huanetwork.com supplies Huawei S5352C-EI, Huawei S5352C-PWR-SI, S2700-26TP-PWR-EI,S3700-52P-EI-24S-AC,S3700-28TP-PWR-EI,S5700-28P-PWR-LI-AC at best price.More information about Huawei switch price and news,you can visit huanetwork.com
2013年5月9日星期四
The S5700-EI Well-designed QoS policies and security mechanisms
The S5700-EI implements complex S2700-26TP-SI-AC traffic classification based on packet information . ACLs can be applied to inbound or outbound direction on an interface. The S5700-EI supports a flow-based two-rate three-color CAR. Each port supports eight priority queues and multiple queue scheduling algorithms such as WRR, DRR, SP, WRR+SP, and DRR+SP. All of these ensure the quality of voice, video, and data services.
The S5700-EI provides multiple security measures to defend against Denial of Service (DoS) attacks, and attacks against networks or users. DoS attack types include SYN Flood attacks, Land attacks, Smurf attacks, and ICMP Flood attacks. Attacks to networks refer to STP BPDU/root attacks. Attacks to users include bogus DHCP server attacks, man-in-the-middle attacks, IP/MAC spoofing attacks, DHCP request flood attacks. DoS attacks that change the CHADDR field in DHCP packets are also attacks against users.
The S5700-EI supports DHCP snooping, which generates user binding entries based on MAC addresses, IP addresses, IP address leases, VLAN IDs, and access interfaces of users. DHCP snooping discards invalid packets that do not match any binding entries, such as ARP spoofing packets and IP spoofing packets. This prevents man-in-the-middle attacks to campus networks that hackers initiate by using ARP packets. The interface connected to a DHCP server can be configured as a trusted interface to protect the system against bogus DHCP server attacks.
The S5700-EI supports strict ARP learning, which prevents ARP spoofing attacks that will exhaust ARP entries. It also provides IP source check to prevent DoS attacks caused by MAC address spoofing, IP address spoofing, and MAC/IP spoofing.
The S5700-EI supports centralized MAC address authentication, 802.1x authentication,
The S5700-EI can limit the number of MAC addresses learned on an interface to prevent attackers from exhausting MAC address entries by using bogus source MAC addresses. This function minimizes packet flooding that occurs when MAC addresses of users cannot be found S2700-26TP-SI-AC in the MAC address table.
订阅:
博文评论 (Atom)
没有评论:
发表评论