority. The quality of the voiceservice is ensured.

VLAN Mapping

VLAN mapping means that the S2300 replaces the outer VLAN tags of data frames to thespecified VLAN tags according to the preset VLAN mapping table so that services aretransmitted according to the network planning of the carrier.

The S2300 supports the mapping from one or more customer VLAN IDs (C-VLANs) to a serviceVLAN ID (S-VLAN).

NOTE

l C-VLAN is the VLAN that a user-side interface belongs to. It identifies a user or a type of users.

l An S-VLAN is a VLAN defined on the public network by the carrier. The S-VLAN ID identifies aservice.



3-3

3.1.4 QinQThe 802.1Q-in-802.1Q (QinQ) protocol is a Layer 2 tunneling protocol based on the IEEE802.1Q. A frame transmitted on the public network has double 802.1Q tags. One tag identifiesthe public network and the other identifies the private network.

Usually, carriers define VLANs on the public network, and users define VLANs on their ownprivate networks. Therefore, different private networks may use the same VLAN ID. Throughthe QinQ function, the S2300 adds public VLAN tags to the packets from private networks.Then the private VLAN tag becomes the inner VLAN tag. In this way, packets from usernetworks are transmitted transparently on the public network, and thus user networks areseparated from the public network.

The S2300 supports the basic QinQ function. That is, all the frames that reach the public networkthrough an interface are tagged with the same public VLAN ID.

3.1.5 GVRPGVRP is a protocol used for dynamic registration and deregistration of VLANs. GVRPmaintains the dynamic VLAN registration information in a switch and propagates the registrationinformation to other switches on the network through GARP.

GVRP enables switches on the network to dynamically maintain and update VLANs. WithGVRP, you do not need to expend time to analyze the topology and manage configurations. Youcan adjust the VLAN deployment on the entire network by configuring only a few devices.

The S2300 supports GARP and GVRP. Through GVRP, the S2300 can send VLAN declarationto other devices and dynamically create VLANs after receiving VLAN registration informationfrom other devices.

NOTE

The S2352EI does not support the GVRP function.

3.2 STP/RSTP/MSTP

3.2.1 STP and RSTP

3.2.2 MSTP

3.2.3 MSTP Protection

3.2.4 Partitioned STP and BPDU Tunnel

3.2.1 STP and RSTPThe Spanning Tree Protocol (STP) and the Rapid Spanning Tree Protocol (RSTP) are link-layermanagement protocols and are mainly applied to LANs to prevent loops. STP blocks redundantlinks and trims a network into a tree topology free from loops. RSTP enhances STP. It providesfast transition of interfaces status to speed up network convergence.

STP and RSTP prevent broadcast storms caused by loops and provides backup links for dataforwarding.


Product Description


Issue 02 (2010-12-01)

3.2.2 MSTPThe Multiple Spanning Tree Protocol (MSTP) is developed based on STP and RSTP. MSTPdivides a network into multiple regions. Based on VLAN tags, each region has several spanningtrees that are independent of each other. As a result, the entire network is trimmed to a treetopology that is free from loops. Broadcast storms are thus prevented on the network.

MSTP associates VLANs with spanning trees so that packets of different VLANs are transmittedalong different spanning trees. This speeds up network convergence and implements loadbalancing.

Different from STP and RSTP, MSTP provides multiple backup links to implement loadbalancing among VLANs.

3.2.3 MSTP Protection

BPDU ProtectionThe S2300 provides Bridge Protocol Data Unit (BPDU) protection when MSTP is enabled.When BPDU protection is enabled, the S2300 shuts down the edge port that receives a protocolBPDU instead of turning the edge port into a non-edge port. In this case, the spanning tree is notrecalculated, and thus network flapping is prevented.

Root ProtectionThe S2300 provides root protection when MSTP is enabled. It retains the role of the root switchby maintaining the role of the designated port as follows:

When the designated port enabled with root protection receives a BPDU of higher priority, theport does not change to a non-designated port. Instead, it turns to the Listening state and stopsforwarding packets. If the port does not receive protocol BPDUs of higher priority for a longtime, it restores the Forwarding state. This prevents network flapping.

Loop ProtectionAfter loop protection is enabled on the S2300, it sets the root port to the Blocking state if theroot port does not receive protocol BPDUs from the upstream device. If the port receives protocolBPDUs again, it becomes the root port and changes to the Forwarding state. If no protocol BPDUis received, the port remains in the Blocking state and does not forward packets. In this way,loops are prevented on the network.

3.2.4 Partitioned STP and BPDU Tunnel

Partitioned STPTo improve the reliability of links on the MAN, the S2300 can be dual-homed to the upstreamEthernet. In addition, MSTP needs to run on the user network, MAN, and upstream network toprevent loops. The traditional MSTP networks are not divided. In this case, the convergencespeed of an MSTP network is low because the network is large. As a result, the forwardingcapability of the network is degraded.

By using the partitioned STP technology, the S2300 logically allocates a VLAN for eachpartitioned STP network. Thus the entire MSTP network is divided into three partitioned STPnetworks on the basis of user network, MAN, and upstream network. The tagged BPDUs can



3-5

be forwarded only within the VLAN that the tag belongs to. Partitioned STP allows BPDUs tobe transmitted within a certain range. This prevents loops and speeds up convergence.

BPDU Tunnel

On a partitioned STP network, the S2300 considers the tagged BPDUs as common Layer 2frames. That is, the S2300 forwards the BPDUs within the VLAN to which the tag belongs ratherthan sending them to the MSTP module. After the BPDU tunnel is configured, the devices onthe MAN do not participate in the topology calculation of the partitioned STP network. Thus,the convergence speed of the network is improved.

To implement the BPDU tunnel function, the access device at the edge of the MAN must beconfigured with MSTP Snooping. If the forwarding path is changed because of the topologychange on the partitioned STP network, the device can detect the topology change, and thennotify other devices on the network of the topology change. In this way, the packets are forwardedaccording to the new topology.

3.3 SEPThe Smart Ethernet Protection (SEP) protocol is a ring network protocol applied to the link layerof an Ethernet network. The SEP protocol works on the basis of SEP segments. An SEP segmentconsists of a group of switching devices that are configured with the same SEP segment ID andcontrol VLAN ID.

Most metropolitan area networks (MANs) and enterprise intranets adopt the ring networking toensure high reliability. The services, however, are affected if any node on the ring fails.Generally, a ring network adopts the Resilient Packet Ring (RPR) or Ethernet ring technology.The costs of the RPR technology are high because it requires special hardware components. TheEthernet ring is improved and its costs are low; therefore, more and more MANs and enterpriseintranets adopt the Ethernet ring.

Huawei originates the SEP protocol, which achieves the protective switchover on the open ringand closed ring and displays the uncertain blocked points or ring network topology. Comparedwith other Ethernet ring technologies, SEP has the following advantages:

l It can run on a network together with STP, RSTP, MSTP, and RRPP.

l It solves the problem of unidirectional traffic.

l Unidirectional traffic may cause unidirectional broadcast storms on the network. The SEPprotocol can prevent unidirectional broadcast storms because it can detect the unidirectionaltraffic effectively.

l It supports the display of network topology. The network topology is displayed on the basisof SEP segments.

l When the devices of other vendors are used on the network, the SEP can also prevent loops,but does not need to be configured on these devices.

3.4 Interface SecurityInterface security is a security mechanism to control the access to a network. It checks whetherthe source MAC addresses of data frames received on an interface are valid. When detectingpackets with invalid source MAC addresses, it takes certain actions to protect the interface.


Product Description


Issue 02 (2010-12-01)

After security protection is enabled on an interface, the S2300 considers the following types ofMAC addresses valid:

l Static MAC addresses that are manually configuredl Dynamic or static MAC addresses in the DHCP snooping tablel Dynamic MAC addresses that are learned before the number of learned MAC addresses

reaches the limit

When the interface receives frames with invalid source MAC addresses, the S2300 triggers theinterface security function to discard the frames or generates an alarm according to theconfiguration.

3.5 Link DetectionLink detection includes loopback detection and virtual cable test (VCT). They provide userswith two means to detect link faults on LANs.

l Loopback detection is used to check whether loops exist on a LAN. The S-switch sendsspecific packets to detect loopback on the entire LAN.

l VCT is mainly used to estimate the length of a network cable and locate the failure pointof the cable. The S-switch simulates radar to detect cable faults and locate the failure pointson the basis of a single link.



3-7

4 Service Features

About This Chapter

4.1 IPv6

4.2 Multicast

4.3 QoS

4.4 Security

4.5 Reliability

4.6 LLDP

4.7 NQA

4.8 Cluster Management

4.9 Stacking

4.10 Web Server

Quidway S2300 Series Ethernet SwitchesProduct Description 4 Service Features


4-1

4.1 IPv6The S2300 provides the IPv6 host function, which protects the investment of customers andprevents repeat investment during network upgrade.

The IPv6 functions supported by the S2300 include:

l IPv6 protocol stack

l ND, ICMP v6, Traceroute v6, Telnet v6, DNS, and IPv6 static route

l Simple IPv6 ACL

4.2 MulticastThe Internet Group Management Protocol (IGMP) is a protocol used to manage IP multicastmembers in the TCP/IP suite. It sets up and maintains the member relationship between IP hostsand their directly connected multicast routers.

4.2.1 IGMP Snooping

4.2.2 Prompt Leave of Multicast Member Interfaces

4.2.3 Multicast Traffic Control

4.2.4 Controllable Multicast

4.2.1 IGMP SnoopingLocated between hosts and a multicast router, the S2300 supports static multicast forwardingentries and generates a dynamic Layer 2 multicast forwarding table with multicast groups,VLANs, and outbound interfaces by listening to IGMP messages.

When the S2300 receives a multicast packet, it forwards the packet only to the members on theVLAN corresponding to the multicast group. The multicast packet is transmitted in multicastmode on the VLAN according to the Layer 2 forwarding table. This saves bandwidth andenhances the security of information transfer.

4.2.2 Prompt Leave of Multicast Member InterfacesWhen a multicast member leaves a multicast group, the host sends an IGMP Leave message.When an interface on the S2300 is connected to only one host, the S2300 deletes the multicastforwarding entry of the interface immediately after receiving the IGMP Leave message. Thissaves bandwidth and system resources and implements fast switching of services.

4.2.3 Multicast Traffic ControlUnknown multicast packets refer to the multicast packets that do not have forwarding entries inthe multicast forwarding table. When receiving unknown multicast packets, the S2300 discardsthe packets or broadcasts them on the VLAN that the inbound interface belongs to.

The S2300 can also control multicast traffic volume by limiting the percentage of multicastpackets on an Ethernet interface.

4 Service FeaturesQuidway S2300 Series Ethernet Switches

Product Description


Issue 02 (2010-12-01)

4.2.4 Controllable MulticastMulticast protocols do not provide user authentication. Therefore, a user can join or leave amulticast group freely. The multicast source does not know when a user joins or leaves amulticast group, so the number of users receiving multicast traffic on a network in a certainperiod is unknown. Therefore, the carrier cannot perform accounting for the users. Thecontrollable multicast technology is introduced to solve these problems. Users have to passauthentication before receiving multicast traffic. Furthermore, only authorized multicast trafficcan be received by users. Users who pass authentication are allowed to preview unauthorizedmulticast traffic and can receive multicast traffic in specified periods within a day. Controllablemulticast does not apply to static multicast.

4.3 QoSThe S2300 provides the class-based QoS mechanism and supports the 802.1p priority. It providesguarantee of low end-to-end delay, jitter, and high bandwidth.

The S2300 classifies traffic according to certain rules and then performs corresponding actionson the packets such as priority re-marking, traffic policing, congestion management, congestionavoidance, and rate limit on the interface. In this way, value-added services such as NGNservices, IPTV, and broadband access are provided with better network service.

4.3.1 Traffic Classification

4.3.2 Access Control and Re-marking

4.3.3 Traffic Policing

4.3.4 Congestion Management

4.3.5 Rate Limit on an Interface

4.3.6 Aggregate CAR

4.3.1 Traffic ClassificationTraffic classification is a function of identifying the packets of a certain type by matchinginformation in the packet header. For example, the 802.1p priority of the packets sent by theOperating Support System (OSS) and NMS is set to 7; the 802.1p priority of VoIP packets isset to 6; the 802.1p priority of BTV packets and VOD packets is set to 5 or 4; the 802.1p priorityof packets sent by VPN users is set to 3, 2, or 1 according to the level of VPN users; the 802.1ppriority of packets of the Internet access service is set to 0. Then the packets can be classifiedbased on their 802.1p priorities.

The S2300 adopts a hardware classifier to guarantee line-speed transmission of services data oninterfaces. The S2300 supports traffic classification based on the source MAC address,destination MAC address, VLAN tag, ToS/DSCP field, and IP quintuple (protocol, source IPaddress, destination IP address, source TCP/UDP port number, destination TCP/UDP portnumber). In addition, the S2300 can use self-defined character strings to classify packetsaccording to Layer 2 to Layer 4 information in the OSI model. It supports abundant classificationrules so that carriers can define classification rules according to their own needs.

4.3.2 Access Control and Re-markingAfter traffic classification, the S2300 performs access control on the packets, that is, permits ordenies the packets. Then, the S2300 re-marks the following fields in the packets:



4-3

l 802.1p field, that is, the PRI field in a VLAN tag

l DSCP field

l Local precedence

l VLAN ID

4.3.3 Traffic PolicingThe S2300 uses the token bucket algorithm to control the Committed Access Rate (CAR) ofnetwork traffic.

The S2300 controls the rate of traffic by adjusting the rate of placing tokens. Each token equalsa forwarding rate of 64 kbit/s. The S2300 "punishes" the excessive traffic to limit the incomingtraffic within a proper range and to protect the network resources and the interests of carriers.

4.3.4 Congestion ManagementThe S2300 manages traffic congestion through queue scheduling. Each outbound interface onthe S2300 is configured with four queues. After traffic classification, packets are sent to thecorresponding queues based on their priorities.

The S2300 provides the following queue scheduling policies:

l PQ

In priority queuing (PQ) mode, the S2300 schedules packets strictly based on the prioritiesof queues. This mode ensures that delay-sensitive services are scheduled preferentially.

l WRR

In Weight Round Robin (WRR) mode, the S2300 schedules packets in the queues cyclicallybased on the weights of queues. If one queue has no packets, the S2300 skips over it andschedules packets in the next queue. WRR ensures that packets of low priority can obtainbandwidth in time.

l PQ+WRR

The S2300 divides the four queues on each interface into two groups. It performs WRRscheduling for one group and PQ+WRR scheduling for the other.

4.3.5 Rate Limit on an InterfaceRate limit on an interface is used to adjust the rate of traffic on an outbound interface to preventburst traffic. The S2300 uses the token bucket and a buffer to limit the traffic rate on an outboundinterface, implementing traffic shaping. When the rate of packets exceeds the rate limit, theS2300 buffers excessive packets and sends them when the traffic rate falls below the limit. Inthis manner, the transmission rate is smoothed.

4.3.6 Aggregate CARAggregate CAR is the CAR applied to multiple interfaces to implement traffic policing forservice flows on the interfaces. The sum of rate limits on the interfaces must be equal to orsmaller than the aggregate CAR. Aggregate CAR can also implement traffic policing on aVLAN. After traffic classification, the S2300 controls the rate of the service flows on the VLAN.Excessive packets are discarded when the traffic rate exceeds the limit.


Product Description


Issue 02 (2010-12-01)

4.4 SecurityThe S2300 guarantees both device security and service security.

4.4.1 Device Security

4.4.2 Service Security

4.4.3 Security Authentication

4.4.1 Device Security

Hierarchical Command ProtectionWhen a user logs in to the S2300 from an Ethernet interface through Telnet, the S2300authenticates the user to ensure security. The user can configure and maintain the S2300 onlyafter passing the authentication.

The S2300 adopts a hierarchical protection mode for commands. Commands are classified intothe visit level, monitoring level, configuration level, and management level, with their levels inascending order. Login users are also classified into four levels, corresponding to the four levelsof commands. After logging in to the S2300, a user can run only the commands at the same orlower level. This mode effectively controls the user authority.

The S2300 extends command levels and user levels to 16 levels so that users are managed morerefinedly.

Remote SSH LoginThe S2300 supports the Secure Shell (SSH). On an insecure network, SSH provides powerfulsecurity guarantee and authentication for login users and can defend against various attacks.

Encrypted Authentication Through SNMPv3The S2300 supports encrypted authentication through SNMPv3. When S2300 is managed by anNMS workstation through SNMP, it adopts the encrypted authentication mode in user-basedsecurity mode (USM) to ensure security.

AAAThe S2300 supports the Authentication, Authorization, and Accounting (AAA). Using AAAand hierarchical command protection, the S2300 can authenticate and authorize login users. Inaddition, it can authenticate the NMS administrator. AAA effectively prevents unauthorizedusers from logging in to the S2300.

The S2300 supports authentication methods such as local authentication, RADIUSauthentication, and HWTACAS+ authentication.

CPU Channel ProtectionThe S2300 can filter the protocol packets and management packets sent to the CPU based onthe protocol ID, interface, and combination of interface and VLAN. This protects the CPUchannels against Denial of Service (DoS) attacks.



4-5

Limit of MAC Address Learning on InterfacesYou can set the maximum number of MAC addresses learned by an interface on the S2300 toprevent hackers from initiating source MAC address attack from the interface. This ensures thatthe MAC address entries of the S2300 will not be used up.

4.4.2 Service Security

VLANThe S2300 supports the division of a LAN into multiple VLANs. Devices on different VLANscannot communicate with each other. This isolates broadcast domains and improves servicesecurity.

Blackhole MAC Address EntryThe S2300 supports blackhole MAC address entries. When receiving a packet, the S2300compares the source or destination MAC address of the packet with its MAC address entries. Ifthe source or destination MAC address of packet is the same as a blackhole MAC address, theS2300 discards the packet.

When detecting attacking packets from a MAC address, you can set a blackhole MAC addressentry on the S2300 to filter out the packets with the MAC address.

MAC Table Searching Based on VLAN+MACThe S2300 supports MAC table searching based on VLANs and MAC addresses to improveinterface security. You can add static MAC address entries in the MAC table to map specificMAC addresses to interfaces. In this way, specific devices are bound to interfaces so that hackerscannot attack the S2300 by using fake MAC addresses.

Port IsolationPort isolation prevents ports on the same S2300 from sending Layer 2 packets to each other. TheS2300 supports unidirectional and bidirectional port isolation. Port isolation ensures security ofuser networks and helps to construct low-cost intelligent community networks. Port isolationalso limits unnecessary broadcast packets and thus increases network throughput.

Packet FilteringPacket filtering is used to filter out invalid or unwanted packets.

The S2300 filters packets based on user-defined rules. For example, it filters packets by checkingthe MAC address, IP address, port number, and VLAN ID of packets. Packet filtering does notcheck the session status or analyze the data. By filtering packets, the S2300 can effectivelycontrol the packets passing through it.

4.4.3 Security AuthenticationThe 802.1x protocol is a port-based network access control protocol. It authenticates and controlsaccess devices on a LAN based on interfaces. A user device can access resources on the LANonly after it passes the authentication on the access interface.

MAC address-based authentication controls the network access authority of a user based on theaccess interface and MAC address of the user. The user does not need to install any authentication


Product Description


Issue 02 (2010-12-01)

client software. After detecting the MAC address of the user for the first time, the device startsauthenticating the user. During the authentication, the user does not need to enter the user nameor password.

4.5 ReliabilityThe S2300 supports MSTP to eliminate broadcast storms on a network and provide backup linksfor data transmission.

The S2300 provides the root protection function. When the designated port receives a BPDU ofhigher priority, it remains the designated port for a certain period of time to protect the role ofthe root switch. This prevents the network topology from changing by mistake.

The S2300 provides the loop protection function. When the root port cannot receive any BPDUfrom the upstream device, it enters the Blocking state and stops forwarding packets. At the sametime, no new root port is elected. This prevents loops on the network.

4.6 LLDPThe S2300 supports the Link Layer Discovery Protocol (LLDP) that conforms to IEEE 802.1ab.LLDP is a link layer protocol used for interconnected devices to obtain the connectioninformation of each other.

Using LLDP, the local NMS can obtain the link layer information of all devices on the localnetwork and details about the network topology. Thus the NMS can manage a larger area on thenetwork.

The LLDP-enabled interfaces on the S2300 periodically notify the neighbors of its own status.If the status of an interface changes, the interface sends status update messages to the directlyconnected neighboring device. The neighboring device stores the status update message in thestandard SNMP MIB. Then the NMS can obtain the link layer information of the network fromthe MIB to calculate the topology of the entire network.

4.7 NQAWith the development of value-added services, users and carriers demand increasingly high QoS.After voice over IP and video over IP services are launched, carriers and users all tend to signService Level Agreements (SLAs). To show whether the committed bandwidth meets users'requirement, network carriers need to know the network performance in time according tostatistical parameters such as the delay, jitter, and packet loss ratio on network devices.

The S2300 supports Network Quality Analysis (NQA). NQA tests the performance of differentprotocols running on a network so that carriers can collect the network performance indexes ofnetworks in real time, such as the total delay of the Hypertext Transfer Protocol (HTTP) service,delay in the Transmission Control Protocol (TCP) connection, file transmission speed, and delayin File Transfer Protocol (FTP) connection. By controlling these indexes, carriers can providenetwork services of different levels and charge services differently. NQA is also an effectivetool for diagnosing and locating faults on a network.



4-7

4.8 Cluster ManagementThe Huawei Group Management Protocol (HGMP) is a Huawei proprietary protocol used tomanage multiple S2300s or other switches through one S2300. In HGMP implementation, theNeighbor Discovery Protocol (NDP) is used to collect information about directly connectedneighbors including the device type, software version, hardware version, connected interface,and member ID. The Network Topology Discovery Protocol (NTDP) is used to collect topologyinformation.

As defined in HGMP, a management domain (namely a cluster) consists of a command switchand multiple member switches. The S2300 can function as a command switch or a memberswitch.

l Member switchA member switch is managed by the command switch. Member switches are usually Layer2 switches and do not need public IP addresses. When the S2300 functions as a memberswitch, it is managed by a high-end device.

l Command switchThe command switch functions as the proxy of the external network management stationor server to manage the member switches of a cluster. It has a public IP address and canmanage other switches.

In actual application, the S2300 usually functions as a member switch.

HGMP saves IP addresses by managing devices in a cluster.

4.9 StackingStacking means that the switches located in the same place are connected through the stackingcable or high-speed uplink interfaces, and thus the switches form a reliable switch group. In aswitch group, the S2300s are connected through the stack interfaces multiplexed with uplinkGE interfaces. Through stacking, the user can manage and maintain the switches uniformly;therefore, the stacking reduces the maintenance cost of the user.The stacked switches must beof the same type.

4.10 Web ServerUsers can manage network devices through the GUI provided by the Web Server. This reducesrequirements for junior maintenance personnel.


Product Description


Issue 02 (2010-12-01)

5 Networking and Applications

About This Chapter

5.1 Application in a MAN

5.2 VLAN Mapping

5.3 Application in IPTV Services

5.4 End-to-End QoS

5.5 Partitioned STP at Access and Convergence Layers

5.6 Cluster Management

Quidway S2300 Series Ethernet SwitchesProduct Description 5 Networking and Applications


5-1

5.1 Application in a MAN

Figure 5-1 Application of the S2300 in a MAN

IP/MPLS Core

STP

SwitchA

SwitchBSwitchC

SwitchD

SwitchE

LANSwitch DSLAM

AMG

Intranet Intranet

SOHOI Residentalarea

Commericalcenter

Residentalarea

STP

BRASBRAS

Router

In a MAN, the S2300 provides the following functions:

l SwitchD and switchE are directly connected to the user hosts and aggregate the user servicesto switchB.

l SwitchA, SwitchB, and SwitchC form an STP ring, and SwitchB, SwitchD, and SwitchEform another STP ring. The rings improve service reliability through the rapid switchovermechanism.

5.2 VLAN MappingThe S2300 provides the VLAN mapping function. Figure 5-2 shows the networking of VLANmapping.

5 Networking and ApplicationsQuidway S2300 Series Ethernet Switches

Product Description


Issue 02 (2010-12-01)

Figure 5-2 VLAN mapping networking

Accessconvergence

networkBRAS BRAS

Router

Switch

AMGLAN SwitchDSLAM

VLAN101-500

PSTN

Videoserver

V50 V350 V850

Residentialarea

V450 V450

ISP networkVLAN1-1000

User networkVLAN101-500VLAN401-600

VLAN401-600

TMG

InternetInternetInternetInternet

V450

VLAN401-700

SOHO

Intranet

VLAN401-700

After VLAN mapping is configured, ISPs need to manage only VLAN tags on the MAN, anddifferent user networks can use same VLAN tags. The S2300 aggregates traffic from usernetworks to the ISP network and implements VLAN mapping between user networks and theISP network. VLAN mapping implements communication between VLANs and facilitatesservice deployment.

When the S2300 receives service packets sent from a user network to the ISP network, it replacesthe C-VLAN tag of the packets with the S-VLAN tag specified by the ISP. For example:

l Replaces C-VLAN 450 of Small Office/Home Office (SOHO) with S-VLAN 850.l Replaces C-VLAN 450 of the residential community with S-VLAN 50.l Replaces C-VLAN 450 of an enterprise intranet with S-VLAN 350.

When receiving service packets sent from the ISP network to an enterprise intranet, the S2300replaces the S-VLAN tag with the C-VLAN tag of the enterprise intranet.

5.3 Application in IPTV ServicesFigure 5-3 shows the application of the S2300 in IPTV services.



5-3

Figure 5-3 Application of the S2300 in IPTV services

IP/MPLSCore

Video stream

VideoserverNSM

STP

DSLAMDSLAM

DSLAM

Accessconvergence

network

STB STB

STB

BTV BTV

BTV

Router

SwitchASwitchB

SwitchC

SwitchD

SwitchC and SwitchD function as UPEs and provide the IGMP snooping function. They canserve as the replication and control point for multicast services at the access layer of the MANto meet the demand for large-capacity multicast services. The DSLAM provides the IGMP proxyfunction to control the user access to multicast services based on the user authority configuredon the NSM.

In addition, SwitchA, SwitchB, SwitchC, and SwitchD allow interfaces to join or leave multicastgroups quickly, which implements fast switching of services.

5.4 End-to-End QoSThe S2300 provides the end-to-end QoS function. Figure 5-4 shows the networking where theend-to-end QoS is configured.


Product Description


Issue 02 (2010-12-01)

Figure 5-4 End-to-end QoS provided by the S2300

SwitchB

IP/MPLS core

BRAS

AMGDSLAM

STP

STP

LAN Switch

Phone

upstreamdownstream

SOHO

IntranetBTV

STB

SwitchA

SwitchC

SwitchDSwitchE

SwitchF

SwitchC, switchD, switchE, and switchF function as the UPEs, and switchA and switchBfunction as UPE or PE-AGG. The UPE or PE-AGG provides end-to-end QoS guarantee for theservices on the LAN switch and DSLAM.

l At the ingress of the access and convergence layer, the S2300 classifies data, voice, andvideo services. The S2300 then polices traffic and re-marks the precedence of packets.

l At the egress of the access and convergence layer, the S2300 performs queue schedulingand rate limit.

By mapping 802.1p priorities to different packets, the S2300 provides end-to QoS guarantee forthe entire network.

5.5 Partitioned STP at Access and Convergence LayersFigure 5-5 shows the networking of partitioned STP supported by the S2300.



5-5

Figure 5-5 Partitioned STP supported by the S2300

Accessconvergence

network

Residential area A

SwitchJ

SwitchH

IP/MPLScore

SwitchA

SwitchC

Intranet C Residential area B

Intranet D

SwitchDSwitchB

SwitchE

SwitchF

RouterRouter

As shown in the figure, enterprise intranets C and D, and residential communities A and B areall connected to a MAN. SwitchA, SwitchB, SwitchC, and SwitchD function as UPEs andconnect to the enterprise intranets and residential communities directly. The UPEs are dualhomed to SwitchE, SwitchF, SwitchH, and SwitchJ to improve link reliability.

l Each UPE is dual homed to the MAN and forms a partitioned STP network with two PE-AGGs. For example, SwitchA, SwitchE, and SwitchJ form a partitioned STP network.

l SwitchC and SwitchD at the egress of the intranets are on the same VLAN with SwitchE,SwitchF, SwitchH, and SwitchJ. BPDUs of intranet C and intranet D are transmittedtransparently on this VLAN.

l SwitchA and SwitchB at the ingress of the residential communities are on the same VLANwith SwitchE, SwitchF, SwitchH, and SwitchJ. BPDUs of community A and communityB are transmitted transparently on this VLAN.

l SwitchE, SwitchF, SwitchH, and SwitchJ on the MAN support BPDU tunneling and MSTPsnooping.

The partitioned STP technology enables BPDUs of a user network to be transmitted transparentlyon the ISP network so that the user network can calculate a uniform spanning tree. In this way,users on the same network can communicate with each other even though they are in differentgeographical locations. In addition, the user network and ISP network use independent spanningtrees.

5.6 Cluster ManagementFigure 5-6 shows the networking of the cluster management function provided by the S2300.


Product Description


Issue 02 (2010-12-01)

Figure 5-6 Cluster management provided by the S2300

IP/MPLS core

Residentialarea

STP/RRPP

NSM

DSLAMSOHO

Buildingcorridor

AMG

Commercialcenter

Phone

Intranet

BuildingcorridorResidential

area

SwitchA

SwitchB SwitchC

SwitchD

As shown in the figure, the network is divided into three HGMP domains, which are managedby SwitchB, SwitchC, and SwitchD respectively. SwitchB, SwitchC, and SwitchD collect andmaintain information about Layer 2 switches in each domain and manage and maintain Layer 2switches uniformly.

Cluster management enables the network administrator to manage a large number of scatteredLayer 2 switches conveniently and implements fast deployment of Layer 2 switches. In addition,cluster management saves IP addresses and reduces the OPEX.



5-7

6 Maintenance and Network ManagementSystem

About This Chapter

6.1 Maintenance and Management

6.2 U2000 Network Management System

Quidway S2300 Series Ethernet SwitchesProduct Description 6 Maintenance and Network Management System


6-1

6.1 Maintenance and Management

6.1.1 Various Configuration Methods

6.1.2 Monitoring and Maintenance

6.1.3 Diagnosis and Debugging

6.1.4 Software Upgrade and In-Service Patching

6.1.5 Hardware Fault Handling

6.1.1 Various Configuration Methods

Configuration ModesThe S2300 supports the following configuration and management modes:

l Command lineA user connects to the console port of the S2300 through the console terminal, and thenconfigures various functions and sets parameters in the command line interface (CLI).

l Network management stationA user configures and manages the S2300 through the SNMP protocol.

l HGMPA user logs in to the S2300 to manage Layer 2 switches or other S2300s in the same clusterbased on HGMP.

l AutoConfigWhen the S2300 starts with the default configuration file, a user can automatically obtainand run the configuration file through AutoConfig.

Login ModesThe S2300 provides a console port. A user can connect to the console port through the serialport on a console terminal, and then configure the S2300 locally or remotely.

In addition, the user can telnet to the service interface of the S2300 for configuration andmanagement.

The S2300 supports multiple authentication modes, including non-authentication, localauthentication, and AAA.

6.1.2 Monitoring and Maintenance

Hardware MonitoringThe S2300 provides the following hardware monitoring functions:

l Sends a trap when the temperature of the device becomes abnormal.l Provides the re-detection function to prevent incorrect detection because of instant

interference.

6 Maintenance and Network Management SystemQuidway S2300 Series Ethernet Switches

Product Description


Issue 02 (2010-12-01)

l Checks version matching automatically when the system is running.l Sends the Dying gasp trap to the upper-layer device before power-off.

Device Management and MaintenanceThe S2300 provides various management and maintenance functions:

l Provides flexible online help for the command line in Chinese or English.l Provides hierarchical commands and user authority management.l Provides an information center to uniformly manage logs, traps, and debugging information

and redirects information as required.l Provides the electronic labels. A user can view the basic information about the SCU and

optical modules through the CLI, and back up the information to an external server throughFTP.

l Supports the display of the software version, module status, ambient temperature, CPUusage, and memory usage.

6.1.3 Diagnosis and Debugging

Ping and TraceRouteOn traditional IP networks, the S2300 provides the following tools to check networkconnectivity:

l Pingl TraceRoute

DebuggingThe S2300 provides various debugging commands for each software feature. Each debuggingcommand supports multiple parameters and can be flexibly controlled. The debuggingcommands display the detailed information about processes, packet receiving and sending, anderror check during the running of a feature.

Black BoxThe S2300 provides the black box function to record information on the feature modules, tasks,and events. In addition, the black box records the final results, process status, and function callingtrack to facilitate fault location.

MirroringThe S2300 supports interface- or flow-based mirroring on a single switch. In addition, it supportsthe interface-based remote mirroring among multiple switches.

l Port mirroringThe incoming traffic, outgoing traffic, or both incoming and outgoing traffic at an observedinterface is completely copied to an observing interface.

l Flow mirroringThe traffic at an observed interface is completely copied to an observing interface.



6-3

l Remote mirroring

With the Remote Switched Port Analyzer (RSPAN), the observing interfaces and observedinterfaces can be located on different switches on the network. This facilitates the remotemanagement on the switches through NMS.

By connecting a monitoring host to an observing interface on the S2300, a network administratorcan easily observe the packets that pass through the S2300 in real time. The mirroring resultserves as a basis for traffic detection, fault location, and data analysis.

6.1.4 Software Upgrade and In-Service Patching

Software Upgrade

The S2300 controls the use of features through the license file and can detect the integrity andvalidity of the system software before the upgrade and provides various methods of upgradingthe software:

l Local upgrade

When the S2300 is powered on, the software can be loaded and upgraded through theBootROM menu.

l Remote in-service upgrade

When the S2300 runs normally, it can download the software through FTP or TFTP. Thenew software is run when the S2300 is restarted. This realizes the remote seamless softwareupgrade.

In-Service Patching

The S2300 supports in-service patching to protect services from being affected when a patch isinstalled. The software can be restored to the earlier version, and the device data before and afterin-service patching is recorded.

In addition, the S2300 provides the one-key operation for patches. That is, based on the slot IDof a board, a user can quickly obtain information about the compatibility of a patch and thesystem software, status of a patch, and history operations of a patch.

6.1.5 Hardware Fault HandlingThe S2300 supports automatic and manual intervention when a hardware fault occurs, forexample, a chip on a board fails. The maintenance personnel can locate a hardware fault andhandle it quickly to shorten service interruption.

6.2 U2000 Network Management SystemThe S2300 uses the Huawei U2000 as a centralized NMS. The U2000 supports a multi-languagegraphical user interface (GUI) for convenient and visualized operations. The U2000 alsoprovides northbound interfaces for connecting to a third-party NMS so that it can work withother NMSs of carriers.

6.2.1 Network Management Modes

6.2.2 U2000


Product Description


Issue 02 (2010-12-01)

6.2.1 Network Management ModesThe NMS can manage the S2300 in two modes: inband and outband.

Inband Management

In inband management mode, the network management information is transmitted through theservice channel of the S2300, and no additional communications network is required betweenthe NMS and the S2300. The network administrator simply needs to connect the NMS to theadjacent network devices and set the SNMP parameters.

The inband management mode features flexible networking and does not rely on geographicallocations. In addition, it guarantees the channel security better than the outbound managementmode. However, the network management information consumes bandwidth of the servicechannel. And if the service channel fails, the NMS cannot manage the S2300 remotely.

Outband Management

In outbound management mode, an independent network needs to be set up between theS2300 and the NMS so that the network management information is separated from the serviceinformation.

This mode ensures reliable transmission of the network management information and the NMScan still manage the S2300 when the service channel fails. However, the independent NMSnetwork is limited by geographical locations.

6.2.2 U2000The U2000 can display the software version, and save and restore configuration files and VRPmapping programs. The U2000 also supports in-service patching for the S2300 through CLI.

The U2000 provides the following functions.

Resource Management

The U2000 provides resource management to help you easily manage network resourcesincluding devices, boards, interfaces, and links on a large and complicated network. Throughthe U2000, you can query and manage resources of the S2300 and locate abnormal resourceson the network.

View Management

The U2000 provides a unified topology view of all devices on a network to help you obtainnetwork information directly and conveniently. The U2000 provides a powerful topologymanagement function. You can browse device information in the system topology view, protocoltopology view, and user-defined view. In addition, the U2000 provides friendly interfaces foroperation and maintenance of the network and devices.

The protocol topology views include the HGMP view and Ethernet view, which cover thetopologies of various networking modes and network layers of the S2300. These views supportautomatic topology discovery to reflect changes of the network topology and device status inreal time.



6-5

Configuration ManagementConfiguration management is used to configure the S2300 and it supports management ofdevices, interfaces, VLANs, Layer 2 features, software upgrade, and configuration files. theU2000 provides personalized configuration modes such as end-to-end configuration, batchconfiguration, and configuration wizard, and provides default configuration templates.

Fault ManagementFault management is an important and commonly used management method for maintainingnetworks. Through the GUI, you can query and monitor the running status and faults of theS2300 in real time, filter faults, locate faults, confirm faults, and analyze faults. The U2000 cangenerate alarm sounds or display alarms on the alarm panel. It can be connected to an alarm boxfor convenient routine maintenance.

Performance ManagementThe U2000 can collect performance data, monitor the device performance, and analyze thecollected data. It provides various reports and charts about device performance. In addition, theU2000 can display the CPU usage, memory usage, and device ports. The U2000 collects statisticsabout device load and user access so that you can know the QoS of the network and thus assessand adjust network resource configuration in time.

Performance management serves resource management, and performance data is displayed onthe GUI in iWeb mode.

Security ManagementThe U2000 provides various measures for security management. Users are authenticateduniformly on the U2000 and their operation authority is configured based on the minimumgranularity principle. The U2000 authenticates users strictly to ensure system security. It alsoprovides detailed operation logs for you to query and analyze user operations.

Security management supports user management, access control, user group management, andoperation management.


Product Description


Issue 02 (2010-12-01)

7 System Technical Specifications

About This Chapter

7.1 Physical Specifications

7.2 Optical Module Attributes

7.3 System Configuration

7.4 List of Software Features

Quidway S2300 Series Ethernet SwitchesProduct Description 7 System Technical Specifications


7-1

7.1 Physical Specifications

Table 7-1 Physical specifications

Item Description

Dimensions (width x depth x height) l S2309TP-SI/EI: 250.0 mm x 180.0 mm x 43.6mm

l S2318TP-SI/EI: 442.0 mm x 220.0 mm x 43.6mm

l S2326TP-SI/EI: 442.0 mm x 220.0 mm x 43.6mm

l S2352P-EI: 442.0 mm x 220.0 mm x 43.6 mml S2309TP-PWR-EI: 320.0 mm x 220.0 mm x 43.6

mml S2326TP-PWR-EI: 442.0 mm x 420.0 mm x 43.6

mm

Maximum power (full configuration) l S2309TP-SI/EI: 12.8 Wl S2318TP-SI/EI: 14.5 Wl S2326TP-SI/EI: 15.5 Wl S2352P-EI: 38 Wl S2309TP-PWR-EI: 154 W (Dissipated power: 30

W, PoE: 124 W)l S2326TP-PWR-EI: 868 W (Dissipated power:

128 W, PoE: 740 W)NOTE

PoE power supplies are classified into 250 W PoE powersupply and 500 W PoE power supply. A 250 W PoE powersupply provides a maximum of 130 W power for PDs and120 W power for the switch. A 500 W PoE power supplyprovides a maximum of 380 W power for PDs and 120 Wpower for the switch.

Weight Non-PWR: ≤ 3.5 kgPWR: ≤ 8 kg

DC input voltage Ratedvoltage

–48V DC to –60V DC

Maximum voltage

–36V DC to –72V DC

AC input voltage Ratedvoltage

100V AC to 240V AC

Maximum voltage

90V AC to 264V AC

7 System Technical SpecificationsQuidway S2300 Series Ethernet Switches

Product Description


Issue 02 (2010-12-01)

Item Description

Temperature Long-termoperatingtemperature

-5°C to 50°C

Short-termoperatingtemperature

-5°C to 55°C

Storagetemperature

-40°C to 70°C

Relative humidity 10%RH to 90%RH

Altitude Long-termoperatingaltitude

0 m to 2000 m

Storagealtitude

0 m to 2000 m

7.2 Optical Module Attributes

Table 7-2 Attributes of the SFP (FE) optical module

Attribute Specification

Transmissiondistance

2 km

Centerwavelength

1310 nm

Transmittingpower

-19.0 dBm to -14.0 dBm

Receiversensitivity

-30.0 dBm

Overload power -14.0 dBm

Extinction ratio 10 dB

Type of theopticalconnector

LC



7-3


Fiber type Multi-mode

Table 7-3 Attributes of the ESFP (FE) optical module



15 km 15 km(single-modebidirectionalfiber)

15 km(single-modebidirectionalfiber)

40 km 80 km

Centerwavelength

1310 nm Sending:1310 nmReceiving:1550 nm

Sending:1550 nmReceiving:1310 nm

1310 nm 1550 nm

Transmittingpower

-15.0 dBm to-8.0 dBm



-5.0 dBm to0 dBm

-5.0 dBm to0 dBm

Receiversensitivity

-28.0 dBm -32.0 dBm -32.0 dBm -34.0 dBm -34.0 dBm

Overloadpower

-8.0 dBm -8.0 dBm -8.0 dBm -10.0 dBm -10.0 dBm

Extinctionratio

8.2 dB 8.5 dB 8.5 dB 10.0 dB 10.0 dB

Type of theopticalconnector

LC LC/PC LC/PC LC LC

Fiber type Single mode Single mode Single mode Single mode Single mode

Table 7-4 Attributes of the ESFP (GE) optical module

Attribute

Specification


0.5 km 10 km 10 km(single-modebidirectionalfiber)

10 km(single-modebidirectionalfiber)

40 km 40 km 80 km 100 km


Product Description


Issue 02 (2010-12-01)

Attribute

Specification

Centerwavelength

850 nm 1310nm

Sending: 1310nmReceiving:1490nm

Sending: 1490nmReceiving:1310nm

1550nm

1310nm

1550nm

1550nm

Transmittingpower

-9.5dBm to-2.5dBm

-9.0dBm to-3.0dBm

-9.0dBm to-3.0dBm

-9.0dBm to-3.0dBm

-5.0dBm to0 dBm

-5.0dBm to0 dBm

-2.0dBm to5.0dBm

0 dBmto 5.0dBm

Receiversensitivity

-17.0dBm

-20.0dBm

-19.5dBm

-19.5dBm

-22.0dBm

-22.0dBm

-22.0dBm

-30.0dBm

Overload power

0 dBm -3.0dBm

-3.0dBm

-3.0dBm

-3.0dBm

-3.0dBm

-3.0dBm

-9.0dBm

Extinction ratio

9.0 dB 9.0 dB 6.0 dB 6.0 dB 8.5 dB 9.0 dB 9.0 dB 8.0 dB

Type oftheopticalconnector

LC LC LC LC LC LC LC LC

Fibertype

Multi-mode

Singlemode

Singlemode

Singlemode

Singlemode

Singlemode

Singlemode

Singlemode

Table 7-5 Attributes of the ESFP (CWDM) optical module

Attribute

Specification


80 km 80 km 80 km 80 km 80 km 80 km 80 km 80 km

Centerwavelength

1571nm

1591nm

1551nm

1511nm

1611nm

1491nm

1531nm

1471nm

Transmittingpower

0 dBmto 5.0dBm

0 dBmto 5.0dBm

0 dBmto 5.0dBm

0 dBmto 5.0dBm

0 dBmto 5.0dBm

0 dBmto 5.0dBm

0 dBmto 5.0dBm

0 dBmto 5.0dBm



7-5

Attribute

Specification

Receiversensitivity

-28.0dBm

-28.0dBm

-28.0dBm

-28.0dBm

-28.0dBm

-28.0dBm

-28.0dBm

-28.0dBm

Overload power

-9.0dBm

-9.0dBm

-9.0dBm

-9.0dBm

-9.0dBm

-9.0dBm

-9.0dBm

-9.0dBm

Extinction ratio

8.5 dB 8.5 dB 8.5 dB 8.5 dB 8.5 dB 8.5 dB 8.5 dB 8.5 dB

Type oftheopticalconnector

LC LC LC LC LC LC LC LC

7.3 System Configuration

Table 7-6 System configuration

Item Parameter

Processor Dominant frequency: 200 MHz

Switching capacity l S2309: 3.6Gbit/sl S2318: 7.2Gbit/sl S2326: 8.8Gbit/sl S2352: 17.6Gbit/s

Packet forwardingcapacity

l S2309: 2.68 Mppsl S2318: 5.36 Mppsl S2326: 6.55 Mppsl S2352: 13.1 Mpps

DDR memory 128 MB for S2352 and 64 MB for others

Flash Memory 16 MB


Product Description


Issue 02 (2010-12-01)

7.4 List of Software Features

Table 7-7 List of software features

Attribute Description

Ethernetfeatures

Ethernet l Operating modes, including full duplex, half duplex, andauto-negotiation

l Operating rates of an Ethernet interface, including 10 Mbit/s, 100 Mbit/s, 1000 Mbit/s, and auto-negotiation

l Flow control on interfacesl Jumbo framesl Link aggregationl Load balancing among the links of a trunkl Port isolation and forwarding restriction on portsl Traffic suppression

VLAN l Access modes of access, trunk, hybrid, and QinQl Default VLANl VLAN mappingl Voice VLAN

MAC l Automatic learning and aging of MAC addressesl Static, dynamic, and blackhole MAC address entriesl Packet filtering based on source MAC addressesl Limitation on MAC address learning on interfaces

ARP l Static and dynamic ARP entriesl ARP on a VLANl Aging of ARP entries

LLDP LLDP

Ethernetloopprotection

MSTP l STPl RSTPl MSTPl BPDU protection, Root protection, loop protectionl Partitioned STP and BPDU tunnels

Layer 2multicast

Layer 2multicast

l IGMP snoopingl Prompt leavel Multicast traffic controll Controllable multicast



7-7


QoS Trafficclassification

l Traffic classification based on the combination of the L2protocol header, IP quintuple, outgoing interface, and802.1p field

l Traffic classification based on the C-VID and C-PRI ofQinQ packets

Trafficbehaviors

l Access control after traffic classificationl Traffic policing based on traffic classificationl Re-marking based on traffic classificationl Class-based packet queuingl Combination of traffic classification and traffic behaviors

Queuescheduling

l PQl WRRl PQ+WRR

Congestionavoidance

l SRED

Rate limit oninterfaces

Rate limit on interfaces

Configuration andmaintenance

Terminalservice

l Configurations through command linesl Help information in English and Chinesel Login through console and Telnet terminalsl Information exchange between terminals through the send

function

File system l File systeml Directory and file managementl File upload and download through FTP or TFTP

Debuggingandmaintenance

l Centralized management of logs, alarms, and debugginginformation

l Electronic labell User operation logsl Detailed debugging information for diagnosing network

faultsl Network test tools such as traceroute and ping commandsl Interface mirroring and flow mirroring

Versionupgrade

l Software loading on the entire equipment and onlinesoftware loading

l Online upgrade of the BootROMl In-service patching


Product Description


Issue 02 (2010-12-01)


Securityandmanagement

Systemsecurity

l Hierarchical command line protection to preventunauthorized users from accessing the S2300

l SSH v2.0l RADIUS authentication and HWTACACS authenticationl ACL filteringl DHCP packet filtering (with Option 82)l Defense against control packet attacksl Defense against attacks of source address spoofing, LAND,

SYN flood (TCP SYN), smurf, ping flood (ICMP echo),Teardrop, and Ping of Death

Networkmanagement

l Ping and traceroutel SNMPv1/v2c/v3l Standard MIBl RMON

Clustermanagement

l HGMPv2l S2300 functioning as the command switchl S2300 functioning as the member switchl S2300 joining cluster automaticallyl Member switches using private IP addressesl Logging in to the member switch through Telnet



7-9

product description - Üdvözöljük a...

Documents