Enterasys 7GR4202-30 network switch

D ATASH EET
N-Series Diamond DFE
Convergence-ready, 10GE Modular L2/L3/L4 Switch for Edge-to-Core and Data Center
Optimized for network core and data
center deployments with enhanced policy
capabilities
Industry-leading 24x7x365 business continuity
via a fully Distributed Switch Routing architecture
Benefits
Business Alignment
Extends the N-Series industry-leading
investment protection
• Flexible, high-performance Gigabit and
10 Gigabit connectivity options for ease of
deployment and upgrade
Flow-based architecture optimized for iSCSI and
Server Virtualization
• The industry’s most granular multi-layer
classification capabilities ensure on-time
delivery and prioritization of today’s
mission-critical applications
1.68 Tbps switching architecture enables
high density Gigabit and 10 Gigabit Ethernet
switching and routing deployments
Product Overview
Enterasys N-Series Diamond Distributed Forwarding Engines (DFEs) are optimized for large scale,
multi-user policy deployments in data center server farms and at the distribution and core layers of
the network. Diamond DFEs support the full range of Secure Networks™ features, including advanced
Quality of Service (QoS) and per-user traffic rate limiting. Available in 10/100/1000, 1000 Base-X
and 10 Gigabit configurations, Diamond DFEs include additional processing power, memory, policy
capacity expansion, and advanced routing licenses for medium to large enterprise backbone and
distribution-layer routing applications.
Capable of being installed in any of the N-Series chassis, Diamond DFEs are designed to provide
high-performance, high-density Gigabit and 10 Gigabit Ethernet aggregation at the core and
distribution layers of enterprise networks.
N-Series DFEs significantly enhance the multi-user policy capacities of the N-Series, providing
support for up to 2,000 authenticated users per chassis, enabling advanced policy management,
QoS and firewall-like control for the largest of enterprise or campus networks. This enhanced
capacity allows the N-Series to act as a proxy policy gateway for other network devices such as
wireless access points and third-party switches, ensuring only authorized users and devices can
access the network and its applications.
The N-Series implements the industry’s only granular, flow-based architecture to intelligently
manage individual user and application conversations—not just ports or VLANs. Policy rules
combined with deep-packet inspection that easily and intelligently sense and automatically
respond to security threats and Denial of Service (DoS) attacks while ensuring the highest
reliability and QoS.
Diamond DFEs utilize the unique, distributed fault-tolerance architecture of the N-Series.
Each DFE is an integrated switching, routing, and management module that makes forwarding
decisions, enforces security policies, and classifies incoming traffic. Multiple DFEs create a
single, highly-manageable logical switching and routing system.
Diamond DFEs are the logical and ideal choice for enterprises that require market-leading
reliability, performance, and security in their network.
• High-availability “always on” networking
optimized for VoIP and VoD convergence
Operational Efficiency
• Advanced data center and backbone
routing services including support for
large router topologies, server load
balancing, comprehensive traffic
accounting and capacity planning
• Fully distributed switching architecture
that is unmatched for resiliency and
availability
• Low power consumption and thermal
output BTU/Hour drives down power and
cooling costs therefore lowering TCO
Security
• Flow-based architecture delivers
end-to-end visibility and control over
users, services, and applications
• Provides security at the core of the
network with advanced policy and
routing control, supplemented with
advanced Anti-DoS attack capabilities and
ACL-like security on every port for
downstream devices
• Diamond DFEs enhance the N-Series
position as the only enterprise switch to
enable up to 1000 high-capacity multiuser, multi-method authentications on
every port (802.1X, Web, MAC address)
Support and Services
• Industry-leading customer satisfaction
and first call resolution
• Personalized services, including site surveys,
network design, installation, and training
There is nothing more important
than our customers.
Density and Performance
The N-Series provides high performance and high density:
Diamond DFE
N1
N3
N5
N7
Performance (Mpps)
13.5 Mpp
40.5 Mpps
67.5 Mpps
94.5 Mpps
Capacity
18 Gbps
54 Gbps
90 Gbps
126 Gbps
10/100/1000 Base-TX Ports
30
90
150
210
1000 Base-X Ports
24
72
120
168
10G Base-X Ports
4
12
20
28
Performance/Capacity
Switching Fabric Bandwidth
18 Gbps per DFE
Switching Throughput
13.5 Mpps (Measured in 64-byte packets)
Routing Throughput
13.5 Mpps (Measured in 64-byte packets)
Address Table Size
65,536 MAC Addresses
Classification Rules
57,344/chassis
VLANs Supported
4094
Memory
Main Memory: 256 MB
Flash Memory: 32 MB
Transmit Queues
4/12
Standards and Protocols
Switching/VLAN Services
Extended IP Routing
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
802.1Q VLANs
802.1D MAC Bridges
802.1w Rapid-reconvergence of Spanning Tree
802.1s Multiple Spanning Tree
802.3ad Link Aggregation
802.3ae Gigabit Ethernet
802.3az 10 Gigabit Ethernet
802.3x Flow Control
IP Multicast (IGMP support v1, v2, per VLAN querier offload)
Jumbo Packet with MTU Discovery Support for Gigabit
Link Flap Detection
Dynamic Egress (Automated VLAN Port Configuration)
Generic VLAN Registration Protocol (GVRP)
IP Routing
•
•
•
•
•
•
•
•
•
•
•
•
RFC 1812 General Routing
RFC 792 ICMP
RFC 1256 ICMP Router Discovery Protocol
RFC 826 ARP
RFC 1027 Proxy ARP
Static Routes
RFC 1723 RIPv2 with Equal Cost Multi-path Load Balancing
RFC 1812 RIP Requirements
RFC 1519 CIDR
RFC 2338 Virtual Router Redundancy Protocol (VRRP)
Standard ACLs
DHCP Server RFC 1541/ Relay RFC 2131
RFC 1583/RFC 2328 OSPFv2
RFC 1587 OSPFv2 NSSA
RFC 1745 OSPF Interactions
RFC 1746 OSPF Interactions
RFC 1765 OSPF Database Overflow
RFC 2154 OSPF with Digital Signatures (Password & MD5)
OSPF with Multi-path Support
OSPF Passive Interfaces
RFC 2391 Load Sharing using Network Address Translation
Extended ACLs
Policy-based Routing
RFC 1112 IGMP
RFC 2236 IGMPv2
DVMRP v3-10
RFC 2361 Protocol Independent Multicast - Sparse Mode
Network Security and Policy Management
•
•
•
•
•
•
•
•
•
•
•
802.1X Quthentication
Web-based Authentication (PWA+)
MAC-based Authentication
Convergence Endpoint Discovery with Dynamic Policy Mapping (Siemens HFA, Cisco VoIP, H.323 and SIP, LLDP-MED)
Multiple Authentication Types per Port Simultaneously
(802.1x, MAC, PWA+)
Multiple Authenticated Users per Port with Unique Policies per
User/End System (VLAN Association Independent)
RFC 3580 IEEE 802.1 RADIUS Usage Guidelines, with VLANto-Policy Mapping & VLAN Assignment via Authentication
Worm Suppression (Flow Set-Up Throttling)
Broadcast Suppression
ARP Storm Prevention
MAC-to-Port Locking
Page 2
• Span Guard (Spanning Tree Protection)
• Stateful Intrusion Detection System Load
Balancing
• Stateful Intrusion Prevention System and
Firewall Load Balancing
• Behavioral Anomaly Detection/Flow
Collector (Non-sampled Netflow Version 5
and Version 9)
• Static Multicast Group Provisioning
• Multicast Group, Sender, and Receiver
Policy Control VLAN TAG Overwrite
Class of Service
• Strict Priority Queuing
• Weighted Fair Queuing with Queue
Bandwidth Shaping
• 4/16 Transmit Queues per Port
(1000BaseX SFP)
• 4 Transmit Queues per Port (10/100/1000)
• 16 Transmit Queues Per port
(10 Gigabit Ethernet)
• Up to 1024 Rate Limiters
• Packet Count or Bandwidth-based
Rate Limiters
• IP ToS/DSCP Marking/Remarking
• 802.1D Priority-to-Transmit Queue Mapping
Network Management
•
•
•
•
NMS Console
NMS Policy Manager
NMS Inventory Manager
NMS Automated Security Manager
Management, Control, and Analysis
•
•
•
•
•
•
•
•
•
•
•
•
•
•
SNMP v1/v2c/v3
Web-based Management Interface
Industry Common Command Line Interface
Multiple Software Image Support with
Revision Roll Back
Multi-configuration File Support
Editable Text-based Configuration File
COM Port Boot Prom and Image Download
via ZMODEM
Telnet Server and Client
Secure Shell (SSHv2)
Cabletron Discovery Protocol
Cisco Discovery Protocol v1/v2
IEEE 802.1AB LLDP, TIA/ANSI 1057
LLDP-MED
Syslog
FTP Client
•
•
•
•
•
•
•
•
Simple Network Time Protocol (SNTP)
Netflow Version 5 and Version 9
RFC 3580 VLAN Authorization
RFC 2865 RADIUS
RFC 2866 RADIUS Accounting
TACACS+ for Management Access Control
Management VLAN
16 Many-to-One Port, One-to-Many Ports, VLAN
Mirror Sessions (64 when DFE Deployed with an
N1/NSA Chassis)
IETF and IEEE MIB Support
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
RFC 1213 & RFC 2011 IP-MIB
RFC 1493 Bridge MIB
RFC 1659 RS-232 MIB
RFC 1724 RIPv2 MIB
RFC 1850 OSPF MIB
RFC 2012 TCP MIB
RFC 2013 UDP MIB
RFC 2096 IP Forwarding Table MIB
RFC 2276 SNMP-Community MIB
RFC 2578 SNMPv2 SMI
RFC 2579 SNMPv2-TC
RFC 2613 SMON MIB
RFC 2674 802.1p/Q MIB
RFC 2737 Entity MIB
RFC 2787 VRRP MIB
RFC 2819 RMON MIB (Groups 1-9)
RFC 2863 IF MIB
RFC 2864 IF Inverted Stack MIB
RFC 2922 Physical Topology MIB
RFC 3273 HC RMON MIB
RFC 3291 INET Address MIB
RFC 3411 SNMP Framework MIB
RFC 3412 SNMP-MPD MIB
RFC 3413 SNMPv3 Applications
RFC 3414 SNMP User-based SM MIB
RFC 3415 SNMP View-based ACM MIB
RFC 3417 SNMPv2-TM
RFC 3418 SNMPv2 MIB
RFC 3621 Power Ethernet MIB
RFC 3635 EtherLike MIB
RFC 3636 MAU MIB
IEEE 802.3 LAG MIB
IEEE 802.1PAE MIB
RSTP MIB
USM Target Tag MIB
U Bridge MIB
Draft-ietf-idmr-dvmrp-v3-10 MIB
Draft-ietf-pim-sm-v2-new-09 MIB
SNMP-REARCH MIB
IANA-ADDRESS-FAMILY-NUMBERS MIB
Private MIBs
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Ct-broadcast MIB
Ctron-CDP MIB
Ctron-Chassis MIB
Ctron-igmp MIB
Ctron-q-bridge-mib-ext MIB
Ctron-rate-policying MIB
Ctron-tx-queue-arbitration MIB
Ctron-alias MIB
Cisco-TC MIB
Cisco-CDP MIB
Cisco-netflow MIB
Enterasys-configuration-management MIB
Enterasys-MAC-locking MIB
Enterasys-convergence-endpoint MIB
Enterasys-notification-authorization MIB
Enterasys-netfow MIB
Enterasys-license-key MIB
Enterasys-aaa-policy MIB
Enterasys-class-of-service MIB
Enterasys-multi-auth MIB
Enterasys-mac-authentication MIB
Enterasys-pwa MIB
Enterasys-upn-tc MIB
Enterasys-policy-profile MIB
Enterasys-flow-limiting MIB
DDoS Attack Protection
Tested Against
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
TCP/UDP Port Scan
Christmas Tree Attack
Fraggle Attack
Fragmented & Large ICMP
ICMP Flood
Invalid ICMP Attacks
ICMP Re-direct Attack
LANd
TCP Syn Fin Attack
TCP Syn Flood
Tear Drop Attack
UDP Port Flood
Invalid UDP Attacks
Invalid IGMP Attacks
Cisco Global Exploiter
Shadowcode TTL Attack
NTP DoS
Open TCP Session Attacks
Flood TCP Session
Page 3
Specifications
Physical Specifications
Agency and Standards Specifications
•
•
•
•
Dimensions (H x W x D):
46.43 cm x 6.05 cm x 29.51 cm (18.28” x 2.38” x 11.62”)
Weight Range
— Shipping: 4.98 kg (10.95 lbs) to 7.09 kg (15.60 lbs)
— Net: 3.36 kg (7.40 lbs) to 5.43 kg (11.95 lbs)
Safety: UL 60950, CSA 60950, EN 60950, EN 60825,
and IEC 60950
Electromagnetic compatibility: 47 CFR Parts 2 and 15, CSA C108.8, EN 55022, EN 55024, EN 61000-3-2, EN 61000-3-3, AS/NZS CISPR 22, and VCCI
Environmental Specifications
•
•
•
•
Operating Temperature: +5° C to +40° C (41° F to 104° F)
Storage Temperature: -30° C to +73° C (-22° F to 164° F)
Operating Humidity: 5% to 90% relative humidity, non-condensing
Power Consumption: 100 to 125 VAC or 200 to 250 VAC;
50 to 60 Hz
Ordering Information
Part Number
Description
Diamond Distributed Forwarding Engines
7KR4297-04
Diamond DFE with 4 10 Gigabit Ethernet 10GBase XFP optics slots
7KR4297-02
Diamond DFE with 2 10 Gigabit Ethernet 10GBase XFP optics slots
7KR4290-02
Diamond DFE with 2 10-Gigabit Ethernet 10GBase XenPak optics slots
7GR4280-19
Diamond DFE with 18 1000Base-X ports via Mini-GBIC connectors and one expansion module slot
7GR4270-12
Diamond DFE with 12 1000Base-X ports via Mini-GBIC connectors
7GR4202-30
Diamond DFE with 30 10/100/1000 Ethernet ports via RJ45 connectors
Network Expansion Modules and Network Security Modules
7G-6MGBIC-B
Network Expansion Module with 6 1000Base-X ports via Mini-GBIC connectors (supports 100-Base-FX Mini-GBIC)
7K-2XFP-6MGBIC
Network Expansion Module with 6 1000Base-X ports via Mini-GBIC connectors, plus 2 10 Gigabit Ethernet ports via XFP
7S-DSNA7-01
N-Series Security Module for Intrusion Detection
7S-NSTAG-01
N-Series Security Module for Network Access Control
WS-C20N-32
N-Series Wireless Controller Module
Notes
1. Diamond DFEs can be installed in any slot of a N7, N5, N3, N1 or E7 chassis.
2. Diamond and Platinum DFEs can be mixed in the same chassis; it is recommended that a minimum of two Diamond DFEs are installed per chassis when routing.
3. Diamond DFEs require no additional licenses for routing or policy services.
Page 4
Ordering Information (cont.)
Transceivers
Enterasys transceivers provide connectivity options for Ethernet over
twisted pair copper and fiber optic cables with transmission speeds
from 100 Megabits per second to 10 Gigabits per second. All Enterasys
transceivers meet the highest quality for extended life cycle and the best
possible return on investment. For detailed specifications, compatibility
and ordering information please go to http://www.enterasys.com/products/
transceivers-ds.pdf.
Service and Support
Enterasys Networks provides comprehensive service offerings that range
from Professional Services to design, deploy and optimize customer
networks, customized technical training, to service and support tailored
to individual customer needs. Please contact your Enterasys account
executive for more information about Enterasys Service and Support.
Warranty
As a customer-centric company, Enterasys is committed to providing
quality products and solutions. In the event that one of our products
fails due to a defect, we have developed a comprehensive warranty that
protects you and provides a simple way to get your products repaired or
media replaced as soon as possible.
The Enterasys N-Series comes with a one year hardware warranty.
For full warranty terms and conditions please go to
http://www.enterasys.com/support/warranty.aspx.
Contact Us
For more information, call Enterasys Networks toll free at 1-877-801-7082,
or +1-978-684-1000 and visit us on the Web at enterasys.com
Patented Innovation
© 2011 Enterasys Networks, Inc. All rights reserved. Enterasys Networks reserves the right to change
specifications without notice. Please contact your representative to confirm current specifications.
Please visit http://www.enterasys.com/company/trademarks.aspx for trademark information.
03/11
Delivering on our promises. On-time. On-budget.