QoS with four priority queues
The QoS(Quality Of Service)feature provides four internal queues to support four different classifications of traffic. High priority packet streams experience less delay inside the switch, which supports lower latency for certain delay-sensitive traffic. The GS-2208C can classify the packet as one of the four priorities according to vip port, 802.1p priority tag, DiffServ. The QoS operates at full wire speed. The actual scheduling at each egress port can be based upon a strict priority, weighted round robin.
2 dual media for flexible fiber connection
2-Port 7,8 dual media port are provided for flexible fiber connection. You can select to install optional transceiver modules in these slots for short, medium or long distance fiber backbone attachment. Use of the SFP will disable their corresponding built-in 10/100/1000Base-T connections.
Port Mirroring
This mechanism helps track network errors or abnormal packet transmission without interrupting the flow of data, allowing ingress traffic to be monitored by a single port that is defined as mirror capture port. The mirror capture port can be any 10/100 port, 10/100/1000 port. Mirroring multiple ports is possible but can create congestion at the mirror capture port.
Q-in-Q VLAN for Performance & Security
The Q-in-Q (Double-Tag) VLAN feature in the switch offers the benefits of both security and performance. VLAN is used to isolate traffic between different users and thus provides better security. Limiting the broadcast traffic to within the same VLAN broadcast domain also enhances performance. and use of double VLAN tags.
Isolated Group, provides protection for certain ports
The isolated group feature allows certain ports to be designated as protected. All other ports are non-isolated. Traffic between isolated group members is restricted. Traffic can only be sent from isolated group to non-isolated group.
Mac-based 802.3ad LACP with automatic link fail-over
Dynamic fail-over means packets will not get assigned to any trunk member port that has failed. If one of the ports were to fail, traffic will automatically get distributed to the remaining active ports.
802.1x Access Control Improve Network Security
802.1x features enable user authentication for each network access attempt. Port security features allow you to limit the number of MAC addresses per port in order to control the number of stations for each port. Static MAC addresses can be defined for each port to ensure only registered machines are allowed to access. By enabling both of these features, you can establish an access mechanism based on user and machine identities, as well as control the number of access stations.
Unknown-Unicast /Broadcast/Multicast Storm Control
To limit too many broadcast/multicast/unknown-unicast flooding in the network, broadcast/multicast storm control is used to restrict excess traffic. Threshold values are available to control the rate limit for each port. Packets are discarded if the count exceeds the configured upper threshold.
MVR
Multicast VLAN Registration (MVR) can support carrier to serve content provider using multicast for Video streaming application in the network. Each content provider Video streaming has a dedicated multicast VLAN. The MVR routes packets received in a multicast source VLAN to one or more receive VLANs. Clients are in the receive VLANs and the multicast server is in the source VLAN.
IP-MAC-Port Binding
The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. Binding these two address types together allows the transmission of data between the layers. The primary purpose of IP-MAC binding is to restrict the access to a switch to a number of authorized users. Only the authorized client can access the Switch’s port by checking the pair of IP-MAC Addresses and port number with the pre-configured database. If an unauthorized user tries to access an IP-MAC binding enabled port, the system will block the access by dropping its packet.
Access Control List (ACL)
The ACLs are divided into EtherTypes. IPv4, ARP protocol, MAC and VLAN parameters etc. Here we will just go over the standard and extended access lists for TCP/IP. As you create ACEs for ingress classification, you can assign a policy for each port, the policy number is 1-8, however, each policy can be applied to any port. This makes it very easy to determine what type of ACL policy you will be working with.
DHCP Snooping (Including DHCP Option 82)
This DHCP Snooping enables the Dynamic Host Configuration Protocol (DHCP) relay agent information (option 82) was included in the feature. To include information about itself and the attached client when forwarding DHCP requests from a DHCP client to a DHCP server via Trust Port. The DHCP server can use this information to assign IP addresses、gateway、subnet mask、DNS for each subscriber of a service-provider network. The DHCP Snooping is using Trust Port and Trust DHCP Server IP Address to filter the illegal DHCP server traffic.
IGMPv3 Snooping(*)
By default, layer 2 Ethernet switches treat IP multicast traffic in the same manner as broadcast traffic – namely, by forwarding frames received on one interface to all other interfaces. This may create excessive traffic on the network and degrade the performance of hosts attached to the switches. The IGMPv3 snooping can significantly reduce traffic from streaming media and other bandwidth-intensive IP multicast applications.
IGMP Proxy
The IGMP proxy and IGMPv3 Snooping is the same functional target, but mechanism has some thing different as below:
1. IGMP Proxy can send v1/v2 IGMP query together.
2. IGMP Proxy supports General Query Mac Response Timeout for checking the "client alive status" and speed up the convergence of multicast group member.
3. IGMP Proxy provides Specific (Last member) Query to check (can be multiple times) whether other members interest in the same multicast group exist when the port receives IGMP leave.
4. IGMP Proxy checks (can be multiple times) the latest status of the group member by scheduled polling from General/Specific Query. It avoids instant port link-down that makes the members to be removed from multicast group.
The IGMP Proxy is providing better performance than IGMPv3 Snooping for IGMP join and leave message exchange in the switch.
802.1d Compatible & 802.1w Rapid Spanning Tree & 802.1s Multiple Spanning Tree
For mission critical environments with multiple switches supporting STP, you can configure the switches with a redundant backup bridge path, so transmission and reception of packets can be guaranteed in event of any fail-over switch on the network.
MSTP is according to IEEE 802.1Q 2005 Clause 13 – Multiple Spanning Tree Protocol. MSTP allows frames assigned to different VLANs to follow separate paths, each based on an independent Multiple Spanning Tree Instance (MSTI), within Multiple Spanning Tree (MST) Regions composed of LANs and or MST Bridges.
SSL and SSH for secure Management (Optional by Project requirement)
Secure Sockets Layer (SSL) supports the encryption for all HTTP traffic, allowing secure access to the browser-based management GUI in the switch. And Secure Shell (SSH) which supports the encryption for all transmitted data for secure, remote command-line interface (CLI) access over IP networks
TACACS+ for Management Authentication (Optional by Project requirement)
The switch supports the TACACS+ authentication for secure switch CLI Logon. It provides more secure authentication for management.
LLDP (IEEE 802.1AB Link Layer Discovery Protocol)
The switch supports the LLDP that automated device discovery protocol for easy mapping by network management applications.
Power Saving
The power saving provide detection the client idle and cable length to provides the different power. It could efficient to save the switch power and reduce the power consumption.
Features
n 2 dual Media for flexible fiber connection
n Support jumbo frame size up to 9K
n IEEE 802.1x Access control improve network security
n Port Mirroring helps supervisor monitoring network
n Support Q-in-Q(Double-tag)
n IEEE802.1q tag-base VLAN, 4094 entries and port-base VLAN
n IEEE 802.1d Compatible, 802.1w Rapid Spanning Tree and 802.1s Multiple Spanning Tree
n Unknown Unicast/Broadcast/Multicast Storm Control
n Multicast VLAN Registration for IPTV
n IP-MAC-Port binding for LAN security
n Support QoS (QCL/QCE) for traffic control
n ACL based on Ethernet Type / ARP / IPv4 for packets permit or deny, rate limitation and port copy
n DHCP Snooping (Including DHCP Option 82)
n IGMPv3 Snooping(*) & IGMP Proxy
n SSH/SSL/TACACS+/RADIUS (Optional for project requirement)for security network management
n Support “power saving” for Green Ethernet requirement
n Support LLDP (Link Layer Discovery Protocol) provides a standards-based method for enabling switches to advertise themselves. |
Home | Ruby | News | Products | Solution | Support | Partner | Contact
