3cOm
®
SwITcH 8800 FAmIlY
CONVERGENCE
Eight hardware queues per port
Flow-based QoS profiles
Ingress and egress
Remarking of packets based on priority:
•
Selectable prioritization
•
DSCP (Diffserv Code Point)
•
Type of Service (ToS)
•
IEEE 802.1p Class of Service (CoS)
•
IP precedence
•
Local precedence: physical port, source/destination MAC address,
VLAN information, Ethernet type, Layer 3 protocol,
source/destination IP address, DSCP, datagram type, IP Layer 4
protocol, IP Layer 4 ports
Flow-based bandwidth management
Flows identified through ACLs (Access Control Lists)
Configurable bandwidth granularity
RED (Random Early Detect/Discard)
Queuing algorithms
Strict Priority Queuing
WRR (Weighted Round Robin) provided through bandwidth management
IEEE 802.3af PoE on 10/100/1000 ports
SECURITY
Network login with IEEE 802.1X user authentication
Local authentication and RADIUS authentication
(Terminal Access Controller Access Control System Plus)
authentication
¥
Automatic assignment of VLAN based on user/device authentication
Wirespeed packet filtering in hardware
Supports a maximum of 12K ACL rules per system; 1K ACL rules per
module
ACLs filter at Layers 2, 3 and 4:
•
physical port
•
source/destination MAC address
•
VLAN information
•
Ethernet type
•
Layer 3 protocol
•
source/destination IP address
•
DSCP
•
datagram type
•
IP Layer 4 protocol
•
IP Layer 4 ports
MD5 cipher-text authentication and clear-text authentication for OSPF
v2 and RIP v2 packets and SNMP v3 traffic
Protection against DoS (Denial of Service) attacks which exploit
protocols including IP, ARP and IEEE 802.1X/EAP
IEEE 802.1X user authentication on switch Telnet sessions
Hierarchical management and password protection for management
interface
Encrypted management traffic using SSH v2
¥
and SNMP v3
¥
Realtime hardware data encryption: DES, 3DES, AES 256-bit
encryption
§
NETWORK APPLICATION MODULES
Network Monitoring Module
Netflow network analysis; v5, 8 and 9 compatible data export
400 network monitoring stream sessions, max.
Statistics based on, among others:
•
source and destination IP address
•
UDP and TCP port
•
protocol type
•
ICMP type
•
IP priority
•
TOS
•
DSCP
2 Gbps throughput, max.
Firewall Module
Stateful firewall, supports routing and transparent modes
NAT (Network Address Translation)
2k rules for each ACL item, max.
15K max. Application Specific Packet Filters (ASPFs)
128 secure VLANs, max.
8 Demilitarized Zones (DMZ), max.
Protects from attacks originating outside (IP spoofing, smurf, fraggle,
WinNuke, SYN flood, etc.) and inside (ARP and host cheats)
ICMP redirection, traceroute control
Net traffic real time analysis
Mail alarm for firewall events
Binary log file
2 Gbps throughput, max.
8 1000 Mbps SFP ports
3 10/100 Ethernet ports and AUX and console ports for management
IPsec Module
Fully integrated IPsec VPN
3DES, DES; AES 256-bit hardware encryption
8,192 L2TP tunnels, max.
100 L2TP sessions, max.
1,024 GRE tunnels, max.
5,000 IPsec tunnels, max.
100 IPsec sessions, max.
512-bit hardware encryption, max.
2 Gbps throughput, max.
8 1000 Mbps SFP ports
3 10/100 Ethernet ports and AUX and console ports for management
VPLS Module
Lassere Kompella LDP VPLS
Complies with IETF draft-ietf-ppvpn-vpls-ldp (05)
H-VPLS
Q-in-Q
MPLS hierarchical VPLS PE (U-PE, N-PE)
1K VPLS instances, max.
128K MAC addresses, max.
3.5 Gbps bandwidth, max.
* Available in the 3Com Advanced Feature Software v3, at additional cost
¥
authentication and SNMP v3 and SSH v2 encryption features are available in the Basic Software with Encryption
and Advanced Feature Software versions only
§
Available in the 3Com Switch 8800 IPsec module, at additional cost
SPEcIFIcATIONS
(cONTINuED)
