D ATASH EET N-Series Diamond DFE Convergence-ready, 10GE Modular L2/L3/L4 Switch for Edge-to-Core and Data Center Optimized for network core and data center deployments with enhanced policy capabilities Industry-leading 24x7x365 business continuity via a fully Distributed Switch Routing architecture Benefits Business Alignment Extends the N-Series industry-leading investment protection • Flexible, high-performance Gigabit and 10 Gigabit connectivity options for ease of deployment and upgrade Flow-based architecture optimized for iSCSI and Server Virtualization • The industry’s most granular multi-layer classification capabilities ensure on-time delivery and prioritization of today’s mission-critical applications 1.68 Tbps switching architecture enables high density Gigabit and 10 Gigabit Ethernet switching and routing deployments Product Overview Enterasys N-Series Diamond Distributed Forwarding Engines (DFEs) are optimized for large scale, multi-user policy deployments in data center server farms and at the distribution and core layers of the network. Diamond DFEs support the full range of Secure Networks™ features, including advanced Quality of Service (QoS) and per-user traffic rate limiting. Available in 10/100/1000, 1000 Base-X and 10 Gigabit configurations, Diamond DFEs include additional processing power, memory, policy capacity expansion, and advanced routing licenses for medium to large enterprise backbone and distribution-layer routing applications. Capable of being installed in any of the N-Series chassis, Diamond DFEs are designed to provide high-performance, high-density Gigabit and 10 Gigabit Ethernet aggregation at the core and distribution layers of enterprise networks. N-Series DFEs significantly enhance the multi-user policy capacities of the N-Series, providing support for up to 2,000 authenticated users per chassis, enabling advanced policy management, QoS and firewall-like control for the largest of enterprise or campus networks. This enhanced capacity allows the N-Series to act as a proxy policy gateway for other network devices such as wireless access points and third-party switches, ensuring only authorized users and devices can access the network and its applications. The N-Series implements the industry’s only granular, flow-based architecture to intelligently manage individual user and application conversations—not just ports or VLANs. Policy rules combined with deep-packet inspection that easily and intelligently sense and automatically respond to security threats and Denial of Service (DoS) attacks while ensuring the highest reliability and QoS. Diamond DFEs utilize the unique, distributed fault-tolerance architecture of the N-Series. Each DFE is an integrated switching, routing, and management module that makes forwarding decisions, enforces security policies, and classifies incoming traffic. Multiple DFEs create a single, highly-manageable logical switching and routing system. Diamond DFEs are the logical and ideal choice for enterprises that require market-leading reliability, performance, and security in their network. • High-availability “always on” networking optimized for VoIP and VoD convergence Operational Efficiency • Advanced data center and backbone routing services including support for large router topologies, server load balancing, comprehensive traffic accounting and capacity planning • Fully distributed switching architecture that is unmatched for resiliency and availability • Low power consumption and thermal output BTU/Hour drives down power and cooling costs therefore lowering TCO Security • Flow-based architecture delivers end-to-end visibility and control over users, services, and applications • Provides security at the core of the network with advanced policy and routing control, supplemented with advanced Anti-DoS attack capabilities and ACL-like security on every port for downstream devices • Diamond DFEs enhance the N-Series position as the only enterprise switch to enable up to 1000 high-capacity multiuser, multi-method authentications on every port (802.1X, Web, MAC address) Support and Services • Industry-leading customer satisfaction and first call resolution • Personalized services, including site surveys, network design, installation, and training There is nothing more important than our customers. Density and Performance The N-Series provides high performance and high density: Diamond DFE N1 N3 N5 N7 Performance (Mpps) 13.5 Mpp 40.5 Mpps 67.5 Mpps 94.5 Mpps Capacity 18 Gbps 54 Gbps 90 Gbps 126 Gbps 10/100/1000 Base-TX Ports 30 90 150 210 1000 Base-X Ports 24 72 120 168 10G Base-X Ports 4 12 20 28 Performance/Capacity Switching Fabric Bandwidth 18 Gbps per DFE Switching Throughput 13.5 Mpps (Measured in 64-byte packets) Routing Throughput 13.5 Mpps (Measured in 64-byte packets) Address Table Size 65,536 MAC Addresses Classification Rules 57,344/chassis VLANs Supported 4094 Memory Main Memory: 256 MB Flash Memory: 32 MB Transmit Queues 4/12 Standards and Protocols Switching/VLAN Services Extended IP Routing • • • • • • • • • • • • • • • • • • • • • • • • • • • • 802.1Q VLANs 802.1D MAC Bridges 802.1w Rapid-reconvergence of Spanning Tree 802.1s Multiple Spanning Tree 802.3ad Link Aggregation 802.3ae Gigabit Ethernet 802.3az 10 Gigabit Ethernet 802.3x Flow Control IP Multicast (IGMP support v1, v2, per VLAN querier offload) Jumbo Packet with MTU Discovery Support for Gigabit Link Flap Detection Dynamic Egress (Automated VLAN Port Configuration) Generic VLAN Registration Protocol (GVRP) IP Routing • • • • • • • • • • • • RFC 1812 General Routing RFC 792 ICMP RFC 1256 ICMP Router Discovery Protocol RFC 826 ARP RFC 1027 Proxy ARP Static Routes RFC 1723 RIPv2 with Equal Cost Multi-path Load Balancing RFC 1812 RIP Requirements RFC 1519 CIDR RFC 2338 Virtual Router Redundancy Protocol (VRRP) Standard ACLs DHCP Server RFC 1541/ Relay RFC 2131 RFC 1583/RFC 2328 OSPFv2 RFC 1587 OSPFv2 NSSA RFC 1745 OSPF Interactions RFC 1746 OSPF Interactions RFC 1765 OSPF Database Overflow RFC 2154 OSPF with Digital Signatures (Password & MD5) OSPF with Multi-path Support OSPF Passive Interfaces RFC 2391 Load Sharing using Network Address Translation Extended ACLs Policy-based Routing RFC 1112 IGMP RFC 2236 IGMPv2 DVMRP v3-10 RFC 2361 Protocol Independent Multicast - Sparse Mode Network Security and Policy Management • • • • • • • • • • • 802.1X Quthentication Web-based Authentication (PWA+) MAC-based Authentication Convergence Endpoint Discovery with Dynamic Policy Mapping (Siemens HFA, Cisco VoIP, H.323 and SIP, LLDP-MED) Multiple Authentication Types per Port Simultaneously (802.1x, MAC, PWA+) Multiple Authenticated Users per Port with Unique Policies per User/End System (VLAN Association Independent) RFC 3580 IEEE 802.1 RADIUS Usage Guidelines, with VLANto-Policy Mapping & VLAN Assignment via Authentication Worm Suppression (Flow Set-Up Throttling) Broadcast Suppression ARP Storm Prevention MAC-to-Port Locking Page 2 • Span Guard (Spanning Tree Protection) • Stateful Intrusion Detection System Load Balancing • Stateful Intrusion Prevention System and Firewall Load Balancing • Behavioral Anomaly Detection/Flow Collector (Non-sampled Netflow Version 5 and Version 9) • Static Multicast Group Provisioning • Multicast Group, Sender, and Receiver Policy Control VLAN TAG Overwrite Class of Service • Strict Priority Queuing • Weighted Fair Queuing with Queue Bandwidth Shaping • 4/16 Transmit Queues per Port (1000BaseX SFP) • 4 Transmit Queues per Port (10/100/1000) • 16 Transmit Queues Per port (10 Gigabit Ethernet) • Up to 1024 Rate Limiters • Packet Count or Bandwidth-based Rate Limiters • IP ToS/DSCP Marking/Remarking • 802.1D Priority-to-Transmit Queue Mapping Network Management • • • • NMS Console NMS Policy Manager NMS Inventory Manager NMS Automated Security Manager Management, Control, and Analysis • • • • • • • • • • • • • • SNMP v1/v2c/v3 Web-based Management Interface Industry Common Command Line Interface Multiple Software Image Support with Revision Roll Back Multi-configuration File Support Editable Text-based Configuration File COM Port Boot Prom and Image Download via ZMODEM Telnet Server and Client Secure Shell (SSHv2) Cabletron Discovery Protocol Cisco Discovery Protocol v1/v2 IEEE 802.1AB LLDP, TIA/ANSI 1057 LLDP-MED Syslog FTP Client • • • • • • • • Simple Network Time Protocol (SNTP) Netflow Version 5 and Version 9 RFC 3580 VLAN Authorization RFC 2865 RADIUS RFC 2866 RADIUS Accounting TACACS+ for Management Access Control Management VLAN 16 Many-to-One Port, One-to-Many Ports, VLAN Mirror Sessions (64 when DFE Deployed with an N1/NSA Chassis) IETF and IEEE MIB Support • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • RFC 1213 & RFC 2011 IP-MIB RFC 1493 Bridge MIB RFC 1659 RS-232 MIB RFC 1724 RIPv2 MIB RFC 1850 OSPF MIB RFC 2012 TCP MIB RFC 2013 UDP MIB RFC 2096 IP Forwarding Table MIB RFC 2276 SNMP-Community MIB RFC 2578 SNMPv2 SMI RFC 2579 SNMPv2-TC RFC 2613 SMON MIB RFC 2674 802.1p/Q MIB RFC 2737 Entity MIB RFC 2787 VRRP MIB RFC 2819 RMON MIB (Groups 1-9) RFC 2863 IF MIB RFC 2864 IF Inverted Stack MIB RFC 2922 Physical Topology MIB RFC 3273 HC RMON MIB RFC 3291 INET Address MIB RFC 3411 SNMP Framework MIB RFC 3412 SNMP-MPD MIB RFC 3413 SNMPv3 Applications RFC 3414 SNMP User-based SM MIB RFC 3415 SNMP View-based ACM MIB RFC 3417 SNMPv2-TM RFC 3418 SNMPv2 MIB RFC 3621 Power Ethernet MIB RFC 3635 EtherLike MIB RFC 3636 MAU MIB IEEE 802.3 LAG MIB IEEE 802.1PAE MIB RSTP MIB USM Target Tag MIB U Bridge MIB Draft-ietf-idmr-dvmrp-v3-10 MIB Draft-ietf-pim-sm-v2-new-09 MIB SNMP-REARCH MIB IANA-ADDRESS-FAMILY-NUMBERS MIB Private MIBs • • • • • • • • • • • • • • • • • • • • • • • • • Ct-broadcast MIB Ctron-CDP MIB Ctron-Chassis MIB Ctron-igmp MIB Ctron-q-bridge-mib-ext MIB Ctron-rate-policying MIB Ctron-tx-queue-arbitration MIB Ctron-alias MIB Cisco-TC MIB Cisco-CDP MIB Cisco-netflow MIB Enterasys-configuration-management MIB Enterasys-MAC-locking MIB Enterasys-convergence-endpoint MIB Enterasys-notification-authorization MIB Enterasys-netfow MIB Enterasys-license-key MIB Enterasys-aaa-policy MIB Enterasys-class-of-service MIB Enterasys-multi-auth MIB Enterasys-mac-authentication MIB Enterasys-pwa MIB Enterasys-upn-tc MIB Enterasys-policy-profile MIB Enterasys-flow-limiting MIB DDoS Attack Protection Tested Against • • • • • • • • • • • • • • • • • • • TCP/UDP Port Scan Christmas Tree Attack Fraggle Attack Fragmented & Large ICMP ICMP Flood Invalid ICMP Attacks ICMP Re-direct Attack LANd TCP Syn Fin Attack TCP Syn Flood Tear Drop Attack UDP Port Flood Invalid UDP Attacks Invalid IGMP Attacks Cisco Global Exploiter Shadowcode TTL Attack NTP DoS Open TCP Session Attacks Flood TCP Session Page 3 Specifications Physical Specifications Agency and Standards Specifications • • • • Dimensions (H x W x D): 46.43 cm x 6.05 cm x 29.51 cm (18.28” x 2.38” x 11.62”) Weight Range — Shipping: 4.98 kg (10.95 lbs) to 7.09 kg (15.60 lbs) — Net: 3.36 kg (7.40 lbs) to 5.43 kg (11.95 lbs) Safety: UL 60950, CSA 60950, EN 60950, EN 60825, and IEC 60950 Electromagnetic compatibility: 47 CFR Parts 2 and 15, CSA C108.8, EN 55022, EN 55024, EN 61000-3-2, EN 61000-3-3, AS/NZS CISPR 22, and VCCI Environmental Specifications • • • • Operating Temperature: +5° C to +40° C (41° F to 104° F) Storage Temperature: -30° C to +73° C (-22° F to 164° F) Operating Humidity: 5% to 90% relative humidity, non-condensing Power Consumption: 100 to 125 VAC or 200 to 250 VAC; 50 to 60 Hz Ordering Information Part Number Description Diamond Distributed Forwarding Engines 7KR4297-04 Diamond DFE with 4 10 Gigabit Ethernet 10GBase XFP optics slots 7KR4297-02 Diamond DFE with 2 10 Gigabit Ethernet 10GBase XFP optics slots 7KR4290-02 Diamond DFE with 2 10-Gigabit Ethernet 10GBase XenPak optics slots 7GR4280-19 Diamond DFE with 18 1000Base-X ports via Mini-GBIC connectors and one expansion module slot 7GR4270-12 Diamond DFE with 12 1000Base-X ports via Mini-GBIC connectors 7GR4202-30 Diamond DFE with 30 10/100/1000 Ethernet ports via RJ45 connectors Network Expansion Modules and Network Security Modules 7G-6MGBIC-B Network Expansion Module with 6 1000Base-X ports via Mini-GBIC connectors (supports 100-Base-FX Mini-GBIC) 7K-2XFP-6MGBIC Network Expansion Module with 6 1000Base-X ports via Mini-GBIC connectors, plus 2 10 Gigabit Ethernet ports via XFP 7S-DSNA7-01 N-Series Security Module for Intrusion Detection 7S-NSTAG-01 N-Series Security Module for Network Access Control WS-C20N-32 N-Series Wireless Controller Module Notes 1. Diamond DFEs can be installed in any slot of a N7, N5, N3, N1 or E7 chassis. 2. Diamond and Platinum DFEs can be mixed in the same chassis; it is recommended that a minimum of two Diamond DFEs are installed per chassis when routing. 3. Diamond DFEs require no additional licenses for routing or policy services. Page 4 Ordering Information (cont.) Transceivers Enterasys transceivers provide connectivity options for Ethernet over twisted pair copper and fiber optic cables with transmission speeds from 100 Megabits per second to 10 Gigabits per second. All Enterasys transceivers meet the highest quality for extended life cycle and the best possible return on investment. For detailed specifications, compatibility and ordering information please go to http://www.enterasys.com/products/ transceivers-ds.pdf. Service and Support Enterasys Networks provides comprehensive service offerings that range from Professional Services to design, deploy and optimize customer networks, customized technical training, to service and support tailored to individual customer needs. Please contact your Enterasys account executive for more information about Enterasys Service and Support. Warranty As a customer-centric company, Enterasys is committed to providing quality products and solutions. In the event that one of our products fails due to a defect, we have developed a comprehensive warranty that protects you and provides a simple way to get your products repaired or media replaced as soon as possible. The Enterasys N-Series comes with a one year hardware warranty. For full warranty terms and conditions please go to http://www.enterasys.com/support/warranty.aspx. Contact Us For more information, call Enterasys Networks toll free at 1-877-801-7082, or +1-978-684-1000 and visit us on the Web at enterasys.com Patented Innovation © 2011 Enterasys Networks, Inc. All rights reserved. Enterasys Networks reserves the right to change specifications without notice. Please contact your representative to confirm current specifications. Please visit http://www.enterasys.com/company/trademarks.aspx for trademark information. 03/11 Delivering on our promises. On-time. On-budget.