Enterasys Matrix N1 Скачать руководство пользователя страница 5

Страница: 5 / 12

A significant additional feature of Matrix N-Series is the capability to

support Multi-User Authentication, this means that multiple users/

devices can be connected to the same physical port, and that each one
can be authenticated individually using one of the multi-method options

(802.1x, MAC or PWA).

The value exists in the ability to authorize multiple users, either using
dynamic policy or VLAN assignment for each authenticated user. In the
case of dynamic policy, this is called Multi-User Policy.

Multi-user port capacities with the Matrix N-Series are determined on a

per port, per DFE and per multi-slot system basis. Default Platinum DFE

capacities are as follows:

Per port: 8 -128

Per blade (DFE): 1024

Per chassis: 1024

It is possible to increase these capacities by purchasing additional

licences. The N-EOS-PPC license increases user port capacity on a per

DFE basis from the default capacity of 8-128 to a maximum of 1024.
When present, the N-EOS -PUC upgrade license sets the chassis capacity
at 2048 users per system, this value can be overridden using a CLI
command setting the maximum of 2048 users/port. N-EOS-PPC and
N-EOS-PUC are not available for Gold DFEs and are an optional purchase
for Platinum DFEs. Diamond DFEs include N-EOS-PPC.

Muti-user authentication and policy can provide significant benefits to
customers by extending security services to users and devices connected
to unmanaged devices, third party switches/routers, VPN concentrators or

wireless LAN access points at the edge of their network. Security,

priority and bandwidth control are enhanced while protecting existing
network investments.

dynamic Flow-Based Packet Classification

Another unique feature that separates the Matrix N-Series from

all competitive switches is the capability to provide User-Based
Multilayer Packet Classification/QoS. With the wide array of network

applications used on networks today, traditional Multilayer Packet
Classification by itself is not enough to guarantee the timely transport

of business-critical applications. In the Matrix N-Series, User-
Based Multilayer Packet Classification allows traffic classification

not just by packet type, but also by the role of the user on the

network and the assigned policy of that user. With User-Based

Multilayer Packet Classification, packets can be classified based on

unique identifiers like “All Users,” “User Groups,” and “Individual
User,” thus ensuring a more granular approach to managing and

maintaining network confidentiality, integrity and availability.

Layer 2

• MAC Address
• EtherType (IP, IPX, AppleTalk, etc.)

Layer 3

• IP Address
• IP Protocol (TCP, UDP, etc.)
• To

Layer 4

• TCP/UDP port (HTTP, SAP,
Kazza, etc.)

Switch

Por

VLAN

User

Flow

Deny

Priority/QoS

Rate Limit

Permit

Contain

Matrix N-Series

Access Control

Class of Service

User Based Multilayer Packet Classification/QoS

Integrated services design

Integrated Services Design is a key differentiator that separates the
Matrix N-Series DFE from the competition. Integrated Services Design

reduces the number and type of modules required to build typical wiring

closet configurations, simplifying the overall network design. In turn, this
significantly reduces the maintenance and sparing cost as each DFE can

perform all of these services unlike competitive offerings which have a
plethora of different line cards required in order to provide similar services.

Per dFe Integrated services design

Multilayer packet classification

- enables the delivery of critical

applications to specific users via traffic awareness and control.

• User, Port and Device Level (Layer 2 through 4 packet classification)

• QoS mapping to priority queues (802.1p & IP ToS/ DSCP) up to 16

queues per port

• Multiple queuing mechanisms (WFQ, WRR, etc.)

• Granular QoS/rate limiting

• VLAN to policy mapping

switching/VLaN services

- provides high-performance connectivity,