Наличие:
https://e.huawei.com/ru/material/networking/campusswitch/8e64c6157a9648ad9b0eaafda1190a1d
Large-capacity, High-density, 10 Gbit/s Access and 40 Gbit/s Uplink
To provide sufficient bandwidth for users, many servers, particularly those in data centers, use 10G network adapters. The
S6720-EI can be used in data centers to provide high forwarding performance and 10GE ports. The S6720-EI has the high
density of all 10GE ports and the large switching capacity. Each S6720-EI provides a maximum of 6 line-speed QSFP+ ports
and 48 line-speed 10GE ports.
S6720-EI ports support 1GE and 10GE access and can identify optical module types, maximizing the return on investment
and allowing users to flexibly deploy services.
The S6720-EI has a large buffering capacity and uses an advanced buffer scheduling mechanism to ensure non-block
transmission when data center traffic volume is high.
Comprehensive Security Policies
The S6720-EI provides multiple security measures to defend against Denial of Service (DoS) attacks, as well as attacks
against networks or users. DoS attack types include SYN Flood attacks, Land attacks, Smurf attacks, and ICMP Flood attacks.
Attacks to networks refer to STP BPDU/root attacks. Attacks to users include bogus DHCP server attacks, man-in-the-middle
attacks, IP/MAC spoofing attacks, and DHCP request flood attacks. DoS attacks that change the CHADDR field in DHCP
packets are also attacks against users.
The S6720-EI supports DHCP snooping, which generates user binding entries based on users' access interfaces, MAC
addresses, IP addresses, IP address leases, and VLAN IDs. DHCP snooping discards invalid packets that do not match any
binding entries, such as ARP spoofing packets and IP spoofing packets. This prevents hackers from using ARP packets to
initiate attacks on campus networks. The interface connected to a DHCP server can be configured as a trusted interface to
protect the system against bogus DHCP server attacks.
The S6720-EI supports strict ARP learning, which prevents ARP spoofing attacks that exhaust ARP entries. The S6720-EI
also provides an IP source check to prevent DoS attacks caused by MAC address spoofing, IP address spoofing, and MAC/IP
spoofing. URPF, provided by the S6720-EI, authenticates packets by checking the packet transmission path in reverse, which
can protect the network against source address spoofing attacks.
The S6720-EI supports centralized MAC address authentication and 802.1x authentication. The S6720-EI authenticates
users based on statically or dynamically bound user information such as the user name, IP address, MAC address, VLAN ID,
access interface, and flag indicating whether antivirus software is installed. VLANs, QoS policies, and ACLs can be dynamically
applied to users.
The S6720-EI can limit the number of MAC addresses learned on an interface to prevent attackers from exhausting MAC
address entries by using bogus source MAC addresses. This function minimizes the packet flooding that occurs when users’
MAC addresses cannot be found in the MAC address table.
This series of switches supports MACsec, a secure LAN communication method based on 802.1AE and 802.1X. The
switches provide identity authentication, data encryption, integrity check, and replay protection to protect Ethernet frames and
prevent attack packets.
Huawei S6720-EI Series Switches 3
Higher Reliability Mechanism
The S6720-EI supports redundant power supplies. You can choose a single power supply or use two power supplies to
ensure device reliability. With two fans, the S6720-EI has a longer MTBF time than its counterpart switches.
The S6720-EI supports MSTP multi-process that enhances the existing STP, RSTP, and MSTP implementation. This
function increases the number of MSTPs supported on a network. It also supports enhanced Ethernet reliability technologies
such as Smart Link and RRPP, which implement millisecond-level protection switchover and ensure network reliability. Smart
Link and RRPP both support multi-instance to implement load balancing among links, optimizing bandwidth usage.
The S6720-EI supports the enhanced trunk (E-Trunk) feature. When a CE is dual-homed to two S6720s-EI (PEs), E-Trunk
protects the links between the CE and PEs and implements backup between the PEs. E-trunk enhances link reliability between
devices.
The S6720-EI supports the Smart Ethernet Protection (SEP) protocol, a ring network protocol applied to the link layer on
an Ethernet network. SEP can be used on open ring networks and can be deployed on upper-layer aggregation devices to
provide fast switchover (within 50 ms), ensuring the non-stop transmission of services. SEP features simplicity, high reliability,
fast switchover, easy maintenance, and flexible topology, facilitating network planning and management.
The S6720-EI supports Ethernet Ring Protection Switching (ERPS), also referred to as G.8032. As the latest ring network
protocol, ERPS was developed based on traditional Ethernet MAC and bridging functions and uses mature Ethernet OAM
function and a ring automatic protection switching (R-APS) mechanism to implement millisecond-level protection switching.
ERPS supports various services and allows flexible networking, helping customers build a network with lower OPEX and
CAPEX.
The S6720-EI supports VRRP. Two S6720s-EI can form a VRRP group to ensure nonstop reliable communication. Multiple
equal-cost routes to upstream devices can be configured on the S6720-EI to provide route redundancy. When an active route is
unreachable, traffic is switched to a backup route.