Brocade FWS648 network switch

DATA SHEET
BROCADE
FASTIRON WS
SERIES
ENTERPRISE
LAN SWITCHING
HIGHLIGHTS
•Compact, high-performance, 24- and
48-port 10/100 Mbps and 10/100/1000
Mbps base models and Power over
Ethernet (PoE) models for Unified
Communications (UC) infrastructures
•Dynamic Brocade IronWare Layer 3
routing optional features such as OSPF
and RIP, in addition to advanced Layer 2
Ethernet switching and high-availability
features such as VSRP, VRRP, and MRP
•Quality of Service (QoS) to support eight
priority queues with strict and weighted
scheduling
•Open, standards-based Network Access
Control (NAC) featuring multi-host
802.1X access control, multi-device MAC
authentication, and policy-controlled
MAC-based VLANs
•Brocade IronShield 360 intrusion
protection against network- and hostbased attacks
•Concurrent port mirroring and sFlow
packet sampling, enabling network-wide
traffic monitoring for traffic accounting,
intrusion detection, 802.1X identity
monitoring, link utilization, and fault
isolation
•Protected by the Brocade Assurance
Limited Lifetime Warranty for as long as
the original purchaser continues to own
and use the product
Intelligent Edge Solutions for
Unified Communications
The Brocade® FastIron® Workgroup Switch
(WS) Series is a complete line of one rack
unit (1RU) enterprise-class Layer 2/3
switches. The FastIron WS Series extends
the Brocade edge-to-core networking
portfolio by providing intelligent edge
switches designed for Small and Medium
Businesses (SMBs), branch offices,
and distributed enterprises—without
compromising performance and reliability.
The switches are available in 24- and
48-port 10/100 Mbps or 10/100/1000
Mbps models, with or without IEEE 802.3af
Power over Ethernet (PoE), for enterprise
edge networking, security, and Unified
Communications (UC).
Featuring standards-based PoE, the FastIron
WS Series delivers the scalability, Quality
of Service (QoS) assurance, resilience,
and Voice over IP (VoIP)-readiness needed
to implement a high-value converged
solution at the network edge. Combining
Fast Ethernet, Gigabit Ethernet (GbE),
PoE, and intelligent fault detection with
a feature-rich, secure, and highly reliable
solution, the FastIron WS Series maximizes
productivity and investment protection. This
cost-effective, high-performance compact
solution enables the deployment of new
applications such as IP telephony, wireless
access, WebTV, video surveillance, building
management systems, triple play—voice,
video, and data—and remote video kiosks.
The FastIron WS Series can also be
deployed in Metropolitan Area Networks
(MANs), connecting branch offices with
1 GbE uplinks. In this environment,
important features include Brocade Metro
Ring Protocol (MRP) for building resilient
ring-based topologies, Virtual LAN (VLAN)
stacking, and multicast capabilities such as
IGMP v1/v2/v3 and MLD v1/v2 snooping
for controlling multicast traffic in highbandwidth content distribution applications.
CONFIGURATION ALTERNATIVES
The FastIron WS Series supports hardwarebased embedded sFlow capabilities,
which enable real-time traffic visibility
and analysis, network protection, and
manageability of end users’ PCs. sFlow
enabled at the edge takes full advantage
of the intelligent edge switch capabilities,
providing dynamic control by correlating
data collected from sFlow and applying
Access Control List (ACL), Rate limiting,
and QoS at the edge——not at the core.
This analysis mitigates security threats
at the edge. sFlow dynamic real-time
traffic analysis is available through
Brocade Network Advisor, or any network
management tool that supports sFlow
(RFC 3176).
•FastIron WS 624: 20×10/100 Mbps
ports plus four RJ45/SFP (1 GbE)
combo ports
For organizations using Brocade Network
Advisor, the Brocade IronShield 360
closed-loop security solution and advanced
traffic policy features are available to ensure
the smooth operation and security of the
entire network.
The Brocade IronWare software suite
underpins Brocade switches and routers,
enabling a consistent, manageable
framework that reduces the time and
resources required to utilize solutions.
When used with other FastIron products—
such as the Brocade FastIron SX Series
and the stackable Brocade FCX Series—the
FastIron WS Series allows organizations to
deploy feature-rich and scalable end-to-end
enterprise edge services while minimizing
the Total Cost of Ownership (TCO) and
maximizing Return On Investment (ROI) for
a complete convergence-ready solution.
The FastIron WS Series provides
an intelligent solution for achieving
convergence and security at the network
edge. The FastIron WS Series is optimized
for flexibility, reliability, and manageability.
This series of switches is available in four
base models and PoE models. In addition,
all FastIron WS Series base models are
available with optional edge Layer 3
routing features:
•FastIron WS 624-POE: 20×10/100 Mbps
PoE ports plus four RJ45/SFP (1 GbE)
combo ports
•FastIron WS 648: 44×10/100 Mbps
ports plus four RJ45/SFP (1 GbE) combo
ports
•FastIron WS 648-POE: 44×10/100 Mbps
PoE ports plus four RJ45/SFP (1 GbE)
combo ports
•FastIron WS 624G: 20×10/100/1000
Mbps ports plus four RJ45/SFP (1 GbE)
combo ports
•FastIron WS 624G-POE: 20×10/100/
1000 Mbps PoE ports plus four RJ45/SFP
(1 GbE) combo ports
•FastIron WS 648G: 44×10/100/1000
Mbps ports plus four RJ45/SFP (1 GbE)
combo ports
•FastIron WS 648G-POE: 44×10/100/
1000 Mbps PoE ports plus four RJ45/SFP
(1 GbE) combo ports.
TARGET APPLICATIONS
Offering a powerful set of advanced Layer
2 switching and edge Layer 3 routing
capabilities, extensive security features,
bandwidth scalability, and a compact
design, the FastIron WS Series is well suited
for a broad range of applications:
•Intelligent edge solutions for SMBs,
branch offices, and distributed
enterprises: The FastIron WS Series
features advanced QoS with eight priority
queues and combines strict priority and
Weighted Round Robin (WRR) scheduling
to enable dependable and high-quality
network convergence. The FastIron
WS Series supports IEEE 802.1AB
LLDP and ANSI TIA 1057 LLDP-MED,
enabling organizations to build open
convergence and advanced multivendor
networks. Plus, the FastIron WS Series
is available with IEEE 802.3af PoE to
deliver standards-based power for nextgeneration converged devices such as
VoIP handsets, wireless access points,
and video cameras.
•Metro network Customer Located
Equipment (CLE): The FastIron WS Series
offers cost-effective, in-building MultiTenant Unit (MTU) or CLE for unicast and
multicast services delivery. MRP makes
the FastIron WS Series an attractive
choice for CLE deployments.
PRIMARY FEATURES AND BENEFITS
Performance and Scalability
Today’s business and networking
applications continue to consume more
bandwidth. A future-ready network needs to
scale to support the growing and evolving
demands of these environments.
The FastIron WS Series provides a wirespeed switching architecture capable
of supporting four RJ-45 or SFP Gigabit
Ethernet combo ports. In addition, the
FastIron WS Series supports a range of
Gigabit Ethernet optics, including SX, SX2,
LX, LHA, LGB, 1000 Base-BX, and CWDM.
The FastIron WS Series is a powerful
solution for the delivery of highperformance, delay-sensitive applications.
The product features advanced QoS
capabilities, including low-latency switching,
eight priority queues, ingress and egress
rate limiting, WRR, Strict Priority (SP), and a
mix of SP and WRR scheduling methods.
Ease of Use: Plug and Play
The FastIron WS Series supports the
IEEE 802.1AB LLDP and ANSI TIA
1057 LLDP-MED standards, enabling
organizations to build open convergence,
advanced multivendor networks. LLDP
greatly simplifies and enhances network
management, asset management, and
network troubleshooting. For example, it
enables discovery of accurate physical
network topologies, including those with
multiple VLANs where all subnets may
not be known.
LLDP-MED addresses the unique needs
that voice and video demand in a converged
network by advertising media and IP
telephony-specific messages that can be
exchanged between the network and the
endpoint devices. LLDP-MED provides
exceptional interoperability, IP telephony
troubleshooting, and automatic deployment
of policies, inventory management, and
E911 location/emergency call service
support. These sophisticated features make
converged network services easier to install,
manage, and upgrade while significantly
reducing operations costs.
Simplified Deployment with
Auto-Configuration
The FastIron WS Series supports DHCP
client-based auto-configuration, simplifying
deployment and configuration, and
providing true plug-and-play capabilities.
Organizations can automate the IP address
and feature configuration of FastIron WS
Series switches without the presence of a
highly trained, onsite network engineer.
When the FastIron WS Series switches
power up, they automatically receive an
IP address from DHCP and configuration
information from an already configured
Trivial File Transport Protocol (TFTP)
server. At this time, the switches can
also automatically receive a software
update to be at the same code revision
as already installed switches. Autoconfiguration and built-in intelligence
reduces operating expenditures while
simplifying network management.
Redundant Power Supply Option
All FastIron WS Series switches offer an
external redundant power supply option.
The Brocade External Redundant Power
Supply operates as a backup to the internal
power supply for a device. If an internal
power supply fails, the redundant power
supply will power the device without
affecting network operations.
Advanced Multicast Features
The FastIron WS Series supports a rich set
of Layer 2 multicast features that enable
advanced multicast services delivery.
Internet Group Management Protocol
(IGMP) snooping for IGMP version 1, 2, and
3 is supported. Source-based multicast—a
key requirement for IGMP v3 snooping—is
a Layer 2 service feature. This provides
improved bandwidth utilization and more
secure multicast services delivery.
The FastIron WS Series also supports
Multicast Listener Discovery (MLD) versions
1 and 2 snooping, enabling source-based
multicast applications in IPv6 environments.
Advanced Layer 2 and Layer 3
Protocols for Building Resilient
Networks
Software features, including Virtual Switch
Redundancy Protocol, MRP, Rapid Spanning
Tree Protocol (RSTP), Multiple Spanning
Tree Protocol (MSTP), and 802.3ad Link
Aggregation, provide alternate paths for
traffic in the event of a link failure. Subsecond fault detection utilizing Link Fault
Signaling, protected link groups, and
UniDirectional Link Detection (UDLD) help
ensure rapid fault detection and recovery.
Enhanced Spanning Tree features such
as Root Guard and BPDU Guard prevent
rogue hijacking of Spanning Tree roots
and maintain a contention- and loop-free
environment, especially during dynamic
network deployments. As a result, FastIron
WS Series software and hardware features
provide a robust and resilient infrastructure
solution in a cost-effective and compact
form.
Edge PREM Layer 3 functionality enhances
the capability of the FastIron WS Series
as an edge router platform. The powerful
Layer 3 features enable dynamic routing via
OSFPv1/v2, RIPv1/v2, IPv4 static routes,
virtual network interfaces, routing between
directly connected subnets, VRRP, DHCP
Relay, routed interfaces, and host routes.
With the FastIron WS Series, organizations
can deploy end-to-end Layer 3 networks and
propagate the same routing policies from
edge to core, simplifying network design
and operations.
Comprehensive Enterprise-Class
Edge Security
The Brocade IronWare operating system
powers FastIron WS Series switches.
It offers a rich set of Layer 2 switching
services and Layer 3 routing functionality,
an advanced security suite for Network
Access Control (NAC) and Denial of Service
(DoS) protection, and QoS. Embedded
security features include protection
against Man-in-the-Middle and DoS
attacks via Dynamic ARP inspection, DHCP
snooping, TCP SYN, and ICMP smurf attack
prevention. The FastIron WS Series supports
key features such as Spanning Tree Root
Guard and BPDU Guard to protect network
spanning tree operation along
with broadcast and multicast packet
rate limiting.
Unified Convergence
IronWare advanced QoS controls include
honoring, prioritizing, classifying, and
marking Ethernet and IP traffic, enabling the
switches to honor VoIP traffic using 802.1p
priority and IP Type of Service and DiffServ
Codepoints (TOS/DSCP).
Lawful Intercept
Today’s heightened security environment
may require traffic intercept. The U.S.
Communications Assistance for Law
Enforcement Act (CALEA) compliance,
for example, requires that businesses be
able to intercept and replicate data traffic
directed to a particular user, subnet, or port.
This compliance requirement is essential for
networks implementing IP phones.
The FastIron WS Series supports this
requirement through ACL-based Mirroring,
MAC filter-based mirroring, and VLAN-based
mirroring. Organizations can apply “mirror
ACL” on a port and mirror a traffic stream
based on IP source/destination address,
TCP/UDP source/destination ports, and
IP protocols such as ICMP, IGMP, TCP, and
UDP. A MAC filter can be applied on a port
and mirror a traffic stream based on a
source/destination MAC address. VLANbased mirroring is another option for CALEA
compliance (that is, lawful intercept). Many
enterprises have service-specific VLANs,
such as voice VLANs. With VLAN mirroring,
all traffic on an entire VLAN within a switch
can be mirrored, or specific VLANs can be
transferred to a remote server.
Secure Network Access
The FastIron WS Series supports Brocade
IronShield 360, a unique and powerful
closed-loop threat mitigation solution that
uses best-of-breed intrusion detection
systems to inspect sFlow traffic samples
for possible network attacks. In response
to a detected attack, Brocade Network
Advisor can apply a security policy to the
compromised port. This automated threat
detection and mitigation helps stop
network attacks in real time, without
human intervention.
IronShield 360 detects and mitigates
zero-day (anomaly-based) and known
(signature-based) network attacks. It
leverages hardware-based sFlow packet
sampling technology embedded in FastIron
WS Series switches. The combination of
sFlow packet sampling, Brocade Network
Advisor, and Snort intrusion detection
protects the enterprise from network
attacks. This advanced security capability
provides a network-wide security umbrella
without the added complexity and cost of
ancillary sensors.
Organizations can rely on features such as
multi-device and 802.1X authentication
with dynamic policy assignment to
control network access and perform
targeted authorization on a per-user
level. Additionally, the FastIron WS Series
supports enhanced static MAC with the
ability to deny traffic to and from a MAC
address on a per-VLAN basis, allowing
organizations to control and deploy access
policies per endpoint MAC address. This
provides a powerful tool for controlling
access policies per endpoint device.
Standards-based NAC enables organizations
to deploy best-of-breed NAC solutions for
authenticating network users and validating
the security posture of a connecting device.
Support for policy-controlled, MAC-based
VLANs provides additional control of
network access, allowing for policy-based
assignments of devices to Layer 2 VLANs.
Secure Element Management
The FastIron WS Series includes Secure
Shell (SSHv2), Secure Copy, and SNMPv3
to restrict and encrypt management
communications to the system. Additionally,
support for Terminal Access Controller
Access Control Systems (TACACS/TACACS+)
and RADIUS authentication help ensure
secure operator access.
UNIFIED WIRED/WIRELESS
NETWORK MANAGEMENT WITH
BROCADE NETWORK ADVISOR
Managing enterprise campus networks
continues to become more complex due
to the growth in services that rely on wired
and wireless networks. Services such
as Internet, e-mail, video conferencing,
real-time collaboration, and distance
learning all have specific configuration and
management requirements. At the same
time, organizations face increasing demand
to provide uninterrupted services for highquality voice and UC, wireless mobility,
and multimedia applications.
To reduce complexity and the time spent
managing these environments, the easyto-use Brocade Network Advisor discovers,
manages, and deploys configurations to
groups of IP devices. By using the Brocade
Network Advisor Device Configuration
Manager tool, organizations can configure
VLANs within the network, manage
wireless access point realms or execute
CLI commands on specific devices or
groups of IP devices. sFlow-based proactive
monitoring is ideal for performing networkwide troubleshooting, generating traffic
reports, and gaining visibility into network
activity from the edge to the core. Brocade
Network Advisor centralizes management
of the entire family of Brocade wired
and wireless products, including the
FastIron WS Series.
FAULT DETECTION
The FastIron WS Series provides both
logical fault detection and physical fault
isolation capabilities. Logical fault detection
is supported through software features
such as Remote Fault Notification (RFN),
Protected Link Groups, and UDLD:
•RFN, enabled on 1 GbE transmit ports,
notifies the remote port whenever
the fiber cable is either physically
disconnected or has failed. When this
occurs, the device disables the link and
turns off both LEDs associated with
the ports.
•Protected Link Groups minimize
disruption to the network by protecting
critical links from loss of data and power.
In a protected link group, one port in the
group acts as the primary or active link,
and the other ports act as secondary or
standby links. The active link carries the
traffic. If the active link goes down, one of
the standby links takes over.
•UDLD monitors a link between two
FastIron WS switches and brings the
ports on both ends of the link down if the
link goes down at any point between the
two devices.
Physical fault isolation on the FastIron WS
Series is supported through Virtual Cable
Test (VCT) technology. VCT technology
enables organizations to diagnose a
conductor (wire or cable) by sending a
pulsed signal into the conductor, then
examining the reflection of that pulse. By
examining the reflection, the FastIron WS
Series can detect and report cable statistics
such as local and remote link pair, cable
length, and link status.
In addition, the FastIron WS Series supports
network loop detection and stability features
such as Port Flap Dampening, singlelink LACP, and Port Loop Detection. Port
Flap Dampening increases the resilience
and availability of the network by limiting
the number of port state transitions on
an interface. This reduces the protocol
overhead and network inefficiencies caused
by frequent state transitions occurring on
misbehaving ports.
Single Link LACP can be used as a
bidirectional link detection protocol. This
standards-based solution is useful in mixednetwork environments because it works with
a variety of switches from other vendors.
The Port Loop Detection feature enables
organizations to detect and prevent Layer
1 and Layer 2 loops without using STP.
Organizations that do not enable a Layer
2 Protocol, such as STP to detect physical
loops at the edge, can use Port Loop
Detection to detect loops occurring on a
port as well as within an entire network.
BROCADE GLOBAL SERVICES
To help organizations get the most value
from their technology investments, Brocade
Global Services offers a variety of services
with comprehensive hardware and 24×7
software support, including software fixes
and new releases. Organizations can also
utilize Brocade Professional Services to
implement and validate the functionality
of Brocade products. Leveraging the
Brocade Network Monitoring Service (NMS),
organizations can maximize the availability
and performance of their critical application
environments while reducing infrastructure
cost and complexity.
WARRANTY
The FastIron WS Series is covered by the
Brocade Assurance™ Limited Lifetime
Warranty for as long as the original
purchaser continues to own and use the
product. The warranty covers the product
hardware, including internal power supplies
and internal fans, as well as software
defect repairs. To streamline the product
replacement process, qualified customers
can directly access the MyBrocade™ Portal
to initiate advanced replacement on
registered products.
MAXIMIZING INVESTMENTS
To help optimize technology investments,
Brocade and its partners offer complete
solutions that include education, support,
and services. For more information,
contact a Brocade sales partner or
visit www.brocade.com.
KEY FEATURES AND BENEFITS
Flexible and High-Capacity Solution
•24- and 48-port 10/100 Mbps and 10/100/1000 Mbps (RJ-45) non-Power over
Ethernet (PoE) models
•24- and 48-port 10/100 Mbps and 10/100/1000 Mbps (RJ-45) PoE models
•Efficient space-saving 1RU form factor with front-facing data ports and a built-in
temperature monitor sensor
•Field upgradeability to support Edge Layer 3 features
Robust Power over Ethernet
•Standards-based IEEE 802.3af PoE support
•PoE auto-detection enables support for PoE and non-PoE devices without
configuration changes
•Software accessible system and per port power consumption
•Interoperability with popular VoIP equipment, including legacy IP phones
•Advanced QoS capabilities ensure high quality VoIP support
•LLDP-MED
IronShield Advanced Security
•Multilevel access security for console access
•IronShield 360°—System-wide, automated closed-loop threat detection and
mitigation solution
•Secure, Web-based management
•Secure Shell and SNMPv3 restrict and encrypt communications to the management
interface and system
•Terminal Access Controller Access Control Systems (TACACS/TACACS+) and RADIUS
operator authentication
•Secure Shell (SSHv2), SCP, and SNMPv3 secure remote management access and
communications
•MAC filters, Layer 3/Layer 4 ACLs and binding the ACL to TELNET, Web management and
SNMP interface for secure management access
•IEEE 802.1x authentication including multiple device authentication and dynamic VLAN,
ACL, and MAC filter assignment for authenticated clients
•Private VLANs provide security and isolation between switch ports to help ensure that
users cannot snoop on other users’ traffic
•Denial of Service Protection—Monitoring, throttling, and locking out of ICMP and TCP SYN
traffic both to the management address of the switch and for transit traffic
•Man-in-the-Middle prevention using Dynamic ARP Inspection and DHCP Snooping
•Port Security and MAC Address Locking limits the number MAC addresses on a port. Using
Port Security network managers can allow specific MAC addresses access to the network
for specific time periods
•MAC address authentication including multiple device authentication and dynamic policy
configuration
•Policy-controlled, MAC-based VLANs provide additional control of network access, allowing
for policy-controlled assignments of devices to Layer 2 VLANs
KEY FEATURES AND BENEFITS CONTINUED
Advanced Quality of Service
•Packet classification, reclassification, policing, marking, and remarking
•Identification, classification, and reclassification of traffic based on specific criteria such as
port, source/destination MAC address, 802.1p priority bit, source/destination IP address,
Type of Service (ToS), Differentiated Services Codepoints (DSCP), or TCP/UDP port
•Flexible queue servicing utilizing configurable Weighted Round Robin (WRR), Strict Priority
(SP), or hybrid SP/WRR
•8 hardware queues for flexible QoS management
•Ingress rate limiting—standard and extended ACL control
•ACLs configured on a per-port per VLAN basis
•Egress rate limiting—per port, per queue
•Support for up to 256 wire-speed ingress traffic policers with each policer supporting
configurable metering with maximum and burst size settings, color aware and out-of-profile
packet remarking or dropping
•sFlow and port mirroring on the same port
System and Network Resilience
•Advanced Layer 2 service protection features: Metro Ring Protocol, Virtual Switch
Redundancy Protocol, Rapid Spanning Tree, Multiple Spanning Tree, Per VLAN Spanning
Tree (PVST, PVST+), Protected Link groups, Link Fault Signaling (LFS), Remote Fault
Notification (RFN)
•Port range with port speed downshift and selective auto negotiation
•Port loop detection to detect Layer 1/Layer 2 loops
•Image checksum verification
•Next boot information
•Port flap dampening
•Single link LACP as a standards-based bi-directional link detection protocol
SYSTEM SUMMARY 1, 2
Feature
FWS624
FWS624EPREM
FWS624POE
FWS624G
FWS624GEPREM
FWS624GPOE
FWS648
FWS648EPREM
FWS648POE
FWS648G
FWS648GEPREM
FWS648GPOE
Switching Performance
12 Gbps
12 Gbps
48 Gbps
48 Gbps
16.8 Gbps
16.8 Gbps
96 Gbps
96 Gbps
Forwarding Performance
9 Mpps
9 Mpps
36 Mpps
36 Mpps
12.6 Mpps
12.6 Mpps
72 Mpps
72 Mpps
10/100 Mbps Port Density
(RJ-45)
20 plus 4port Combo
10/100 Mbps PoE Density
(RJ-45)
44 plus 4port Combo
20 plus 4-port
Combo
10/100/1000 Mbps Port
Density (RJ-45)
44 plus 4port Combo
20 plus 4port Combo
10/100/1000 Mbps PoE
Density (RJ-45)
100/1000 Mbps SFP
Port Density
44 plus 4port Combo
20 plus 4port Combo
4 Combo
4 Combo
4 Combo
100 Mbps Optics
4 Combo
44 plus 4-port
Combo
4 Combo
4 Combo
4 Combo
4 Combo
100Base-FX and 100Base-BX
Gigabit Ethernet Optics
SX, SX2, LX, LHA, LGB, 1000Base-BX, and CWDM
Internal AC Power Supply
65 W
530 W
65 W
530 W
100 W
530 W
100 W
530 W
External RPS Option
RPS2-EIF
150 W
RPS12
900 W
RPS2-EIF
150 W
RPS12
900 W
RPS2-EIF
150 W
RPS12
900 W
RPS2-EIF
150 W
RPS12
900 W
Maximum Number of
MAC Addresses
16,000
16,000
16,000
16,000
16,000
16,000
16,000
16,000
Maximum Number of VLANs
44,096
44,096
44,096
44,096
44,096
44,096
44,096
44,096
Maximum Number of STP
253
253
253
253
253
253
253
253
Hardware Routes
11,000
11,000
11,000
11,000
11,000
11,000
11,000
11,000
IGMP Snooping
v1, v2 and v3 v1, v2 and v3
v1, v2 and v3 v1, v2 and v3
v1, v2 and v3 v1, v2 and v3
v1, v2 and v3
v1, v2 and v3
MLD Snooping
v1 and v2
v1 and v2
v1 and v2
v1 and v2
v1 and v2
v1 and v2
v1 and v2
v1 and v2
PIM-SM Snooping
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
IGMP Proxy for Static Groups
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
L3 Access Control List
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Link and Protocol Resilience
BPDU and Root Guard, Single Link LACP, Port Loop Detection, Port Flap Dampening, Trunk Threshold
Number of Ports per Trunk
8
8
8
8
8
8
8
8
Number of Trunk Groups
12
12
12
12
24
24
24
24
Multi-device Authentication
and Dynamic VLAN
Assignment
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
802.1x Authentication and
Dynamic VLAN Assignment
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
MAC-based VLANs
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Metro Features
VLAN Stacking, Super Aggregated VLANs (SAVs), Metro Ring Protocol 1 (MRP 1),
Virtual Switch Redundancy Protocol (VSRP), Topology Groups, VRRP
1
Switching and forwarding performance specifications are provided for a single FastIron WS unit.
2
Port densities are provided for a single FastIron WS unit.
BROCADE FASTIRON WS SPECIFICATIONS
Standards Compliance
MAC filter override of 802.1X
• IEEE 802.1p Quality of Service (QoS)
• IEEE 802.1s Multiple Spanning Tree
• IEEE 802.1W Rapid Spanning Tree (RSTP)
• IEEE 802.1X Port-based Network Access Control
• IEEE 802.3ad link aggregation (dynamic trunk groups)
• IEEE 802.1Q with tagging
• IEEE 802.1AB LLDP
• IEEE 802.1D-2004 MAC Bridging
• IEEE 802.3 10Base-T
• IEEE 802.3ad Link Aggregation (Dynamic and Static)
• IEEE 802.3u 100Base-TX
• IEEE 802.3x Flow control (Asymmetric)
• IEEE 802.3z 1000Base-SX/LX
• IEEE 802.3ab 1000BaseT
• IEEE 802.3 MAU MIB (RFC 2239)
• ANSI TIA 1057 LLDP-MED
Ability to disable MAC Learning
Layer 2 Features
802.1D Spanning Tree
Support
• Enhanced IronSpan support includes
Fast Port Span and Single-instance Span
• Brocade Layer 2 devices (switches)
support up to 253 spanning tree instances
for VLANs.
• PVST/PVST+ compatibility
• PVRST compatibility
802.1p Quality of Service
(QoS)
• Strict Priority (SP)
MAC authentication RADIUS time-out action
802.1X authentication RADIUS time-out action
802.1X dynamic assignment for ACL, MAC filter, and VLAN
Automatic removal of Dynamic VLAN for 802.1X ports
Metro Ring Protocol 1 (MRP 1)
MLD Snooping v1/v2
PIM-SM V2 Snooping
Remote Fault Notification (RFN) for Gigabit Ethernet ports
LACP
• Support for single link LACP
Trunk groups
• Option to include L2 in trunk hash calculation
• Support for trunk threshold
Topology groups
UniDirectional Link Detection (UDLD) (Link keep-alive)
Virtual Switch Redundancy Protocol (VSRP)
VSRP-Aware security features
VLAN Support:
• Combined SP and WRR
• 8 priority queues
802.1s Multiple Spanning Tree
• 802.1W RSTP support allows for
sub-second convergence
Port Security
• MAC port security
• Multi-device port authentication
Port mirroring and
monitoring
ACL-based mirroring
• Dynamic ACLs with Multi-Device
Port Authentication
VSRP Fast Start
• Mirroring of both inbound and outbound
traffic on individual ports is supported.
VSRP and MRP signaling
Static MAC entries with option to set priority
16,000 MAC Addresses
ACL-based rate limiting QoS
Access Control Lists (ACLs)
for filtering transit traffic
• 4096 maximum VLANs
• 802.1Q with tagging
• Dual-mode VLANs
• GVRP
• Protocol VLANs (AppleTalk, IPv4, dynamic
IPv6, and IPX)
• Layer 3 Subnet VLANs (AppleTalk, IP subnet
network, and IPX)
VLAN-based mirroring
• Multiple-device port authentication with
dynamic VLAN assignment
PVRST Compatibility
Address Locking
• Support for inbound ACLs
Auto MDI/MDIX
IPv4 ACLs
10/100/1000 Mbps
port speed
BPDU Guard
Auto-negotiation
Root Guard
802.3af Power over Ethernet
Configuring Uplink Ports within a Port-based VLAN
Protected Link Groups
Dynamic Host Configuration Protocol (DHCP) Assist
Port-based Access Control Lists
IGMP v1/v2/v3 Snooping (IGMPv3 source specific snooping in Layer 2 only)
IGMP v2/v3 Fast Leave
Inter-packet Gap (IPG) adjustment
Jumbo Frames
GARP VLAN Registration Protocol
MAC filter-based Mirroring
Port speed downshift and selective auto-negotiation
IGMP Tracking
• 1-Gigabit Ethernet ports
• Up to 9216 bytes
LLDP and LLDP-MED
MAC-Based VLANs
• Dynamic MAC-based VLAN activation
Layer 2 MAC filtering
• Filtering on source and destination
MAC address
MAC authentication password override
Flexible trunk group membership
• Weighted Round Robin (WRR)
802.1W Rapid Spanning
Tree (RSTP)
• MLD v1/v2 snooping (global and local)
• MLD fast leave for v1
• MLD tracking and fast leave for v2
• Static MLD and IGMP groups with support
for proxy
Dynamic Voice VLAN Assignment
Private VLANs and uplink-switch
Port Loop Detection
VLAN based Static MAC Denial
Layer 2 Metro Features
• Metro Ring Protocol (MRP 1)
• Virtual Switch Redundancy Protocol (VSRP)
• Topology Groups
BROCADE FASTIRON WS SPECIFICATIONS CONTINUED
Base Layer 3 Features
Management and Control
• DHCP Relay
• Embedded DHCP Server
• ECMP
• IP helper
• PIM Snooping
• RIP v1/v2 announce
• Routing for directly connected IP subnets
• Static IP
• Virtual Interfaces—Up to 255 virtual interfaces
• VRRP
• VSRP and VSRP Aware
• Routed Interfaces
• IPv4 Static Routes
• Routing between directly connected subnets
• RFC 854 TELNET Client and Server
• RFC 783 TFTP
• RFC 2131 DHCP Relay, Embedded DHCP Server
• RFC 2068 Embedded HTTP
• RFC 2818 Embedded HTTPS
• AAA support for console commands
• Access Control Lists (ACLs) for controlling management access
• Combined DSCP and internal marking in one ACL rule
• DSCP Mapping for values 1 through 8
• Configuring an interface as the source for all TFTP, Syslog, and SNTP packets
• Alias Command
• Asymmetric flow control
• Responds to flow control packets, but does not generate them.
• Disabling TFTP Access
• Brocade Network Advisor
• Port flap dampening
• Remote monitoring (RMON)
• RFC 3176 sFlow
• 802.1X username export support for encrypted and non-encrypted
EAP types
• Show log on all terminals
• Serial and Telnet access to industry-standard Command Line Interface (CLI)
• SNMP v1, v2, v3
• SNMP v3 traps
• Web-based GUI
Layer 3 Edge PREM Features
• Host routes
• IGMP V1, V2, and V3
• OSPFv1,v2
• RIP V1 , V2
• Route-only support
• Routes in hardware maximum: 1000
• VRRP
Quality of Service
• DHCP Relay
• DiffServ Support
• Combined DSCP and internal marking in one ACL rule
• DSCP Mapping for values 1 through 8
• 802.1p Quality of Service (QoS)
• Strict Priority (SP).
• Weighted Round Robin (WRR)
• Combined SP and WRR
• 8 priority queues
• ACL-based rate limiting QoS
• Priority mapping using ACLs
• Static MAC entries with option to set priority
• MAC Address Mapping to Priority Queue
• ACL Mapping to Priority Queue
• ACL Mapping to ToS/DSCP
• Honoring DSCP and 802.1p
• ACL Mapping and Marking of ToS/DSCP
• Classifying and Limiting Flows based on TCP flags
Traffic Management
• ACL-based Fixed rate limiting
• Inbound Fixed rate limiting
• ACL-based rate limiting QoS
• Broadcast, Multicast and unknown Unicast Rate Limiting
• Inbound Rate Limiting per port
• ACL-based inbound rate limiting and traffic policies
• Outbound Rate Limiting per port and per queue
Key-based Activation of Optional Software Features
• Multiple Syslog server logging
• Up to six Syslog servers
• Specifying a Simple Network Time Protocol (SNTP) Server
• Displaying interface names in Syslog
• Displaying TCP/UDP port numbers in Syslog messages
• Boot and reload after 5 minutes at or above shutdown temperature
• Digital optical monitoring
• Negative temperature setting
• Virtual Cable Testing (VCT) technology
• Uses Time Domain Reflectometry (TDR) technology to detect and report
cable statistics such as; local and remote link pair, cable length, and link status.
• Brocade Discovery Protocol (BDP)
• Cisco Discovery Protocol (CDP)
• RFC 1213 MIB-II
• RFC 1493 Bridge MIB
• RFC 1516 Repeater MIB
• RFC 1573 SNMP MIB II
• RFC 1643 Ethernet MIB
• RFC 1724 RIP v1/v2 MIB
• RFC 1757 RMON MIB
• RFC 2570 SNMPv3 Intro to Framework
• RFC 2571 Architecture for Describing SNMP Framework
• RFC 2572 SNMP Message Processing and Dispatching
• RFC 2573 SNMPv3 Applications
• RFC 2574 SNMPv3 User-based Security Model
• RFC 2575 SNMP View-based Access Control Model SNMP
• MIB support for MRP, Port Security, MAC authentication and MAC-based VLANs
• Configuration Logging
• Auto-configuration
Embedded Security
Regulatory Compliance and Safety Approvals
•IEEE 802.1X username export in sFlow
•DHCP Snooping
•Dynamic ARP Inspection
•Denial of Service (DoS) protection
• EAP Pass-through Support
•Packet filtering on TCP Flags
•Protection for Denial of Service attacks
Emissions
• FCC Title 47, Part 15 , Subpart B (Class A)
• ICES-003 (Canada) (Class A)
• EN 55022 (CE mark) (Class A)
• AS/NZ 55022 (Australia) (Class A)
• Korea KN 22 and KN 61000-4 series
• EN 61000-6-3
• VCCI (Japan) (Class A)
• EN 61000-3-2
• EN 61000-3-3
• EN 61000-6-1
• Taiwan CNS 13438 Class A
Safety
• CAN/CSA C22.2
No.60950-1-03/UL 60950-1
• TUV GS, TUV CB
• EN 60950-1:2001+A11
• IEC 60950-1:2001
Immunity
• EN 55024, Information Technology
Equipment (CE Mark)
Secure Management
• Authentication, Authorization, and Accounting (AAA)
• RADIUS/TACACS/TACACS+
• Bi-level Access Mode (Standard and EXEC Level)
• Secure Copy (SCP)
• Secure Shell (SSHv2)
• Username/Password
• Advanced Encryption Standard (AES) with SSHv2
Dimensions
All FastIron WS models
1.7” (H) x 17.32” (W) x 13.78” (D)
4.34 cm (H) x 44 cm (W) x 35 cm (D)
• EN 61000-6-1, Electromagnetic
Compatibility, Generic Standard
Weight
FWS624/FWS624G
8.8 lbs (4 kg)
FWS648/FWS648G
9.9 lbs (4.5 kg)
• EN 55024, Immunity Characteristics
• EN 61000-4-2, ESD
Environmental Ranges
• EN 61000-4-3, Radiated, Radio Frequency,
Electromagnetic Field
• Operating Noise: <43 dBA (ideal)
• EN 61000-4-4, Electrical Fast Transient
• Operating temperature: 0° to 40°C
• EN 61000-4-5, Surge
• Relative humidity: 5% to 95%, non-condensing
• EN 61000-4-6, Conducted Disturbances
Induced by Radio Frequency Fields
• Storage temperature: -40° to 70°C
• EN 61000-4-8, Power Frequency
Magnetic Field
• Vibration: IEC 68-2-36, IEC 68-2-6
• Shock: IEC 68-2-29
• EN 61000-4-11, Voltage Clips, Short Interruptions and Voltage Variations
• Drop: IEC-68-2-32
• Maximum watts:
• FWS624/FWS624G: 42W (144 BTU/hr)
• FWS648/FWS648G: 83W (284 BTU/hr)
• Storage altitude: 10000 ft
MTBF
• FWS624/624G: 370,521hrs (at 25C)
• FWS648/648G: 276,651 hrs ( at 25C)
WEEE compliant
RoHS
RoHS Compliant (6 of 6)
DATA SHEET
POWER UTILIZATION
Current @
100 VAC
(Amps)
Current @
200 VAC
(Amps)
Current
@ 40 VDC
(Amps)
Max System
Power Draw
(Watts)
Max Thermal
(BTU/Hr)
Power/GbE
(Watts)
Power/100Mb
(Watts)
FastIron WS624
0.4
0.28
N/A
23
78.5
—
0.95
FastIron WS648
0.51
0.26
N/A
51
175
—
1.07
FastIron WS624G
0.67
0.47
N/A
42
143.3
1.75
—
FastIron WS648G
0.84
0.43
N/A
83
283.2
1.73
—
Corporate Headquarters
San Jose, CA USA
T: +1-408-333-8000
info@brocade.com
European Headquarters
Geneva, Switzerland
T: +41-22-799-56-40
emea-info@brocade.com
Asia Pacific Headquarters
Singapore
T: +65-6538-4700
apac-info@brocade.com
© 2010 Brocade Communications Systems, Inc. All Rights Reserved. 09/10 GA-DS-1279-02
Brocade, the B-wing symbol, BigIron, DCFM, DCX, Fabric OS, FastIron, IronView, NetIron, SAN Health, ServerIron,
TurboIron, and Wingspan are registered trademarks, and Brocade Assurance, Brocade NET Health, Brocade One,
Extraordinary Networks, MyBrocade, and VCS are trademarks of Brocade Communications Systems, Inc., in the United
States and/or in other countries. Other brands, products, or service names mentioned are or may be trademarks or
service marks of their respective owners.
Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied,
concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the
right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This
informational document describes features that may not be currently available. Contact a Brocade sales office for
information on feature and product availability. Export of technical data contained in this document may require an
export license from the United States government.