Specifications

Standard Compliance

IEEE 802.3 10Base-T Ethernet

IEEE 802.3u 100Base-TX Ethernet

IEEE 802.ab 1000Base-T Ethernet

IEEE 802.3x Flow control

IEEE 802.1p Class of service, priority protocols

IEEE 802.1Q VLAN tagging

IEEE 802.3ad static port aggregation

Performance

ES-1528/ES-1552

12.8/17.6 Gbps non-blocking switching fabric

Switching Forwarding Rate 9.6/13.1 Mpps (1488000 pps/1000Base-T/1000Base-X, 148800 pps/100Base-TX)

Wire-speed performance

MAC and Packet Buffer

8 K MAC entries

512 KB Packet Buffer

Traffic Management and QoS

Rate Limiting: Port-based bandwidth control with 7 grades (64 kbps, 256 kbps, 1 Mbps, 10 Mbps, 64 Mbps, 100 Mbps, 1 Gbps)

Port-based egress traffic shaping

Broadcast Storm Control

Congestion control on all ports

IEEE 802.1p with 4 priority queues per port for different types of traffic

WRR (Weighted Round Robin)/SPQ scheduling algorithm

Auto VoIP

Auto VoIP module matches VoIP streams and assign the highest priority for following VoIP packets

SIP — Session Initiation Protocol

MGCP — Media Gateway Control Protocol

SCCP — Skinny Client Control Protocol

Link Aggregation

IEEE 802.3ad static port aggregation

Up to 6 aggregation groups, per group supports up to 8 ports

User Security and Authentication

Specific MAC forwarding per port: only specified MAC addresses can access the network (Port Security)

IEEE 802.1Q tagged VLAN

256 static VLAN, up to 4 K dynamic VLAN

Dynamic ARP

Auto DoS Attack Prevention

Denial of Service (DoS) attacks try to disable a device or network so users no longer have access to network resources. Auto DoS Attack Prevention module matches attack types in switches and prevent network outage

Types of DoS Attacks can be prevented

Land Attacks — These attacks result from sending a specially crafted packet to a machine where the source host IP address is the same as the destination host IP address. The system attempts to reply to itself, resulting in system lockup.

Blat Attack — These switch result from sending a specially crafted packet to a machine where the source host port is the same as the destination host port. The system attempts to reply to itself, resulting in system lockup.

SYNFIN Scans — SYNchronization (SYN, ACKnowledgement (ACK) and FINish (FIN) packets are used to initiate, acknowledge and conclude TCP/IP communication sessions. The following scans exploit weakness in the TCP/IP specification and try to illicit a response from a host to identify ports for an attack:

-Scan SYNFIN — SYN and FIN bits are set in the packet.

-Xmascan — TCP sequence number is zero and the FIN, URG and PSH bits are set.

-NULL scan — TCP sequence number is zero and all control bits are zeros.

-SYN with port <1024 — SYN packets with source port less than 1024.

Smurf Attacks — This attack uses Internet Control Message Protocol (ICMP) echo requests packets (pings) to cause network congestion or outrages.

Ping Flooding — This attack floods the target network with ICMP packets.

SYN/SYN-ACK Flooding — This attack floods the target network with SYN or SYN/ACK packets.

Network Administration Security

• Password required for administrators

Network Management

Web-based management

SNMP v1, v2

IP management: static IP

RMON

Port mirroring: supports Source/Destination/Both port mirroring

Cable Diagnostic

MIB Information

RFC1213 MIB II (System, Interface)

RFC1398 (Ether-like)

Page 2
Image 2
ZyXEL Communications ES-1552, ES-1528 manual Specifications