|Rychlost přenosu (switche):||10/100|
|Počet portů (switche):||24|
Twenty-four 10/100Base-TX ports, two 1000Base-X SFP ports, and two gigabit combo ports (10/100/1000Base-T or 100/1000Base-X)
Two models: AC model and DC model
Forwarding performance: 9.6 Mpps
The Quidway S3700 enterprise switches (S3700 for short) are next-generation energy-saving Layer 3 switches. The S3700 utilizes cutting-edge hardware and Huawei Versatile Routing Platform (VRP) software to provide high-performance access and aggregation to an enterprise campus network. It is easy to install and maintain. With its flexible VLAN deployment, PoE capabilities, comprehensive routing functions, and capability to migrate to an IPv6 network, the S3700 helps enterprise customers build a next generation IT network. In addition, the S3700 uses advanced reliability technologies such as stacking, VRRP, and RRPP, enhancing network robustness.
The S3700 is a 1 U high case-shaped device. The S3700 offers two models: S3700-28TP and S3700-52P, each of which is provided in a standard version (SI) and an enhanced version (EI). The SI version provides Layer 2 functions and basic Layer 3 functions. The EI version supports complex routing protocols and provides more functions than the SI version.
Powerful support for services
The S3700 provides the Multi-VPN-Instance CE (MCE) function to isolate users in different VLANs on a device, ensuring data security and reducing costs.
The S3700 supports 1 K multicast groups and multicast functions such as IGMP snooping, IGMP filter, fast leave, and IGMP proxy. It supports line-speed replication of multicast packets between VLANs, multicast load balancing among member interfaces of a trunk, and controllable multicast, meeting requirements for IPTV services and other multicast services.
Comprehensive QoS policies and security mechanisms
The S3700 implements complex traffic classification based on packet information such as the 5-tuple, IP preference, ToS, DSCP, IP protocol type, ICMP type, TCP source port, VLAN ID, Ethernet protocol type, and CoS. It supports a flow-based two-rate three-color CAR. Each port supports eight priority queues and multiple queue scheduling algorithms such as WRR, DRR, SP, WRR+SP, and DRR+SP. All of these ensure the quality of voice, video, and data services.
The S3700 provides multiple security measures to defend against Denial of Service (DoS) attacks, and attacks against networks or users. DoS attack types include SYN Flood attacks, Land attacks, Smurf attacks, and ICMP Flood attacks. Attacks to networks refer to STP BPDU/root attacks. Attacks to users include bogus DHCP server attacks, man-in-the-middle attacks, IP/MAC spoofing attacks, DHCP request flood attacks. DoS attacks that change the CHADDR field in DHCP packets are also attacks against users.
The S3700 supports DHCP snooping, which generates user binding entries based on MAC addresses, IP addresses, IP address leases, VLAN IDs, and access interfaces of users. DHCP snooping discards invalid packets that do not match any binding entries, such as ARP spoofing packets and IP spoofing packets. This prevents man-in-the-middle attacks to campus networks that hackers initiate by using ARP packets. The interface connected to a DHCP server can be configured as a trusted interface to protect the system against bogus DHCP server attacks.
The S3700 supports strict ARP learning, which prevents ARP spoofing attacks that will exhaust ARP entries. It also provides IP source check to prevent DoS attacks caused by MAC address spoofing, IP address spoofing, and MAC/IP spoofing.
The S3700 supports centralized MAC address authentication, 802.1x authentication, and NAC. It authenticates users based on statically or dynamically bound user information such as the user name, IP address, MAC address, VLAN ID, access interface, and flag indicating whether antivirus software is installed. VLANs, QoS policies, and ACLs can be applied to users dynamically.
The S3700 can limit the number of MAC addresses learned on an interface to prevent attackers from exhausting MAC address entries by using bogus source MAC addresses. This function minimizes packet flooding that occurs when MAC addresses of users cannot be found in the MAC address table.
Various routing and IPv6 features
The S3700 supports various routing protocols, including static routing, RIPv1, RIPv2, OSPF, and BGP.
S3700 hardware supports IPv4/IPv6 dual stack, IPv6 over IPv4 tunnels (including manual tunnels, 6to4 tunnels, and ISATAP tunnels), and Layer 3 line-speed forwarding. The S3700 can be deployed on IPv4 networks, IPv6 networks, or networks that run both IPv4 and IPv6. This makes networking flexible and enables a network to migrate from IPv4 to IPv6.
The S3700 supports various IPv6 routing protocols including RIPng and OSPFv3. It uses the IPv6 Neighbor Discovery Protocol (NDP) to manage packets exchanged between neighbors. It also provides a path MTU (PMTU) discovery mechanism to select a proper MTU on the path from the source to the destination, optimizing network resource utilization and obtaining the maximum throughput.
High scalability and excellent reliability
The S3700 supports intelligent stacking (iStack). Multiple S3700s can be connected with stack cables to set up a stack, which functions as a virtual switch. The backup switch takes over services when the master switches fails, reducing service interruption time. Stacks support intelligent upgrade so that users do not need to change the software version of a switch when adding it to a stack. The iStack function allows users to connect multiple switches with stack cables to expand system capacity. These switches can be managed using a single IP address, which greatly reduces the costs of system expansion, operation, and maintenance. Compared with traditional networking technologies, iStack has advantages in scalability, reliability, and system architecture.