Huawei S6720-SI Series Switches Product Brochure

Huawei S6720-SI Series Switches
Product Brochure
S6720-SI Series Switches
Product Overview
Huawei S6720-SI series switches are Huawei-developed next-generation multigigabit 10GE fixed switches.
The S6720-SI can provide high-speed wireless access, and access for 10GE servers in data centers or
function as access/aggregation switches on a campus network.
The S6720-SI is one of the multigigabit fixed switches with the highest performance in the industry,
providing line-rate multigigabit 100M/1G/2.5G/5G/10G access ports and 40GE uplink ports. It can be
used to provide high-speed access for APs and 10 Gbit/s access to high-density servers or function as a
core/aggregation switch on a campus network to provide 40 Gbit/s rate. In addition, S6720-SI provides
a wide variety of services, comprehensive security policies, and various QoS features to help customers
build scalable, manageable, reliable, and secure campus and data center networks.
Models and Appearances
The S6720-SI series provides the following models.
S6720-26Q-SI-24S-AC
S6720S-26Q-SI-24S-AC
S6720-32X-SI-32S-AC
S6720-32C-SI-AC
S6720-32C-SI-DC
S6720-32C-PWH-SI-AC
S6720-32C-PWH-SI
1
Huawei Enterprise Sx700 Series Switch Product
•
•
•
•
•
24×10GE SFP+, uplink 2×40GE QSFP+
Double pluggable power supplies, AC power supply
USB
Forwarding performance: 240Mpps
Switching capacity: 2.56Tbps
•
•
•
•
•
32×10GE SFP+
Double pluggable power supplies, AC power supply
USB
Forwarding performance: 240 Mpps
Switching capacity: 2.56Tbps
•
•
•
•
•
•
24×100M/1G/2.5G/5G/10G Base-T Ethernet ports, 4×10GE SFP+
One extended slot
Double pluggable power supplies, AC/DC power supply
USB
Forwarding performance: 240 Mpps
Switching capacity: 2.56Tbps
•
•
•
•
•
•
•
24×100M/1G/2.5G/5G/10G Base-T Ethernet ports, 4×10GE SFP+
One extended slot
Double pluggable power supplies, AC/DC power supply
Long distance PoE++
USB
Forwarding performance: 240 Mpps
Switching capacity: 2.56Tbps
•
S6720-56C-PWH-SI-AC
S6720-56C-PWH-SI
S6720-52X-PWH-SI
•
•
•
•
•
•
32×10/100/1000Base-T Ethernet ports,
16×100M/1G/2.5G/5G/10GBase-T Ethernet ports,4×10GE SFP+
One extended slot
Double pluggable power supplies, AC/DC power supply
POE++
USB
Forwarding performance:240Mpps
Switching capacity: 2.56 Tbps
•
•
•
•
•
•
48×100M/1G/2.5G/5G/10GBase-T Ethernet ports,4×10GE SFP+
Double pluggable power supplies, AC/DC power supply
POE++
USB
Forwarding performance:480Mpps
Switching capacity:2.56 Tbps
Product Features and Highlights
High-Density Multigigabit Access and 40 Gbit/s Uplink
•
As the 802.11ac standard and related products are released, the wireless access rate has reached 2.5
Gbit/s. The S6720-SI multigigabit fixed switches match perfectly with high-speed APs, and provide the
long distance PoE++ function and 60 W PoE on a port. The S6720-SI can provide Ethernet power supply
for APs and surveillance cameras.
•
The S6720-SI fixed switch has the highest density of multigigabit ports and largest switching capacity
among counterpart switches. Each S6720-SI provides up to two line-rate QSFP+ ports and 24
100M/1G/2.5G/5G/10G Base-T ports.
•
Ports of the S6720-SI support 100M/1G/2.5G/5G/10G Base-T access and auto
Comprehensive Security Policies
•
The S6720-SI provides multiple security measures to defend against Denial of Service (DoS) attacks and
other attacks to networks or users. DoS attacks include SYN flood, Land, Smurf, and ICMP flood attacks.
Attacks to networks refer to STP BPDU/root attacks. Attacks to users include bogus DHCP server attacks,
man-in-the-middle attacks, IP/MAC spoofing attacks, DHCP request flood attacks, and DoS attacks by
changing the CHADDR field of packets.
•
The S6720-SI supports DHCP snooping, which generates user binding entries. DHCP snooping discards
invalid packets that do not match any binding entries, such as ARP spoofing packets and IP spoofing
packets. This prevents hackers from using ARP packets to initiate man-in-the-middle attacks on campus
networks. DHCP snooping trusted and untrusted ports can be specified to ensure that users connect only
to the authorized DHCP server.
•
The S6720-SI supports strict ARP learning. This feature prevents ARP spoofing attackers from exhausting
ARP entries so that users can connect to the Internet normally. It also provides IP source check to prevent
DoS attacks caused by MAC address spoofing, IP address spoofing, and MAC/IP spoofing. URPF provided
by the S6720-SI reversely checks packet transmission path to authenticate packets, which can protect
the network against source address spoofing attacks.
•
The S6720-SI supports centralized MAC address authentication and 802.1X authentication. It
authenticates users based on statically or dynamically bound user information such as the user name, IP
address, MAC address, VLAN ID, port number, and flag indicating whether antivirus software is installed.
VLANs, QoS policies, and ACLs can be delivered to users dynamically.
•
The S6720-SI can limit the number of MAC addresses learned on a port to prevent MAC address entries
from being exhausted by source MAC address spoofing packets. This function minimizes packet flooding
that occurs when MAC addresses of users cannot be found in the MAC address table.
Comprehensive Reliability Mechanisms
•
The S6720-SI supports redundant power supplies. Users can choose a single power supply or use two
power supplies to ensure device reliability. With two pluggable fan modules, the S6720-SI has a longer
MTBF time than counterpart switches.
Huawei Enterprise Sx700 Series Switch Product
2
•
The S6720-SI supports MSTP multi-process that enhances the existing STP, RSTP, and MSTP
implementation. This function increases the number of MSTIs supported on a network. It also supports
enhanced Ethernet reliability technologies such as Smart Link and RRPP, which implement millisecondlevel link protection switchover and ensure network reliability. Smart Link and RRPP both support multiinstance to implement load balancing among links, further improving bandwidth usage.
•
The S6720-SI supports enhanced trunk (E-trunk). A CE can be dual-homed to two PEs through EthTrunk links. This implements inter-device link aggregation and link load balancing, and greatly improves
reliability of access devices.
•
The S6720-SI supports the Smart Ethernet Protection (SEP) protocol, a ring network protocol applied to
the link layer of an Ethernet network. SEP can be used on open ring networks and provides millisecondlevel switchover to ensure uninterrupted services. This protocol is simple, reliable, easy to maintain,
and supports fast switchover and flexible topology, enabling users to manage and plan networks
conveniently.
•
The S6720-SI supports G.8032, also called Ethernet Ring Protection Switching (ERPS). ERPS is based on
traditional Ethernet MAC and bridging functions. It uses the mature Ethernet OAM and Ring Automatic
Protection Switching (Ring APS or R-APS) technologies to implement millisecond-level protection
switching on Ethernet. ERPS supports multiple services and provides flexible networking, reducing the
OPEX and CAPEX.
•
The S6720-SI supports VRRP. Two S6720-SI switches can form a VRRP group to ensure nonstop and
reliable communication. Multiple equal-cost routes to an upstream device can be configured on the
S6720-SI to provide route redundancy. When an active route is unreachable, traffic is switched to a
backup route.
Various QoS Control Mechanisms
•
The S6720-SI implements complex traffic classification based on packet information such as the 5-tuple,
IP precedence, ToS, DSCP, IP protocol type, ICMP type, TCP source port, VLAN ID, Ethernet protocol type,
and CoS. ACLs can be applied to inbound or outbound direction to filter packets. The S6720-SI supports
the flow-based two-rate and three-color CAR. Each port supports eight priority queues and multiple
queue scheduling algorithms such as WRR, DRR, PQ, WRR+PQ, and DRR+PQ, which ensures the quality
of network services such as voice, video and data services.
High Scalability
•
The S6720-SI supports iStack and virtualizes multiple switches into one logical switch. A port of the
S6720-SI can be configured as a stack port using a command for flexible stack deployment. The
distance between stacked switches is further increased when the switches are connected with optical
fibers. Compared with a single device, iStack features powerful scalability, reliability, performance, and
architecture. New member switches can join a stack to increase the system capacity or replace a faulty
member switch without interrupting services. Compared with stacking of modular switches, the iStack
function can increase system capacity and port density with no restriction of the hardware structure.
Multiple devices in a stack can be considered as one logical device. These switches can be managed
using a single IP address, which greatly reduces costs for system expansion and O&M.
Convenient Management
3
•
The S6720-SI supports automatic configuration, plug-and-play, deployment using a USB flash drive, and
batch remote upgrade. These capabilities facilitate deployment, upgrade, and service provisioning, and
simplify device management and maintenance. The maintenance costs are greatly reduced.
•
The S6720-SI supports SNMPv1/v2/v3 and provides flexible methods for managing devices. Users can
manage the S6720-SI using the CLI and Web NMS. The NQA function helps users with network planning
and upgrades. In addition, the S6720-SI supports NTP, SSH v2, HWTACACS, RMON, log hosts, and portbased traffic statistics.
•
The S6720-SI supports GVRP, which dynamically distributes, registers, and propagates VLAN attributes
to reduce the manual configuration workloads of network administrators and ensure correct VLAN
configuration.
•
The S6720-SI supports MUX VLAN, a mechanism that isolates Layer 2 traffic between ports in a VLAN.
MUX VLAN defines principal VLANs and subordinate VLANs. Subordinate VLANs can communicate
with the MUX VLAN but cannot communicate with each other. This function prevents communication
between network devices connected to certain ports or port groups but allows the devices to
communicate with the default gateway. MUX VLAN is usually used on an enterprise intranet to isolate
Huawei Enterprise Sx700 Series Switch Product
user ports from each other but allow them to communicate with server ports.
•
The S6720-SI supports BFD, which provides millisecond-level fault detection for protocols such as
OSPF, IS-IS, VRRP, and PIM to improve network reliability. The S6720-SI supports IEEE 802.1ag and IEEE
802.3ah. 802.1ag allows for point-to-point Ethernet fault management, and IEEE 802.3ah can detect
faults in the last mile of an Ethernet link. Ethernet OAM improves the Ethernet network management
and maintenance capabilities and ensures a stable network.
Various IPv6 Features
•
The S6720-SI supports IPv4/IPv6 dual stack and can migrate from an IPv4 network to an IPv6 network.
The S6720-SI hardware supports IPv4/IPv6 dual stack and IPv6 over IPv4 tunnels (including manual
tunnels, 6to4 tunnels, and ISATAP tunnels). The S6720-SI can be deployed on IPv4 networks, IPv6
networks, or networks that run both IPv4 and IPv6. This makes networking flexible and enables a
network to migrate from IPv4 to IPv6.
•
The S6720-SI supports various IPv6 routing protocols including RIPng and OSPFv3. The S6720-SI supports
the Neighbor Discovery Protocol (NDP) of IPv6, and manages packets exchanged between neighbors. It
also provides the Path MTU Discovery (PMTU) mechanism to select a proper MTU on the path from the
source to the destination, optimizing network resources and obtaining the maximum throughput.
Product Specifications
Item
S6720-26Q-SIS6720-32C-SI- S6720-32CPWH-SI-AC
24S-AC
S6720-32X-SI- AC
S6720S-26Q-SI- 32S-AC
S6720-32C-SI- S6720-32CPWH-SI
24S-AC
DC
24×100M/
1G/2.5G /5G/
10G Base-T
Ethernet ports
4×10GE SFP+
24×100M/
1G/ 2.5G / 5G
/ 10GBase-T
Ethernet ports
4×10GE SFP+
Fixed
ports
24×10GE
SFP+
2×40GE
QSFP+
Extended
slots
Not supported Not supported
MAC
address
table
32K
MAC address learning and aging
Static, dynamic, and blackhole MAC address entries
Packet filtering based on source MAC addresses
32×10GE
SFP+
One extended
slot
One extended
slot
S6720-56CPWH-SI-AC
S6720-56CPWH-SI
S6720-52XPWH-SI
32×10/ 100/
1000 Base-T
Ethernet ports,
16×100M/ 1G/
2.5G/ 5G/ 10G
Base-T Ethernet
ports,4×10GE
SFP+
48×100M/ 1G/
2.5G/ 5G/ 10G
Base-T Ethernet
ports,4×10GE
SFP+
One extended
Not supported
slot
4K VLANs
Guest VLAN and voice VLAN
VLAN assignment based on MAC addresses, protocols, IP
VLAN
subnets, policies, and ports
features
VLAN mapping
Super VLAN
Basic QinQ and selective QinQ
IPv4
routing
Static routing, RIPv1, RIPv2, ECMP, URPF, OSPF, IS-IS, and BGP
VRRP
Policy-based routing
Routing policies
Huawei Enterprise Sx700 Series Switch Product
4
Item
S6720-26Q-SIS6720-32C-SI- S6720-32CPWH-SI-AC
24S-AC
S6720-32X-SI- AC
S6720S-26Q-SI- 32S-AC
S6720-32C-SI- S6720-32CPWH-SI
24S-AC
DC
IPv6
routing
Static routing
RIPng
OSPFv3
BGP4+
ISISv6
Neighbor Discovery (ND) and ND snooping
IPv6 Ping
VRRP6
DHCPv6 snooping, DHCPv6 server, and DHCPv6 relay
IPv6
features MLDv1 and MLDv2
PIM-DM for IPv6
PIM-SM for IPv6
6 Over 4 tunnels
IGMP V1/V2/V3 snooping
Fast leave
IGMP snooping proxy
MLD snooping
Port-based multicast traffic suppression
Multicast Inter-VLAN multicast replication
Controllable multicast
IGMP v1/v2/v3
PIM-SM and PIM-DM
Multicast Source Discovery Protocol (MSDP)
Multicast routing policies
Traffic classification based on ACLs
Traffic classification based on outer 802.1p fields, inner VLAN IDs,
outer VLAN IDs, source MAC addresses, and Ethernet types
Access control after traffic classification
Traffic policing based on traffic classifiers
Re-marking based on traffic classifiers
Class-based packet queuing
Associating traffic classifiers with traffic behaviors
QoS/ACL
Rate limiting on inbound and outbound ports
Traffic shaping based on ports and queues
Tail drop
Priority Queuing (PQ)
Deficit Round Robin (DRR)
PQ + DRR scheduling
Weighted Round Robin (WRR)
PQ + WRR scheduling
STP (IEEE 802.1d), RSTP (IEEE 802.1w), and MSTP (IEEE 802.1s)
BPDU protection, root protection, and loop protection
RRPP ring topology and RRPP multi-instance
Smart Link tree topology and Smart Link multi-instance, providing
Reliability millisecond-level protection switchover
Smart Ethernet Protection (SEP)
G.8032 Ethernet Ring Protection Switching (ERPS)
BFD for OSPF, IS-IS, VRRP, and PIM protocols
Enhanced trunk (E-trunk)
5
Huawei Enterprise Sx700 Series Switch Product
S6720-56CPWH-SI-AC
S6720-56CPWH-SI
S6720-52XPWH-SI
Item
S6720-26Q-SIS6720-32C-SI- S6720-32CPWH-SI-AC
24S-AC
S6720-32X-SI- AC
S6720S-26Q-SI- 32S-AC
S6720-32C-SI- S6720-32CPWH-SI
24S-AC
DC
S6720-56CPWH-SI-AC
S6720-56CPWH-SI
S6720-52XPWH-SI
Defense against DoS, ARP, and ICMP attacks
Binding of the IP address, MAC address, port number, and VLAN
ID of a user
Port isolation, port security, and sticky MAC
MAC-Forced Forwarding (MACFF)
Security
Limit on the number of learned MAC addresses
features
IEEE 802.1X authentication, MAC address authentication, Portal
authentication, and hybrid authentication
Authentication methods, including AAA, RADIUS, and
HWTACACS
CPU defense
Super
Virtual
Fabric
(SVF)
SVF Parent and Client
iStack (using service ports as stack ports)
Virtual Cable Test (VCT)
Ethernet OAM (IEEE 802.3ah and 802.1ag)
SNMPv1/v2c/v3
RMON
Management
Web-based network management system and relevant features
and
System logs and multi-level alarms
maintenance
GVRP
MUX VLAN
sFlow
Hypertext Transfer Protocol Secure (HTTPS)
SSH1.5/SSH2
Working temperature: 0–1800 m, 0–45°C; 1800–5000 m, the
Operating highest operating temperature reduces by 1°C every time the
environment altitude increases by 220 m.
Relative humidity: 5%–95% (noncondensing)
Input
voltage
AC:
Rated voltage range: 100 V to 240 V AC, 50/60 Hz
Maximum voltage range: 90 V to 264 V AC, 47/63Hz
DC:
Rated voltage range: –48 V to –60 V DC
Maximum voltage range: –36 V to –72 V DC
Dimensions
442 × 420 × 442 × 420 × 442 × 420 × 442 × 420 × 442 × 420 × 442 × 420 ×
(W x D x H,
44.4
44.4
44.4
44.4
44.4
44.4
mm)
Typical power
68.4W
consumption
Maximum
power
consumption
(W)
97W
72.6W
104.6W
93W(without
card)
580W AC:
without
PD:106.9W;
1150W
ACwithout
PD:121.6W
117.62W
(without card)
650W
DC/580W
AC(without
card and
PD):125.6W;
1150W AC
(without
card and
pd):125.6W
Without
card and
PD:91.01W
650W
DC/580W AC
(without
card and
PD):120.5W
1150W AC
(without
card and
PD):120.5W
159.5W
650W DC
without
PD:207.36W;
1150W AC
without
PD:236.8W
Huawei Enterprise Sx700 Series Switch Product
6
Networking and Applications
Data Center Network
As shown in the following figure, the S12700 agile switches function as core switches in a data center and
use firewall and load balancer cards to ensure security and perform load balancing. The S6720-SIs function
as access switches and provide high-density 10GE ports to connect to 10G servers.
Campus Networks
The S6720-SI series switches can be used as access or aggregation switches on small- and medium-sized
campus networks and provide 2.5G ports for high-speed AP access, meeting the requirement for increasing
bandwidth. The rich service features and comprehensive security mechanisms make the S6720-SI cost
effective on campus networks.
7
Huawei Enterprise Sx700 Series Switch Product
Ordering Information
Product Description
S6720-26Q-SI-24S bundle (24 10GE SFP+, 2 40GE QSFP+, with 1 150W AC power supply)
S6720S-26Q-SI-24S bundle (24 10GE SFP+, 2 40GE QSFP+, with 1 150W AC power supply)
S6720-32X-SI-32S bundle (32 10GE SFP+, with 1 150W AC power supply)
S6720-32C-SI-AC bundle (24 100M/1G/2.5G/5G/10G Base-T Ethernet ports, 4 10GE SFP+, with 1 interface
slot, with 1 150W AC power supply)
S6720-32C-SI-DC bundle (24 100M/1G/2.5G/5G/10G Base-T Ethernet ports, 4 10GE SFP+, with 1 interface
slot, with 1 150W DC power supply)
S6720-32C-PWH-SI-AC bundle (24 100M/1G/2.5G/5G/10G Base-T Ethernet ports, 4 10GE SFP+, PoE++, with
1 interface slot, with 1 580W AC power supply)
S6720-32C-PWH-SI (24 100M/1G/2.5G/5G/10G Base-T Ethernet ports, 4 10GE SFP+, PoE++, with 1 interface
slot, without power supply)
S6720-56C-PWH-SI-AC Bundle(32 Ethernet 10/100/1000 ports,16 Ethernet 100M/1/2.5/5/10G ports,4 10 Gig
SFP+,PoE++,with 1 slot,with 580W power)
S6720-56C-PWH-SI(32 Ethernet 10/100/1000 ports,16 Ethernet 100M/1/2.5/5/10G ports,4 10 Gig
SFP+,PoE++,with 1 slot,without power module)
S6720-52X-PWH-SI(48 Ethernet 100M/1/2.5/5/10G ports,4 10 Gig SFP+,PoE++,without power module)
2-port 40GE QSFP+ interface card
4-port 10GE SFP+ interface card
150W AC Power Module
150W DC Power Module
580W AC Power Module
650W DC Power Module
1150W AC Power Module
For more information, visit http://e.huawei.com or contact your local Huawei sales office.
Huawei Enterprise Sx700 Series Switch Product
8
Copyright © Huawei Technologies Co., Ltd. 2018. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei
Technologies Co., Ltd.
Trademark Notice
, HUAWEI, and
are trademarks or registered trademarks of Huawei Technologies Co., Ltd.
Other trademarks, product, service and company names mentioned are the property of their respective owners.
General Disclaimer
The information in this document may contain predictive statements including,
without limitation, statements regarding the future financial and operating results,
future product portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially from those
expressed or implied in the predictive statements. Therefore, such information is
provided for reference purpose only and constitutes neither an offer nor an
acceptance. Huawei may change the information at any time without notice.
Download PDF