Features
Large-capacity, high-density, 10 Gbit/s access
To provide sufficient bandwidth for users, many servers, particularly those in data centers, use 10G network adapters. It can be used in data centers to provide high forwarding performance and 10GE ports.
It has the high density of all 10GE ports and the large switching capacity. Each IMC650 provides a maximum of 32 line-speed 10GE ports.
It ports support 1GE and 10GE access and can identify optical module types, maximizing the return on investment and allowing users to flexibly deploy services.
It has a large buffering capacity and uses an advanced buffer scheduling mechanism to ensure non-block transmission when data center traffic volume is high.
Comprehensive security policies
It provides multiple security measures to defend against Denial of Service (DoS)attacks, as well as attacks against networks or users. DoS attack types include SYN Flood attacks, Land attacks, Smurf attacks, and ICMP Flood attacks. Attacks to networks refer to STP BPDU/root attacks. Attacks to users include bogus DHCP server attacks, man-in-the-middle attacks, IP/MAC spoofing attacks, and DHCP request flood attacks. DoS attacks that change the CHADDR field in DHCP packets are also attacks against users.
It supports DHCP snooping, which discards invalid packets that do not match any binding entries,such as ARP spoofing packets and IP spoofing packets. This prevents hackers from using ARP packets to initiate attacks on campus networks. The interface connected to a DHCP server can be configured as a trusted interface to protect the system against bogus DHCP server attacks.
It supports strict ARP learning, which prevents ARP spoofing attacks that exhaust ARP entries.It also provides an IP source check to prevent DoS attacks caused by MAC address spoofing, IP address spoofing, and MAC/IP spoofing. URPF, provided by It, authenticates packets by checking the packet transmission path in reverse, which can protect the network against source address spoofing attacks.
It supports centralized MAC address authentication and 802.1x authentication. It authenticates users based on statically or dynamically bound user information such as the user name,IP address, MAC address, VLAN ID, access interface, and flag indicating whether antivirus software is installed. VLANs, QoS policies, and ACLs can be dynamically applied to users.
It can limit the number of MAC addresses learned on an interface to prevent attackers from exhausting MAC address entries by using bogus source MAC addresses. This function minimizes the packet flooding that occurs when users’ MAC addresses cannot be found in the MAC address table.
Higher reliability mechanism
It supports redundant power supplies. You can choose a single power supply or use two power supplies to ensure device reliability.
It supports MSTP multi-process that enhances the existing STP, RSTP, and MSTP implementation.This function increases the number of MSTPs supported on a network.
It supports Ethernet Ring Protection Switching (ERPS), also referred to as G.8032. As the latest ring network protocol, ERPS was developed based on traditional Ethernet MAC and bridging functions and uses mature Ethernet OAM function and a ring automatic protection switching (R-APS) mechanism to implement millisecond-level protection switching. ERPS supports various services and allows flexible networking, helping customers build a network with lower OPEX and CAPEX.
Easy deployment and maintenance free
Supports SNMP v1/v2/v3 and provides flexible methods for managing devices. Users can manage It using the CLI and Web NMS.
Supports SSH2.0 and other encryption, which makes management much more secured.
Supports LLDP protocol for simpler management.