Enterasys ANG-1000 Uživatelský manuál stáhnout pdf (Strana 2)

A signiﬁcant differentiator for the K-Series is the ability to collect

NetFlow data at wire-speed providing total visibility into network

resource consumption for users and applications. The K-Series joins the

S-Series as the only enterprise switches to support multi-user, multi-

method authentication on every port — absolutely essential when you

have devices such as IP phones, computers, printers, copiers, security

cameras, badge readers, and virtual machines connected to the network.

These new modular edge switches deliver ﬂexible connectivity, premium

features and integrated security that enable the network to quickly adapt

to changing business requirements.

Hardware-Based High Availability Features

The K-Series includes many standard high availability features. These

hardware-based high availability features allow the K-Series to be

DEPLOYED IN MISSION CRITICAL ENVIRONMENTS THAT REQUIRE  AVAILABILITY

The K-Series supports the following hardware-based high availability

features:

s 0ASSIVE CHASSIS BACKPLANE

s (OT SWAPPABLE FAN TRAYS WITH MULTIPLE COOLING FANS

s (OT SWAPPABLE AND LOADSHARING POWER SUPPLIES

s -ULTIPLE !# INPUT CONNECTIONS FOR POWER CIRCUIT REDUNDANCY

s 5P TO  GROUPS OF EIGHT %THERNET PORTS CAN BE GROUPED TOGETHER TO

CREATE A MULTILINK AGGREGATION GROUP ,!'

Distributed, Flow-Based Architecture

In order to ensure granular visibility and management of trafﬁc without

sacriﬁcing performance, the Enterasys K-Series deploys a ﬂow-

based architecture. This architecture ensures that when a speciﬁc

communications ﬂow is being established between two end points, the

ﬁrst packets in that communication are processed through the multilayer

CLASSIlCATION ENGINES IN THE SWITCH AND THE )/ FABRIC MODULE )N THIS

process, the role is identiﬁed, the applicable policies are determined,

the packets are inspected and the action is determined. After the

ﬂow is identiﬁed, all subsequent packets associated with that ﬂow

are automatically handled in the Enterasys ASICs without any further

processing. In this way the Enterasys K-Series is able to apply a very

granular level of control to each ﬂow at full line rate.

Multi-User/Method Authentication and Policy

Authentication allows enterprise organizations to manage network access

and provide mobility to users and devices. It provides a way to know who

or what is connected to the network and where this connection is at any

time. The Enterasys K-Series has unique, industry leading capabilities

regarding types of simultaneous authentication methods. K-Series modules

can support multiple concurrent authentication techniques, including:

s 8 AUTHENTICATION

s -!# AUTHENTICATION WHICH IS A WAY TO AUTHENTICATE DEVICES ON THE

NETWORK USING THE -!# ADDRESS

s 7EBBASED AUTHENTICATION ALSO KNOWN AS 0ORT 7EB !UTHENTICATION

07! WHERE A USER NAME AND PASSWORD ARE SUPPLIED THROUGH A BROWSER

s #%0 ALSO KNOWN AS #ONVERGENCE %ND 0OINT WHERE MULTIPLE VENDORS

VoIP phones are identiﬁed and authenticated; this capability provides

great ﬂexibility to enterprises looking to implement access control

mechanisms across their infrastructure

A signiﬁcant additional feature of the K-Series is the capability to

support multi-user authentication. This allows multiple users and

devices to be connected to the same physical port and each user or

device to be authenticated individually using one of the multi-method

OPTIONS X -!# 07! OR #%0 4HE MAJOR BENElT OF MULTIUSER

authentication is to authorize multiple users, either using dynamic policy

or VLAN assignment for each authenticated user. In the case of dynamic

POLICY THIS IS CALLED -ULTI5SER 0OLICY -ULTIUSER PORT CAPACITIES WITH THE

+3ERIES ARE DETERMINED ON A PER PORT PER )/ MODULE AND PER MULTISLOT

system basis.

-ULTIUSER AUTHENTICATION AND POLICY CAN PROVIDE SIGNIlCANT BENElTS

to customers by extending security services to users connected to

unmanaged devices, third party switches/routers, VPN concentrators,

or wireless LAN access points at the edge of their network. Using

authentication provides security, priority, and bandwidth control while

PROTECTING EXISTING NETWORK INVESTMENTS 4HE +3ERIES SUPPORTS UP TO 

USERS PER PORT WITH A LICENSE OPTION FOR  USERS PER PORT 4OTAL SYSTEM

CAPACITY SUPPORTS  USERS ON THE + AND  USERS ON THE +

Dynamic, Flow-Based Packet Classiﬁcation

Another unique feature that separates the Enterasys K-Series from all

COMPETITIVE SWITCHES IS THE CAPABILITY TO PROVIDE 5SER"ASED -ULTILAYER

0ACKET #LASSIlCATION1O3 7ITH THE WIDE ARRAY OF NETWORK APPLICATIONS

USED ON NETWORKS TODAY TRADITIONAL -ULTILAYER 0ACKET #LASSIlCATION

by itself is not enough to guarantee the timely transport of business-

CRITICAL APPLICATIONS )N THE +3ERIES 5SER"ASED -ULTILAYER 0ACKET

Classiﬁcation allows trafﬁc classiﬁcation not just by packet type, but

also by the role of the user on the network and the assigned policy of

THAT USER 7ITH 5SER"ASED -ULTILAYER 0ACKET #LASSIlCATION PACKETS

can be classiﬁed based on unique identiﬁers like “All Users”, “User

'ROUPSv AND h)NDIVIDUAL 5SERv THUS ENSURING A MORE GRANULAR APPROACH

to managing and maintaining network conﬁdentiality, integrity, and

availability.

Network Visibility From High Fidelity NetFlow

Network performance management and security capabilities via NetFlow

are available on Enterasys K-Series switch ports without slowing down

switching and routing performance or requiring the purchase of expensive

daughter cards for every module. Enterasys NetFlow tracks every packet

in every ﬂow as opposed to more typical statistical sampling techniques

Page 2

1 2 3 4 5 6 7 8

Komentáře k této Příručce

Žádné komentáře

Enterasys ANG-1000 Uživatelský manuál Strana 2

Komentáře k této Příručce

Související produkty a manuály pro Brány / ovladače Enterasys ANG-1000