Easy operation and maintenance
The S5720-EI supports Super Virtual Fabric (SVF), which virtualizes core, aggregation and access switches, and wireless APs into one device for simplified management. SVF virtualizion also enable plug-and-play provisioning of access switches and APs; and supports profile-based service configuration and automatic delivery of configurations from core devices to aggregation and access devices.
Easy Operation provides zero-touch deployment, enabling the replacement of faulty devices without additional configuration; plus USB-based deployment, batch configuration, and batch remote upgrades — greatly reducing O&M costs.
Further flexibility is provided by support for Simple Network Management Protocol (SNMP) v1, v2c, and v3; a Command Line Interface (CLI), web-based network management systems, and Secure Shell (SSH) v2.0. Support for Remote Network Monitoring (RMON), multiple log hosts, port traffic statistics collection, and comprehensive network quality analysis help in network consolidation and reorganization processes.
S5720-EI models with prepositive power sockets can be installed in 12-inch (300 mm) depth cabinets, and can be maintained through the front panel for easy operation and maintenance. Cabinets can be placed against the wall or back-to-back for installation in small equipment rooms.
Powerful service processing, QoS and security features
The S5720-EI supports Multi-VPN-instance CE (MCE), providing secure connections of users in different VPNs. Large, multi-instance routing tables isolate users in different VPNs, who connect to a Provider Edge (PE) device through the same physical port on the switch — reducing VPN deployment costs. The S5720EI also supports MPLS feature in hardware.
Built-in Quality of Service (QoS) features include queue scheduling and congestion control algorithms — assigning priorities based on MAC address, IP protocol type, and TCP/UDP Ports. Specialized priority queuing and multi-level scheduling mechanisms enable management of service quality based on performance requirements of different users, terminals, and services.
eNetwork Admission Control (NAC) functions support 802.1x authentication, MAC address authentication, portal authentication and hybrid authentication, and dynamic delivery of policies for VLANs, QoS, Access Control Lists (ACLs), and user groups. Authentication-free network segments can be specified, with redirection of HTTP connection requests for provisioning new users and services. Portal authentication provides fast deployment in the case when clients do not support HTTP access.
Comprehensive security features protect against DoS attacks including SYN flood, Land, Smurf, and ICMP flood attacks. The system also defends against user-targeted attacks such as bogus Dynamic Host Configuration Protocol (DHCP) server attacks, IP/MAC address spoofing, DHCP request floods, and changes made to the DHCP Clent Hardware Address (CHADDR) value.
The S5720-EI creates and dynamically maintains a DHCP snooping binding table, and discards the packets that do not match the table entries. IT administrators can specify DHCP snooping on trusted and untrusted ports to ensure that users connect only to authorized DHCP servers.
Access Resolution Protocol (ARP) learning feature protects the network against ARP spoofing attacks to ensure normal network access.
Flexible Ethernet networking
In addition to traditional Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP), the S5720-EI supports Huawei-developed Smart Ethernet Protection (SEP) technology and the latest Ethernet Ring Protection Switching (ERPS) standard. SEP is a ring protection protocol specific to the Ethernet link layer, and enables support of ring network topologies such as open ring, closed ring, and cascading ring topologies. ERPS, defined in ITU-T G.8032, provides millisecond-level protection switching based on traditional Ethernet MAC and bridging functions.
The S5720-EI supports Smart Link and Virtual Router Redundancy Protocol (VRRP), which implements backup of upstream links. One S5720-EI switch can connect to multiple aggregation switches through multiple links, significantly improving uptime availability and reliability.
Link Layer Discovery Protocol (LLDP) support enables interconnected devices to exchange connection information; the Media Endpoint Discovery (MED) enhancement ads the ability to obtain Layer 2 information and dynamically provide parameters needed to support VLAN, security, and QoS policies to IP telephony devices.
Multiple-connection fault detection mechanisms include Ethernet OAM (IEEE 802.3ah/802.1ag /ITU Y.1731) and Bi-directional Forwarding Detection (BFD).
Intelligent iStack virtualization and clustering
Huawei’s exclusive iStack technology combines multiple switches into a single logical switch. Custered switches can be combined in redundant configurations for improved network reliability, and used with inter-device link aggregation to enhance link reliability. Scalability is made easy, as the number of ports, bandwidth, and total throughput can be increased by adding switches to the stack — without disrupting the network. Device configuration and management are also simplified, making O&M easier and reducing TCO.
Use iStack virtualization to combine up to 9 physical switches into one logical device, and log into any member of the stack to manage all the switches in that stack. A S5720-EI Switch can be added to a stack using its dedicated stacking cards for lower latency and higher reliability. For more flexibility, two 10 Gbit/s ports on the 2 x 10 Gbit/s interface cards can be used for communications over longer distances.
Mature IPv6 technologies for next-generation networking
S5720-EI Switches run Huawei’s robust VRP software platform, and provide IPv4/IPv6 support for smooth migration to future networking. Comprehensive IPv6 routing protocols (RIPng, OSPFv3, BGP4+, and IS-IS for IPv6) and IPv6 over IPv4 tunnels including manual, 6-to-4, and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnels enable the product to support a pure IPv4 network, a pure IPv6 network, or a shared IPv4/IPv6 network — truly future-ready switches.