D-Link DES-7200 manual Core Network, End-to-End Security E2ES

•Intermediate Routing

This feature is needed for interconnection between segments in the access network, and between the access network and core network. In order to perform this function, D-Link solution provides support for static route, RIP I/II, OSPF and RIPng for IPv6 implementation.

•Bandwidth Management

This feature allows the network administrator to allocate different amounts of bandwidth for each service and user, which will lead to more efficient bandwidth usage.

•Traffic Policing - ACL

Network traffic passing through the aggregation network will be filtered against defined access control list to eliminate unnecessary and malicious traffic.

•High Availability

D-Link provides high availability of aggregation network with redundancy power supply, stacking configuration and Virtual Router Redundancy Protocol (VRRP).

Core Network

As its name implies, core network is where enterprises place their critical information technology resources. Core network makes up the enterprise network backbone. Network connection from the enterprise network (access and aggregation network), server farm, Internet and network management system culminate in core network. Because of its critical role, enterprises need high performance and reliable infrastructure for the core network. In meeting this challenge, D-Link offers its xStack Layer-3 switches and Layer-3 chassis switches.

D-Link's core network solution provides high switching capacity with 10-Gigabit connections to ensure high speed and excellent core network performance. In addition, to provide an ideal core network infrastructure, D-Link also enrich this high performance infrastructure with features such as high availability (stacking configuration,VRRP),and routing for IPv4, IPv6 and multicast traffic. Besides providing excellent core network infrastructure, D-Link also provides network management and storage solution for comprehensive core network solution.

D-Link offers two solutions for Centralized Network Management, namely, the AP Manager II and D-View 6.0.

•Centralized Network Management

For large scale centralized network management, D-Link provides D-View 6.0 Simple Network Management Protocol (SNMP) software. D-View 6.0 is a centralized management system that covers a wide range of network devices such as access points, managed switches and SNMP capable routers.It allows the network administrator to manage and monitor critical network characteristic such as device configuration, network performance, security and fault tolerance.

•Centralized Access Point Management

AP Manager II provides centralized management for up to 20 fat wireless access points. Features supported by AP Manager II include mass configuration, mass firmware upgrade, fault management, real-time monitoring and real-time reporting. This software

provides network administrators with the means of verifying and conducting regular maintenance checks without the need of physical travel.

End-to-End Security (E2ES)

E2ES is a unique security solution from D-Link that covers the entire enterprise network from the access network to core network.This solution consists of three elements:

•Gateway Security

This carries out the security function for enterprise network at the gateway, the boundary between enterprise network and the Internet. It protects enterprise network from external security threats to ensure the secure operation of internal network. For this element of E2ES, D-Link present the NetDefend UTM/IPS firewall. This firewall is equipped with various advanced security features such as illegal traffic detection, intrusion detection prevention, anti-spam, anti-virus, web content filtering, high availability, VPN and more.

•Endpoint Security

This is the first line of defense within enterprise internal network. It protects enterprise network from security threats coming from inside the network. D-Link provides this solution by pushing intelligence to its xStack switch as an evolutionary endpoint security that performs authentication,authorization,traffic control,node address control and attack mitigation. Some of the endpoint security functions supported by the D-Link xStack switch are access control (802.1X, MAC-based, web-based), dynamic VLAN assignment, loopback detection, IP-MAC- Port binding, rogue DHCP server detection, Safeguard Engine, and broadcast storm control.

•Joint Security

Joint Security is a security solution formed with D-Link ZoneDefense and Microsoft Network Access Protection (NAP) to provide user access control and comprehensive security mechanism for enterprise network. D-Link ZoneDefense is a unique security technology that enables D-Link NetDefend firewall to work together with D-Link xStack switch to carry out an advanced defense mechanism. With this defense mechanism, the firewall will block any malicious traffic or security threat and inform the xStack switch within the enterprise network to block the suspected host. ZoneDefense, in this way, effectivelystopssecuritythreatsandvirus/worminfections and outbreaks. D-Link Joint Security offers two important functions for user access control in enterprise network:

•User Authentication

Only users with valid access credentials are allowed to access the network.

•Policy Enforcement and Remediation

NAP will check and ensure system compliance of each user that has passed authentication process against enterprise security requirements such as updated anti-virus definition of network host,updated operating system patch of network host or personal firewall in active status. Only network hosts that meet the security requirements specified will be allowed to access the network.