On Permutation Operations in Cipher Design

Unmatched performance and reliabilityBypass isolation ATS Eaton’s bypass isolation automatic transfer switch (ATS) is designed to provide unmatched performance, reliability and versatility for critical standby power applications. Supervisory intelligence is provided by an ATC-900 or ATC-300+ controller, delivering operational simplicity and field adaptability coupled with diagnostic and troubleshooting capabilities. The bypass isolation ATS design is ideal for those applications where the ability to perform maintenance is required without interrupting power to life safety and other critical loads.Product configuration• Automatic operation—ATS and bypass switch• Open and closed transition• 100–1200 A rating• Two-, three- or four-pole• NEMA T 1, 3R• Up to 600 Vac, three- orfour-wire, 60 Hz or 50/60 Hz• Drawout ATS and fixedbypass switch, facilitatingconcurrent maintenance• Service entranceFeatures and benefitsProven performanceand reliability• Automatic and non-automaticoperation modes are availableto provide multiple methods oftransferring the load betweenpower sources• Manual operation allowsunloaded transfer betweenpower sources for allproduct configurations• UL T 1008 Listed short-circuitand short-time (select catalognumbers only) withstandclosing current ratingsmaximize system reliabilitySimplified installationand integration• Factory-configured powersource and load terminalsfor top/bottom cable ingress• Removable enclosure panelsprovide front and rear accessto cable terminal connections• Seismic certified to OSHPD,CBC, IBC and UBCEnhanced safety• Two-door, compartmentalizedconstruction provides steelbarriers, protecting workers• Integral safety interlocksautomatically open the maincontacts prior to the ATSbeing isolated for test orremoved for serviceImproved serviceability• Two-door design eliminatesthe need to scheduleshutdowns for routine test,inspection or maintenanceof the ATS• Drawout design allows theATS to be disconnectedfrom the electrical bus andisolated in cell for regulartesting as prescribed bycode (NFPA T 70, 99, 110)• Testing of the isolated ATScan be performed whilethe bypass switch is in theautomatic or non-automaticmode of operationDesign featuresDual automatic technology Eaton’s bypass isolationtransfer switch design includes an automatic bypass switch and an ATS housed within a single assembly.Regardless of which power switch is actively distributing power, redundant automatic operation provides for a rapid load transfer and restoration of power to life safety and critical loads, eliminating the need for active supervision by qualified personnel.Segmented construction The ATS and automatic bypass switch are housed in separate compartments, with robust steel walls, that isolate the power switches from each other to facilitate ease of maintenance and worker safety. Eachcompartment includes a door with padlockable handle. This design prevents the possibility of inadvertent contact andunnecessary exposure to power cable terminations and energized electrical control components.Drawout ATS and fixed-mounted bypassService personnel can rack-out and isolate the ATS (with compartment door closed) from the electrical bus for routine test or exercise. A Kirk T -key interlock prevents access to the racking mechanism until the load connection has been transitioned to the automatic bypass switch.Opening the compartment door allows the ATS to be completely drawn out of the cell for inspection or maintenance.Safety interlocks prevent rack-out or rack-in of the ATS from the electrical bus with the main contacts closed. The automatic bypass switch is fixed mounted to the electrical bus and stands ready to initiate an automatic load transfer when the ATS is undergoing maintenance.Multi-tap control power transformerSystem voltage can be fieldconfigured via a multi-tap control power transformer (CPT) with quick-disconnect plugs.T ransition to bypass mode When maintenance or testing of the ATS needs to be performed, qualified personnel can easily and quickly transition the load connection between the ATS and automatic bypass switch using door-mounted operator controls fitted with indication lights. The transition occurs in a make-before-break fashion, ensuring continuous power flow to loads.Multiple operation modes Operation is possible in the following modes:• Automatic • Non-automatic •Manual AIn automatic mode, the transfer switch is self-acting, and atransfer is automatically initiated by the intelligent logic controller.In non-automatic mode(optional), a transfer is initiated by the operator using a door-mounted selector switch.In manual mode, a transfer is initiated by the operator using controls mounted directly on the automatic bypass switch or ATS.Alternatively, a transfer can be initiated remotely via an HMi remote annunciator controller.A Manual operation (unloaded) is provided forall product configurations.for top and bottom cable terminationFixed-mounted automatic Drawout ATS can be isolated for test within compartment orand automatic bypassswitch compartments600–1200 A rating (480 V), NEMA 1 enclosure100–400 A rating (480 V), NEMA 1 enclosureFixed-mounted automatic Drawout ATS can within compartmentor completely removedRemoveable optionpanels allow front access for top and bottom cableterminationDrawout ATS removed for bench level inspection/Automatic bypass switch stands ready to transfer load2EATON Bypass isolation automatic transfer switchesStandard enclosure dimensions and weightsDimensions and weights shown are approximate and subject to change. Reference product outline drawings for the latest information.NEMA 1 enclosure NEMA 3R enclosureNEMA 12/4X enclosureTransferswitch rating Device Dimensions in inches (mm)Normal,emergency, loadNeutral A Weight ABCA Neutral connection size listed is for product configuration with a solid neutral. For product configurations with a switched neutral (four-pole), reference the size listed in theEmergency/Load Connection column.B Three-pole product configuration.C Four-pole product configuration.3EATON Bypass isolation automatic transfer switchesEaton is a registered trademark.All other trademarks are property of their respective owners.Eaton1000 Eaton Boulevard Cleveland, OH 44122United States © 2022 EatonAll Rights Reserved Printed in USAPublication No. PA01602019E / Z25954March 2022Product selectionCatalog numbering systemote: N Some catalog number combinations may not be available. For additional information, please contact your local Eaton sales representative.Bypass isolation ATS schematic diagramUL 1008 withstand and closing current ratings (kA)Ampere Device Up to 480 VUp to 600 V Short-circuit (specific circuit Short-circuit (specific circuit SpecificFollow us on social media to get the latest product and support information.。

aetAET: Exploring the Advanced Encryption Technique in Computer SecurityIntroductionIn today's digital world, where sensitive data is constantly being transmitted and stored, ensuring its security is of utmost importance. Cryptography plays a vital role in safeguarding information, and one of the most widely used encryption techniques is the Advanced Encryption Technique (AET). AET is a robust encryption algorithm that secures data by transforming it into an unreadable format. In this document, we will explore the technical aspects of AET and its significance in computer security.1. A Brief Overview of Encryption Techniques1.1 Historical Development of EncryptionEncryption techniques have a long history stretching back thousands of years, with the earliest known examples beingthe use of substitution ciphers by the ancient Greeks and Romans. Over time, encryption methods have become more sophisticated to counter evolving threats.1.2 Basics of EncryptionEncryption involves converting plaintext into ciphertext, which can only be deciphered with the correct key or algorithm. It uses various mathematical operations to scramble the data, making it unintelligible to unauthorized individuals.2. Understanding the Advanced Encryption Technique (AET)2.1 AET BackgroundAET, also known as the Advanced Encryption Standard (AES), is an encryption algorithm adopted by the U.S. government in 2001. It replaced its predecessor, the Data Encryption Standard (DES), and is now considered the gold standard for securing information.2.2 AET FeaturesAET possesses several key features that contribute to its robustness:2.2.1 Symmetric Key AlgorithmAET employs a symmetric key algorithm, meaning the same key is used for both encryption and decryption. This ensures efficiency and simplicity in the encryption process.2.2.2 Block Cipher Operation ModeAET operates as a block cipher, encrypting data in fixed-size blocks. The most common block size used is 128 bits. Larger files are divided into these blocks, which are then individually encrypted.2.2.3 Key Sizes and VariantsAET supports three key sizes: 128 bits, 192 bits, and 256 bits. The larger the key size, the stronger the encryption. Additionally, AET has three variants based on the key size, namely AES-128, AES-192, and AES-256.2.2.4 Substitution-Permutation Network (SPN)AET utilizes a symmetric key permutation network, which combines substitution and permutation operations. This ensures a high level of confusion and diffusion, preventing adversaries from obtaining valuable information.3. AET Mode of Operation3.1 Electronic Codebook (ECB) ModeIn ECB mode, each block of plaintext is encrypted independently with the same key. While simple, this mode is vulnerable to certain attacks because identical plaintext blocks produce identical ciphertext blocks.3.2 Cipher Block Chaining (CBC) ModeCBC mode XORs each plaintext block with the previous ciphertext block before encryption. This introduces randomness and eliminates the vulnerability found in ECB mode. Initialization Vector (IV) is used to ensure the initialblock has no predictable relationship with the subsequent ones.3.3 Counter (CTR) ModeCTR mode transforms a block cipher into a stream cipher. It generates a unique counter value for each block, creating an encryption keystream. The keystream is then XORed with the plaintext to produce the ciphertext.4. Security and Applications of AET4.1 Security of AETAET has gained widespread acceptance due to its robust security. It has undergone extensive academic scrutiny and cryptographic analysis, standing up against various attacks. However, it is crucial to properly implement and use AET to avoid potential vulnerabilities.4.2 Applications of AETAET is extensively employed in various applications, including:- Secure communication systems- File and disk encryption- Virtual Private Networks (VPNs)- Wireless communication protocols- The Internet of Things (IoT) security5. ConclusionAET, with its strong security features and widespread industry adoption, has become an integral part of computer security. It provides a reliable encryption technique for safeguarding sensitive data from unauthorized access and tampering. As technology continues to advance, AET's significance in ensuring information security will remain invaluable. Organizations and individuals must understand and implement AET correctly to maximize its benefits and protect their valuable data.。

aes128原理AES128, which stands for Advanced Encryption Standard with a 128-bit key, is a widely-used encryption algorithm to protect sensitive information. It has become the de facto standard for encryption and is used in various applications, including securing data at rest and in transit. AES128 operates on 128-bit block sizes and uses a 128-bit key and is considered secure for most practical applications.AES128 works through a series of mathematical operations, including substitution, permutation, and linear transformation, to transform plaintext into ciphertext. This process ensures that even if an unauthorized party were to intercept the encrypted data, they would not be able to decipher the original message without the correct key. This level of security provided by AES128 makes it an essential component of modern cybersecurity protocols.The strength of AES128 lies in its ability to resist known cryptanalytic attacks when implemented correctly. The algorithm has been thoroughly vetted by cryptographers and has withstood rigorous scrutiny for many years. Furthermore, AES128 has been adopted byvarious government and industry standards organizations, further validating its security and reliability.From a practical standpoint, AES128 is also relatively efficient in terms of computational resources compared to higher bit key lengths such as AES256. This makes it a popular choice for resource-constrained environments where performance is a critical factor. Additionally, AES128 is resistant to attacks like brute force and is resilient against quantum computing threats, making it a reliable choice for long-term security.However, it's essential to note that while AES128 is secure for most use cases, its strength is contingent on the proper management of keys and the overall implementation of the encryption scheme. Weaknesses in key generation, storage, or distribution can undermine the security provided by AES128. Therefore, it's crucial to follow best practices for key management and encryption implementation to maximize the effectiveness of AES128.In conclusion, AES128 is a robust and versatile encryption algorithm that has become an integral part of modern cybersecurity. Its strongsecurity guarantees, efficiency, and widespread adoption make it a compelling choice for safeguarding sensitive information in various applications. As technology continues to evolve, AES128 remains a cornerstone for ensuring data confidentiality and integrity in an increasingly interconnected digital world. AES128的原理与应用是现代信息安全领域的重要组成部分。

密码技术期末复习（⽜⽐版）讲解密码技术期末复习（⽜⽐版）⼀、填空：1、Cryptology include the two fields：密码编码学和密码分析学，根据每次处理数据的多少可以把密码算法分为流密码和分组密码其代表算法有：维基尼亚（RC4）和DES算法。

轮转机密钥空间有：26（n 次⽅）。

2、Monoalphabetic Cipher has a total of keys：26!；playfair cipher has 25！keys。

3、IDEA算法的密钥长度为128 bits，RC4算法的密钥长度为8-2048 bits，AES4算法的密钥长度分别为128，192，256。

4、In EDS cipher data block is 64 bit and the input key is 56 bit product 48 sub-key。

5、In Security services，X.800 defines it in 5 major categories:数据机密性，认证，访问控制，数据完整性，⾮否认机制。

6、Consider three aspects of information security：安全攻击、安全机制、安全服务。

7、Security Mechanisms:基于密码技术机制，常规机制。

8、密钥分发中⼼的认证协议（KDC）：该协议的缺点是不能防范重放攻击。

9、Type of encryption operations used：置换，代换。

⼆、名词解释：碰撞攻击（Collision）:⼀般是对Hash函数⽽⾔，即不同的数据，得到了相同Hash值，就称之为⼀次碰撞。

⽤数学语⾔表⽰，即对函数f(x)，找到了x1，x2，且x1不等于x2，有f(x1)=f(x2)。

既然是把任意长度的字符串变成固定长度的字符串，所以，必有⼀个输出串对应⽆穷多个输⼊串，碰撞是必然存在的。

blowfishBlowfish: A Powerful Symmetric Block Cipher AlgorithmIntroduction:Blowfish is a symmetric block cipher algorithm designed by Bruce Schneier in 1993. It gained widespread recognition due to its simplicity, security, and efficiency. Blowfish operates on 64-bit blocks and supports key sizes ranging from 32 bits to 448 bits. It has been widely used in various applications such as secure communication protocols, file encryption, and password storage.Structure and Operation:Blowfish employs a Feistel network structure, which is a widely used design in block ciphers. It consists of 16 rounds, each round applying a modified version of the cipher's key to the right half of the data block. The left and right halves are then swapped, and the process is repeated. This iteration process increases Blowfish's security and cryptographic strength.Key Generation:Blowfish uses a key expansion algorithm to generate a series of subkeys before encryption or decryption can take place. The key expansion process involves applying the user's supplied key multiple times using a combination of modular arithmetic operations and the cipher's internal structure. The subkeys generated during this process are then used in each round of encryption or decryption.Feistel Network:The Feistel network structure used in Blowfish is one of the key features contributing to its success. This structure allows for efficient and secure encryption and decryption by dividing the input block into two halves and applying a series of transformation rounds on each half. Blowfish's Feistel network utilizes a combination of substitution and permutation operations, known as the F-function, to provide confusion and diffusion properties.Security:Blowfish is considered a secure algorithm and has stood the test of time against various cryptographic attacks. However, due to advances in technology and computing power, certain vulnerabilities have been identified. One vulnerability is related to weak keys, which refer to a specific set of keys that make Blowfish encryption less secure. To mitigate thisvulnerability, proper key management and the usage of sufficient key sizes are recommended.Applications:Blowfish has found wide application in various domains due to its desirable properties and simplicity. It is commonly used in Virtual Private Networks (VPNs), Secure Shell (SSH) protocols, and secure file transfer protocols (SFTP) to secure data transmission. Furthermore, it has been incorporated into popular cryptographic libraries and frameworks, making it easily accessible for developers looking to implement encryption and decryption functionality.Comparison with AES:Although Blowfish gained significant popularity in the past, it has been largely surpassed by the Advanced Encryption Standard (AES). AES provides a higher level of security and efficiency compared to Blowfish. Nonetheless, Blowfish continues to be used in legacy systems due to its simplicity and compatibility.Conclusion:Blowfish has been a pioneering symmetric block cipher algorithm that has stood the test of time. It offers a goodbalance between security and efficiency, making it suitable for various cryptographic applications. However, with the advent of newer and more secure algorithms, like AES, it is important to assess the specific security requirements and select the most appropriate encryption algorithm for each use case.。

BrochureProduct OverviewS6720-HI series full-featured 10 GE routing switches are Huawei's new-generation fixed switches to provide 10 GE downlink ports as well as 40 GE and 100 GE uplink ports.S6720-HI series switches provide native AC capabilities and can manage 1K APs. They provide a free mobility function to ensure consistent user experience and are Virtual Extensible LAN（VXLAN ）capable to implement network virtualization.S6720-HI series switches also provide built-in security probes and support abnormal traffic detection, Encrypted Communications Analytics (ECA), and network-wide threat deception. The S6720-HI is ideal for enterprise campuses, carriers, higher education institutions, and governments.Models and AppearanceModels and AppearanceDescriptionS6720-50L-HI-48S ●48 x 10 Gig SFP+, 6 x 40 Gig QSFP+ or 44 x 10 Gig SFP+, 4 x 40 Gig QSFP+, 2x 100 Gig QSFP28●Dual pluggable power modules, 600W AC or 350W DC (equipped powermodules by default not available)●Switching capacity: 2.56 Tbit/sS6720-30L-HI-24S ●24 x 10 Gig SFP+, 4 x 40 Gig QSFP+,and 2 x 100 Gig QSFP28●Dual pluggable power modules, 600W AC or 350W DC (equipped powermodules by default not available)●Switching capacity: 2.56 Tbit/sFeatures and HighlightsAbundant Convergence●This S6720-HI provides the integrated WLAN AC function that can manage 1,000 APs, reducing the costs of purchasing additional WLAN AC hardware. The wireless forwarding performance reaches up to 668 Gbit/s, breaking the forwarding performance bottleneck of an external WLAN AC. With this switch series, customers can stay ahead in the high-speed wireless era.The wireless forwarding performance is calculated based on 1024-byte packets.●The S6720-HI supports SVF and functions as a parent switch. With this virtualization technology, a physical network with the "Small-sized core and aggregation switches + Access switches + APs" structure can be virtualized into a "super switch", greatly simplifying network management.●The S6720-HI provides excellent QoS capabilities and supports queue scheduling and congestion control algorithms. Additionally, it adopts innovative priority queuing and multi-level scheduling mechanisms to implement fine-grained scheduling of data flows, meeting service quality requirements of different user terminals and services.Providing Granular Network Management●The S6720-HI uses the Packet Conservation Algorithm for Internet (iPCA) technology that alters the traditional method of using simulated traffic for fault location. iPCA technology can monitor network quality for any service flow anywhere, anytime, without extra costs. It can detect temporary service interruptions in a very short time and can identify faulty ports accurately. This cutting-edge fault detection technology turns "extensive management" to "granular management."●The S6720-HI supports Two-Way Active Measurement Protocol (TWAMP) to accurately check any IP link and obtain the entire network's IP performance. This protocol eliminates the need of using a dedicated probe or a proprietary protocol. Flexible Ethernet Networking●In addition to traditional Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP), the S6720-HI supports Huawei-developed Smart Ethernet Protection (SEP) technology and the latest Ethernet Ring Protection Switching (ERPS) standard. SEP is a ring protection protocol specific to the Ethernet link layer, and applies to various ring network topologies, such as open ring topology, closed ring topology, and cascading ring topology. This protocol is reliable, easy to maintain, and implements fast service switching within 50 milliseconds. ERPS is defined in ITU-T G.8032. It implements millisecond-level protection switching based on traditional Ethernet MAC and bridging functions.●The S6720-HI supports Smart Link and Virtual Router Redundancy Protocol (VRRP), which implement backup of uplinks. One S6720-HI switch can connect to multiple aggregation switches through multiple links, significantly improving reliability of access devices.Intelligent Stack (iStack)●The S6720-HI supports the iStack function that combines multiple switches into a logical switch. Member switches in a stack implement redundancy backup to improve device reliability and use inter-device link aggregation to improve link reliability. iStack provides high network scalability. You can increase a stack's ports, bandwidth, and processing capability by simply adding member switches. iStack also simplifies device configuration and management. After a stack is set up, multiple physical switches can be virtualized into one logical device. You can log in to any member switch in the stack to manage all the member switches in it.Cloud-based Management●The Huawei cloud management platform allows users to configure, monitor, and inspect switches on the cloud, reducing on-site deployment and O&M manpower costs and decreasing network OPEX. Huawei switches support both cloud management and on-premise management modes. These two management modes can be flexibly switched as required to achieve smooth evolution while maximizing return on investment (ROI).VXLAN●VXLAN is used to construct a Unified Virtual Fabric (UVF). As such, multiple service networks or tenant networks can be deployed on the same physical network, and service and tenant networks are isolated from each other. This capability truly achieves 'one network for multiple purposes'. The resulting benefits include enabling data transmission of different services or customers, reducing the network construction costs, and improving network resource utilization.●The S6720-HI series switches are VXLAN-capable and allow centralized and distributed VXLAN gateway deployment modes. These switches also support the BGP EVPN protocol for dynamically establishing VXLAN tunnels and can be configured using NETCONF/YANG.Clock Synchronization●The S6720-HI supports the IEEE 1588v2 protocol, which implements low-cost, high-precision, and high-reliability time and clock synchronization. This feature can meet strict requirements of power and transportation industry customers on time and clock synchronization.OPS●Open Programmability System (OPS) is an open programmable system based on the Python language. IT administrators can program the O&M functions of a switch through Python scripts to quickly innovate functions and implement intelligent O&M. Big Data Powered Collaborative Security●Agile switches use NetStream to collect campus network data and then report such data to the Huawei Cybersecurity Intelligence System (CIS). The purposes of doing so are to detect network security threats, display the security posture across the entire network, and enable automated or manual response to security threats. The CIS delivers the security policies to the Agile Controller. The Agile Controller then delivers such policies to agile switches that will handle security events accordingly. All these ensure campus network security.●The S6720-HI supports Encrypted Communication Analytics (ECA). It uses built-in ECA probes to extract characteristics of encrypted streams based on NetStream sampling and Service Awareness (SA), generates metadata, and reports the metadata to Huawei Cybersecurity Intelligence System (CIS). The CIS uses the AI algorithm to train the traffic model and compare characteristics of extracted encrypted traffic to identify malicious traffic. The CIS displays detection results on the GUI, provides threat handling suggestions, and automatically isolates threats with the Agile Controller to ensure campus network security.●The S6720-HI supports deception. It functions as a sensor to detect threats such as IP address scanning and port scanning on a network and lures threat traffic to the honeypot for further checks. The honeypot performs in-depth interaction with the initiator of the threat traffic, records various application-layer attack methods of the initiator, and reports security logs to the CIS. The CIS analyzes security logs. If the CIS determines that the suspicious traffic is an attack, it generates an alarm and provides handling suggestions. After the administrator confirms the alarm, the CIS delivers a policy to the Agile Controller. The Agile Controller delivers the policy to the switch for security event processing, ensuring campus network security. Intelligent O&M●The S6720-HI provides telemetry technology to collect device data in real time and send the data to Huawei campus network analyzer CampusInsight. The CampusInsight analyzes network data based on the intelligent fault identification algorithm, accurately displays the real-time network status, effectively demarcates and locates faults in a timely manner, and identifies network problems that affect user experience, accurately guaranteeing user experience.●The S6720-HI supports a variety of intelligent O&M features for audio and video services, including the enhanced Media Delivery Index (eMDI). With this eDMI function, the S6720-HI can function as a monitored node to periodically conduct statistics and report audio and video service indicators to the CampusInsight platform. In this way, the CampusInsight platform can quickly demarcate audio and video service quality faults based on the results of multiple monitored nodes.Intelligent Upgrade●Switches support the intelligent upgrade feature. Specifically, switches obtain the version upgrade path and download the newest version for upgrade from the Huawei Online Upgrade Platform (HOUP). The entire upgrade process is highly automated and achieves one-click upgrade. In addition, preloading the version is supported, which greatly shortens the upgrade time and service interruption time.●The intelligent upgrade feature greatly simplifies device upgrade operations and makes it possible for the customer to upgrade the version independently. This greatly reduces the customer's maintenance costs. In addition, the upgrade policies on the HOUP platform standardize the upgrade operations, which greatly reduces the risk of upgrade failures. Product SpecificationsFixed ports 48 x 10 Gig SFP+, 6 x 40 Gig QSFP+ or 44 x 10Gig SFP+, 4 x 40 Gig QSFP+, 2 x 100 Gig QSFP2824 x 10 Gig SFP+, 4 x 40 Gig QSFP+, 2 x100 Gig QSFP28MAC 256000(Max) MAC address entriesIEEE 802.1d standards complianceMAC address learning and agingStatic, dynamic, and blackhole MAC address entries Packet filtering based on source MAC addressesVLAN 4K VLANsGuest VLANs and voice VLANsGVRPMUX VLANVLAN assignment based on MAC addresses, protocols, IP subnets, policies, and ports VLAN mappingIP routing Static routes, RIP v1/2, RIPng, OSPF, OSPFv3, IS-IS, IS-ISv6, BGP, BGP4+, ECMP, routing policyInteroperability VLAN-Based Spanning Tree (VBST), working with PVST, PVST+, and RPVST Link-type Negotiation Protocol (LNP), similar to DTPVLAN Central Management Protocol (VCMP), similar to VTPWireless service AP access control, AP domain management, and AP configuration template management Radio management, unified static configuration, and dynamic centralized management WLAN basic services, QoS, security, and user managementCAPWAP, tag/terminal location, and spectrum analysisEthernet loop protection RRPP ring topology and RRPP multi-instanceSmart Link tree topology and Smart Link multi-instance, providing millisecond-level protection switchoverSEPERPS (G.8032)BFD for OSPF, BFD for IS-IS, BFD for VRRP, and BFD for PIMSTP (IEEE 802.1d), RSTP (IEEE 802.1w), and MSTP (IEEE 802.1s)BPDU protection, root protection, and loop protectionMPLS MPLS L3VPNMPLS L2VPN (VPWS/VPLS) MPLS-TEMPLS QoSIPv6 features Neighbor Discover (ND)PMTUIPv6 Ping, IPv6 Tracert, IPv6 TelnetACLs based on source IPv6 addresses, destination IPv6 addresses, Layer 4 ports, or protocol typesMulticast Listener Discovery snooping (MLDv1/v2)IPv6 addresses configured for sub-interfaces, VRRP6, DHCPv6, and L3VPNMulticast IGMP v1/v2/v3 snooping and IGMP fast leaveMulticast forwarding in a VLAN and multicast replication between VLANs Multicast load balancing among member ports of a trunkControllable multicastPort-based multicast traffic statisticsIGMP v1/v2/v3, PIM-SM, PIM-DM, and PIM-SSMMSDPMulticast VPNQoS/ACL Rate limiting in the inbound and outbound directions of a portPacket redirectionPort-based traffic policing and two-rate three-color CARHQoSEight queues on each portDRR, SP, and DRR+SP queue scheduling algorithmsWREDRe-marking of the 802.1p and DSCP fields of packetsPacket filtering at Layer 2 to Layer 4, filtering out invalid frames based on the source MAC address, destination MAC address, source IP address, destination IP address, TCP/UDP source/destination port number, protocol type, and VLAN IDQueue-based rate limiting and shaping on portsSecurity Hierarchical user management and password protectionDoS attack defense, ARP attack defense, and ICMP attack defenseBinding of the IP address, MAC address, port number, and VLAN IDPort isolation, port security, and sticky MACMAC Forced Forwarding (MFF)Blackhole MAC address entriesLimit on the number of learned MAC addressesIEEE 802.1X authentication and limit on the number of users on a portAAA authentication, RADIUS authentication, and HWTACACS authenticationNACSSH V2.0HTTPSCPU protectionBlacklist and whitelistAttack source tracing and punishment for IPv6 packets such as ND, DHCPv6, and MLD packets IPSec for management packet encryptionReliability LACPE-TrunkEthernet OAM (IEEE 802.3ah and IEEE 802.1ag)ITU-Y.1731DLDPLLDPBFD for BGP, BFD for IS-IS, BFD for OSPF, BFD for static routesVXLAN VXLAN functions, VXLAN L2 and L3 gateways, BGP EVPN VXLAN configuration using NETCONF/YANGSVF Acting as the parent node to vertically virtualize downlink switches and APs as one device for managementTwo-layer client architectureASs can be independently configured. Services not supported by templates can be configured on the parent node.Third-party devices allowed between SVF parent and clientsiPCA Marking service packets to obtain the packet loss ratio and number of lost packets in real time Measurement of the number of lost packets and packet loss ratio on networks and devicesManagement and maintenance Cloud-based managementVirtual cable testSNMP v1/v2c/v3RMONWeb-based NMSSystem logs and alarms of different severities GVRPMUX VLAN802.3az Energy Efficient Ethernet (EEE) NetStreamDying gasp upon power-offDimensions (W x D xH)442 mm x 420 mm x 43.6 mm 442 mm x 420 mm x 43.6 mm Height 1 U 1 UInput voltage AC:●Rated AC voltage: 100V to 240V AC; 50/60 Hz ●Max. AC voltage: 90V to 264V AC; 47–63 Hz DC:●Rated DC power: –48V to 60V DC●Max. DC voltage: –38.4V to 72V DCMaximum powerconsumption279W 232WPower consumption(30% traffic load)194W 138WOperating temperature ●0–1800 m altitude: 0°C to 45°C●1800–5000 m altitude: The operating temperature reduces by 1°C every time the altitudeincreases by 220 m.Relative humidity 5% to 95% (non-condensing)Heat dissipation Heat dissipation with fan, intelligent fan speed adjustmentNetworking and ApplicationsHuawei S6720-HI is the first fixed agile switch with 10GE downlink and 40GE/100GE uplink ports. It supports in-depth wired and wireless convergence and unified management on devices, users, and services. The S6720-HI can be used as the core device in an enterprise branch network or a small- or middle-sized campus network, or as the aggregation device in a large-sized campus network. The switch helps achieve a manageable and highly reliable enterprise campus network with scalable services.Ordering InformationThe following table lists ordering information of the S6720-HI series switches.Model Product DescriptionS6720-50L-HI-48S S6720-50L-HI-48S (48 x 10 Gig SFP+, 6 x 40 Gig QSFP+ or 44 x 10 Gig SFP+, 4 x 40 Gig QSFP+, 2 x 100 Gig QSFP28; without power module)S6720-30L-HI-24S S6720-30L-HI-24S (24 x 10 Gig SFP+, 4 x 40 Gig QSFP+, 2 x 100 Gig QSFP28; without power module)PAC-600WA-B 600W AC power modulePDC-350WA-B 350W DC power moduleMore InformationFor more information about Huawei Campus Switches, visit or contact us in the following ways:●Global service hotline: /en/service-hotline●Logging in to the Huawei Enterprise technical support website: /enterprise/●Sending an email to the customer service mailbox: ********************Copyright © Huawei Technologies Co., Ltd. 2019. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd.Trademarks and Permissionsand other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respective holders.NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, andrecommendations in this document are provided "AS IS" without warranties, guarantees or representations ofany kind, either express or implied.The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied. Huawei Technologies Co., Ltd. Address:Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website:。