Large-capacity, high-density, 10 Gbit/s access
To provide sufficient bandwidth for users, many servers, particularly those in data centers, use 10G network adapters. The IMC620 can be used in data centers to provide high forwarding performance and 10GE ports.
The IMC620 has the high density of all 10GE ports and the large switching capacity. Each IMC620 provides a maximum of 32 line-speed 10GE ports.
The IMC620 ports support 1GE and 10GE access and can identify optical module types, maximizing the return on investment and allowing users to flexibly deploy services.
The IMC620 has a large buffering capacity and uses an advanced buffer scheduling mechanism to ensure non-block transmission when data center traffic volume is high.
Comprehensive security policies
The IMC620 provides multiple security measures to defend against Denial of Service (DoS) attacks, as well as attacks against networks or users. DoS attack types include SYN Flood attacks, Land attacks, Smurf attacks, and ICMP Flood attacks. Attacks to networks refer to STP BPDU/root attacks. Attacks to users include bogus DHCP server attacks, man-in-the-middle attacks, IP/MAC spoofing attacks, and DHCP request flood attacks. DoS attacks that change the CHADDR field in DHCP packets are also attacks against users.
The IMC620 supports DHCP snooping, which discards invalid packets that do not match any binding entries,such as ARP spoofing packets and IP spoofing packets. This prevents hackers from using ARP packets to initiate attacks on campus networks. The interface connected to a DHCP server can be configured as a trusted interface to protect the system against bogus DHCP server attacks.
The IMC620 supports strict ARP learning, which prevents ARP spoofing attacks that exhaust ARP entries.The IMC620 also provides an IP source check to prevent DoS attacks caused by MAC address spoofing, IP address spoofing, and MAC/IP spoofing. URPF, provided by the IMC620, authenticates packets by checking the packet transmission path in reverse, which can protect the network against source address spoofing attacks.
The IMC620 supports centralized MAC address authentication and 802.1x authentication. The IMC620 authenticates users based on statically or dynamically bound user information such as the user name,IP address, MAC address, VLAN ID, access interface, and flag indicating whether antivirus software is installed. VLANs, QoS policies, and ACLs can be dynamically applied to users.
The IMC620 can limit the number of MAC addresses learned on an interface to prevent attackers from exhausting MAC address entries by using bogus source MAC addresses. This function minimizes the packet flooding that occurs when users’ MAC addresses cannot be found in the MAC address table.
Higher reliability mechanism
The IMC620 supports redundant power supplies. You can choose a single power supply or use two power supplies to ensure device reliability.
The IMC620 supports MSTP multi-process that enhances the existing STP, RSTP, and MSTP implementation.This function increases the number of MSTPs supported on a network.
The IMC620 supports Ethernet Ring Protection Switching (ERPS), also referred to as G.8032. As the latest ring network protocol, ERPS was developed based on traditional Ethernet MAC and bridging functions and uses mature Ethernet OAM function and a ring automatic protection switching (R-APS) mechanism to implement millisecond-level protection switching. ERPS supports various services and allows flexible networking, helping customers build a network with lower OPEX and CAPEX.
The IMC620 supports VRRP. Two IMC620s can form a VRRP group to ensure nonstop reliable communication. Multiple equal-cost routes to upstream devices can be configured on the IMC6200E to provide route redundancy. When an active route is unreachable, traffic is switched to a backup route.
Easy deployment and maintenance free
Supports SNMP v1/v2/v3 and provides flexible methods for managing devices. Users can manage the IMC620 using the CLI and Web NMS. Supports SSH2.0 and other encryption, which makes management much more secured. Supports LLDP protocol for simpler management.