5
the ToS field. BayStack 5510 Switches have
application-specific integrated circuits (ASICs)
to enable the DiffServ Code Point (DSCP)
to be mapped to the IEEE 802.1p user prior-
ity bits to provide consistent QoS at Layer 3
(IP) and Layer 2 (Ethernet). The QoS poli-
cies can be configured via the BayStack 5510
Switch’s built-in Web-based management tools
to facilitate QoS. Alternatively, Optivity*
Policy Services can be utilized for dynamic
end-to-end enterprise-wide policy and QoS
management.
Simplified QoS
BayStack 5510 Switches support Nortel
Networks Service Classes (NNSC) which
provide simplified QoS provisioning. NNSC
provides factory-default QoS configurations,
eliminating the complexities often associated
with QoS-enabled network deployments.
NNSC provides default settings such as:
• DSCP marking per class
• DiffServ forwarding behavior (PHB)
per class
• DSCP to queue mapping
• DSCP to 802.1p mapping
• Default scheduler per class
By classifying the traffic and placing it into
an NNSC, complex QoS configurations are
eliminated. NNSC simplifies the deployment
of a QoS-enabled network with Nortel
Networks switching solutions, using a Web-
based interface. This not only saves on provi-
sioning time but most importantly, ensures
that the QoS functions are provisioned
consistently across the network.
Queuing function
BayStack 5510 Switches provide network
availability for mission-critical applications,
devices, and users by classifying, prioritizing,
and marking LAN IP traffic using up to eight
hardware-based queues on every port includ-
ing the stacking ports. This is based on the
following parameters:
• MAC address-based filtering
• IP ToS/DSCP marking
• IP source address/destination address
or subnets
• TCP/UDP source/destination port/
port range
• IEEE 802.1p user priority bits
• Ingress source port
• IP Protocol ID (e.g. TCP, UDP, IGMP)
• EtherType (e.g. IP, IPX)
• IEEE 802.1Q VLAN ID
BayStack 5510 Switches also have the ability
to read packets that have been marked from
other devices such as the Passport 8600 Switch.
Additionally, weighted round robin prevents
normal priority traffic from being starved
by expedited traffic (on a per-packet basis).
BayStack 5510 also supports strict priority
queuing.
Quality of Service provisioning
With Optivity Policy Services
†
, policies can
be created through a simple and intuitive
drag and drop workflow. Optivity Policy
Services is the Policy Decision Point in a
DiffServ QoS implementation.
Further benefits include:
• Simple intuitive policy creation
• Ability to re-use common filter sets
• Provision of a network-wide view of poli-
cies currently in use
• Ability to avoid QoS provisioning errors
• Centrally managed DSCP and 802.1p
queue mapping tables
• Saved time in provisioning the network—
as thousands of CLI or Web transactions
are reduced to a few simple actions
Traffic policing
Traffic policing enables provisioning of
different levels of service by limiting traffic
throughput at the ingress (incoming) port of
the BayStack 5510 Switch. For example, if a
port is set to a certain speed, such as 10 Mbps,
all traffic under 10 Mbps on that port will
pass, and traffic that exceeds 10 Mbps on that
same port is dropped. Service providers will
find this especially useful to control band-
width to their customers. Up to 64 traffic
meters per port are provided and yield higher
resolution for control.
Traffic shaping
†
Traffic shaping offers the ability to limit
traffic on each port. While traffic policing is
needed to provide different levels of service
to data streams on the ingress ports, traffic
shaping is needed to smooth the traffic from
the egress ports. BayStack 5510 supports port-
based traffic shaping. Enterprises working
with service providers or carriers utilize this
feature when they are deploying Ethernet in
place of the traditional Frame Relay, ISDN,
or ATM WAN access solutions.
Enhanced security
The BayStack 5510 Switches offer the highest
level of security with features including
Secure Shell (SSH)
†
, IEEE 802.1x based secu-
rity (also known as Extensible Authentication
Protocol (EAP)), assignment of proper VLAN
and priority, user-based policies
†
, Simple
Network Management Protocol (SNMPv3),
IP Manager List, MAC-address-based security,
and Remote Authentication Dial-In User
Service (RADIUS) authentication.
SSHv2 supports strong authentication and
encrypted communications. It allows network
administrators to log into the switch from an
SSH client and perform a secure Telnet
session using CLI commands. This feature is
ideal for security conscious customers, such
as federal governments.
For added security, BayStack 5510 Switches
support the 802.1x-based security feature.
The IEEE 802.1x-based security feature
limits access to the network based on user
credentials. A user is required to “login” to
the network using a username/password; the
user database is maintained on the authenti-
cation server (not the switch). Network
connectivity without password authorization
is prevented. This feature is useful where the
network is not 100 percent physically secure
or where physical security needs enhance-
ment; for example, banks, trading rooms, or
classroom training facilities. This feature
supports client access to the network and
interoperates with Microsoft Windows XP
and other compliant 802.1x clients. 802.1x is
also known as Extensible Authentication
Protocol (EAP).
SNMPv3 provides user authentication and
data encryption for higher security. It also
offers secure configuration and monitoring.
IP Manager List limits access to the manage-
ment features of the BayStack 5510 Switches
by a defined list of IP addresses or IP address
ranges/subnets, providing greater network
security and manageability.
BaySecure* MAC address-based security
allows authentication of all access, not only
to the switches for management and configu-
rations, but also access to the infrastructure
through these switches. This software feature
limits access to only network authorized and
trusted personnel, including full tracking of
network connections. With BaySecure,
network access is granted or denied via proper
MAC-address identification (up to a maximum
of 448). In addition, with the Distributed
Access List Security feature, network access is
granted or denied on a per-port basis. BayStack
5510 Switches also provide RADIUS authen-
tication for switch security management.
