华为S5300交换机

华为交换机参数基本参数产品型号Quidway S9306产品类型路由交换机应用层级三层背板带宽 2.4Tbps包转发率1080MPPS传输方式存储转发方式硬件参数扩展插槽 6网络与软件VLAN支持支持VLAN功能网管功能支持网管功能其它参数外形尺寸442×476×442mm电源电压DC:–38.4V-–72V;AC:90V-264V最大功率800W重量<30Kg华为 S5700-52P-LI-AC 详细参数查看：更多信息 | 产品图片基本参数产品型号S5700-52P-LI-AC产品类型千兆以太网应用层级二层包转发率78Mpps硬件参数接口类型48个10/100/1000Base-TX，4个100/1000Base-X SFP接口数目52口传输速率10M/100M/1000Mbps端口结构非模块化堆叠支持可堆叠网络与软件VLAN支持支持VLAN功能网管功能支持端口镜像和RSPAN(远程端口镜像)MAC地址表16K其他性能基于五元组、IP优先级、TOS、DSCP、IP协议类型、ICMP类型、TCP源端口、VLAN、以太网帧协议类型、CoS等信息，实现复杂流分类功能。

S5700支持基于流的双速三色限速功能，每端口支持8个优先级队列，支持WRR、DRR、SP、WRR＋SP、DRR+SP多种队列调度算法，有效地保证话音、视频和数据业务质量。

提供多种安全保护功能。

支持DoS（Denial of Service）类防攻击、网络的防攻击、用户的防攻击等功能。

其中DoS类防攻击主要包括SYN Flood、Land、Smurf、ICMP Flood。

网络的防攻击主要是指STP的BPDU/Root攻击。

用户的防攻击涉及DHCP仿冒攻击、中间人攻击、IP/MAC Spoofing 攻击、DHCP request flood、改变 CHADDR 值的 DoS 攻击等等。

支持通过建立和维护DHCP Snooping 绑定表，侦听接入用户的MAC/IP 地址、租用期、VLAN-ID、接口等信息，解决 DHCP 用户的IP 和端口跟踪定位问题。

S5300-LI Series Gigabit Enterprise Switches Product OverviewThe S5300-LI is a next-generation energy-saving gigabit Layer 2 Ethernet switch thatprovides flexible GE access ports and extensive services. It supports EEE and device sleeping, providing customers with a green, easy-to-manage, easy-to-expand, and cost-effective gigabit to the desktop solution.Product AppearanceS5300-28P-LI-AC S5300-28P-LI-DC ●●●S5300-52P-LI-AC S5300-52P-LI-DC ●●●S5306TP-LI-AC ●●S5300-10P-LI-AC ●●S5300-28X-LI-AC ●●S5300-28X-LI-DCS5300-28X-LI-24S-AC S5300-28X-LI-24S-DC ●●S5300-52X-LI-AC S5300-52X-LI-DC ●●S5300-52X-LI-48CS-AC S5300-52X-LI-48CS-DC ●●Product Features●Innovative Energy Saving DesignThe S5300-LI offer customers extensive selection of energy-saving with standard mode, basic mode and advanced mode that accommodates most needs. By matching port link down/up, optical-module in-place/out of place, port shut down/undo shutdown, idle period, busy period to increase the proportion of the dynamic energy-saving to reduce the power consumption.The S5300-LI series reduces energy consumption without compromising system performance, ensuring good user experience. The S5300-LI adopts multiple cutting-edge energy-saving designs, including Energy Efficient Ethernet (EEE), port energy detection, dynamic CPU frequency adjustment, and device sleeping.●Comprehensive reliability mechanismsBesides STP, RSTP, and MSTP, the S5300-LI supports enhanced Ethernet reliability technologies, such as Smart Link and RRPP (Rapid Ring Protection Protocol), which implementmillisecond-level protection switchover and ensure network reliability. The S5300 also provides Smart Link multi-instance and RRPP multi-instance to implement load balancing among links, optimizing bandwidth usage.The S5300-LI supports the Smart Ethernet Protection (SEP) protocol, a ring network protocol applied to the link layer on an Ethernet network. SEP can be used on open ring networks and can be deployed on upper-layer aggregation devices to provide fast switchover (within 50 ms), ensuring continuous transmission of services. SEP features simplicity, high reliability, fast switchover, easy maintenance, and flexible topology, facilitating network planning and management.The S5300-LI supports Ethernet Ring Protection Switching (ERPS), also referred to as G.8032. As the latest ring network protocol, ERPS was developed based on traditional Ethernet MAC and bridging functions and uses mature Ethernet OAM function and a ring automatic protection switching (R-APS) mechanism to implement millisecond-level protection switching. ERPS supports various services and allows flexible networking, helping customers build a network with lower OPEX and CAPEX.Complying with IEEE 802.3ah and 802.1ag, the S5300-LI supports point-to-point Ethernet fault management and can detect faults in the last mile of an Ethernet link to users. The S5300-LI supports Y.1731. Besides fast end-to-end service fault detection, the S5300-LEI can use the performance measurement tools defined in Y.1731 to monitor network performance, providing accurate data about network quality.●Well-designed QoS policies and security mechanismsThe S5300-LI implements complex traffic classification based on packet information, such as the 5-tuple, IP preference, ToS, DSCP, IP protocol type, ICMP type, TCP source port, VLAN ID, Ethernet protocol type, and CoS. ACLs can be applied to inbound or outbound directions on an interface. The S5300 supports a flow-based two-rate three-color CAR. Each port supports eight priority queues and multiple queue scheduling algorithms, such as WRR, DRR, PQ, WRR+PQ, and DRR+PQ. All of these ensure the quality of voice, video, and data services.The S5300-LI provides multiple security measures to defend against Denial of Service (DoS) attacks, as well as attacks against networks or users. DoS attack types include SYN Flood attacks, Land attacks, Smurf attacks, and ICMP Flood attacks. Attacks to networks refer to STP BPDU/rootattacks. Attacks to users include bogus DHCP server attacks, man-in-the-middle attacks, IP/MAC spoofing attacks, and DHCP request flood attacks. DoS attacks that change the CHADDR field in DHCP packets are also attacks against users.The S5300-LI supports DHCP snooping, which generates user binding entries based on MAC addresses, IP addresses, IP address leases, VLAN IDs, and user access interfaces. DHCP snooping discards invalid packets that do not match any binding entries, such as ARP spoofing packets and IP spoofing packets. This prevents hackers from using ARP packets to initiate man-in-the-middle attacks on campus networks. The interface connected to a DHCP server can be configured as a trusted interface to protect the system against bogus DHCP server attacks.The S5300-LI supports strict ARP learning, which prevents ARP spoofing attacks that exhaust ARP entries. It also provides IP source checks to prevent DoS attacks caused by MAC address spoofing, IP address spoofing, and MAC/IP spoofing.The S5300-LI supports centralized MAC address authentication, 802.1x authentication, and NAC. It authenticates users based on statically or dynamically bound user information, such as the user name, IP address, MAC address, VLAN ID, access interface, and flag indicating whether antivirus software is installed. VLANs, QoS policies, and ACLs can be dynamically applied to users.The S5300-LI can limit the number of MAC addresses learned on an interface to prevent attackers from exhausting MAC address entries by using bogus source MAC addresses. This function minimizes the packet flooding that occurs when users' MAC addresses cannot be found in the MAC address table.Maintenance-free design and manageabilityThe S5300-LI supports automatic configuration, plug-and-play features, and batch remote upgrades. These capabilities simplify device management and maintenance and reduce maintenance costs. The S5300 supports SNMP v1/v2/v3 and provides flexible methods for managing devices. Users can manage the S5300 using the CLI, Web NMS and Telnet. The NQA function assists users with network planning and upgrades. In addition, the S5300 supports NTP, SSH v2, HWTACACS, RMON, log hosts, and port-based traffic statistics.The S5300-LI supports GARP VLAN Registration Protocol (GVRP), which dynamically distributes, registers, and propagates VLAN attributes to reduce manual configuration workloads of network administrators and ensure correct VLAN configuration. In a complex network topology, GVRP simplifies VLAN configuration and reduces network communication faults caused by incorrect VLAN configuration.The S5300-LI supports MUX VLAN. MUX VLAN isolates the Layer 2 traffic between interfaces in a VLAN. Interfaces in a subordinate separate VLAN can communicate with ports in the principal VLAN, but cannot communicate with each other. MUX VLAN is typically used on an enterprise intranet to isolate user interfaces from each other while still allowing them to communicate with server interfaces. This function prevents communication between network devices connected to certain interfaces or interface groups, but allows these devices to communicate with the default gateway.High scalabilityThe S5300-LI supports intelligent stacking (iStack). Multiple S5300s can be connected with stack cables to set up a stack, which functions as a virtual switch. A stack consists of a master switch, a backup switch, and several slave switches. The backup switch takes over services when the master switch fails, reducing service interruption time. Stacks support intelligent upgrades so that users do not need to change the software version of a switch when adding it to a stack. The iStack function allows users to connect multiple switches with stack cables to expand the system capacity. These switches can be managed using a single IP address, which greatly reduces the costs of system expansion, operation, and maintenance. Compared with traditional networking technologies, iStack has distinct advantages regarding scalability, reliability, and system architecture.Product SpecificationsApplications●Application in Data CentersThe S5300 can be used in a data center to access the gigabit server and connect to upper-layer devices by link aggregation. If multiple servers are available, you can use the iStack technology to improve network reliability.●Application in 1000 Mbit/s Access Rate for TerminalsS5300CSSInterWANHuawei Enterprise S5300 Series Gigabit SwitchesSecurity Level2014-10-25 HUAWEI Confidential Page 11, Total 11。

华为s5300dhcpoption43的配置方法一、配置DHCP 全局地址池1、system-view//使能DHCP 服务2、dhcp enable//创建DHCP 地址池并进入DHCP 地址池视图3、dhcp server ip-pool pool-name//配置地址池的IP 地址范围4、network ip-address [ mask { mask | mask-length } ]//配置动态分配的IP 地址租期。

缺省情况下，租期为1 天。

5、expired { day day [ hour hour [ minute minute ] ] | unlimited }6、quit//配置DHCP 地址池中不参与自动分配的IP 地址7、dhcp server forbidden-ip low ip address [ high ip address ]二、配置DHCP 自定义选项1、system-view//进入DHCP地址池视图2、dhcp server ip-pool pool-name//配置DHCP自定义选项3、option code { ascii ascii-string | hex hex-string | ip-address ip-address }三、配置指定接口下的客户从全局地址池获取IP 地址为当前VLANIF 接口下的客户分配IP 地址1、system-view//进入VLANIF 接口视图2、interface vlanif vlan interface-number//为该VLANIF 接口配置IP 地址3、ip address ip-address { mask | mask-length } [ sub ]//从全局地址池分配地址4、dhcp select global为VLAN 下的客户分配IP 地址1、system-view//从全局地址池分配地址2、dhcp select global vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>。

华为S5700S-28P-LI-AC评测(1)2012-12-14 14:48 晓忆 我要评论(0)字号：T | T华为S5700系列全千兆企业交换机，是该公司为满足大带宽接入和以太多业务汇聚而推出的新一代绿色节能的全千兆高性能以太交换机。

它基于新一代高性能硬件和华为公司统一的VRP(Versatile Routing Platform）平台，具备大容量、高密度千兆端口。

AD：51CTO 网+ 第十二期沙龙：大话数据之美_如何用数据驱动用户体验对于企业用户来说，千兆接入已经很普遍了，但随着客户需求的日益变更，交换机不仅仅限于速率层面，企业客户在可靠、安全、绿色环保，简便运维等层面提出了要求。

事实上，华为S5700系列全千兆企业交换机，是该公司为满足大带宽接入和以太多业务汇聚而推出的新一代绿色节能的全千兆高性能以太交换机。

它基于新一代高性能硬件和华为公司统一的VRP(Versatile Routing Platform）平台，具备大容量、高密度千兆端口，可提供万兆上行，充分满足企业用户的园区网接入、汇聚、IDC千兆接入等多种应用场景。

值得一提的是，该系列交换机的自动开局配置、USB快速开局，以及模式切换按钮等设计，对于企业用户来说，颇为贴心。

该系列中的华为S5700S-28P-LI-AC交换机能为企业提供高性价比的千兆网解决方案，本文也将从多个方面对其进行纵向评测。

S5700S-28P-LI-AC的规格特征S5700S-28P-LI-AC交换机，是华为公司为满足大带宽接入和以太多业务汇聚而推出的新一代绿色节能的全千兆高性能以太交换机。

S5700S-28P-LI-AC交换机具有24个千兆以太网接口，4个千兆combo接口，具有方便易管的特点。

S5700S-28P-LI-AC的console操作华为S5700S-28P-LI-AC交换机同时采用了USB和RJ45两种console接口设计，方便了管理员管理。

Copyright ©2007 华为技术有限公司版权所有，侵权必究 /cn/products/datacomm/1Quidway® S5300系列全千兆运营级交换机规格列表S5300-EI项目S5328C-EI S5328C-EI-24S S5352C-EI转发性能66Mpps 66Mpps 102Mpps 端口交换容量88Gbps 88Gbps 136Gbps背板交换容量256GMAC 遵循IEEE 802.1d标准32K MAC 地址容量支持MAC地址自动学习和老化支持静态、动态、黑洞MAC表项支持源MAC地址过滤VLAN 支持4K个VLAN支持Guest VLAN、Voice VLAN、Super VLAN 支持基于MAC/协议/IP子网/策略的VLAN支持1:1和N:1VLAN交换功能支持基本QinQ功能支持灵活QinQ功能可靠性支持RRPP环型拓扑和RRPP多实例，故障保护切换时间低于50ms支持SmartLink树型拓朴和SmartLink多实例，提供主备链路的毫秒级保护支持BFD For OSPF/ISIS/VRRP/PIM协议支持STP/RSTP/MSTP协议支持BPDU保护、根保护和环回保护IP路由静态路由、RIP V1/2 OSPF、IS-IS、BGP、ECMP组播支持IGMP v1/v2 Snooping和快速离开机制支持VLAN内组播转发和组播多VLAN复制支持捆绑端口的组播负载分担基于端口的组播呼叫接纳控制功能（组播CAC）基于端口的组播流量统计IGMP v1/v2、PIM-SM、PIM-DMCopyright ©2007 华为技术有限公司版权所有，侵权必究 /cn/products/datacomm/2S5300-EI项目S5328C-EI S5328C-EI-24S S5352C-EIQoS/ACL 支持对端口接收和发送报文的速率进行限制支持报文重定向支持双速三色CAR功能每端口支持8个队列支持WRR、DRR、SP、WRR＋SP、DRR+SP队列调度算法支持报文的802.1p和DSCP优先级重新标记支持L2（Layer 2）~L4（Layer 4）包过滤功能，提供基于源MAC地址、目的MAC地址、源IP地址、目的IP地址、端口、协议、VLAN的非法帧过滤功能支持基于队列的Shapping功能支持基于端口的流量监管安全特性用户分级管理和口令保护支持防止DoS、ARP攻击功能支持IP、MAC、端口的组合绑定支持端口隔离支持MAC地址黑洞支持MAC地址学习数目限制支持IEEE 802.1X认证，支持单端口最大用户数限制支持AAA认证，支持Radius、TACACS+等多种方式支持SSH V2.0支持CPU保护功能防雷所有业务端口防雷能力：4KV；增加额外的防雷设备，所有端口防雷能力15KV管理和维护支持MFF支持虚拟电缆检测(Virtual Cable Test)；支持以太网OAM（802.3ah 和 802.1ag）支持端口镜像和RSPAN(远程端口镜像) 支持Telnet远程配置、维护；支持SNMPv1/v2/v3；支持RMON支持iManager网管系统支持集群管理HGMP支持系统日志、分级告警环境要求温度范围：0 O C～50 O C；相对湿度：10%～90%（无凝露）输入电压AC：额定电压范围：100-240V a.c. ；50/60Hz 最大电压范围：90-264V a.c. ； 50/60Hz DC：额定电压范围：-48- -60V d.c.最大电压范围：-36- -72V d.c..外形尺寸442×420×43.6Copyright ©2007 华为技术有限公司版权所有，侵权必究 /cn/products/datacomm/3S5300-EI项目S5328C-EI S5328C-EI-24S S5352C-EI mm（宽×深×高）功耗<150W重量<8kg。