Scalability-IRF technology allows switches to use interconnection cables to achieve multi-device expansion, with a maximum of 384 10/ 100M ports; It has plug-and-play and single IP management, and greatly reduces the cost of system expansion.
Reliability-Through patented routing hot backup technology, redundant backup and uninterrupted three-layer forwarding of all information of control plane and data plane are realized in the whole stacking architecture, which greatly enhances the reliability and performance of the stacking architecture, eliminates single point of failure and avoids business interruption.
Distributed —— Using distributed link aggregation technology, multiple uplinks can share the load and backup each other, thus improving the redundancy of the whole network architecture and the utilization rate of link resources. At present, the campus network is facing more and more security threats and challenges. How to achieve safe access control and prevent diseases from entering the mouth? How to locate and check the attack source? How to monitor all kinds of traffic in the network? H3C S3600 series switches provide users with brand-new technical features and solutions in terms of security strategy.
802. The traditional authentication method of1x only solves the problem of the user's authority, but can't do anything about the security state of the user terminal. Viruses can enter network systems and application systems through infected terminals of legitimate users. H3C S3600 series switches support EAD (Endpoint Access Defense) function. Through the background system, terminal security measures such as terminal antivirus and patch repair can be integrated with network security measures such as network access control and access authority control into a linked security system. Through the inspection, isolation, repair, management and monitoring of network access terminals, the whole network has changed from passive defense to active defense, from single point defense to comprehensive defense, from decentralized management to centralized policy management, and the virus management level of the network has been improved.
The mirroring function of traditional switches to ports is realized locally, and the mirrored data stream cannot be collected, monitored and analyzed at the core through the network. H3C S3600 supports cross-switch remote port mirroring function (RSPAN), which can mirror the traffic of access ports to core switches (such as S9500/7500), start the Netstream function on the core, and cooperate with XLOG system to monitor the traffic and traffic of monitoring ports, optimize deployment and monitor malicious attacks.
Traditional industries and campus networks have greatly simplified the distribution and management of network addresses after adopting DHCP technology. But at the same time, in an unsafe campus network (such as campus network), there are security incidents and hidden dangers such as malicious address deception, unauthorized modification of IP address, and unauthorized setting of DHCP server. H3C S3600 series switches provide DHCP listening function. By establishing and maintaining the binding table of DHCP Snooping, we can intercept the MAC address, IP address, lease term, VLAN-ID interface and other information of access users, and solve the problem of IP and port tracking and positioning of DHCP users. At the same time, illegal messages (ARP spoofing messages, messages that modify the IP address without authorization) that do not meet the binding table entries are directly discarded to ensure the authenticity and consistency of the DHCP environment. At the same time, the trust port feature of DHCP Snooping can ensure the legitimacy of DHCP server.
H3C S3600 series switches also support unique ARP intrusion detection function, which can effectively prevent hackers or attackers from carrying out increasingly popular "ARP spoofing attacks" through ARP packets, and directly discard illegal ARP spoofing messages that do not conform to DHCP Snooping dynamic binding table or manually configure static binding table. At the same time, it supports IP source checking function to prevent DoS attacks caused by illegal address spoofing, including MAC spoofing, IP spoofing, MAC/IP spoofing and large traffic address spoofing. According to the business type, it can be roughly divided into data, voice, video, multimedia and so on. Such as the requirements of different services on the basic network, such as bandwidth, priority, delay, end-to-end QoS guarantee, etc. It needs to be set and adjusted manually, so the adaptability of the network is impossible. Therefore, the basic network of IToIP should be a system that automatically perceives and adapts to service changes, and can automatically generate, distribute, adjust and optimize network parameters required by services.
For example, for voice services, deploying a large number of IP phones requires configuration and remote power supply. H3C S3600 series switches solve the problems of intelligent detection, power supply and priority adjustment of such devices by supporting voice VLAN technology and intelligent POE technology.
Voice VLAN technology means that the switch can identify the voice traffic of a port, add the corresponding access port to voice VLAN (dedicated voice VLAN), provide a dedicated channel for voice traffic, and automatically issue priority rules to ensure the priority transmission of voice traffic and ensure the quality of the call. At the same time, by setting the security features of voice VLAN, only voice traffic is allowed to pass, which can effectively prevent the impact of sudden data traffic in voice VLAN on voice traffic.
PoE (Power over Ethernet) technology refers to remote power supply for connected devices (such as IP phones and wireless AP). ) Through Ethernet, there is no need to deploy a separate power supply system for the equipment at the use site, which can greatly reduce the wiring and management costs of deploying terminal equipment. PoE technology conforms to the 802.3af standard, which supplies power to the outside through Ethernet port and -48V DC power through data cable. When the PD device is plugged into the port, the switch will automatically detect the PD device, classify the power supply, and decide whether to supply power to the device and allocate power supply according to the current remaining power supply, port power supply priority configuration, port minimum power supply configuration and other parameters. Through the combination of PoE technology and voice VLAN technology, a complete voice equipment management scheme can be provided. H3C S3600 series switches not only support highly reliable IRF technology, but also support traditional STP/RSTP/MSTP and Smart Link two-layer link protection technology, which greatly improves redundant backup of links, improves fault tolerance and ensures the stable operation of the network.
Support VRRP virtual routing redundancy protocol, and establish VRRP backup group with other three-layer switches. In the case of failure, redundant routing topology is constructed to maintain the continuity and reliability of communication and effectively ensure the stability of the network.
ECMP (Equivalent Routing) is supported, and redundant backup and load sharing of uplink routes are realized by configuring multiple equivalent paths.
Adopt AC /DC dual-input design, the equipment can use AC power input or DC power input, and there is a hot backup between them. H3C S3600 series switches support VCT (Virtual Cable Test) cable detection function, which is convenient to locate network fault points quickly.
Support DLDP (Device Link Detection Protocol), which can monitor the link status of optical fiber. If a unidirectional link is found, DLDP protocol will automatically close or notify the user to manually close the relevant ports according to the user's configuration to prevent network problems.
Support SNMP V 1/V2/V3, Open View and other common network management platforms, iMC intelligent management center. Support CLI command line, Web network management, Telnet, HGMP cluster management, making equipment management more convenient. By supporting various open standard MIBs and extended MIBs, we can provide perfect third-party management capabilities based on SNMP.