Cisco Systems Superx Series manual Flexible Bandwidth Management, Comprehensive Security Suite

Page 4

Flexible Bandwidth Management

The FastIron SuperX/SX switches support a rich set of bandwidth management features, allowing granular control of bandwidth utilization. On ingress, extended ACLs can be used in combination with traffic policies to control bandwidth by user, by application, and by VLAN. On egress, outbound rate limiting can control bandwidth per port and per priority queue. These features allow the network operator fine-grained control of bandwidth utilization based on a wide range of application and user criteria.

Complete Solution for Multicast and Broadcast Video

The use of video applications in the workplace requires support for scalable multicast services from the edge to the core. IGMP and PIM snooping improves bandwidth utilization in Layer 2 networks by restricting multicast flows to only those switch ports that have multicast receivers. In Layer 3 networks, support for IGMP (v1, v2, and v3), IGMP Proxy, PIM-SM, PIM-SSM, and PIM-DM multicast routing optimizes traffic routing and network utilization for multicast applications.

Advanced Full Layer 2/Layer 3 Wire- Speed IP Routing Solution

Advanced IronWare supports a full complement of unicast and multicast routing protocols, enabling users to build fully featured Layer 2/Layer 3 networks. Supported routing protocols include RIPv1/v2, OSPF, PIM-SM/DM, BGP, and Equal Cost Multi-path (ECMP) for improved network performance. M2, M3, and

M4 management modules can support routing table capacity of up to 1,000,000 BGP routes and 20 BGP peers. FastIron SuperX/SX switches can be upgraded with Advanced IronWare routing software (a Layer 3 upgrade).

To achieve wire-speed Layer 3 performance, the FastIron SuperX/SX switches support Brocade Direct Routing (BDR), in which the forwarding information base (FIB) is maintained in local memory on the line modules. The hardware forwarding tables are dynamically populated by system management with as many as 256,000 routes.

Comprehensive Security Suite

Security is a concern for today’s network managers, and the FastIron SuperX/SX switches support a powerful set of network management solutions to help protect the switch. Multilevel access security on the console and a secure Web management interface prevent unauthorized users from accessing or changing the switch configuration. Using Terminal Access Controller Access Control Systems (TACACS/ TACACS+) and RADIUS authentication, network managers can enable considerable centralized control and restrict unauthorized users from altering network configurations.

The FastIron SuperX/SX family includes Secure Shell (SSHv2), Secure Copy, and SNMPv3 to restrict and encrypt communications to the management interface and system, thereby ensuring highly secure network management access. For an added level of protection, network managers can use ACLs to control which ports and interfaces have TELNET, Web, and/or SNMP access.

Controlling network access is a top priority for network operators. FastIron SuperX/SX switches support a flexible suite of access control capabilities in the IronShield product. IronShield’s network access control features include multi-host IEEE 802.1x and MAC authentication schemes. Upon successful

user or device authentication, the FastIron SuperX/SX switch will apply the appropriate access policy for the user. The access policy may define the assigned VLAN, QoS, and ACL to be applied to the user’s traffic. The network administrator can also specify

an action in case the MAC or 802.1x authentication times out. Because of its standards-based design, this solution can be augmented with access control software and external appliances for enhanced access control operation. For example, an external NAC appliance and/or software can be used in combination with the FastIron SuperX/ SX, providing host posture verification and remediation. This design allows customers the flexibility to build best-of-breed solutions for their access control infrastructure and not be locked into a single offering.

Once the user is permitted access to the network, protecting the user’s identity and controlling where the user connects becomes a priority. To prevent “user identity theft” (spoofing), the FastIron SuperX/SX switches support DHCP snooping, Dynamic ARP inspection, and IP source guard. These three features work together to deny spoofing attempts and to defeat man-in- the-middle attacks. To control where users connect, the FastIron SuperX/SX switches support private VLANs, quarantine VLANs, policy-based routing, and extended ACLs, all of which can be used to control a user’s access to the network.

In addition, FastIron SuperX/SX switches feature embedded sFlow packet sampling, which provides system-wide traffic monitoring for accounting, troubleshooting, and intrusion detection. Using the Brocade IronView® Network Management (INM)

Image 4
Contents Brocade Fastiron FastIron SuperX Primary Features and BenefitsFastIron SX Advanced QoS and Low Latency for Enterprise Convergence Intelligent and Scalable Power Over Ethernet PoEEase of Use Plug and Play Flexible Bandwidth Management Complete Solution for Multicast and Broadcast VideoComprehensive Security Suite Deployment of IPv6 Capable Hardware Resilient Design Ensures Business ContinuityFuture-Proofing the Network Through IronShield Advanced Security System and Network Resilience Advanced Quality of ServiceIPv6 Futureproofing Brocade Fastiron SuperX Specifications Quality of ServiceIeee Standards Compliance RFC ComplianceDimensions Weight Fully LoadedPower Requirements Safety CertificationsSystem summary Feature FastIron SuperX FastIron SXXFP Ordering Information Part Number DescriptionWarranty IPv6-Capable Ordering Information