DATA SHEET BROCADE FASTIRON WS SERIES ENTERPRISE LAN SWITCHING HIGHLIGHTS •Compact, high-performance, 24- and 48-port 10/100 Mbps and 10/100/1000 Mbps base models and Power over Ethernet (PoE) models for Unified Communications (UC) infrastructures •Dynamic Brocade IronWare Layer 3 routing optional features such as OSPF and RIP, in addition to advanced Layer 2 Ethernet switching and high-availability features such as VSRP, VRRP, and MRP •Quality of Service (QoS) to support eight priority queues with strict and weighted scheduling •Open, standards-based Network Access Control (NAC) featuring multi-host 802.1X access control, multi-device MAC authentication, and policy-controlled MAC-based VLANs •Brocade IronShield 360 intrusion protection against network- and hostbased attacks •Concurrent port mirroring and sFlow packet sampling, enabling network-wide traffic monitoring for traffic accounting, intrusion detection, 802.1X identity monitoring, link utilization, and fault isolation •Protected by the Brocade Assurance Limited Lifetime Warranty for as long as the original purchaser continues to own and use the product Intelligent Edge Solutions for Unified Communications The Brocade® FastIron® Workgroup Switch (WS) Series is a complete line of one rack unit (1RU) enterprise-class Layer 2/3 switches. The FastIron WS Series extends the Brocade edge-to-core networking portfolio by providing intelligent edge switches designed for Small and Medium Businesses (SMBs), branch offices, and distributed enterprises—without compromising performance and reliability. The switches are available in 24- and 48-port 10/100 Mbps or 10/100/1000 Mbps models, with or without IEEE 802.3af Power over Ethernet (PoE), for enterprise edge networking, security, and Unified Communications (UC). Featuring standards-based PoE, the FastIron WS Series delivers the scalability, Quality of Service (QoS) assurance, resilience, and Voice over IP (VoIP)-readiness needed to implement a high-value converged solution at the network edge. Combining Fast Ethernet, Gigabit Ethernet (GbE), PoE, and intelligent fault detection with a feature-rich, secure, and highly reliable solution, the FastIron WS Series maximizes productivity and investment protection. This cost-effective, high-performance compact solution enables the deployment of new applications such as IP telephony, wireless access, WebTV, video surveillance, building management systems, triple play—voice, video, and data—and remote video kiosks. The FastIron WS Series can also be deployed in Metropolitan Area Networks (MANs), connecting branch offices with 1 GbE uplinks. In this environment, important features include Brocade Metro Ring Protocol (MRP) for building resilient ring-based topologies, Virtual LAN (VLAN) stacking, and multicast capabilities such as IGMP v1/v2/v3 and MLD v1/v2 snooping for controlling multicast traffic in highbandwidth content distribution applications. CONFIGURATION ALTERNATIVES The FastIron WS Series supports hardwarebased embedded sFlow capabilities, which enable real-time traffic visibility and analysis, network protection, and manageability of end users’ PCs. sFlow enabled at the edge takes full advantage of the intelligent edge switch capabilities, providing dynamic control by correlating data collected from sFlow and applying Access Control List (ACL), Rate limiting, and QoS at the edge——not at the core. This analysis mitigates security threats at the edge. sFlow dynamic real-time traffic analysis is available through Brocade Network Advisor, or any network management tool that supports sFlow (RFC 3176). •FastIron WS 624: 20×10/100 Mbps ports plus four RJ45/SFP (1 GbE) combo ports For organizations using Brocade Network Advisor, the Brocade IronShield 360 closed-loop security solution and advanced traffic policy features are available to ensure the smooth operation and security of the entire network. The Brocade IronWare software suite underpins Brocade switches and routers, enabling a consistent, manageable framework that reduces the time and resources required to utilize solutions. When used with other FastIron products— such as the Brocade FastIron SX Series and the stackable Brocade FCX Series—the FastIron WS Series allows organizations to deploy feature-rich and scalable end-to-end enterprise edge services while minimizing the Total Cost of Ownership (TCO) and maximizing Return On Investment (ROI) for a complete convergence-ready solution. The FastIron WS Series provides an intelligent solution for achieving convergence and security at the network edge. The FastIron WS Series is optimized for flexibility, reliability, and manageability. This series of switches is available in four base models and PoE models. In addition, all FastIron WS Series base models are available with optional edge Layer 3 routing features: •FastIron WS 624-POE: 20×10/100 Mbps PoE ports plus four RJ45/SFP (1 GbE) combo ports •FastIron WS 648: 44×10/100 Mbps ports plus four RJ45/SFP (1 GbE) combo ports •FastIron WS 648-POE: 44×10/100 Mbps PoE ports plus four RJ45/SFP (1 GbE) combo ports •FastIron WS 624G: 20×10/100/1000 Mbps ports plus four RJ45/SFP (1 GbE) combo ports •FastIron WS 624G-POE: 20×10/100/ 1000 Mbps PoE ports plus four RJ45/SFP (1 GbE) combo ports •FastIron WS 648G: 44×10/100/1000 Mbps ports plus four RJ45/SFP (1 GbE) combo ports •FastIron WS 648G-POE: 44×10/100/ 1000 Mbps PoE ports plus four RJ45/SFP (1 GbE) combo ports. TARGET APPLICATIONS Offering a powerful set of advanced Layer 2 switching and edge Layer 3 routing capabilities, extensive security features, bandwidth scalability, and a compact design, the FastIron WS Series is well suited for a broad range of applications: •Intelligent edge solutions for SMBs, branch offices, and distributed enterprises: The FastIron WS Series features advanced QoS with eight priority queues and combines strict priority and Weighted Round Robin (WRR) scheduling to enable dependable and high-quality network convergence. The FastIron WS Series supports IEEE 802.1AB LLDP and ANSI TIA 1057 LLDP-MED, enabling organizations to build open convergence and advanced multivendor networks. Plus, the FastIron WS Series is available with IEEE 802.3af PoE to deliver standards-based power for nextgeneration converged devices such as VoIP handsets, wireless access points, and video cameras. •Metro network Customer Located Equipment (CLE): The FastIron WS Series offers cost-effective, in-building MultiTenant Unit (MTU) or CLE for unicast and multicast services delivery. MRP makes the FastIron WS Series an attractive choice for CLE deployments. PRIMARY FEATURES AND BENEFITS Performance and Scalability Today’s business and networking applications continue to consume more bandwidth. A future-ready network needs to scale to support the growing and evolving demands of these environments. The FastIron WS Series provides a wirespeed switching architecture capable of supporting four RJ-45 or SFP Gigabit Ethernet combo ports. In addition, the FastIron WS Series supports a range of Gigabit Ethernet optics, including SX, SX2, LX, LHA, LGB, 1000 Base-BX, and CWDM. The FastIron WS Series is a powerful solution for the delivery of highperformance, delay-sensitive applications. The product features advanced QoS capabilities, including low-latency switching, eight priority queues, ingress and egress rate limiting, WRR, Strict Priority (SP), and a mix of SP and WRR scheduling methods. Ease of Use: Plug and Play The FastIron WS Series supports the IEEE 802.1AB LLDP and ANSI TIA 1057 LLDP-MED standards, enabling organizations to build open convergence, advanced multivendor networks. LLDP greatly simplifies and enhances network management, asset management, and network troubleshooting. For example, it enables discovery of accurate physical network topologies, including those with multiple VLANs where all subnets may not be known. LLDP-MED addresses the unique needs that voice and video demand in a converged network by advertising media and IP telephony-specific messages that can be exchanged between the network and the endpoint devices. LLDP-MED provides exceptional interoperability, IP telephony troubleshooting, and automatic deployment of policies, inventory management, and E911 location/emergency call service support. These sophisticated features make converged network services easier to install, manage, and upgrade while significantly reducing operations costs. Simplified Deployment with Auto-Configuration The FastIron WS Series supports DHCP client-based auto-configuration, simplifying deployment and configuration, and providing true plug-and-play capabilities. Organizations can automate the IP address and feature configuration of FastIron WS Series switches without the presence of a highly trained, onsite network engineer. When the FastIron WS Series switches power up, they automatically receive an IP address from DHCP and configuration information from an already configured Trivial File Transport Protocol (TFTP) server. At this time, the switches can also automatically receive a software update to be at the same code revision as already installed switches. Autoconfiguration and built-in intelligence reduces operating expenditures while simplifying network management. Redundant Power Supply Option All FastIron WS Series switches offer an external redundant power supply option. The Brocade External Redundant Power Supply operates as a backup to the internal power supply for a device. If an internal power supply fails, the redundant power supply will power the device without affecting network operations. Advanced Multicast Features The FastIron WS Series supports a rich set of Layer 2 multicast features that enable advanced multicast services delivery. Internet Group Management Protocol (IGMP) snooping for IGMP version 1, 2, and 3 is supported. Source-based multicast—a key requirement for IGMP v3 snooping—is a Layer 2 service feature. This provides improved bandwidth utilization and more secure multicast services delivery. The FastIron WS Series also supports Multicast Listener Discovery (MLD) versions 1 and 2 snooping, enabling source-based multicast applications in IPv6 environments. Advanced Layer 2 and Layer 3 Protocols for Building Resilient Networks Software features, including Virtual Switch Redundancy Protocol, MRP, Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP), and 802.3ad Link Aggregation, provide alternate paths for traffic in the event of a link failure. Subsecond fault detection utilizing Link Fault Signaling, protected link groups, and UniDirectional Link Detection (UDLD) help ensure rapid fault detection and recovery. Enhanced Spanning Tree features such as Root Guard and BPDU Guard prevent rogue hijacking of Spanning Tree roots and maintain a contention- and loop-free environment, especially during dynamic network deployments. As a result, FastIron WS Series software and hardware features provide a robust and resilient infrastructure solution in a cost-effective and compact form. Edge PREM Layer 3 functionality enhances the capability of the FastIron WS Series as an edge router platform. The powerful Layer 3 features enable dynamic routing via OSFPv1/v2, RIPv1/v2, IPv4 static routes, virtual network interfaces, routing between directly connected subnets, VRRP, DHCP Relay, routed interfaces, and host routes. With the FastIron WS Series, organizations can deploy end-to-end Layer 3 networks and propagate the same routing policies from edge to core, simplifying network design and operations. Comprehensive Enterprise-Class Edge Security The Brocade IronWare operating system powers FastIron WS Series switches. It offers a rich set of Layer 2 switching services and Layer 3 routing functionality, an advanced security suite for Network Access Control (NAC) and Denial of Service (DoS) protection, and QoS. Embedded security features include protection against Man-in-the-Middle and DoS attacks via Dynamic ARP inspection, DHCP snooping, TCP SYN, and ICMP smurf attack prevention. The FastIron WS Series supports key features such as Spanning Tree Root Guard and BPDU Guard to protect network spanning tree operation along with broadcast and multicast packet rate limiting. Unified Convergence IronWare advanced QoS controls include honoring, prioritizing, classifying, and marking Ethernet and IP traffic, enabling the switches to honor VoIP traffic using 802.1p priority and IP Type of Service and DiffServ Codepoints (TOS/DSCP). Lawful Intercept Today’s heightened security environment may require traffic intercept. The U.S. Communications Assistance for Law Enforcement Act (CALEA) compliance, for example, requires that businesses be able to intercept and replicate data traffic directed to a particular user, subnet, or port. This compliance requirement is essential for networks implementing IP phones. The FastIron WS Series supports this requirement through ACL-based Mirroring, MAC filter-based mirroring, and VLAN-based mirroring. Organizations can apply “mirror ACL” on a port and mirror a traffic stream based on IP source/destination address, TCP/UDP source/destination ports, and IP protocols such as ICMP, IGMP, TCP, and UDP. A MAC filter can be applied on a port and mirror a traffic stream based on a source/destination MAC address. VLANbased mirroring is another option for CALEA compliance (that is, lawful intercept). Many enterprises have service-specific VLANs, such as voice VLANs. With VLAN mirroring, all traffic on an entire VLAN within a switch can be mirrored, or specific VLANs can be transferred to a remote server. Secure Network Access The FastIron WS Series supports Brocade IronShield 360, a unique and powerful closed-loop threat mitigation solution that uses best-of-breed intrusion detection systems to inspect sFlow traffic samples for possible network attacks. In response to a detected attack, Brocade Network Advisor can apply a security policy to the compromised port. This automated threat detection and mitigation helps stop network attacks in real time, without human intervention. IronShield 360 detects and mitigates zero-day (anomaly-based) and known (signature-based) network attacks. It leverages hardware-based sFlow packet sampling technology embedded in FastIron WS Series switches. The combination of sFlow packet sampling, Brocade Network Advisor, and Snort intrusion detection protects the enterprise from network attacks. This advanced security capability provides a network-wide security umbrella without the added complexity and cost of ancillary sensors. Organizations can rely on features such as multi-device and 802.1X authentication with dynamic policy assignment to control network access and perform targeted authorization on a per-user level. Additionally, the FastIron WS Series supports enhanced static MAC with the ability to deny traffic to and from a MAC address on a per-VLAN basis, allowing organizations to control and deploy access policies per endpoint MAC address. This provides a powerful tool for controlling access policies per endpoint device. Standards-based NAC enables organizations to deploy best-of-breed NAC solutions for authenticating network users and validating the security posture of a connecting device. Support for policy-controlled, MAC-based VLANs provides additional control of network access, allowing for policy-based assignments of devices to Layer 2 VLANs. Secure Element Management The FastIron WS Series includes Secure Shell (SSHv2), Secure Copy, and SNMPv3 to restrict and encrypt management communications to the system. Additionally, support for Terminal Access Controller Access Control Systems (TACACS/TACACS+) and RADIUS authentication help ensure secure operator access. UNIFIED WIRED/WIRELESS NETWORK MANAGEMENT WITH BROCADE NETWORK ADVISOR Managing enterprise campus networks continues to become more complex due to the growth in services that rely on wired and wireless networks. Services such as Internet, e-mail, video conferencing, real-time collaboration, and distance learning all have specific configuration and management requirements. At the same time, organizations face increasing demand to provide uninterrupted services for highquality voice and UC, wireless mobility, and multimedia applications. To reduce complexity and the time spent managing these environments, the easyto-use Brocade Network Advisor discovers, manages, and deploys configurations to groups of IP devices. By using the Brocade Network Advisor Device Configuration Manager tool, organizations can configure VLANs within the network, manage wireless access point realms or execute CLI commands on specific devices or groups of IP devices. sFlow-based proactive monitoring is ideal for performing networkwide troubleshooting, generating traffic reports, and gaining visibility into network activity from the edge to the core. Brocade Network Advisor centralizes management of the entire family of Brocade wired and wireless products, including the FastIron WS Series. FAULT DETECTION The FastIron WS Series provides both logical fault detection and physical fault isolation capabilities. Logical fault detection is supported through software features such as Remote Fault Notification (RFN), Protected Link Groups, and UDLD: •RFN, enabled on 1 GbE transmit ports, notifies the remote port whenever the fiber cable is either physically disconnected or has failed. When this occurs, the device disables the link and turns off both LEDs associated with the ports. •Protected Link Groups minimize disruption to the network by protecting critical links from loss of data and power. In a protected link group, one port in the group acts as the primary or active link, and the other ports act as secondary or standby links. The active link carries the traffic. If the active link goes down, one of the standby links takes over. •UDLD monitors a link between two FastIron WS switches and brings the ports on both ends of the link down if the link goes down at any point between the two devices. Physical fault isolation on the FastIron WS Series is supported through Virtual Cable Test (VCT) technology. VCT technology enables organizations to diagnose a conductor (wire or cable) by sending a pulsed signal into the conductor, then examining the reflection of that pulse. By examining the reflection, the FastIron WS Series can detect and report cable statistics such as local and remote link pair, cable length, and link status. In addition, the FastIron WS Series supports network loop detection and stability features such as Port Flap Dampening, singlelink LACP, and Port Loop Detection. Port Flap Dampening increases the resilience and availability of the network by limiting the number of port state transitions on an interface. This reduces the protocol overhead and network inefficiencies caused by frequent state transitions occurring on misbehaving ports. Single Link LACP can be used as a bidirectional link detection protocol. This standards-based solution is useful in mixednetwork environments because it works with a variety of switches from other vendors. The Port Loop Detection feature enables organizations to detect and prevent Layer 1 and Layer 2 loops without using STP. Organizations that do not enable a Layer 2 Protocol, such as STP to detect physical loops at the edge, can use Port Loop Detection to detect loops occurring on a port as well as within an entire network. BROCADE GLOBAL SERVICES To help organizations get the most value from their technology investments, Brocade Global Services offers a variety of services with comprehensive hardware and 24×7 software support, including software fixes and new releases. Organizations can also utilize Brocade Professional Services to implement and validate the functionality of Brocade products. Leveraging the Brocade Network Monitoring Service (NMS), organizations can maximize the availability and performance of their critical application environments while reducing infrastructure cost and complexity. WARRANTY The FastIron WS Series is covered by the Brocade Assurance™ Limited Lifetime Warranty for as long as the original purchaser continues to own and use the product. The warranty covers the product hardware, including internal power supplies and internal fans, as well as software defect repairs. To streamline the product replacement process, qualified customers can directly access the MyBrocade™ Portal to initiate advanced replacement on registered products. MAXIMIZING INVESTMENTS To help optimize technology investments, Brocade and its partners offer complete solutions that include education, support, and services. For more information, contact a Brocade sales partner or visit www.brocade.com. KEY FEATURES AND BENEFITS Flexible and High-Capacity Solution •24- and 48-port 10/100 Mbps and 10/100/1000 Mbps (RJ-45) non-Power over Ethernet (PoE) models •24- and 48-port 10/100 Mbps and 10/100/1000 Mbps (RJ-45) PoE models •Efficient space-saving 1RU form factor with front-facing data ports and a built-in temperature monitor sensor •Field upgradeability to support Edge Layer 3 features Robust Power over Ethernet •Standards-based IEEE 802.3af PoE support •PoE auto-detection enables support for PoE and non-PoE devices without configuration changes •Software accessible system and per port power consumption •Interoperability with popular VoIP equipment, including legacy IP phones •Advanced QoS capabilities ensure high quality VoIP support •LLDP-MED IronShield Advanced Security •Multilevel access security for console access •IronShield 360°—System-wide, automated closed-loop threat detection and mitigation solution •Secure, Web-based management •Secure Shell and SNMPv3 restrict and encrypt communications to the management interface and system •Terminal Access Controller Access Control Systems (TACACS/TACACS+) and RADIUS operator authentication •Secure Shell (SSHv2), SCP, and SNMPv3 secure remote management access and communications •MAC filters, Layer 3/Layer 4 ACLs and binding the ACL to TELNET, Web management and SNMP interface for secure management access •IEEE 802.1x authentication including multiple device authentication and dynamic VLAN, ACL, and MAC filter assignment for authenticated clients •Private VLANs provide security and isolation between switch ports to help ensure that users cannot snoop on other users’ traffic •Denial of Service Protection—Monitoring, throttling, and locking out of ICMP and TCP SYN traffic both to the management address of the switch and for transit traffic •Man-in-the-Middle prevention using Dynamic ARP Inspection and DHCP Snooping •Port Security and MAC Address Locking limits the number MAC addresses on a port. Using Port Security network managers can allow specific MAC addresses access to the network for specific time periods •MAC address authentication including multiple device authentication and dynamic policy configuration •Policy-controlled, MAC-based VLANs provide additional control of network access, allowing for policy-controlled assignments of devices to Layer 2 VLANs KEY FEATURES AND BENEFITS CONTINUED Advanced Quality of Service •Packet classification, reclassification, policing, marking, and remarking •Identification, classification, and reclassification of traffic based on specific criteria such as port, source/destination MAC address, 802.1p priority bit, source/destination IP address, Type of Service (ToS), Differentiated Services Codepoints (DSCP), or TCP/UDP port •Flexible queue servicing utilizing configurable Weighted Round Robin (WRR), Strict Priority (SP), or hybrid SP/WRR •8 hardware queues for flexible QoS management •Ingress rate limiting—standard and extended ACL control •ACLs configured on a per-port per VLAN basis •Egress rate limiting—per port, per queue •Support for up to 256 wire-speed ingress traffic policers with each policer supporting configurable metering with maximum and burst size settings, color aware and out-of-profile packet remarking or dropping •sFlow and port mirroring on the same port System and Network Resilience •Advanced Layer 2 service protection features: Metro Ring Protocol, Virtual Switch Redundancy Protocol, Rapid Spanning Tree, Multiple Spanning Tree, Per VLAN Spanning Tree (PVST, PVST+), Protected Link groups, Link Fault Signaling (LFS), Remote Fault Notification (RFN) •Port range with port speed downshift and selective auto negotiation •Port loop detection to detect Layer 1/Layer 2 loops •Image checksum verification •Next boot information •Port flap dampening •Single link LACP as a standards-based bi-directional link detection protocol SYSTEM SUMMARY 1, 2 Feature FWS624 FWS624EPREM FWS624POE FWS624G FWS624GEPREM FWS624GPOE FWS648 FWS648EPREM FWS648POE FWS648G FWS648GEPREM FWS648GPOE Switching Performance 12 Gbps 12 Gbps 48 Gbps 48 Gbps 16.8 Gbps 16.8 Gbps 96 Gbps 96 Gbps Forwarding Performance 9 Mpps 9 Mpps 36 Mpps 36 Mpps 12.6 Mpps 12.6 Mpps 72 Mpps 72 Mpps 10/100 Mbps Port Density (RJ-45) 20 plus 4port Combo 10/100 Mbps PoE Density (RJ-45) 44 plus 4port Combo 20 plus 4-port Combo 10/100/1000 Mbps Port Density (RJ-45) 44 plus 4port Combo 20 plus 4port Combo 10/100/1000 Mbps PoE Density (RJ-45) 100/1000 Mbps SFP Port Density 44 plus 4port Combo 20 plus 4port Combo 4 Combo 4 Combo 4 Combo 100 Mbps Optics 4 Combo 44 plus 4-port Combo 4 Combo 4 Combo 4 Combo 4 Combo 100Base-FX and 100Base-BX Gigabit Ethernet Optics SX, SX2, LX, LHA, LGB, 1000Base-BX, and CWDM Internal AC Power Supply 65 W 530 W 65 W 530 W 100 W 530 W 100 W 530 W External RPS Option RPS2-EIF 150 W RPS12 900 W RPS2-EIF 150 W RPS12 900 W RPS2-EIF 150 W RPS12 900 W RPS2-EIF 150 W RPS12 900 W Maximum Number of MAC Addresses 16,000 16,000 16,000 16,000 16,000 16,000 16,000 16,000 Maximum Number of VLANs 44,096 44,096 44,096 44,096 44,096 44,096 44,096 44,096 Maximum Number of STP 253 253 253 253 253 253 253 253 Hardware Routes 11,000 11,000 11,000 11,000 11,000 11,000 11,000 11,000 IGMP Snooping v1, v2 and v3 v1, v2 and v3 v1, v2 and v3 v1, v2 and v3 v1, v2 and v3 v1, v2 and v3 v1, v2 and v3 v1, v2 and v3 MLD Snooping v1 and v2 v1 and v2 v1 and v2 v1 and v2 v1 and v2 v1 and v2 v1 and v2 v1 and v2 PIM-SM Snooping Yes Yes Yes Yes Yes Yes Yes Yes IGMP Proxy for Static Groups Yes Yes Yes Yes Yes Yes Yes Yes L3 Access Control List Yes Yes Yes Yes Yes Yes Yes Yes Link and Protocol Resilience BPDU and Root Guard, Single Link LACP, Port Loop Detection, Port Flap Dampening, Trunk Threshold Number of Ports per Trunk 8 8 8 8 8 8 8 8 Number of Trunk Groups 12 12 12 12 24 24 24 24 Multi-device Authentication and Dynamic VLAN Assignment Yes Yes Yes Yes Yes Yes Yes Yes 802.1x Authentication and Dynamic VLAN Assignment Yes Yes Yes Yes Yes Yes Yes Yes MAC-based VLANs Yes Yes Yes Yes Yes Yes Yes Yes Metro Features VLAN Stacking, Super Aggregated VLANs (SAVs), Metro Ring Protocol 1 (MRP 1), Virtual Switch Redundancy Protocol (VSRP), Topology Groups, VRRP 1 Switching and forwarding performance specifications are provided for a single FastIron WS unit. 2 Port densities are provided for a single FastIron WS unit. BROCADE FASTIRON WS SPECIFICATIONS Standards Compliance MAC filter override of 802.1X • IEEE 802.1p Quality of Service (QoS) • IEEE 802.1s Multiple Spanning Tree • IEEE 802.1W Rapid Spanning Tree (RSTP) • IEEE 802.1X Port-based Network Access Control • IEEE 802.3ad link aggregation (dynamic trunk groups) • IEEE 802.1Q with tagging • IEEE 802.1AB LLDP • IEEE 802.1D-2004 MAC Bridging • IEEE 802.3 10Base-T • IEEE 802.3ad Link Aggregation (Dynamic and Static) • IEEE 802.3u 100Base-TX • IEEE 802.3x Flow control (Asymmetric) • IEEE 802.3z 1000Base-SX/LX • IEEE 802.3ab 1000BaseT • IEEE 802.3 MAU MIB (RFC 2239) • ANSI TIA 1057 LLDP-MED Ability to disable MAC Learning Layer 2 Features 802.1D Spanning Tree Support • Enhanced IronSpan support includes Fast Port Span and Single-instance Span • Brocade Layer 2 devices (switches) support up to 253 spanning tree instances for VLANs. • PVST/PVST+ compatibility • PVRST compatibility 802.1p Quality of Service (QoS) • Strict Priority (SP) MAC authentication RADIUS time-out action 802.1X authentication RADIUS time-out action 802.1X dynamic assignment for ACL, MAC filter, and VLAN Automatic removal of Dynamic VLAN for 802.1X ports Metro Ring Protocol 1 (MRP 1) MLD Snooping v1/v2 PIM-SM V2 Snooping Remote Fault Notification (RFN) for Gigabit Ethernet ports LACP • Support for single link LACP Trunk groups • Option to include L2 in trunk hash calculation • Support for trunk threshold Topology groups UniDirectional Link Detection (UDLD) (Link keep-alive) Virtual Switch Redundancy Protocol (VSRP) VSRP-Aware security features VLAN Support: • Combined SP and WRR • 8 priority queues 802.1s Multiple Spanning Tree • 802.1W RSTP support allows for sub-second convergence Port Security • MAC port security • Multi-device port authentication Port mirroring and monitoring ACL-based mirroring • Dynamic ACLs with Multi-Device Port Authentication VSRP Fast Start • Mirroring of both inbound and outbound traffic on individual ports is supported. VSRP and MRP signaling Static MAC entries with option to set priority 16,000 MAC Addresses ACL-based rate limiting QoS Access Control Lists (ACLs) for filtering transit traffic • 4096 maximum VLANs • 802.1Q with tagging • Dual-mode VLANs • GVRP • Protocol VLANs (AppleTalk, IPv4, dynamic IPv6, and IPX) • Layer 3 Subnet VLANs (AppleTalk, IP subnet network, and IPX) VLAN-based mirroring • Multiple-device port authentication with dynamic VLAN assignment PVRST Compatibility Address Locking • Support for inbound ACLs Auto MDI/MDIX IPv4 ACLs 10/100/1000 Mbps port speed BPDU Guard Auto-negotiation Root Guard 802.3af Power over Ethernet Configuring Uplink Ports within a Port-based VLAN Protected Link Groups Dynamic Host Configuration Protocol (DHCP) Assist Port-based Access Control Lists IGMP v1/v2/v3 Snooping (IGMPv3 source specific snooping in Layer 2 only) IGMP v2/v3 Fast Leave Inter-packet Gap (IPG) adjustment Jumbo Frames GARP VLAN Registration Protocol MAC filter-based Mirroring Port speed downshift and selective auto-negotiation IGMP Tracking • 1-Gigabit Ethernet ports • Up to 9216 bytes LLDP and LLDP-MED MAC-Based VLANs • Dynamic MAC-based VLAN activation Layer 2 MAC filtering • Filtering on source and destination MAC address MAC authentication password override Flexible trunk group membership • Weighted Round Robin (WRR) 802.1W Rapid Spanning Tree (RSTP) • MLD v1/v2 snooping (global and local) • MLD fast leave for v1 • MLD tracking and fast leave for v2 • Static MLD and IGMP groups with support for proxy Dynamic Voice VLAN Assignment Private VLANs and uplink-switch Port Loop Detection VLAN based Static MAC Denial Layer 2 Metro Features • Metro Ring Protocol (MRP 1) • Virtual Switch Redundancy Protocol (VSRP) • Topology Groups BROCADE FASTIRON WS SPECIFICATIONS CONTINUED Base Layer 3 Features Management and Control • DHCP Relay • Embedded DHCP Server • ECMP • IP helper • PIM Snooping • RIP v1/v2 announce • Routing for directly connected IP subnets • Static IP • Virtual Interfaces—Up to 255 virtual interfaces • VRRP • VSRP and VSRP Aware • Routed Interfaces • IPv4 Static Routes • Routing between directly connected subnets • RFC 854 TELNET Client and Server • RFC 783 TFTP • RFC 2131 DHCP Relay, Embedded DHCP Server • RFC 2068 Embedded HTTP • RFC 2818 Embedded HTTPS • AAA support for console commands • Access Control Lists (ACLs) for controlling management access • Combined DSCP and internal marking in one ACL rule • DSCP Mapping for values 1 through 8 • Configuring an interface as the source for all TFTP, Syslog, and SNTP packets • Alias Command • Asymmetric flow control • Responds to flow control packets, but does not generate them. • Disabling TFTP Access • Brocade Network Advisor • Port flap dampening • Remote monitoring (RMON) • RFC 3176 sFlow • 802.1X username export support for encrypted and non-encrypted EAP types • Show log on all terminals • Serial and Telnet access to industry-standard Command Line Interface (CLI) • SNMP v1, v2, v3 • SNMP v3 traps • Web-based GUI Layer 3 Edge PREM Features • Host routes • IGMP V1, V2, and V3 • OSPFv1,v2 • RIP V1 , V2 • Route-only support • Routes in hardware maximum: 1000 • VRRP Quality of Service • DHCP Relay • DiffServ Support • Combined DSCP and internal marking in one ACL rule • DSCP Mapping for values 1 through 8 • 802.1p Quality of Service (QoS) • Strict Priority (SP). • Weighted Round Robin (WRR) • Combined SP and WRR • 8 priority queues • ACL-based rate limiting QoS • Priority mapping using ACLs • Static MAC entries with option to set priority • MAC Address Mapping to Priority Queue • ACL Mapping to Priority Queue • ACL Mapping to ToS/DSCP • Honoring DSCP and 802.1p • ACL Mapping and Marking of ToS/DSCP • Classifying and Limiting Flows based on TCP flags Traffic Management • ACL-based Fixed rate limiting • Inbound Fixed rate limiting • ACL-based rate limiting QoS • Broadcast, Multicast and unknown Unicast Rate Limiting • Inbound Rate Limiting per port • ACL-based inbound rate limiting and traffic policies • Outbound Rate Limiting per port and per queue Key-based Activation of Optional Software Features • Multiple Syslog server logging • Up to six Syslog servers • Specifying a Simple Network Time Protocol (SNTP) Server • Displaying interface names in Syslog • Displaying TCP/UDP port numbers in Syslog messages • Boot and reload after 5 minutes at or above shutdown temperature • Digital optical monitoring • Negative temperature setting • Virtual Cable Testing (VCT) technology • Uses Time Domain Reflectometry (TDR) technology to detect and report cable statistics such as; local and remote link pair, cable length, and link status. • Brocade Discovery Protocol (BDP) • Cisco Discovery Protocol (CDP) • RFC 1213 MIB-II • RFC 1493 Bridge MIB • RFC 1516 Repeater MIB • RFC 1573 SNMP MIB II • RFC 1643 Ethernet MIB • RFC 1724 RIP v1/v2 MIB • RFC 1757 RMON MIB • RFC 2570 SNMPv3 Intro to Framework • RFC 2571 Architecture for Describing SNMP Framework • RFC 2572 SNMP Message Processing and Dispatching • RFC 2573 SNMPv3 Applications • RFC 2574 SNMPv3 User-based Security Model • RFC 2575 SNMP View-based Access Control Model SNMP • MIB support for MRP, Port Security, MAC authentication and MAC-based VLANs • Configuration Logging • Auto-configuration Embedded Security Regulatory Compliance and Safety Approvals •IEEE 802.1X username export in sFlow •DHCP Snooping •Dynamic ARP Inspection •Denial of Service (DoS) protection • EAP Pass-through Support •Packet filtering on TCP Flags •Protection for Denial of Service attacks Emissions • FCC Title 47, Part 15 , Subpart B (Class A) • ICES-003 (Canada) (Class A) • EN 55022 (CE mark) (Class A) • AS/NZ 55022 (Australia) (Class A) • Korea KN 22 and KN 61000-4 series • EN 61000-6-3 • VCCI (Japan) (Class A) • EN 61000-3-2 • EN 61000-3-3 • EN 61000-6-1 • Taiwan CNS 13438 Class A Safety • CAN/CSA C22.2 No.60950-1-03/UL 60950-1 • TUV GS, TUV CB • EN 60950-1:2001+A11 • IEC 60950-1:2001 Immunity • EN 55024, Information Technology Equipment (CE Mark) Secure Management • Authentication, Authorization, and Accounting (AAA) • RADIUS/TACACS/TACACS+ • Bi-level Access Mode (Standard and EXEC Level) • Secure Copy (SCP) • Secure Shell (SSHv2) • Username/Password • Advanced Encryption Standard (AES) with SSHv2 Dimensions All FastIron WS models 1.7” (H) x 17.32” (W) x 13.78” (D) 4.34 cm (H) x 44 cm (W) x 35 cm (D) • EN 61000-6-1, Electromagnetic Compatibility, Generic Standard Weight FWS624/FWS624G 8.8 lbs (4 kg) FWS648/FWS648G 9.9 lbs (4.5 kg) • EN 55024, Immunity Characteristics • EN 61000-4-2, ESD Environmental Ranges • EN 61000-4-3, Radiated, Radio Frequency, Electromagnetic Field • Operating Noise: <43 dBA (ideal) • EN 61000-4-4, Electrical Fast Transient • Operating temperature: 0° to 40°C • EN 61000-4-5, Surge • Relative humidity: 5% to 95%, non-condensing • EN 61000-4-6, Conducted Disturbances Induced by Radio Frequency Fields • Storage temperature: -40° to 70°C • EN 61000-4-8, Power Frequency Magnetic Field • Vibration: IEC 68-2-36, IEC 68-2-6 • Shock: IEC 68-2-29 • EN 61000-4-11, Voltage Clips, Short Interruptions and Voltage Variations • Drop: IEC-68-2-32 • Maximum watts: • FWS624/FWS624G: 42W (144 BTU/hr) • FWS648/FWS648G: 83W (284 BTU/hr) • Storage altitude: 10000 ft MTBF • FWS624/624G: 370,521hrs (at 25C) • FWS648/648G: 276,651 hrs ( at 25C) WEEE compliant RoHS RoHS Compliant (6 of 6) DATA SHEET POWER UTILIZATION Current @ 100 VAC (Amps) Current @ 200 VAC (Amps) Current @ 40 VDC (Amps) Max System Power Draw (Watts) Max Thermal (BTU/Hr) Power/GbE (Watts) Power/100Mb (Watts) FastIron WS624 0.4 0.28 N/A 23 78.5 — 0.95 FastIron WS648 0.51 0.26 N/A 51 175 — 1.07 FastIron WS624G 0.67 0.47 N/A 42 143.3 1.75 — FastIron WS648G 0.84 0.43 N/A 83 283.2 1.73 — Corporate Headquarters San Jose, CA USA T: +1-408-333-8000 firstname.lastname@example.org European Headquarters Geneva, Switzerland T: +41-22-799-56-40 email@example.com Asia Pacific Headquarters Singapore T: +65-6538-4700 firstname.lastname@example.org © 2010 Brocade Communications Systems, Inc. All Rights Reserved. 09/10 GA-DS-1279-02 Brocade, the B-wing symbol, BigIron, DCFM, DCX, Fabric OS, FastIron, IronView, NetIron, SAN Health, ServerIron, TurboIron, and Wingspan are registered trademarks, and Brocade Assurance, Brocade NET Health, Brocade One, Extraordinary Networks, MyBrocade, and VCS are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned are or may be trademarks or service marks of their respective owners. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.