Enterasys ANG-1000 Bedienungsanleitung PDF herunterladen (Seite 6)

Distributed IP Routing-providesdynamictrafcoptimization,broadcast

containment, and more efﬁcient network resilience

• Baseroutingfeaturesincludestaticroutes,RIPv1/RIPv2,VRRP,IPv4,

andMulticastroutingsupport(DVMRP,IGMPv1/v2,PIM-SM)

• Advancedroutingfeaturesarelicensedseparatelythroughthe

purchaseofN-EOS-L3andincludeLSNAT,DHCPrelay,PIM,OSPF,

DVMRP,andExtendedACLs.DiamondDFEsincludeadvanced

routing at no additional charge.

Security (User, Network, and Host) - protects a business against network

misuse and controls access to resources and conﬁdential information

• Usersecurity

 −Authentication(802.1X,MAC,andWeb),MAC(StaticandDynamic)

portlocking(perport802.1XauthenticationwithRADIUSsupport)

 −Multi-userauthentication/policies

•Networksecurity

 −AccessControlLists(ACL)–basicandextended

 −Policy-basedsecurityservices(examples:spoong,unsupported

protocolaccess,intrusionprevention,DoSattackslimits)

•Host

 −SecureaccesstotheN-SeriesviaSSH,SSL,SNMPv3(switchlogin

withRADIUSsupport)

Management,Control,andAnalysis-providestreamlinedtoolsfor

maintaining network availability and health

•Conguration

 −Industry-standardCLIandwebsupport

 −Multipleimageswitheditablecongurationles

•NetworkAnalysis

 −SNMPv1/v2c/v3,RMON/RMONII,andSMON(rfc2613)VLANand

Stats

 −Port/VLANmirroring(one-to-one,one-to-many,many-to-many)

 −LinerateNetFlow

•Automatedset-upandreconguration

 −ReplacementDFEwillautomaticallyinheritpreviousDFEs

conﬁguration

– New blades added to chassis will automatically be updated with

active conﬁguration and ﬁrmware

Optimized, High-Availability Services

Aside from the standard high-availability features of typical wiring closet

and data center switches, the N-Series includes many advanced features

such as dynamic service fail-over, automatic module self-conﬁguration,

and multi-image support.

Dynamicservicefail-overenableseachDiamond/PlatinumDFE

service(e.g.,hostmanagement,switching/VLANs,routing,etc.)tobe

automaticallyswitchedtoanotherDiamond/PlatinumDFEinanevent

ofmoduleorprocessfailure.This“selfhealing”capabilityhappens

inmillisecondsbecauseeachserviceisreplicatedoneveryDiamond/

PlatinumDFE.

Automatic module self-conﬁguration is another innovative feature that

allowsaDFEmoduletoreceivetheircongurationfromotherDFEs

automatically. This is ideal for replacing failed modules without manually

reconguringthereplacementDFE.

The N-series allow you to download and store multiple image ﬁles, this

feature is useful for reverting back to a previous version in the event that

a ﬁrmware upgrade fails. This multi-image support provides signiﬁcant

operational efﬁciencies especially with regard to the application of

ﬁrmware patches.

Feature-Rich Functionality

Examplesofadditionalfunctionalityandfeaturesthatcanbefound

within the N-Series include:

• NetFlow

• LSNAT

• NAT

• LLDP-MED

• FlowSetupThrottling

• WebCacheRedirect

• Node&AliasLocation

• WebCacheRedirect

• PortProtectionSuite

Toexpandonsomeoftheabove,networkperformancemanagementand

securitycapabilitiesviaNetFlowareavailableoneveryN-SeriesDFE

without slowing down switching/routing performance or requiring the

purchaseofexpensivedaughtercardsforeveryblade.Enterasystracks

every packet in every ﬂow as opposed to competitor’s statistical sampling

techniques.TheEnterasysadvantageisthenTERAASICcapabilitiesthat

collectNetFlowstatisticsforeverypacketineveryowwithoutsacricing

performance,N-Seriesswitchescancollect9,000owrecordsper

second,perbladeonGold,Platinum,andDiamondDFEs

ThisisanorderofmagnitudegreaterNetFlowcollectionperformance

thananyotherNetFlowappliancevendor(over60,000owrecordsper

secondinafully-populatedchassis).

FlowSetupThrottling(FST)isaproactivefeaturedesignedtomitigate

zero-daythreatsandDenialofService(DoS)attacksbeforetheycan

wreakhavoconthenetwork.FSTdirectlycombatstheeffectsofzero-day

andDoSattacksbylimitingthenumberofneworestablishedows

that can be programmed on any individual switch port. This is achieved

bymonitoringthenewowarrivalrateand/orcontrollingthemaximum

number of allowable ﬂows.

Innetworkoperations,itisverytimeconsumingtolocateadeviceor

ndexactlywhereauserisconnected.Thisisespeciallyimportantwhen

reactingtosecuritybreaches.TheN-SeriesDFEsautomaticallytrackthe

network’s user/device location information by listening to the network

trafﬁc as it passes through the switch. This information is then used to

populate the Node/Alias table with information such as an end-station’s

(Node’s)MACaddressandLayer3aliasinformation(IPAddress,

IPXAddress,etc).Thisinformationcanthenbeutilizedbynetwork

managementtoolstoquicklydeterminethatIPAddress123.145.2.23

islocatedonswitch5port3andintheeventofasecuritybreachtake

Page 6

1 2 3 4 5 6 7 8 9 10 11 12

Kommentare zu diesen Handbüchern

Keine Kommentare

Enterasys ANG-1000 Bedienungsanleitung Seite 6

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Gateways / Controller Enterasys ANG-1000