ZyXEL Communications ES-1552, ES-1528 manual Specifications

Specifications

Standard Compliance

•IEEE 802.3 10Base-T Ethernet

•IEEE 802.3u 100Base-TX Ethernet

•IEEE 802.ab 1000Base-T Ethernet

•IEEE 802.3x Flow control

•IEEE 802.1p Class of service, priority protocols

•IEEE 802.1Q VLAN tagging

•IEEE 802.3ad static port aggregation

Performance

ES-1528/ES-1552

•12.8/17.6 Gbps non-blocking switching fabric

•Switching Forwarding Rate 9.6/13.1 Mpps (1488000 pps/1000Base-T/1000Base-X, 148800 pps/100Base-TX)

•Wire-speed performance

MAC and Packet Buffer

•8 K MAC entries

•512 KB Packet Buffer

Traffic Management and QoS

•Rate Limiting: Port-based bandwidth control with 7 grades (64 kbps, 256 kbps, 1 Mbps, 10 Mbps, 64 Mbps, 100 Mbps, 1 Gbps)

•Port-based egress traffic shaping

•Broadcast Storm Control

•Congestion control on all ports

•IEEE 802.1p with 4 priority queues per port for different types of traffic

•WRR (Weighted Round Robin)/SPQ scheduling algorithm

Auto VoIP

Auto VoIP module matches VoIP streams and assign the highest priority for following VoIP packets

•SIP — Session Initiation Protocol

•MGCP — Media Gateway Control Protocol

•SCCP — Skinny Client Control Protocol

Link Aggregation

•IEEE 802.3ad static port aggregation

•Up to 6 aggregation groups, per group supports up to 8 ports

User Security and Authentication

•Specific MAC forwarding per port: only specified MAC addresses can access the network (Port Security)

•IEEE 802.1Q tagged VLAN

•256 static VLAN, up to 4 K dynamic VLAN

•Dynamic ARP

Auto DoS Attack Prevention

Denial of Service (DoS) attacks try to disable a device or network so users no longer have access to network resources. Auto DoS Attack Prevention module matches attack types in switches and prevent network outage

Types of DoS Attacks can be prevented

•Land Attacks — These attacks result from sending a specially crafted packet to a machine where the source host IP address is the same as the destination host IP address. The system attempts to reply to itself, resulting in system lockup.

•Blat Attack — These switch result from sending a specially crafted packet to a machine where the source host port is the same as the destination host port. The system attempts to reply to itself, resulting in system lockup.

•SYNFIN Scans — SYNchronization (SYN, ACKnowledgement (ACK) and FINish (FIN) packets are used to initiate, acknowledge and conclude TCP/IP communication sessions. The following scans exploit weakness in the TCP/IP specification and try to illicit a response from a host to identify ports for an attack:

-Scan SYNFIN — SYN and FIN bits are set in the packet.

-Xmascan — TCP sequence number is zero and the FIN, URG and PSH bits are set.

-NULL scan — TCP sequence number is zero and all control bits are zeros.

-SYN with port <1024 — SYN packets with source port less than 1024.

•Smurf Attacks — This attack uses Internet Control Message Protocol (ICMP) echo requests packets (pings) to cause network congestion or outrages.

•Ping Flooding — This attack floods the target network with ICMP packets.

•SYN/SYN-ACK Flooding — This attack floods the target network with SYN or SYN/ACK packets.

Network Administration Security

• Password required for administrators

Network Management

•Web-based management

•SNMP v1, v2

•IP management: static IP

•RMON

•Port mirroring: supports Source/Destination/Both port mirroring

•Cable Diagnostic

MIB Information

•RFC1213 MIB II (System, Interface)

•RFC1398 (Ether-like)