AlliedWare PlusTM Operating System

Continued from previous page.

With three distinct modes, the CLI is very secure. User exec mode allows users to view settings and troubleshoot problems but does not allow any changes to be made to the system. Privileged execmode allows users to change system settings and restart the device. Configuration changes are only permitted in global configuration mode, which reduces the risk of making accidental configuration changes.

AlliedWare Plus Licensing Unlocks New Features

With AlliedWare Plus, a single license password or 'key' is all that is necessary to activate a feature bundle.This single key enables the bundled features on all hardware of that particular product type.

License keys enable you to "unlock" additional feature bundles that ship with the switches.

Policy-Based Quality of Service (QoS)

Comprehensive, low latency QoS features operating at wire-speed provide flow-based traffic management with full classification, prioritization, traffic shaping and min/max bandwidth profiles. The QoS features are ideal for service providers wanting to ensure maximum availability of premium voice, video and data services, and at the same time manage customer service level agreements. For enterprise customers, the QoS features protect productivity by guaranteeing performance of business-critical applications (including VoIP services), and help to restore and maintain responsiveness of enterprise applications in the workplace.

Control Plane Prioritization

The Control Plane Prioritization (CPP) feature allows you to allocate priorities to packet types, to ensure minimum interruption to the flow of control information through the network.

CPP stops the control plane from being flooded by traffic in the event of a network storm or Denial of Service (DoS) attack.This ensures maximal performance and prevents network outages. In addition, with CPP you can also limit the amount of traffic that flows to the CPU to ensure that performance of other services, such as the CLI, are not affected should a network storm or DoS attack occur.

Resiliency

Link Aggregation

Link aggregation allows a number of individual switch ports to be combined, forming a single logical connection of higher bandwidth.This provides a higher performance link, and also provides redundancy for a more reliable and robust network.

AlliedWare Plus supports IEEE standard 802.3ad link aggregation, which can be configured manually, or automated via the use of Link Aggregation Control Protocol (LACP). LACP automatically detects multiple links between two LACP enabled devices and configures them to use their maximum possible bandwidth by automatically combining the links.

VRRP - Virtual Router Redundancy Protocol VRRP provides automatic backup in mission-critical environments.This feature enables multiple routers or switches to share a virtual IP address that serves as the default LAN gateway. Should the master fail, the other devices assume the virtual IP address. LAN devices can continue to be configured with a single default gateway address, and because VRRP is a standards based protocol, full interoperability with other VRRP-supported products is assured.

Ethernet Protection Switching Ring (EPSR)

EPSR allows several switches to form a protected ring with sub 50ms failover.This feature is perfect for high performance at the core of enterprise or provider access networks.

MSTP - Multiple Spanning Tree Protocol MSTP addresses the limitations in the existing spanning tree protocols, Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP). MSTP is similar to RSTP in that it provides loop resolution and rapid convergence. However it also has the significant extra advantage of making it possible to have different forwarding paths for different multiple spanning tree instances.This enables load balancing of network traffic across redundant links.

Dual Software Images

Dual software images can be stored, providing separate primary and secondary operating system files that function as backup during upgrades.

Security

802.1x, RADIUS Authentication and Dynamic VLAN Assignment

The IEEE 802.1x standard manages port-based network access. It provides authentication to devices attached to a LAN port by initiating a connection or preventing access from that port if authentication fails. Valuable for authenticating and controlling user traffic to a protected network, 802.1x is also effective for dynamically varying encryption keys. 802.1x attaches the Extensible Authentication Protocol (EAP) to both wired and wireless LAN media, and supports multiple authentication methods, such as token cards, Kerberos, certificates, and public key authentication.

802.1x uses the RADIUS (Remote Authentication Dial In User Service) protocol to transfer authentication and configuration information between the switch and a shared RADIUS authentication Server., which manages a database of users and provides authentication and configuration information to the client.

Dynamic VLAN assignment allows an 802.1x supplicant to be placed into a specific VLAN based on information returned from the RADIUS server during authentication.This limits the network access of a supplicant to a specific VLAN that is tied to their authentication, and prevents supplicants from connecting to VLANs for which they are not authorized. A port's VLAN assignment is determined by the first supplicant to be authenticated on the port.

SSHv2 and SCP

The Secure Shell (SSH) version 2 protocol provides encrypted and strongly authenticated remote login sessions. SSHv2 provides sessions between a host running a Secure Shell server and a machine with a Secure Shell client.

Secure Copy Protocol (SCP) is also supported. SCP allows for secure file transfer to and from the switch, protecting your network from unwanted downloads and unauthorized file copying.

Access Control Lists (ACLs)

AlliedWare Plus delivers industry-standard Access Control functionality through access control lists (ACLs). ACLs filter network traffic to control whether routed packets are forwarded or blocked at the port interface.The switch examines each packet to determine whether to forward or drop the packet based on the criteria that is specified within the ACL, such as source and destination MAC or IP address, IP protocol, or TCP/UDP port. This provides a powerful network security mechanism to select the types of traffic to be analyzed, forwarded, or influenced in some way, for example to restrict routing updates or provide traffic flow control.

Allied Telesis

www.alliedtelesis.com

Page 2
Image 2
Allied Telesis 5.2.1 manual AlliedWare Plus Licensing Unlocks New Features, Policy-Based Quality of Service QoS, Resiliency