table of contents · 2011-11-28 · system description h3c s3600 series ethernet switches chapter 1...

System Description H3C S3600 Series Ethernet Switches Table of Contents

i

Table of Contents

Chapter 1 Product Overview ........................................................................................................ 1-1 1.1 Preface ............................................................................................................................... 1-1 1.2 System Features ................................................................................................................ 1-2 1.3 Service Features ................................................................................................................ 1-4

Chapter 2 Hardware Description .................................................................................................. 2-1 2.1 S3600-28P-SI Ethernet Switch .......................................................................................... 2-1

2.1.1 Appearance ............................................................................................................. 2-1 2.1.2 Console Port and LEDs ........................................................................................... 2-1 2.1.3 Attributes of the FE Ports ........................................................................................ 2-5 2.1.4 1000 Mbps SFP Port Attributes............................................................................... 2-5 2.1.5 Power Subsystem ................................................................................................... 2-6 2.1.6 Cooling Subsystem ................................................................................................. 2-6

2.2 S3600-28TP-SI Ethernet Switch ........................................................................................ 2-6 2.2.1 Appearance ............................................................................................................. 2-6 2.2.2 Console Port and LEDs ........................................................................................... 2-7 2.2.3 Attributes of the FE Ports ...................................................................................... 2-10 2.2.4 Attributes of 1000 Mbps SFP Ports ....................................................................... 2-11 2.2.5 Attributes of the GE Ports ..................................................................................... 2-11 2.2.6 Power Subsystem ................................................................................................. 2-12 2.2.7 Cooling Subsystem ............................................................................................... 2-12

2.3 S3600-52P-SI Ethernet Switch ........................................................................................ 2-12 2.3.1 Appearance ........................................................................................................... 2-12 2.3.2 Console Port and LEDs ......................................................................................... 2-13 2.3.3 Attributes of the FE Ports ...................................................................................... 2-13 2.3.4 Attributes of 1000 Mbps SFP Ports ....................................................................... 2-13 2.3.5 Power Subsystem ................................................................................................. 2-14 2.3.6 Cooling Subsystem ............................................................................................... 2-14

2.4 S3600-28P-EI Ethernet Switch ........................................................................................ 2-14 2.4.1 Appearance ........................................................................................................... 2-14 2.4.2 Console Port and LEDs ......................................................................................... 2-14 2.4.3 Attributes of the FE Ports ...................................................................................... 2-18 2.4.4 Attributes of 1000 Mbps SFP Ports ....................................................................... 2-18 2.4.5 Power Subsystem ................................................................................................. 2-19 2.4.6 Cooling Subsystem ............................................................................................... 2-19

2.5 S3600-28F-EI Ethernet Switch ........................................................................................ 2-19 2.5.1 Appearance ........................................................................................................... 2-19 2.5.2 Console port and LEDs ......................................................................................... 2-20


ii

2.5.3 Attributes of 100 Mbps SFP Ports ......................................................................... 2-24 2.5.4 Attributes of 1000 Mbps SFP Ports ....................................................................... 2-25 2.5.5 Attributes of the GE Ports ..................................................................................... 2-25 2.5.6 Power Subsystem ................................................................................................. 2-26 2.5.7 Cooling Subsystem ............................................................................................... 2-26

2.6 S3600-28P-PWR-EI Ethernet Switch .............................................................................. 2-26 2.6.1 Appearance ........................................................................................................... 2-26 2.6.2 Console Port and LEDs ......................................................................................... 2-27 2.6.3 Attributes of the FE Ports ...................................................................................... 2-31 2.6.4 Attributes of 1000 Mbps SFP Ports ....................................................................... 2-31 2.6.5 Power System ....................................................................................................... 2-32 2.6.6 PoE ........................................................................................................................ 2-32 2.6.7 Cooling System ..................................................................................................... 2-32

2.7 S3600-28P-PWR-SI Ethernet Switch .............................................................................. 2-32 2.7.1 Appearance ........................................................................................................... 2-32 2.7.2 Console Port and LEDs ......................................................................................... 2-33 2.7.3 Attributes of the FE Ports ...................................................................................... 2-37 2.7.4 Attributes of 1000 Mbps SFP Ports ....................................................................... 2-37 2.7.5 Power System ....................................................................................................... 2-38 2.7.6 PoE ........................................................................................................................ 2-38 2.7.7 Cooling System ..................................................................................................... 2-38

2.8 S3600-52P-EI Ethernet Switch ........................................................................................ 2-38 2.8.1 Appearance ........................................................................................................... 2-38 2.8.2 Console Port and LEDs ......................................................................................... 2-39 2.8.3 Attributes of the FE Ports ...................................................................................... 2-39 2.8.4 Attributes of 1000 Mbps SFP Ports ....................................................................... 2-40 2.8.5 Power Subsystem ................................................................................................. 2-40 2.8.6 Cooling Subsystem ............................................................................................... 2-40

2.9 S3600-52P-PWR-EI Ethernet Switch .............................................................................. 2-40 2.9.1 Appearance ........................................................................................................... 2-40 2.9.2 Console Port and LEDs ......................................................................................... 2-41 2.9.3 Attributes of the FE Ports ...................................................................................... 2-41 2.9.4 Attributes of 1000 Mbps SFP Ports ....................................................................... 2-42 2.9.5 Power Subsystem ................................................................................................. 2-42 2.9.6 PoE ........................................................................................................................ 2-42 2.9.7 Cooling Subsystem ............................................................................................... 2-43

2.10 S3600-52P-PWR-SI Ethernet Switch ............................................................................ 2-43 2.10.1 Appearance ......................................................................................................... 2-43 2.10.2 Console Port and LEDs ....................................................................................... 2-43 2.10.3 Attributes of the FE Ports .................................................................................... 2-44 2.10.4 Attributes of 1000 Mbps SFP Ports ..................................................................... 2-44 2.10.5 Power Subsystem ............................................................................................... 2-45


iii

2.10.6 PoE ...................................................................................................................... 2-45 2.10.7 Cooling Subsystem ............................................................................................. 2-45

Chapter 3 Software Features ........................................................................................................ 3-1 3.1 Basic Features ................................................................................................................... 3-1

3.1.1 Link Aggregation ..................................................................................................... 3-1 3.1.2 Broadcast Suppression ........................................................................................... 3-1 3.1.3 VLAN ....................................................................................................................... 3-2 3.1.4 STP/RSTP/MSTP .................................................................................................... 3-2

3.2 Network Protocol Features ................................................................................................ 3-3 3.2.1 DHCP Client ............................................................................................................ 3-3 3.2.2 DHCP Relay ............................................................................................................ 3-4 3.2.3 UDP Helper ............................................................................................................. 3-4 3.2.4 DNS Client............................................................................................................... 3-4 3.2.5 DHCP Server........................................................................................................... 3-4 3.2.6 DHCP Snooping ...................................................................................................... 3-4

3.3 Routing Features ............................................................................................................... 3-5 3.3.1 Static Routing and Default Routing ......................................................................... 3-5 3.3.2 RIP .......................................................................................................................... 3-6 3.3.3 OSPF ....................................................................................................................... 3-6

3.4 Multicast Features ............................................................................................................. 3-6 3.4.1 IGMP Snooping ....................................................................................................... 3-6 3.4.2 IGMP ....................................................................................................................... 3-7 3.4.3 PIM-DM ................................................................................................................... 3-7 3.4.4 PIM-SM ................................................................................................................... 3-7 3.4.5 MVR ........................................................................................................................ 3-8

3.5 IRF ..................................................................................................................................... 3-8 3.5.1 Basic IRF ................................................................................................................. 3-8 3.5.2 Enhanced IRF ......................................................................................................... 3-8

3.6 QoS .................................................................................................................................... 3-9 3.6.1 Traffic Classification ................................................................................................ 3-9 3.6.2 Traffic Policing/Traffic Assurance ........................................................................... 3-9 3.6.3 Port Flow Control .................................................................................................... 3-9 3.6.4 Port Rate-Limiting ................................................................................................. 3-10 3.6.5 Port Mirroring......................................................................................................... 3-10 3.6.6 Traffic Mirroring ..................................................................................................... 3-10 3.6.7 Remote Port Mirroring ........................................................................................... 3-10 3.6.8 Queue Scheduling ................................................................................................. 3-10 3.6.9 Traffic Shaping ...................................................................................................... 3-12 3.6.10 Priority Tag .......................................................................................................... 3-12 3.6.11 QoS Profile .......................................................................................................... 3-12

3.7 web cache redirection ...................................................................................................... 3-13 3.8 NTP .................................................................................................................................. 3-13


iv

3.9 Security ............................................................................................................................ 3-14 3.9.1 Terminal Access User Classification ..................................................................... 3-14 3.9.2 SSH ....................................................................................................................... 3-14 3.9.3 Port Isolation ......................................................................................................... 3-15 3.9.4 Packet Filter .......................................................................................................... 3-15 3.9.5 IEEE 802.1X Authentication .................................................................................. 3-15 3.9.6 Centralized MAC Address Authentication ............................................................. 3-15 3.9.7 MAC Address Learning Limit ................................................................................ 3-16 3.9.8 MAC Address and Port Binding ............................................................................ 3-16 3.9.9 DUD Authentication ............................................................................................... 3-16 3.9.10 MAC Address Black Hole .................................................................................... 3-16 3.9.11 AAA/RADIUS/HWTACACS ................................................................................. 3-16 3.9.12 MAC-IP-Port Binding ........................................................................................... 3-17

3.10 Reliability ........................................................................................................................ 3-17 3.10.1 VRRP .................................................................................................................. 3-17

3.11 Cluster Management ..................................................................................................... 3-18 3.11.1 HGMP .................................................................................................................. 3-18

3.12 QinQ ............................................................................................................................... 3-18 3.12.1 QinQ .................................................................................................................... 3-18 3.12.2 QinQ BPDU Tunnel ............................................................................................. 3-19

3.13 GARP/GVRP.................................................................................................................. 3-19 3.13.1 GARP .................................................................................................................. 3-19 3.13.2 GVRP .................................................................................................................. 3-20

Chapter 4 System Maintenance and Management ..................................................................... 4-1 4.1 Simple and Flexible System Maintenance ......................................................................... 4-1

4.1.1 System Configuration .............................................................................................. 4-1 4.1.2 System Maintenance ............................................................................................... 4-1 4.1.3 System Test and Diagnosis .................................................................................... 4-1 4.1.4 Software Upgrade ................................................................................................... 4-1

4.2 Quidview NMS ................................................................................................................... 4-2 4.2.1 Topology Management ........................................................................................... 4-2 4.2.2 Configuration Management ..................................................................................... 4-2 4.2.3 Fault Management .................................................................................................. 4-2 4.2.4 Performance Management ...................................................................................... 4-2 4.2.5 Security Management ............................................................................................. 4-3

4.3 Web-Based Network Management .................................................................................... 4-3

Chapter 5 Networking Applications............................................................................................. 5-1 5.1 Broadband Ethernet Access for Residential Communities ................................................ 5-1 5.2 Application in Networks of Branches or Small-to Medium-Sized Enterprises ................... 5-1 5.3 Application in Large Enterprise and Campus Networks .................................................... 5-3 5.4 IRF Network Diagram ........................................................................................................ 5-3


v

Chapter 6 Guide to Purchase ....................................................................................................... 6-1 6.1 Purchasing the Switch ....................................................................................................... 6-1 6.2 Purchasing the SFP Interface Module ............................................................................... 6-2

System Description H3C S3600 Series Ethernet Switches Chapter 1 Product Overview

1-1

Chapter 1 Product Overview

1.1 Preface

H3C S3600 Series Ethernet Switches are wire speed L2/L3 Ethernet switches. They are intelligent network management switches intended for the use in a network environment where high performance, dense port distribution, and ease of installation are required.

Table 1-1 lists the models in the S3600 series:

Table 1-1 Models in the S3600 series

Model Power

supply unit (PSU)

Number of service

ports Number of 100

Mbps ports Number of 1000

Mbps uplink ports

Console port

H3C S3600-28P-SI

AC-input 28 24 10/100 Mbps (electrical) 4 (SFP) 1

H3C S3600-28TP-SI

AC-input 28 24 10/100 Mbps (electrical)

2 (SFP)

2 10/100/1000 Mbps (electrical)

1

H3C S3600-52P-SI

AC-input 52 48 10/100 Mbps (electrical) 4 (SFP) 1

H3C S3600-28P-EI

AC-input, DC-input 28 24 10/100 Mbps

(electrical) 4 (SFP) 1

H3C S3600-28F-EI

AC-input, DC-input 28 24 100 Mbps

(SFP)

2 (SFP)

2 10/100/1000 Mbps (electrical)

1

H3C S3600-28P-PWR-EI



H3C S3600-28P-PWR-SI



H3C S3600-52P-EI




1-2

Model Power

supply unit (PSU)

Number of service

ports Number of 100

Mbps ports Number of 1000

Mbps uplink ports

Console port

H3C S3600-52P-PWR-EI



H3C S3600-52P-PWR-SI



The S3600-SI series provide:

Basic routing functions and service features. Basic Intelligent Resilient Framework (IRF) where devices are connected through

fabric ports for centralized management. Support the feature includes DDM (Distributed Device Management).

The S3600-EI series provide:

Complex routing protocols and abundant service features. The Enhanced Intelligent Resilient Framework (IRF) feature, where the

IRF-supported switches that are of the same type (called units) are connected to form a “device union” or a fabric. Trough a fabric, you can (1) manage multiple devices but with one connection and one IP address, thus decreasing the overheads; (2) expand the network by adding devices as desired, thus protecting the existing investment; and (3) have high reliability of N + 1 redundancy, thus avoiding single point failures which can result in service interruption.

Support DDM (Distributed Device Management) Support DDR (Distributed Resilient Routing) Support DLA(Distributed Link Aggregation) through LACP and across devices

1.2 System Features

Table 1-2 System features of the S3600 series

Item S3600 series

Dimensions (width x height x depth)

440 x 43.6 x 260 mm (17.32 x 1.72 x 10.24 in.)

440 x 43.6 x420 mm (17.32 x 1.72 x 16.54 in.) (S3600-28P-PWR-EI, S3600-28P-PWR-SI, S3600-52P-PWR-EI, S3600-52P-PWR-SI)


1-3

Item S3600 series

Weight

S3600-28P-SI, S3600-28TP-SI, S3600-28P-EI, S3600-28F-EI: 3.5kg.

S3600-28P-PWR-EI, S3600-28P-PWR-SI: 5.8kg

S3600-52P-SI, S3600-52P-EI: 4kg

S3600-52P-PWR-EI, S3600-52P-PWR-SI: 6.2kg

Management port 1 console port

Service port

S3600-28P-SI: 24 x 10/100 Mbps electrical ports + 4 x 1000 Mbps SFP ports

S3600-28TP-SI: 24 x 10/100 Mbps electrical ports + 2 x 1000 Mbps SFP ports + 2 x 10/100/1000 Mbps electrical ports

S3600-52P-SI: 48 x 10/100 Mbps electrical ports + 4 x 1000 Mbps SFP ports

S3600-28P-EI: 24 x 10/100 Mbps electrical ports + 4 x 1000 Mbps SFP ports

S3600-28F-EI: 24 x 100 Mbps SFP ports + 2 x 1000 Mbps ports + 2 x 10/100/1000 Mbps electrical ports

S3600-28P-PWR-EI, S3600-28P-PWR-SI: 24 x 10/100 Mbps electrical ports + 4 x 1000 Mbps SFP ports

S3600-52P-EI: 48 x 10/100 Mbps electrical ports + 4 x 1000 Mbps SFP ports

S3600-52P-PWR-EI, S3600-52P-PWR-SI: 48 x 10/100 Mbps electrical ports + 4 x 1000 Mbps SFP ports

Input voltage

The S3600-SI series are AC-powered and the S3600-EI series can be AC-powered or DC-powered.

AC:

Rated voltage: 100 to 240 VAC; 50 to 60 Hz

Max. tolerance: 90 to 264 VAC; 50 to 60 Hz

DC:

Rated voltage: -48 to -60 VDC.

Maximum voltage: -36 to -72 VDC.

S3600-28P-PWR-EI, S3600-28P-PWR-SI, S3600-52P-PWR-EI, S3600-52P-PWR-SI input voltage: -53 to -55 VDC.


1-4

Item S3600 series

Power consumption (full load)

S3600-28P-SI, S3600-28P-EI, S3600-28TP-SI: 40W

S3600-28F-EI : 65W

S3600-52P-SI, S3600-52P-EI: 50W

S3600-28P-PWR-EI, S3600-28P-PWR-SI:

450W (AC)

Dissipated power: 150W PoE: 300W

430W (DC)


S3600-52P-PWR-EI, S3600-52P-PWR-SI:

465W (AC)


820W (DC)


Operating temperature 0 to 45oC

Operating humidity (non-condensing)

10% to 90%

1.3 Service Features

The software of the S3600 series is designed based on Huawei-3Com Comware. Table 1-3 summaries the available software features.

Table 1-3 Software features of the S3600 series

Feature S3600-SI series supports S3600-EI series supports

Wire speed L2 switching

Wire speed forwarding on all ports

Port capacity (24/28/52 ports): 4.8Gbps/12.8Gbps/17.6Gbps

Packet forwarding speed (24/28/52 ports): 3.57Mpps/9.53Mpps/11.78Mpps

Switching mode Store and forward


1-5


Virtual Local Area Network (VLAN)

4k IEEE 802.1Q-compliant VLANs

Port-based VLAN

Voice VLAN To discriminate and add IP telephony traffic to voice VLAN by MAC address

Broadcast/multicast/unicast suppression Port rate ratio and PPS based suppression

Loopback detection on ports

To detect and alarm short circuit that occurs to the data receiving and sending wires on ports

IP routing

The deep of IP routing table : 1k for SI series switched, 8k for EI series switches

Static routing

Routing Information Protocol-1/2 (RIP-1/2)

–– Open Shortest Path First (OSPF)

–– 3 Equal Cost Multi Paths (ECMPs)

Multicast

Support up to 255 multicast groups

SI Series switches only support layer 2 multicast

IGMP snooping

Multicast VLAN registration (MVR)

Internet Group Management Protocol v1/ v2 (IGMPv1/v2)

–– PIM-SM

PIM-DM

spanning tree protocol

STP, Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP), MSTP supports up to 16 instances.

VLAN interface 64

4 secondary IPs on each virtual interface, all the secondary IPs cannot exceed 64.

UDP helper Supported

Link aggregation

Dynamic link aggregation through Link Aggregation Control Protocol (LACP)

Dynamic link aggregation through LACP and across devices

Manual link aggregation through command lines

Aggregation of FE/GE ports

Up to 8 FE or 4 GE ports in each aggregation


1-6


Up to 8 aggregation groups

jumbo frame Supported Supported

Mirroring

Multiple-to-one port mirroring (multiple monitored ports to one monitor port)

Traffic mirroring

— Remote port mirroring

MAC address table

Address self-learning

IEEE 802.1D standard

Up to 16K MAC addresses

Up to 1k static MAC addresses

Flow control IEEE 802.3x (full duplex)

Back-pressure based flow control (half duplex)

IRF Fabric Supported Basic IRF Fabric, up to 8 units

Supported Enhanced IRF Fabric, up to 8 units

PoE ––

Supported by S3600-28P-PWR-SI and S3600-52P-PWR-SI, S3600-28P-PWR-EI and S3600-52P-PWR-EI support RPS.

Loading and upgrade

XModem

File Transfer Protocol (FTP), Trivial File Transfer Protocol (TFTP)


1-7


Management

Configuration through the command line interface (CLI)

Configuration through Telnet

Configuration through the console port

Simple Network Management Protocol (SNMP)

Remote Monitoring ( RMON) 1/2/3/9 groups of MIBs

Huawei-3Com Quidview NMS

Web-based network management

System log

Hierarchical alarm

Maintenance

Debug information output

Remote maintenance through Telnet

Ping, traceroute Ping, traceroute, multicast traceroute

Quality of Service (QoS)

Access Control List (ACL)

Traffic rules: every 8 × 100M ports share 160 rules, each 1000M port supports 80 rules

Limitation on packet receiving/sending rate on ports, with the granularity of 64 kbps

Packet redirection

Committed Access Rate (CAR), with the granularity of 64 kbps

8 output queues on each port

Five scheduling algorithms that can be set based on port and queue at the same time: Strict Priority (SP), Weighted Round Robin (WRR), Weighted Fair Queue (WFQ), SP + WFQ, SP + WRR

Packet tagging based on 802.1p or DSCP preference

Packet filter at the layers 2 through 7, providing filtering based on source/destination MAC address, source/destination IP address, port, protocol, VLAN, VLAN range, MAC address range, packet content or invalid frame

Time range setting

QoS profile management, allowing QoS service scheme customization

web cache redirection Supported


1-8


Security

Hierarchical user management and password protection

IEEE 802.1x authentication, Max on-line user connections is 1024

AAA & RADIUS & HWTACACS authentication

MAC address learning limit

MAC-port binding

MAC-IP-port binding

Disconnect Unauthorized Device (DUD) authentication, implemented through setting MAC address learning limits and binding MAC addresses with ports

SSH

Denial of Service (DoS) attack prevention

Port isolation

MAC address black hole

Password recovery

BOOTROM access control

RADIUS authentication of management user

IP-port binding

IP-MAC binding

Setting of distrusting port priority

–– Centralized MAC address authentication

WRED Congestion avoidance and drop policies

Dynamic Host Configuration Protocol (DHCP) Client

Supported

DHCP Relay Supported Supported in addition to the DHCP security features

DHCP Server — Supported

DHCP Snooping Supported

BOOTP Supported

NTP Network Time Protocol (NTP) client

UDP helper Supported

Virtual router redundancy protocol (VRRP)

— Supported


1-9


Multicast source discovery protocol (MSDP)

— Supported

DNS Client Supported

Huawei group management protocol (HGMP)

Supported

QinQ Supported

GARP VLAN registration protocol (GVRP)

Supported

Fault detection and alarm

Power-on self-test (POST), and the detection and alarming of fan fault and PoE device over-temperature condition

Virtual cable test (VCT)

Quick start Supported

System Description H3C S3600 Series Ethernet Switches Chapter 2 Hardware Description

2-1

Chapter 2 Hardware Description

2.1 S3600-28P-SI Ethernet Switch

2.1.1 Appearance

The S3600-28P-SI has 24 x 10Base-T/100Base-TX Ethernet ports, four 1000 Mbps SFP interfaces and one console port on its front panel, and on its rear panel one power input.

Figure 2-2 illustrates the S3600-28P-SI:

Figure 2-1 The S3600-28P-SI

2.1.2 Console Port and LEDs

I. Console port

The S3600-28P-SI provides one EIA/TIA-232 compliant console port for local or remote switch configuration (see Table 2-1).

II. LEDs

You can learn the operating state of the S3600-28P-SI by reading the LEDs on its front panel (see Table 2-4). Note that at a time a port LED can indicate only the state of speed, duplex, or data transmission. You can toggle between them by pressing the Mode button.


2-2

Table 2-1 LEDs on the front panel of the S3600-28P-SI

LED Mark Color Indicates

Power LED PWR

Solid green

The system passes the Power-On Self-Test (POST) and is operating normally.

Flashing green (1 Hz) The system POST is running.

Solid red The POST of the system fails or a serious fault is detected.

Flashing yellow (1 Hz) Some ports fail to pass the POST and some functions are disabled.

OFF The power is disconnected.

Mode LED Mode

Speed Solid green

The port LEDs are showing the speed (for the 10/100 Mbps ports), port state (for the 1000 SFP ports or fabric ports).

OFF ––

Duplex and data transmission

Solid yellow The port LEDs are showing the duplex mode.

OFF ––

PoE mode –– ––

OFF ––


2-3


10/100Base-TX port mode LED

Speed

Solid green A 100 Mbps link is present.

Flashing green (3 Hz) A 100 Mbps link is present and the port is disabled.

Solid yellow A 10 Mbps link is present.

Flashing yellow (3 Hz)

A 10 Mbps link is present and the port is disabled.

OFF No link is present.


Solid green

The port is operating in full duplex mode, and on it data is being received/transmitted.

Solid yellow

The port is operating in half duplex mode, and on it data is being received/transmitted.

Flashing yellow (3 Hz) The port fails POST.

OFF No data is being received/transmitted on the port.

PoE OFF ––

1000Base SFP port mode LED

Above the port

Speed


Flashing green (3 Hz) A 1000 Mbps link is present and the port is disabled.




Solid green

The port is operating in full duplex mode, and on it data is being received/transmitted.

Solid yellow The port is operating in half duplex mode, and on it data is being


2-4

LED Mark Color Indicates received/transmitted.



PoE mode Flashing green (3 Hz) The port fails POST.

OFF ––

1000Base SFP fabric port status LED

Speed

Green Solid

The port is connected, and the device is in an IRF loop chain fabric.

Flashing Data is being received or/and sent on the port.

Yellow Solid

The port is connected and the device is in a non-loop chain fabric.


Flashing green (at 3Hz) Fabricing fault occurs.

Flashing yellow (at 3 Hz)

The port fails to pass POST.

OFF The port is not connected.

Duplex

Green Solid The port is in full duplex

mode and is fabriced.


Yellow ––




PoE mode Flashing yellow (at 3 Hz)


OFF ––

7-segment display Unit

POST running PWR flashes green The POST test ID (in the

range 1 to 9).

POST failed PWR flashes yellow The POST test ID of the

failed test.


2-5


Software downloading

PER flashes green A bar rotates clockwise around the display.

Fan failed PWR stays red “F”, meaning the FAN fails.

Unit id Button released UNIT ID in the fabric; and for a standalone unit, “1”

2.1.3 Attributes of the FE Ports

Table 2-2 Attributes of the FE ports on the S3600-28P-SI

Attribute Description

Connector RJ-45

Number of ports 24

Rate

10 Mbps, half duplex/full duplex

100 Mbps, half-duplex/full duplex

MDI/MDI-X auto-sensing

Standard IEEE 802.3u

Transmission segment over the selected medium

100 m (328.08 ft) over the category-5 unshielded twisted pair (UTP) cable

2.1.4 1000 Mbps SFP Port Attributes

Depending on your needs, the S3600-28P-SI can provide up to four 1000 Mbps SFP ports which are numbered as 25, 26, 27 and 28 (optical or electrical) on its front panel.

SFP modules allow for great flexibility in networking because they are hot swappable and user configurable.

Table 2-6 lists the available SFP modules:

Table 2-3 1000 Mbps SFP modules and cable specifications

SFP module Central wavelength Connector Fiber

specifications Transmission

segment

1000Base-SX-SFP 850 nm LC 50/125 µm multi-mode optical fiber

550 m (1804.46 ft.)


2-6



segment

62.5/125 µm multi-mode fiber

275 m (902.23 ft.)

1000Base-LX-SFP 1310 nm

Single mode fiber

10 km (6.21 mi)

1000Base-LH-SFP 30 km (18.64 mi)

1000Base-ZX-LR-SFP

1550 nm

40 km (24.86 mi)

1000Base-ZX-VR-SFP

70 km (43.50 mi)

1000Base-TX –– RJ-45 –– 100 m (328.08 ft.)

Note:

The available 1000 Mbps SFP modules are subject to changes. For information on the latest module options, contact your sales agent.

2.1.5 Power Subsystem

Following are the input voltage specifications of the S3600-28P-SI:



2.1.6 Cooling Subsystem

The S3600-28P-SI is cooled by one fan.

2.2 S3600-28TP-SI Ethernet Switch

2.2.1 Appearance

The S3600-28TP-SI has 24 x 10Base-T/100Base-TX Ethernet ports, two 1000 Mbps SFP ports, two 10/100/1000Base-T Ethernet ports, and one Console port from left to right on its front panel, and on its rear panel one AC power input.


2-7

Figure 2-2 The S3600-28TP-SI


I. Console port

The S3600-28TP-SI provides one EIA/TIA-232 compliant console port for local or remote switch configuration (see Table 2-1).

II. LEDs

You can learn the operating state of the S3600-28TP-SI by reading the LEDs on its front panel, see the following table.

Table 2-4 LEDs on the front panel of S3600-28TP-SI

LED Mark and Position Color Indicates

Power LED PWR

Solid green

The system passes the Power-On Self-Test (POST) and is operating normally.

Flashing green (1 Hz) The system is going through the POST or is downloading software.

Solid red The POST of the system fails or a fault is detected.

Flashing yellow (1 Hz) Some ports fail to pass the POST and are disabled.


Mode LED Mode

Speed Solid green

Speed of the 10/100 Mbps ports, state of the 1000 Mbps SFP ports, or fabric state.

Duplex Solid yellow 10/100 Mbps duplex mode, state of the 1000 Mbps SFP ports, or fabric


2-8


state.

PoE –– ––


POST running

PWR flashes green

The POST test ID (in the range 1 to 9).

POST failed

PWR flashes yellow

POST test ID of the failed test.

Software loading

PWR flashes green

A bar rotates clockwise around the display.

Fan failure PWR stays red “F”, meaning the FAN fails.



Speed

Green

ON A 100 Mbps link is present.

Flash

Data is being received/transmitted on the port

Yellow


Flash




Duplex

Green

ON The port is operating in full duplex mode

Flash


Yellow

ON The port is operating in half duplex mode

Flash




PoE –– ––

1000Bas Speed Green ON A 1000 Mbps link is


2-9


e SFP port mode LED

present.

Flash




Duplex

Green


Flash


Yellow –– ––



PoE Flashing green (3 Hz) The port fails POST.

OFF ––


2-10


10/100/1000Base-T port mode LED

Speed

Green


Flash


Yellow

ON A 10/100 Mbps link is present.

Flash




Duplex

Green


Flash


Yellow

ON The port is operating in half duplex mode

Flash




PoE –– ––


The S3600-28TP-SI has 24 x 10Base-T/100Base-TX Ethernet ports which are numbered from 1 to 24, see the following table for port attributes.

Table 2-5 Attributes of the FE ports on the S3600-28TP-SI


Connector RJ-45

Number of ports 24


2-11


Rate







2.2.4 Attributes of 1000 Mbps SFP Ports

The S3600-28TP-SI has two 1000 Mbps SFP ports which are numbered as 25 and 26 (optical or electrical), the number or type of ports is optional.


Table 2-6 lists the available SFP modules.

Note:


2.2.5 Attributes of the GE Ports

The S3600-28TP-SI has two 10/100/1000Base-T Ethernet ports which are numbered as 27 and 28. See the following table for port attributes.

Table 2-6 Attributes of the GE ports on the S3600-28TP-SI

Attributes Description

Connector RJ-45

Number of ports 2

Rate

10/100 Mbps, half duplex/full duplex

1000 Mbps, full duplex




2-12

Attributes Description

IEEE 802.3ab




Following are the AC-input voltage specifications of the S3600-28TP-SI:




The S3600-28TP-SI is cooled by one fan.

2.3 S3600-52P-SI Ethernet Switch

2.3.1 Appearance

The S3600-52P-SI has 48 x 10Base-T/100Base-TX Ethernet ports, four 1000 Mbps SFP ports and one console port on its front panel, and on its rear panel one power input.

Figure 2-4 illustrates the S3600-52P-SI:

Figure 2-3 The S3600-52P-SI


2-13


I. Console port

The S3600-52P-SI provides one EIA/TIA-232 compliant console port for local or remote switch configuration (see Table 2-1).

II. LEDs

You can learn the operating state of the S3600-52P-SI by reading the LEDs on its front panel (see Table 2-4).


Table 2-7 Attributes of the FE ports on the S3600-52P-SI


Connector RJ-45

Number of ports 48

Rate








Depending on your needs, the S3600-52P-SI can provide up to four 1000 Mbps SFP ports which are numbered as 49, 50, 51 and 52 (optical or electrical) on its front panel.


Please see to know the available SFP modules.

Note:



2-14


Following are the AC-input voltage specifications of the S3600-52P-SI:




The S3600-52P-SI is cooled by one fan.

2.4 S3600-28P-EI Ethernet Switch

2.4.1 Appearance

The S3600-28P-EI has 24 x 10Base-T/100Base-TX Ethernet ports, four 1000 Mbps SFP ports and one console port on its front panel, and on its rear panel one AC input and one DC input.

Figure 2-5 illustrates the S3600-28P-EI:

Figure 2-4 The S3600-28P-EI


I. Console port

The S3600-28P-EI provides one EIA/TIA-232 compliant console port for local or remote switch configuration (see Table 2-1).

II. LEDs

You can learn the operating state of the S3600-28P-EI by reading the LEDs on its front panel (see Table 2-11).


2-15

Table 2-8 LEDs on the front panel of the S3600-28P-EI


Power LED PWR

Solid green The system passes the Power-On Self-Test (POST) and is operating normally.

Flashing green (1 Hz) The system is going through the POST.




DC-input LED RPS

Solid green Both the internal AC power supply and the DC input are normal.

Solid yellow The internal AC power supply fails or is disconnected, but the DC input is normal.

OFF The DC input is not connected.

Mode LED Mode

Speed Solid green

Speed of the 10/100 Mbps ports, state of the 1000 Mbps SFP ports, or fabric state.

OFF ––


Solid yellow The port LEDs are showing the duplex mode.

OFF ––

PoE mode Flashing green (1 Hz) ––

OFF ––


2-16



Above the port

Speed


Flashing green (3 Hz)


Solid yellow A 10 Mbps link is present.

Flashing yellow (3 Hz)




Solid green The port is operating in full duplex mode, and on it data is being received/transmitted.

Solid yellow The port is operating in half duplex mode, and on it data is being received/transmitted.



PoE mode OFF ––


Above the port

Speed







Solid green The port is operating in full duplex mode, and on it data is being received/transmitted.

Solid yellow The port is operating in half duplex mode, and on it data is being received/transmitted.



PoE mode Flashing green (3 Hz) The port fails POST.

OFF ––


2-17



Speed

Green

Solid


Flashing

Data is being received or/and sent on the port.

Yellow

Solid

The port is connected and the device is in a non-loop chain fabric.

Flashing


Flashing green (3Hz) Fabricing fault occurs.

Flashing yellow (3 Hz) The port fails to pass POST.


Duplex

Green

Solid The port is in full duplex mode and is fabriced.

Flashing


Yellow ––




PoE mode



OFF ––


2-18



POST running

PWR flashes green (1 Hz)


POST failed

PWR flashes yellow POST test ID of the failed test.

Software loading

PWR flashes green



Unit id Button released

UNIT ID in the fabric; and for a standalone unit, “1”


Table 2-9 Attributes of the FE ports on the S3600-28P-EI


Connector RJ-45

Number of ports 24

Rate








Depending on your needs, the S3600-28P-EI can provide four SFP ports which are numbered as 25, 26, 27 and 28 (optical or electrical) on its front panel.


Please see Table 2-6 to know the available SFP modules.


2-19

Note:



I. AC-input power

Following are the AC-input voltage specifications of the S3600-28P-EI:



II. DC-input power

DC-input voltage range: -36 VDC to -72 VDC.


The S3600-28P-EI is cooled by one fan.

2.5 S3600-28F-EI Ethernet Switch

2.5.1 Appearance

The S3600-28F-EI has 24 x 100 Mbps SFP ports, two 1000 Mbps SFP ports, two 10/100/1000Base-T Ethernet ports, and one Console port from left to right on its front panel, and on its rear panel both AC and DC power inputs.

Figure 2-5 The S3600-28F-EI


2-20

2.5.2 Console port and LEDs

I. Console port

The S3600-28F-EI provides one EIA/TIA-232 compliant console port for local or remote switch configuration (see Table 2-1).

II. LEDs

You can learn the operating state of the S3600-28F-EI by reading the LEDs on its front panel, see the following table.

Table 2-10 LEDs on the front panel of S3600-28F-EI


Power LED PWR






Mode LED Mode

Speed Solid green Speed of the 10/100 Mbps ports, state of the 1000 Mbps SFP ports, or fabric state.

Duplex Solid yellow 10/100 Mbps duplex mode, state of the 1000 Mbps SFP ports, or fabric state.

PoE –– ––


POST running

PWR flashes green


POST failed


Software loading

PWR flashes green





2-21



Speed

Green ON A 100 Mbps link is present.

Flash Data is being received/transmitted on the port

Yellow ON A 10 Mbps link is present.




Duplex

Green ON The port is operating in full

duplex mode


Yellow ON The port is operating in half

duplex mode




PoE –– ––


Speed





Duplex


duplex mode


Yellow –– ––




OFF ––


2-22



Speed

Green ON



Yellow ON



Flashing green (3 Hz) Fabricing fault occurs.



Duplex

Green

ON

Flash The port is operating in full duplex mode

Flashing


Yellow ––



PoE OFF No data is being

received/transmitted



2-23


10/100/1000Base-T port mode LED

Speed



Yellow ON A 10/100 Mbps link is present.




Duplex


duplex mode



duplex mode




PoE –– ––


2-24


10/100/1000Base-T fabric port status LED

Speed

Green ON



Yellow ON






Duplex


duplex mode


Yellow ––



PoE OFF No data is being

received/transmitted



The S3600-28F-EI has 24 x 100 Mbps SFP optical ports which are numbered from 1 to 24. SFP modules allow for great flexibility in networking because they are hot swappable and user configurable.

The following table lists the available SFP modules.


2-25

Table 2-11 100 Mbps SFP modules and cable specifications



segment

100Base-FX-MM-SFP

1310 nm

LC

62.5/125 µm multi-mode fiber

2 km (1.24 mi)

100Base-FX-SM-SFP 9/125µm single mode fiber

15 km (9.32 mi)

100Base-FX-SM-LR-SFP

9/125µm single mode fiber

40 km (24.86 mi)

100Base-FX-SM-VR-SFP 1550 nm

9/125µm single mode fiber

80 km (49.71 mi)


The S3600-28F-EI has two 1000 Mbps SFP ports which are numbered as 25 and 26 (optical or electrical), the number or type of ports is optional.



Note:


2.5.5 Attributes of the GE Ports

The S3600-28F-EI has two 10/100/1000Base-T Ethernet ports which are numbered as 27 and 28, see the following table for port attributes.

Table 2-12 Attributes of the FE ports on the S3600-28F-EI


Connector RJ-45


2-26


Number of ports 2

Rate

10/100 Mbps, half duplex/full duplex

1000 Mbps full duplex



IEEE 802.3ab




I. AC-input power



II. DC-input power

Rated voltage: -48 to -60 VDC.

Max. tolerance: -36 to -72 VDC.


The S3600-28F-EI is cooled by two fans.

2.6 S3600-28P-PWR-EI Ethernet Switch

2.6.1 Appearance

The S3600-28P-PWR-EI has 24 x 10Base-T/100Base-TX Ethernet ports, four 1000 Mbps SFP ports, and one Console port on its front panel, and on its rear panel both AC and DC power inputs.


2-27

Figure 2-6 The S3600-28P-PWR-EI


I. Console port

The S3600-28P-PWR-EI provides one EIA/TIA-232 compliant console port for local or remote switch configuration (see Table 2-1).

II. LEDs

You can learn the operating state of the S3600-28P-PWR-EI by reading the LEDs on its front panel, see the following table.

Table 2-13 LEDs on the front panel of S3600-28P-PWR-EI


Power LED PWR






DC-input LED RPS





2-28


Mode LED Mode

Speed Solid green 10/100 Mbps duplex mode, state of the 1000 Mbps SFP ports, or fabric state.


PoE Flashing green (1 Hz) PoE information on 10/100M port.


POST running

PWR flashes green


POST failed


Software loading

PWR flashes green




Temperature alarm PWR stays red “t”

PoE utilization Button pressed The ratio of the power used by

PoE to the total power


2-29



Speed







Duplex

Green ON The port is operating in full duplex

mode



duplex mode



OFF No data is being received/transmitted on the port

PoE

Solid green The port is providing power


Exceeds the upper limit of power consumption on the port or the left power is not enough.

Solid yellow PoE fault occurs, the port cannot provide power normally.


OFF The port does not provide power.


2-30



Speed





Duplex


mode





OFF ––


Speed

Green ON The device is in IRF mode


Yellow ON The device is in a non-loop chain

fabric.




OFF The device is not in fabric mode.

Duplex

Green ON The port is in full duplex mode and

is fabriced.

Flash Data is being received or/and sent on the port.

Yellow ––



PoE

OFF No data is being received/transmitted



2-31


Table 2-14 Attributes of the FE ports on the S3600-28P-PWR-EI


Connector RJ-45

Number of ports 24

Rate




Supporting PoE


IEEE 802.3af




The S3600-28P-PWR-EI has four 1000 Mbps SFP ports which are numbered as 25, 26, 27, and 28 (optical or electrical), the number or type of ports is optional.

Note:

SFP module does not support PoE.



Note:



2-32

2.6.5 Power System

I. AC-input power



II. DC-input power

Voltage: -53 to -55 VDC.

2.6.6 PoE

The S3600-28P-PWR-EI switch provides PoE (Power over Ethernet), that is, to supply -48V DC power to the remote powered device (PD), such as IP phone, WLAN wireless access points (AP), Security, Bluetooth AP, through the twisted pair cable.

As the power sourcing equipment (PSE), S3600-28P-PWR-EI supports IEEE802.3af standard, and is also compatible with PDs that is not conformed to this standard.

The S3600-28P-PWR-EI provides power through 24 fixed Ethernet electrical ports, and thus is able to support up to 24 remote Ethernet switches with a maximum transmission distance of 100 m (328 ft).

The maximum power of each Ethernet port for the remote PD is 15.4 W. PoE input voltage ranges from -53 VDC to -55 VDC.

2.6.7 Cooling System

The S3600-28P-PWR-EI is cooled by five fans.

2.7 S3600-28P-PWR-SI Ethernet Switch

2.7.1 Appearance

The S3600-28P-PWR-SI has 24 x 10Base-T/100Base-TX Ethernet ports, four 1000 Mbps SFP ports, and one Console port on its front panel, and on its rear panel both AC and DC power inputs.


2-33

Figure 2-7 The S3600-28P-PWR-SI


I. Console port

The S3600-28P-PWR-SI provides one EIA/TIA-232 compliant console port for local or remote switch configuration (see Table 2-1).

II. LEDs

You can learn the operating state of the S3600-28P-PWR-SI by reading the LEDs on its front panel, see the following table.

Table 2-15 LEDs on the front panel of S3600-28P-PWR-SI


Power LED PWR






DC-input LED RPS





2-34


Mode LED Mode

Speed Solid green 10/100 Mbps duplex mode, state of the 1000 Mbps SFP ports, or fabric state.


PoE Flashing green (1 Hz) PoE information on 10/100M port.


POST running

PWR flashes green


POST failed


Software loading

PWR flashes green




Temperature alarm PWR stays red “t”

PoE utilization Button pressed The ratio of the power used by

PoE to the total power


2-35



Speed







Duplex


mode



duplex mode



OFF No data is being received/transmitted on the port

PoE

Solid green The port is providing power


Exceeds the upper limit of power consumption on the port or the left power is not enough.

Solid yellow PoE fault occurs, the port cannot provide power normally.


OFF The port does not provide power.


2-36



Speed





Duplex


mode





OFF ––


Speed

Green ON The device is in IRF mode


Yellow ON The device is in a non-loop chain

fabric.





Duplex

Green ON The port is in full duplex mode and

is fabriced.

Flash Data is being received or/and sent on the port.

Yellow ––



PoE

OFF No data is being received/transmitted



2-37


Table 2-16 Attributes of the FE ports on the S3600-28P-PWR-SI


Connector RJ-45

Number of ports 24

Rate




Supporting PoE


IEEE 802.3af




The S3600-28P-PWR-SI has four 1000 Mbps SFP ports which are numbered as 25, 26, 27, and 28 (optical or electrical), the number or type of ports is optional.

Note:

SFP module does not support PoE.



Note:



2-38

2.7.5 Power System

I. AC-input power



II. DC-input power


2.7.6 PoE

The S3600-28P-PWR-SI switch provides PoE (Power over Ethernet), that is, to supply -48V DC power to the remote powered device (PD), such as IP phone, WLAN wireless access points (AP), Security, Bluetooth AP, through the twisted pair cable.

As the power sourcing equipment (PSE), S3600-28P-PWR-SI supports IEEE802.3af standard, and is also compatible with PDs that is not conformed to this standard.

The S3600-28P-PWR-SI provides power through 24 fixed Ethernet electrical ports, and thus is able to support up to 24 remote Ethernet switches with a maximum transmission distance of 100 m (328 ft).


2.7.7 Cooling System

The S3600-28P-PWR-SI is cooled by five fans.

2.8 S3600-52P-EI Ethernet Switch

2.8.1 Appearance

The S3600-52P-EI has 48 x 10Base-T/100Base-TX Ethernet ports, four 1000 Mbps SFP ports and one console port on its front panel, and on its rear panel one AC-input and one DC-input.


2-39

Figure 2-8 illustrates the S3600-52P-EI:

Figure 2-8 The S3600-52P-EI


I. Console port

The S3600-52P-EI provides one EIA/TIA-232 compliant console port for local or remote switch configuration (see Table 2-1).

II. LEDs

You can learn the operating state of the S3600-52P-EI by reading the LEDs on its front panel (see Table 2-11).


Table 2-17 Attributes of the FE ports on the S3600-52P-EI


Connector RJ-45

Number of ports 48

Rate








2-40


Depending on your needs, the S3600-52P-EI can provide four 1000 Mbps SFP ports which are numbered as 49, 50, 51 and 52 (optical or electrical) on its front panel.


Please see Table 2-6 to know the available SFP modules:

Note:



I. AC-input power

Following are the AC-input voltage specifications of the S3600-52P-EI:



II. DC-input power

DC-input voltage range: -36 VDC to -72 VDC.


The S3600-52P-EI is cooled by one fan.

2.9 S3600-52P-PWR-EI Ethernet Switch

2.9.1 Appearance

The S3600-52P-PWR-EI has 48 x 10Base-T/100Base-TX Ethernet ports, four 1000 Mbps SFP ports, and one Console port on its front panel, and on its rear panel both AC and DC power inputs.


2-41

Figure 2-9 The S3600-52P-PWR-EI


I. Console port

The S3600-52P-PWR-EI provides one EIA/TIA-232 compliant console port for local or remote switch configuration (see Table 2-1).

II. LEDs

You can learn the operating state of the S3600-52P-PWR-EI by reading the LEDs on its front panel, see the following table.


Table 2-18 Attributes of the FE ports on the S3600-52P-PWR-EI


Connector RJ-45

Number of ports 48

Rate




Supporting PoE


IEEE 802.3af




2-42


The S3600-52P-PWR-EI has four 1000 Mbps SFP ports which are numbered from 49 to 52 (optical or electrical), the number or type of ports is optional.

Note:

The SFP module does not support PoE.



Note:



I. AC-input power



II. DC-input power


2.9.6 PoE

The S3600-52P-PWR-EI switch provides PoE (Power over Ethernet), that is, to supply -48V DC power to the remote powered device (PD), such as IP phone, WLAN wireless access points (AP), Security, Bluetooth AP, through the twisted pair cable.

As the power sourcing equipment (PSE), S3600-52P-PWR-EI supports IEEE802.3af standard, and is also compatible with PDs that is not conformed to this standard.


2-43

The S3600-52P-PWR-EI provides power through 48 fixed Ethernet electrical ports, and thus is able to support up to 48 remote Ethernet switches with a maximum transmission distance of 100 m (328 ft).



The S3600-52P-PWR-EI is cooled by five fans.

2.10 S3600-52P-PWR-SI Ethernet Switch

2.10.1 Appearance

The S3600-52P-PWR-SI has 48 x 10Base-T/100Base-TX Ethernet ports, four 1000 Mbps SFP ports, and one Console port on its front panel, and on its rear panel both AC and DC power inputs.

Figure 2-10 The S3600-52P-PWR-SI


I. Console port

The S3600-52P-PWR-SI provides one EIA/TIA-232 compliant console port for local or remote switch configuration (see Table 2-1).

II. LEDs

You can learn the operating state of the S3600-52P-PWR-SI by reading the LEDs on its front panel, see the following table.


2-44


Table 2-19 Attributes of the FE ports on the S3600-52P-PWR-SI


Connector RJ-45

Number of ports 48

Rate




Supporting PoE


IEEE 802.3af




The S3600-52P-PWR-SI has four 1000 Mbps SFP ports which are numbered from 49 to 52 (optical or electrical), the number or type of ports is optional.

Note:

The SFP module does not support PoE.



Note:



2-45


I. AC-input power



II. DC-input power


2.10.6 PoE

The S3600-52P-PWR-SI switch provides PoE (Power over Ethernet), that is, to supply -48V DC power to the remote powered device (PD), such as IP phone, WLAN wireless access points (AP), Security, Bluetooth AP, through the twisted pair cable.

As the power sourcing equipment (PSE), S3600-52P-PWR-SI supports IEEE802.3af standard, and is also compatible with PDs that is not conformed to this standard.

The S3600-52P-PWR-SI provides power through 48 fixed Ethernet electrical ports, and thus is able to support up to 48 remote Ethernet switches with a maximum transmission distance of 100 m (328 ft).



The S3600-52P-PWR-SI is cooled by five fans.

System Description H3C S3600 Series Ethernet Switches Chapter 3 Software Features

3-1

Chapter 3 Software Features

3.1 Basic Features

3.1.1 Link Aggregation

The link aggregation function is used for the connection between Ethernet switches or between the switches and high-speed servers. It is a simple and cheap way to expand the bandwidth of a switch port and balance the traffic among all the ports in a link aggregation. Moreover, it enhances the connection reliability.

With link aggregation, several Ethernet ports on a switch are bundled together and are considered one logical port inside the switch. The switch automatically balances the traffic among the ports and increases the bandwidth in this aggregation, while ensuring the right order of packets for the sake of service compatibility. If the link on a port in the aggregation fails, the traffic on it is distributed among other ports without interrupting the normal service. After the port recovers, the traffic is automatically distributed again so that the port can share the load together with others. The S3600 series support manual link aggregation and dynamic link aggregation through the link aggregation control protocol (LACP).

IEEE802.3ad-based LACP dynamically aggregates and de-aggregates links. A LACP-enabled port notifies the remote end of information on system priority, system MAC, port priority, port number and operation key by sending link aggregation control protocol data units (LACPDUs). The remote end receives the information, and then compares it with that of other ports for determining the ports to be aggregated, so that an agreement can be achieved on port aggregation or leaving a dynamic aggregation.

3.1.2 Broadcast Suppression

The broadcast suppression function is used to suppress the propagation of large amount of unknown unicast, multicast or broadcast packets in a network, thus limiting their impact on the operating efficiency of the network.

For the S3600 series, broadcast suppression is configured on port. After configuring a broadcast suppression ratio on a port, you can monitor the broadcast traffic of unknown unicast, multicast and broadcast packets on it. When the traffic exceeds the specified bandwidth limit, the switch drops the excessive traffic and reduces the traffic ratio to a rational amount to guarantee the normal operation of network services. The S3600


3-2

series can implement broadcast suppression not only based on port rate ratio but also on pps.

For the S3600 series, the broadcast suppression function not only can be enabled/disabled globally in the whole fabric, but also can be enabled/disabled on individual ports. When the global broadcast suppression ratio is set, the broadcast suppression ratio on each port is set to the value equal to the global broadcast suppression ratio.

3.1.3 VLAN

Virtual local area network (VLAN) is a technology that implements virtual workgroups by assigning devices of the same category (such as PC) on a LAN into network segments logically rather than physically. IEEE 802.1Q is the standard protocol for the VLAN technology.

As devices are divided logically rather than physically, they do not necessarily reside on the same physical network segment. After the division, the broadcast and unicast traffic is confined inside the VLAN to which it belongs.

The VLAN technology helps network flow control, network management, and network security.

3.1.4 STP/RSTP/MSTP

The spanning tree protocol (STP)/Rapid spanning tree protocol (RSTP) prunes a loop L2 switching network into a loop-free tree (all data on the L2 switching network must travel along the spanning tree), thereby avoiding network broadcast storms caused by network loops and providing redundant links for data forwarding.

Basically, STP/RSTP is to generate a “tree” whose root is a switch called root bridge. Which switch is to be selected as the root bridge is based on their settings (such as switch priority and MAC address), but there should be only one root bridge at any time. Setting out from the root, a tree stretches through the switches. A non-root switch forwards data to the root from its root port and to the connected network segment from its designated port. A root periodically transmits configuration BPDUs, while a non-root switch receives and forwards them. If a switch receives configuration BPDUs from two or more ports, it assumes that there is a loop in the network. To eliminate the loop, the switch selects one of the ports as the root port and blocks others. When a port receives no configuration BPDUs for a long time, the switch considers that the configuration of this port has timed out and the network topology may have changed. Then it recalculates the network topology and generates a new tree.

RSTP is an STP enhancement that significantly shortens the time for the network topology to stabilize.


3-3

RSTP is a single spanning tree protocol, that is, only one tree is generated within a switching network. To ensure the interior communications of VLANs, each VLAN of a network must be consecutively distributed along the spanning tree; otherwise, some VLANs are parted because of the blocking of interior link, and the inside VLAN communications fail. In the event of special requirements or failure to distribute VLANs along the path of the spanning tree, you can configure the STP-ignore attribute of VLAN on the specific switch to solve this problem.

If a VLAN is specified as the VLAN of STP-Ignored, packets of this VLAN are in forwarding mode at all ports on the switch, receiving no limitation from the spanning tree path which is calculated by the protocol.

MSTP stands for Multiple Spanning Tree Protocol, which is compatible with STP and RSTP.

STP cannot transit fast. Even on a point-to-point link or edge port, it has to take an interval as long as twice forward delay before the port can transit to the forwarding state.

RSTP can converge fast. But it still has the following drawback like STP: There is only one spanning tree in the LAN. All the bridges in the LAN share the same spanning tree, and the packets of all VLANs are forwarded along the same tree. Therefore it is not possible to block redundant links by VLANs.

MSTP makes up for the drawback of STP and RSTP. It makes the network converge fast and the traffic of different VLANs flows along their respective paths, which provides a better load-balance mechanism on redundant links.

The S3600 series support standard MSTP, that is, the S3600 series support standard 802.1s packets.

3.2 Network Protocol Features

3.2.1 DHCP Client

On a contemporary large-sized and complex network, some computers are mobile and the available IP addresses are far from adequate comparing with the fast-growing number of computers. To address the issue, the dynamic host configuration protocol (DHCP) was introduced. DHCP works in the client/server model, where the DHCP client requests the DHCP server for configuration information dynamically, and upon the receipt of the request the DHCP server returns the configuration information (IP address for example) based on the adopted policy.


3-4

3.2.2 DHCP Relay

An Ethernet switch with DHCP Relay enabled relays the messages between a DHCP server and a client. It can have a DHCP server in a subnet serves another subnet that has no DHCP server. With DHCP Relay, a network administrator needs not to deploy a DHCP server for every subnet, thereby reducing the investment cost. The DHCP security function checks the validity of user addresses under VLAN interfaces.

3.2.3 UDP Helper

UDP Helper mainly functions to relay and forward the specified UDP broadcast packets. It can transform UDP broadcast packets into unicast packets and send them to the specified servers.

When a UDP Helper enabled port receives a UDP packet, the switch makes the relay and forwarding decision based on the UDP port number in the packet. If the packet is to be relayed and forwarded, the switch changes the destination IP address in the IP header and sends the packet to its destination server; if not, the switch sends the packet to the upper layer modules. For the relay of BOOTP/DHCP broadcast packets, the system sends the response to a request by unicast rather than broadcast unless required by the client.

3.2.4 DNS Client

The IP-to-domain-name resolution function is added to the new DNS Client that is based on the old DNS Client. As a result, the new DNS client implements the pointer query function in the DNS system and provides IP-to-domain-name resolution for other communication modules that need the resolution. The DNS Client conforms to RFC 1034 and RFC 1035.

3.2.5 DHCP Server

The built-in DHCP Server function in a Layer 3 switch can directly allocate addresses to locally attached users and manage the allocated addresses. By using this function, carriers can save the investment in external DHCP servers.

Only the S3600-EI series support the function.

3.2.6 DHCP Snooping

DHCP snooping monitors DHCP packets at Layer 2 on a DHCP client. DHCP snooping captures and analyses DHCP packets to obtain user information such as the MAC addresses of users, the IP addresses assigned to users, and the types of the information assigned to users, so as to maintain user information entries on the DHCP


3-5

client. Such information can be notified to 802.1x. In addition, you can query and analyze such information.

The DHCP snooping trust function is based on DHCP snooping. By configuring ports to be trusted or untrusted, you can use this function to control the sources of DHCP Server packets, so as to prevent private or bogus DHCP servers from passing their information through the switch.

3.3 Routing Features

Note:

When a switch runs a routing protocol, it can perform router functions. In this chapter, a router represents a generic router or a L3 routing switch that runs routing protocols.

3.3.1 Static Routing and Default Routing

I. Static Routing

A static route is a route that is manually configured by a network administrator. For a routing switch on a simple network, static routes are adequate for the switch to operate normally.

The proper configuration and use of static routes can effectively guarantee network security and guarantee bandwidth resources to crucial applications as well. However, if the network topology changes, as the result of a network device failure for example, the static routes cannot change automatically to accommodate to the change without the help of an administrator.

II. Default routing

A default route is used only when no route match is found. In default routing, the mask and destination addresses are both 0.0.0.0 in the routing table. When there are a large number of users in communications, default routing is useful because it uses less time and fewer bandwidth resources to route and forward packets in comparison to other routing methods.


3-6

3.3.2 RIP

Routing information protocol (RIP) is a widely used interior gateway protocol (IGP) and is D-V Distance-Vector (D-V) algorithm-based. It is suitable for small-sized and simple networks.

RIP switches routing information with User Datagram Protocol (UDP) datagrams and sends updates regularly. It uses hop count as the routing metric and allows up to 15 hops. RIP has two versions: RIPv1 and RIPv2. RIPv2 supports plain text authentication and MD5 authentication and variable-length subnet masks as well. Both of them can work with the S3600 series.

3.3.3 OSPF

Open shortest path first (OSPF) is an IGP protocol based on link-state (L-S), which is suitable for large-sized and complex networks.

A router uses OSPF to maintain the routing table information in an autonomous system (AS). In an AS, every OSPF router collects and broadcasts its link state information throughout the AS with the flooding algorithm to synchronize the link state databases (LSDBs) of other OSPF routers. With its LSDB, the router calculates a shortest-path tree with itself as the root and other network nodes as leaves, thus getting its optimal reachable routes inside the system.

3.4 Multicast Features

Note:

When a switch runs a routing protocol, it can perform router functions. In this chapter, a router represents a generic router or a L3 routing switch that runs routing protocols.

3.4.1 IGMP Snooping

Internet group management protocol snooping (IGMP snooping) is a multicast monitoring mechanism that runs on L2 Ethernet switches to manage and control multicast groups.

The IGMP snooping runs at the link layer. When a L2 Ethernet switch receives an IGMP message that is sent from a host to a router, it uses the IGMP snooping to analyze the information carried by the IGMP message. When the switch hears an IGMP Host Report message from the host, it adds the host to the appropriate multicast table. When


3-7

hearing an IGMP Leave message, it removes the host from the multicast table. By continuously listening to IGMP packets, the switch creates and maintains a L2 MAC multicast address table and based on which forwards the multicast packets sent from the upstream router.

3.4.2 IGMP

The Internet group management protocol (IGMP) runs between hosts and multicast routers for tracing and learning the membership of the hosts. A multicast router learns whether there is a multicast member on a subnet connected to it by periodically sending IGMP Host-Query messages. A host sends IGMP Report messages for joining a multicast group. The S3600 series support both IGMPv1 and IGMPv2.

3.4.3 PIM-DM

The protocol-independent multicast (PIM) runs between multicast routers. Using PIM, a multicast router traces and learns which multicast packets are to be forwarded to other routers, and then transmits them to the LANs connected to the multicast routers.

The protocol independent multicast-dense mode (PIM-DM) is applied to a multicast environment where multicast group members are dense. In PIM-DM, a router assumes that all other routers agree to forward multicast packets for multicast groups. If the router receives a multicast packet but has no directly connected multicast group member or PIM neighbor, it sends a Prune message back to the multicast source. The subsequent multicast packets are not to be transmitted to this router. By using this flood-prune mechanism, IM-DM creates a multicast distribution tree with the multicast source as the root.

3.4.4 PIM-SM

Different from PIM-DM, the protocol independent multicast-sparse mode (PIM-SM) applies to a multicast environment where multicast group members are sparse. In PIM-SM, a router assumes that none of other routers agree to forward multicast packets for multicast groups, unless they declare so. If a host wants to join a multicast group, the multicast router that is directly connected to it sends a PIM Join message to the rendezvous point (RP) where the host is registered. The RP then forwards the Join message to the multicast source. In PIM-SM, the multicast packet is forwarded along a shared distribution tree.


3-8

3.4.5 MVR

MVR provides the ability to continuously send multicast streams in a multicast VLAN and isolate the streams from user VLANs. For a user to receive the multicast streams, MVR requires the user port to join the multicast VLAN.

In the current multicast mode, when users in different VLANs demand the same multicast stream, the stream will be copied to each of the VLANs. This greatly wastes bandwidth. In the multicast VLAN mode, the multicast stream travels in only one VLAN before it reaches the users. This greatly reduces multicast traffic and thus saves bandwidth.

After a port is added to an IGSP-enabled multicast VLAN, the multicast entries are added to the multicast VLAN that the port belongs to, whichever VLAN the packets that the port receives belong to.

3.5 IRF

3.5.1 Basic IRF

Basic IRF provides:

Basic Intelligent Resilient Framework (IRF) where devices are connected through fabric ports for centralized management.

Support the feature includes DDM (Distributed Device Management). Support Dynamic link aggregation through Link Aggregation Control Protocol

(LACP) on one device.

3.5.2 Enhanced IRF

Enhanced IRF (Intelligent Resilient Framework) is a technology to construct intelligent resilient framework. With IRF, you can connect multiple IRF-supported switches that are of the same type (called units) to form a “device union” or a fabric. You are allowed to:

The Enhanced Intelligent Resilient Framework (IRF) feature, where the IRF-supported switches that are of the same type (called units) are connected to form a “device union” or a fabric. Trough a fabric, you can (1) manage multiple devices but with one connection and one IP address, thus decreasing the overheads; (2) expand the network by adding devices as desired, thus protecting the existing investment; and (3) have high reliability of N + 1 redundancy, thus avoiding single point failures which can result in service interruption.

Support DDM (Distributed Device Management) Support DDR (Distributed Resilient Routing) Support DLA(Distributed Link Aggregation) through LACP and across devices


3-9

3.6 QoS

Quality of service (QoS) provides differentiated network services to accommodate to various demands.

3.6.1 Traffic Classification

Traffic classification is to classify packets to facilitate the subsequent packet processing

conducted by a switch.

In traffic classification, a rule is specified for discriminating packets compliant with some characteristics. Classification rules can be very simple; for example, packets can be sorted by the priority defined in the type of service (ToS) field in the IP header. They can also be very complex; for example, packets can be sorted by any combination of MAC address, IP protocol type, source (host or network) address, destination (host or network) address, and even application port number, which involve the layers of data link, network, and transport.

3.6.2 Traffic Policing/Traffic Assurance

Traffic policing polices the traffic matching a traffic classification rule on the port where the packets are received, so that the traffic can effectively use the assigned network resources such as bandwidth.

Traffic policing mainly functions to limit the speed of an input port and thereby monitor the traffic that enters its connected network. When packets arrive at the port at a speed exceeds the assigned bandwidth, they are either dropped or assigned a new preference.

Bandwidth assurance refers to assuring the minimum bandwidth for a special traffic so that it can satisfy such QoS requirements as packet loss rate, delay, jitter even when network congestion occurs.

3.6.3 Port Flow Control

Port flow control is used for congestion management. Congestion occurs when the network cannot reach the committed or negotiated performance specifications (such as speed).

When congestion occurs, the switch transmits a pause frame to the corresponding connection and notifies the peer to pause for a period of time before transmitting data again, so as to reduce the incoming traffic on the network. The port control takes effect on all traffic.


3-10

3.6.4 Port Rate-Limiting

Port rate-limiting is applied to transmit ports to monitor and limit the bandwidth allocated to traffic. For this purpose, a rate threshold is set on the transmit ports and the traffic that exceeds the threshold is discarded.

3.6.5 Port Mirroring

Port mirroring monitors packets on a specific port.

When this function is applied, data packets on a mirroring port are copied to its monitor port for network test and troubleshooting.

3.6.6 Traffic Mirroring

Traffic mirroring monitors the traffic that matches the traffic classification rule.

This function is to copy the data packets that match the traffic classification rule to the monitor port for network detection and trouble shooting.

3.6.7 Remote Port Mirroring

The remote port mirroring feature introduces a new concept, mirroring group, to port mirroring. Multiple mirroring groups can be configured on a switch.

Local port mirroring means to copy the packets on one or multiple ports of a switch to a monitoring port of the same switch for packet monitoring and analyzing. In remote port mirroring, the mirroring ports and mirrored ports can span multiple network devices, that is, the mirrored ports and the mirroring ports can reside in different switches. Note that the remote port mirroring feature does not work cross a Layer 3 network.

3.6.8 Queue Scheduling

Queue scheduling applies to the situation where several packets to be forwarded compete for the resources. The S3600 series support three queue scheduling algorithms: strict priority (SP), weighted round robin (WRR), and weighted fair queuing (WFQ).


3-11

I. SP

ClassifyPackets to be sentvia this interface

Packets leftthe interface

High

Medium

Normal

Low

Dequeue

Queue

Figure 3-1 SP

The SP mechanism applies to key services that are delay sensitive and must have priority when congestion occurs. In SP, packets are assigned to four queues, namely, high-priority queue, medium-priority queue, normal priority queue, and low-priority queue (queue 3, 2, 1, and 0 respectively) with decreasing priorities.

SP schedules the packets in a strict priority order. It sends the packets in a queue only when the queue with a higher priority is empty. By putting the key service packets in the high priority queues, you can ensure that they can always be served first. At the same time the common service packets can be put in the low priority queues and transmitted when there are no key service packets waiting for transmission.

If congestion occurs and the high priority queues are occupied for a long time, however, the packets in the lower-priority queues are “starved” before obtaining services.

II. WRR

In WRR, there are four or eight egress queues on each port. The packets in different queues are processed in turn, so that every queue is assigned some time of service. If there are four queues on a port, they are each assigned a weight for obtaining resources: w3, w2, w1, and w0 respectively. On a 100 Mbps port for example, you can assigns the weights 50, 30, 10, 10 to the four queues with w3, w2, w1 and w0. Thus the lowest-priority queue can be guaranteed of a minimum bandwidth of 10 Mbps. This avoids the case that the packets in the low priority queues cannot be served, as in SP. More than that, WRR assigns service time slices flexibly to every queue. When a queue is empty, the next one is processed immediately. Thus it makes a full use of the bandwidth resources.

III. WFQ

WFQ classifies packets by flow. The packets with the same source IP address, destination IP address, source port number, destination port number, protocol, or TOS are regarded a flow and are assigned to the same queue. When WFQ dequeues


3-12

packets, it assigns bandwidth to each flow according to their precedence, with a smaller precedence value indicating less bandwidth. If on a port there are eight flows with the precedence values of 0, 1, 2, 3, 4, 5, 6, and 7 respectively, then the total bandwidth is the sum of (precedence value + 1)s: 1 + 2 + 3 + 4 + 5 + 6 + 7 + 8 = 36.

The proportion of each flow’s bandwidth is: (flow precedence value + 1)/sum of (precedence value + 1)s. Then, the flows' bandwidth proportion values are respectively: 1/36, 2/36, 3/36, 4/36, 5/36, 5/36, 6/36, 7/36, 8/36.

Another example: there are four flows, of which three have the precedence of 4 and one has the precedence of 5; then the total bandwidth is (4 + 1) x 3 + (5 + 1) = 21.

The bandwidth proportion values of the flows with precedence 4 are 5/21, and that of the flow with precedence 5 is 6/21.

S3600 series support five scheduling algorithms that can be set based on port and queue at the same time: Strict Priority (SP), Weighted Round Robin (WRR), Weighted Fair Queue (WFQ), SP + WFQ, SP + WRR

3.6.9 Traffic Shaping

Traffic shaping is to control traffic output rate as such that packets can be output at an even rate. Normally, traffic shaping is applied on a device to adapt its output rate to the input rate of its connected downstream device so as to avoid unnecessary packet drop and congestion. It is different from traffic policing in the sense that it buffers the packets that exceed the specified rate limit so that packets are sent out at an even speed, whereas traffic policing is to discard the packets. Besides, traffic shaping can result in the additional delay that can be avoided in traffic policing.

3.6.10 Priority Tag

The priority tag feature is used for setting new packet priority.

The S3600 series provide some specific packets with the priority tag service. The tags include ToS priority, differentiated services codepoint priority (DSCP), and 802.1p priority.

3.6.11 QoS Profile

Cooperating with 802.1x authentication, the QoS profile feature dynamically provides a set of pre-defined QoS functions for successfully authenticated users.

After an 802.1x user passes the authentication, the switch finds the profile according to the username-to-profile corresponding relationship configured on the AAA server, and


3-13

dynamically delivers the profile to the user access port, thus providing a set of pre-defined service quality guarantees for the user.

Currently, the QoS profile feature on the switch can provide the following functions: packet filtering, traffic monitoring, and priority tagging.

3.7 web cache redirection

The hypertext transfer protocol (HTTP) is one of the most commonly used methods to access the Internet. web cache redirection is provided to reduce the load on WAN links and to increase the speed, as shown in Figure 3-2:

Internet

Switch

PC

Internet

Web Cache

Internet

Switch

PC

Internet

Web Cache

Figure 3-2 web cache redirection

In the diagram, the PC is a user on a LAN attached to the switch. The Web Cache is a server that stores the frequently visited internet websites of the WAN users. Once web cache redirection is enabled, the HTTP traffic that the user sends to the Internet is redirected to the Web Cache. If the Web Cache has the contents that the user needs, it returns the content directly to the user and the user does not need to actually log onto the Internet; if it does not have the contents, then the user needs to get the information from the Internet.

3.8 NTP

Clock synchronization among devices is important for a complex network. The network time protocol (NTP) is a TCP/IP protocol that releases accurate time on a network.

NTP provides consistency guarantee for the following applications:

When increment backup is performed between a backup server and a client, it ensures the clock between the two system be synchronous.


3-14

When multiple systems are used to deal with complex events, it ensures the correct order of these events.

It ensures the RPC between systems be normally performed. It provides time information about such operations as system login of users, file

modification for application program.

3.9 Security

The popularity of network applications, especially in some sensitive occasions (e-commerce for example), highlights the issue of network security. The S3600 series provide these network security features:

Hierarchical user management and password protection MAC address black hole MAC address learning limit MAC address and port binding SSH

802.1x authentication Centralized MAC address authentication DUD authentication Local and RADIUS authentication Port isolation

With respect to filtering and authenticating Ethernet frames and packets from the upper layers, the S3600 series support:

ACL, with which information is filtered at layers 2 through 4 (such as based on port, by source/destination MAC address, by source/destination IP address, or by the type of upper layer protocol).

RIPv2/OSPFv2 packet authentication with the clear text and MD5 approaches Encrypted authentication of SNMPv3

3.9.1 Terminal Access User Classification

The S3600 series protect command lines in a hierarchical way by dividing the command lines into four levels: visitor, monitor, operator, and administrator. Commensurate with the command division, login users are classified into four levels. A login user can use only the commands equal to or lower than its level.

3.9.2 SSH

When users log onto the Ethernet switch from an insecure network, Secure Shell (SSH) offers security information protection and powerful authentication function to safeguard the Ethernet switch from attacks such as IP address spoofing and plain text cipher interception. The Ethernet switch can accept multiple SSH customer connections at the


3-15

same time. The SSH client allows users to connect to the Ethernet switches and UNIX mainframes that support SSH servers.

3.9.3 Port Isolation

Port isolation means layer 2 isolation of the ports in the same VLAN so that layer 2 relay cannot be done between a port and another ( or another group of ) port, but it can communicate with the port in the upper layer. It prevents visiting between the ports, effectively controls unnecessary broadcasting and increases the network throughput.

3.9.4 Packet Filter

Packet filter filters invalid or non-interesting data packets. The switch filters each packet based on the defined rules, by comparing the source or destination address for example. With packet filter, session state is ignored and data is not analyzed. You can define which packets are permitted and which are denied.

3.9.5 IEEE 802.1X Authentication

IEEE 802.1x is virtually a port based network access control protocol. As the name implies, the NAS on a LAN authenticates and controls the connected customer premises equipment (CPE) at the port level. If the CPE connected to a port passes authentication, it is allowed to access the LAN resources. Otherwise, it is rejected just like its physical link is disconnected.

In implementing 802.1x, the Ethernet switches not only support the port-based access authentication, but also extend and optimize it by:

Allowing a physical port to be connected to several terminals. Supporting access control (that is user authentication) based on MAC address in

addition to port.

The system thus becomes securer and more operational and manageable.

Note that, although 802.1x provides an implementation scheme for user authentication, the protocol itself is not enough to implement the scheme. The NAS administrators, however, can use RADIUS or local authentication to complete the user authentication with 802.1x.

3.9.6 Centralized MAC Address Authentication

Centralized MAC address authentication: the server or the Ethernet switch stores the information on user MAC addresses. Once a new user is detected, the switch authenticates the user by taking its MAC address as its user name and password. It searches the MAC addresses table in the server or the switch for the user’s MAC


3-16

address. If found, the user is authenticated and the MAC address will be automatically added to the corresponding port; if not, the authentication fails and the packet will be discarded. This authentication method does not involve the client, the client’s own MAC address is taken as its user name and password.

3.9.7 MAC Address Learning Limit

MAC address learning limit: limits the number of MAC addresses learned by an Ethernet switch port. The number ranges from 0 to 4k. The static MAC addresses added on the port are not affected.

3.9.8 MAC Address and Port Binding

After a MAC address is bound with a port, this MAC address can only access the network through this port.

3.9.9 DUD Authentication

With the disconnect unauthorized device (DUD) function enabled, the switch filters out all the traffic of a connected device once it detects that the device is unauthorized.

3.9.10 MAC Address Black Hole

On a S3600 series switch, you can enable the black hole function and configure a black hole list. When the switch receives a packet with a source or destination MAC address in the black hole, it drops the packet.

3.9.11 AAA/RADIUS/HWTACACS

The S3600 series support user authentication at the local or with RADIUS servers that are based on 802.1x or its extension.

I. AAA

AAA is the abbreviation of Authentication, Authorization and Accounting. It provides a uniform framework to configure the security functions including authentication, authorization, and accounting. Actually, it offers a way to control the network security, which can be implemented with RADIUS

AAA performs the following services:

Authentication: Authenticates if the user can access the network sever. Authorization: Authorizes the user with specified services. Accounting: Tracks the network resources consumed by users.


3-17

II. RADIUS

RADIUS is a distributed system in the client/server model. It can fend off invalid users and is often used in a network environment where both high security and remote user access are desired. For example, it can be used to manage the access based on 802.1x.

RADIUS is based on the client/server model where user authentication always involves a device that can provide the proxy function, such as NAS. Between the RADIUS client and server, the exchanged messages are authenticated using a shared key and user passwords are sent encrypted over the network. The security is thus ensured.

III. HWTACACS

Huawei terminal access controller access control system (HWTACACS) is an enhanced security protocol based on TACACS (RFC 1492). Similar to the RADIUS protocol, HWTACACS adopts the server-client mode to implement authentication, authorization and accounting (AAA) of different access users, including PPP users, VPDN users and login users. (PPP: point to point protocol; VPDN: virtual private data network)

Compared with RADIUS, HWTACACS is more reliable in transmission and encryption, and so is more suitable for security control.

3.9.12 MAC-IP-Port Binding

After MAC-IP-port binding is enabled on a port, the port can pass IP and ARP packets for only those hosts whose IP and MAC addresses have been bound to the port. The binding configuration on the port neither affects the passing of other types of packets on the port, nor affects the other ports on the switch.

3.10 Reliability

3.10.1 VRRP

Note:

A VRRP-enabled Ethernet switch can function as a router. The routers mentioned in this manual refer to common routers and VRRP-enabled Layer 3 switches.


3-18

VRRP is a fault tolerance protocol which uses the standby mechanism to improve the reliability of establishing connections with a router.

VRRP assures reliability through grouping multiple routers on a LAN segment into one standby group. In a standby group, there is always an active router (called the master router). This router functions as the virtual router, and other routers in the group function as the backup routers monitoring the master router. When the master router fails, all the backup routers automatically elect a new master router to replace the original one. The new master router functions as the virtual router and provides routing service for the hosts on the network segment. The election and replacement process is short and smooth, and so the hosts on the network segment can use the virtual router as usual to communicate with external devices continuously.

3.11 Cluster Management

3.11.1 HGMP

HGMP implements centralized management of devices, that is, HGMP uses one device to manage multiple devices. Currently, HGMP includes two versions: HGMPv1 and HGMPv2. The S3600 series support HGMPv2 only.

In an administrative domain, HGMPv2 regards one switch as the command switch and other switches in the domain as member switches. The command switch is used to manage other switches, and the member switches are the switches being managed. After HGMPv2 is enabled, the network administrator can use one command switch to manage multiple member switches. Public IP address setting is not necessary for member switches, which can be managed and maintained through the command switch.

3.12 QinQ

3.12.1 QinQ

QinQ means to encapsulate private VLAN tags in public VLAN tags in order that packets can be transported with two layers of VLAN tags through the backbone network (public network) of carriers. In public networks, packets are transferred by only outer-layer VLAN tags (that is, public VLAN tags) while inner-layer VLAN tags (that is, private VLAN tags) are shielded.

Compared with Layer 2 VPN based on MPLS, QinQ has the following advantages:

QinQ provides simpler Layer 2 VPN tunneling;


3-19

QinQ does not need the support of signaling protocol. It can be implemented by fully static configurations.

Primarily, QinQ can solve the following problems:

QinQ relaxes the shortage of public VLAN IDs; You can plan your own private VLAN IDs, which will not collide with public VLAN

IDs; QinQ provides a simple Layer 2 VPN solution for small-sized metropolitan area

networks (MANs) and enterprise networks.

3.12.2 QinQ BPDU Tunnel

The feature works as follows: On an ingress device of a network, the MAC address of an inbound BPDU packet is replaced by a special MAC address (01:00:0C:CD:CD:D0), and then the packet is encapsulated again as a BPDU packet on the peer egress device of the network. In this way, BPDU packets are transmitted transparently through the carrier network. Thus, both the user network and the carrier network can have their own STP trees, which do not interfere with each other.

3.13 GARP/GVRP

3.13.1 GARP

Generic attribute registration protocol (GARP) provides a way for the switching members in the same switching network to distribute, transmit and register a kind of information, such as VLAN information and multicast group address information.

GARP members, which can be terminal workstations or routing switches, exchange information in the way of messages. All the attribute information to be registered is transmitted to all the routing switches in the same switching network. Through the GARP mechanism, the configuration information of a GARP member is transmitted to the whole switching network. A GARP member tells other GARP members to register or deregister its attribute information through declarations or reclamation declarations, and registers or deregisters the attribute information of other GARP members according to their declarations or reclamation declarations.

GARP itself does not exist as an entity in a routing switch. The application entities conforming to GARP are named GARP applications, currently including GARP VLAN registration protocol (GVRP) and GARP multicast registration protocol (GMRP). The protocol packets of the same type of GARP application (GVRP or GMRP) have the same destination MAC address (a particular multicast address), and the destination MAC address of GVRP is different from that of GMRP. When a GARP-enabled routing switch receives GARP application packets, it classifies these packets based on their


3-20

destination MAC addresses and then submits them to different applications (GVRP or GMRP) for processing.

3.13.2 GVRP

GVRP is a GARP application. Based on the GARP mechanism, GVRP maintains dynamic VLAN registration information in a routing switch and transmits the information to other routing switches.

All GVRP-enabled routing switches can receive VLAN registration information from other routing switches and update the local VLAN registration information (including the information about the current VLAN members and the ports though which the VLAN members can be reached) dynamically. Additionally, a GARP-enabled routing switch can transmit its local VLAN registration information (including the local static registration information configured manually and the dynamic registration information from other routing switches) to other routing switches, so that all the GARP-enabled routing switches in the same switching network have the consistent VLAN information.

System Description H3C S3600 Series Ethernet Switches Chapter 4 System Maintenance and Management

4-1

Chapter 4 System Maintenance and Management

4.1 Simple and Flexible System Maintenance

4.1.1 System Configuration

The S3600 series can be configured through the command line interface (CLI), NMS, HGMP, or Web.

In the CLI approach, you can configure the S3600 series locally through the console port, or configure it remotely through modem dialup or Telnet. As for Telnet, both Telnet server and Telnet client are supported.

In the NMS approach, you can configure the S3600 series through an SNMP-based NMS.

In the Web approach, you can configure the models in the S3600 series that support the Web-based network management.

4.1.2 System Maintenance

The S3600 series provide diverse management and maintenance functions:

LEDs are available on the switch and optional modules, indicating the board running status.

Telnet maintenance Hierarchical management over user authorities and operation logs, as well as

online help function Hierarchical alarm management and alarm filtering System status query, version query, debugging and tracing functions, to monitor

system running status

4.1.3 System Test and Diagnosis

The S3600 series provide means for system software and hardware fault detection and diagnosis. The tools such as ping and tracert are available for you to test network connectivity and trace packet transmission paths on line and hence address faults.

4.1.4 Software Upgrade

The S3600 series provide multiple approaches to software upgrade, and support remote grade and rollback to the previous version after upgrade.


4-2

The S3600 series allow you to upgrade the software:

Through a serial port with the XModem protocol. Through an Ethernet port with TFTP or FTP (at the local or remotely). Through the Web-based NMS with HTTP.

4.2 Quidview NMS

The S3600 series support Huawei-3Com Quidview NMS for centralized management, which is usually implemented in multilingual graphic interfaces. The NMS provides management in topology, configuration, fault, security, and performance.

4.2.1 Topology Management

The Quidview helps you learn your network in the most direct and convenient way by providing a network-wide device topology view. The Quidview delivers powerful topology management. It provides the physical topology view, logical topology view, and customized views, offering a unified network-wide equipment view. It also provides the user-friendly interface for network/equipment operation and maintenance. The system supports automatic topology discovery, reflecting the real-time changes in network topology and equipment status.

4.2.2 Configuration Management

With the Quidview, you can configure and manage the S2000-EI, such as query/enable/disable ports, query/reset/load boards, and query port parameters/VLAN configurations.

4.2.3 Fault Management

Fault management is the most important and common management approach during the network operation and maintenance. In the graphic interfaces, you can implement equipment running/fault status query, real-time monitoring, fault filtering/locating/check/analysis. The system provides audio prompt and graphical displays on the alarm card. Additionally, it can be connected to the alarm box and therefore facilitates routine maintenance.

4.2.4 Performance Management

The Quidview can collect and analyze performance data, monitor performance, and provide graphical performance reports in different forms. You can thus learn the information on equipment load and access traffic, track network service quality, and allocate network resources based on your network evaluation.


4-3

4.2.5 Security Management

The Quidview provides many security measures to strictly authenticate the user’s operations and ensure the system security. It offers detailed operation log for later query and analysis.

4.3 Web-Based Network Management

Web-based network management allows you to manage and maintain a switch through Web. It is implemented as follows:

The switch provides a built-in Web server and runs a Web-based network management program on the homepage at the IP address of the management VLAN. The PC users connected to the Ethernet ports on the switch can access and use, through a browser, the program on the homepage to manage the switch. Figure 4-1 shows the Web-based network operating environment:

Switch

PC

HTTP connection

Figure 4-1 Web-based network management operating environment

System Description H3C S3600 Series Ethernet Switches Chapter 5 Networking Applications

5-1

Chapter 5 Networking Applications

You can deploy S3600 series on many types of networks such as enterprise networks and broadband access networks. Following are several typical networking applications.

5.1 Broadband Ethernet Access for Residential Communities

On the broadband access network of a residential community, an S3600 series switch is located in the center. It is downlinked to the S2000 or S3026 series to reach the Ethernet users and uplinked to a core L3 switch through a GE extension module to connect to the MAN backbone.

ICP

ICP

GSR

L3

S3600 series

Data centerMAN backbone

Core layer

Convergence layer

Community /buildingaccess layer

Corridor access layer

S3026S3026S2000 series

Local serv ice center

ICP

ICP

GSR

L3

S3600 series

ICP

ICP

GSR

L3

S3600 series


Core layer

Convergence layer




Core layer

Convergence layer



S3026S3026S2000 series

Local serv ice center

Figure 5-1 Community Ethernet access networking with S3600 series

5.2 Application in Networks of Branches or Small-to Medium-Sized Enterprises

For small-to medium-sized enterprises or branches of a large enterprise, the S3600 series can server as the backbone switches on their networks and can be connected to the headquarters or other branches through routers. As the enterprise size increases, the network also can expand by subtending the S3600 series.


5-2

Internet/企业网络

GE(1000M)

FE(100M) S3900系列

FE(100M)

Internet/企业网络Internet

/Enterprise network

server

server

PC

GE(1000M)

S3600 series

FE(100M)S2000

/S3026 series

Rotuer

PC PC PC PC

Internet/企业网络Internet/企业网络

GE(1000M)

FE(100M) S3900系列

FE(100M)

GE(1000M)

FE(100M) S3900系列

FE(100M)

Internet/企业网络Internet/企业网络Internet

/Enterprise network

server

Internet/Enterprise network

server

server

PC

GE(1000M)

S3600 series

FE(100M)S2000

/S3026 series

Rotuer

PC PC PC PC

Figure 5-2 S3600 series application in branch network of midsize/large enterprise


5-3

5.3 Application in Large Enterprise and Campus Networks

In a large enterprise or campus network, the S3600 series are located at the convergence layer. They are downlinked to layer 2 switches, S3000 Series for example; and uplinked to a layer 3 switch through GE expansion modules. These switches together provide a network-wide intranet solution that covers gigabit-to-backbone and 100 Mbps-to-desktop.

serv er

serv er

serv er

PC PC PC

GE (1,000 M)

L2/L3100 M/1,000 M

L3

L210 M/100 M

FE (100 M)

serv er

serv er

PC PC PC

L2/L3

L3

L2

serv er

serv er

PC PC PC

L2/L3

L3

L2

serv er

serv er

PC PC

serv er

serv er

PC PC PC

L2/L3

L3

L2

serv er

PC

L2/L3

L3

L2

serv er

serv er

PC PC PC

L2/L3

L3

L2

serv er

PC PC PC

L2/L3

L3

L2

serv er

serv er

PC

Departmentserv er

serv er

serv er

PC PC PC

L2/L3

L3

S3900 series

S2000/S3026 series L2

S3900 series

Serv er cluster

Intranet backbone

Desktop

serv er

serv er

serv er

PC PC PC

GE (1,000 M)

L2/L3100 M/1,000 M

L3

L210 M/100 M

FE (100 M)

serv er

serv er

PC PC PC

L2/L3

L3

L2

serv er

serv er

PC PC PC

L2/L3

L3

L2

serv er

serv er

PC PC

serv er

serv er

PC PC PC

L2/L3

L3

L2

serv er

PC

L2/L3

L3

L2

serv er

serv er

PC PC PC

L2/L3

L3

L2

serv er

PC PC PC

L2/L3

L3

L2

serv er

serv er

PC

Departmentserv er

serv er

serv er

PC PC PC

L2/L3

L3

S3600 series


S3600 series

Serv er cluster

Intranet backbone

Desktop

serv er

serv er

serv er

PC PC PC

GE (1,000 M)

L2/L3100 M/1,000 M

L3

L210 M/100 M

FE (100 M)

serv er

serv er

PC PC PC

L2/L3

L3

L2

serv er

serv er

PC PC PC

L2/L3

L3

L2

serv er

serv er

PC PC

serv er

serv er

PC PC PC

L2/L3

L3

L2

serv er

PC

L2/L3

L3

L2

serv er

serv er

PC PC PC

L2/L3

L3

L2

serv er

PC PC PC

L2/L3

L3

L2

serv er

serv er

PC

Departmentserv er

serv er

serv er

PC PC PC

L2/L3

L3

S3900 series


S3900 series

Serv er cluster

Intranet backbone

Desktop

serv er

serv er

serv er

PC PC PC

GE (1,000 M)

L2/L3100 M/1,000 M

L3

L210 M/100 M

FE (100 M)

serv er

serv er

PC PC PC

L2/L3

L3

L2

serv er

serv er

PC PC PC

L2/L3

L3

L2

serv er

serv er

PC PC

serv er

serv er

PC PC PC

L2/L3

L3

L2

serv er

PC

L2/L3

L3

L2

serv er

serv er

PC PC PC

L2/L3

L3

L2

serv er

PC PC PC

L2/L3

L3

L2

serv er

serv er

PC

Departmentserv er

serv er

serv er

PC PC PC

L2/L3

L3

S3600 series


S3600 series

Serv er cluster

Intranet backbone

Desktop

Figure 5-3 S3600 series application in large enterprise and campus network

5.4 IRF Network Diagram

Characteristics of IRF have been introduced above, Figure 5-4 shows IRF Network diagram:


5-4

seriesseries

36003600

3000

seriesseries

Figure 5-4 IRF Network diagram

System Description H3C S3600 Series Ethernet Switches Chapter 6 Guide to Purchase

6-1

Chapter 6 Guide to Purchase

To meet varied customer needs, S3600 series can be delivered to your order. You can purchase the switch and optional interface modules as needed.

6.1 Purchasing the Switch

When purchasing a switch, consider the following:

I. Networking requirements

Location and function of the switch in your network Desired processing and access capabilities in both directions Desired scalability Service reliability Transmission segment

II. Power system

Make sure you want a DC-powered or an AC-powered switch.

Table 6-1 Switch purchase list

Switch model Quantity Note

S3600-28P-SI (220/110 VAC) 1 Optional

S3600-28TP-SI (220/110 VAC) 1 Optional

S3600-52P-SI (220/110 VAC) 1 Optional

S3600-28P-EI (220/110 VAC and -48 VDC) 1 Optional

S3600-28F-EI (220/110 VAC and -48 VDC) 1 Optional

S3600-28P-PWR-EI (220/110 VAC and -48 VDC) 1 Optional

S3600-28P-PWR-SI (220/110 VAC and -48 VDC) 1 Optional

S3600-52P-EI (220/110 VAC and -48 VDC) 1 Optional

S3600-52P-PWR-EI (220/110 VAC and -48 VDC) 1 Optional

S3600-52P-PWR-SI (220/110 VAC and 1 Optional


6-2

-48 VDC)

6.2 Purchasing the SFP Interface Module

Table 6-2 Interface module purchase list

SFP module Central wavelength Connector

Fiber specifications and transmission

segment Quantity Note

100Base-FX-MM-SFP

1310 nm

LC

62.5/125 µm multi-mode fiber 2 km (1.24 mi)

0 to 24 Optional

100Base-FX-SM-SFP

9/125µm single mode fiber 15 km (9.32 mi)

0 to 24 Optional

100Base-FX-SM-LR-SFP


0 to 24 Optional

100Base-FX-SM-VR-SFP 1550 nm


0 to 24 Optional

1000Base-SX-SFP 850 nm

LC

62.5/125 µm multi-mode fiber 550 m (1804.46 ft.)

0 to 4 Optional

62.5/125 µm multi-mode fiber 275 m (902.23 ft.)

0 to 4 Optional

1000Base-LX-SFP

1310 nm

Single mode fiber 10 km (6.21 mi) 0 to 4 Option

al

1000Base-LH-SFP


al

1000Base-ZX-LR-SFP

1550 nm


al

1000Base-ZX-VR-SFP


al

1000BASE-LX-SFP_BIDI

1310/1490nm


al

1490/1310nm


al

1000BASE-LX-SFP_CWDM

1470nm Single mode fiber 10 km (6.21 mi) 0 to 4 Option

al


al


6-3

SFP module Central wavelength Connector

Fiber specifications and transmission

segment Quantity Note


al


al


al


al


al


al

1000Base-T-AN-SFP –– RJ-45 Category 5 UTP 100

m (328.08 ft.) 0 to 4 Optional

1000BASE-T-SFP_STACK –– –– Provided in pairs 0 to 4 Option

al

Table 6-3 Other Switch accessories purchase list

Switch model Quantity Note

DC power cable (2m) 1 Optional

table of contents · 2011-11-28 · system description h3c s3600 series ethernet switches chapter 1...

Documents