Datasheet

ManualsBrandsBrocade ManualsNetworkingFWS648

With the FastIron WS Series, organizations

can deploy end-to-end Layer 3 networks and

propagate the same routing policies from

edge to core, simplifying network design

and operations.

Comprehensive Enterprise-Class

Edge Security

The Brocade IronWare operating system

powers FastIron WS Series switches.

It offers a rich set of Layer 2 switching

services and Layer 3 routing functionality,

an advanced security suite for Network

Access Control (NAC) and Denial of Service

(DoS) protection, and QoS. Embedded

security features include protection

against Man-in-the-Middle and DoS

attacks via Dynamic ARP inspection, DHCP

snooping, TCP SYN, and ICMP smurf attack

prevention. The FastIron WS Series supports

key features such as Spanning Tree Root

Guard and BPDU Guard to protect network

spanning tree operation along

with broadcast and multicast packet

rate limiting.

UniedConvergence

IronWare advanced QoS controls include

honoring, prioritizing, classifying, and

markingEthernetandIPtrafc,enablingthe

switchestohonorVoIPtrafcusing802.1p

priority and IP Type of Service and DiffServ

Codepoints (TOS/DSCP).

Lawful Intercept

Today’s heightened security environment

mayrequiretrafcintercept.TheU.S.

Communications Assistance for Law

Enforcement Act (CALEA) compliance,

for example, requires that businesses be

abletointerceptandreplicatedatatrafc

directed to a particular user, subnet, or port.

This compliance requirement is essential for

networks implementing IP phones.

The FastIron WS Series supports this

requirement through ACL-based Mirroring,

MAClter-basedmirroring,andVLAN-based

mirroring. Organizations can apply “mirror

ACL”onaportandmirroratrafcstream

based on IP source/destination address,

TCP/UDP source/destination ports, and

IP protocols such as ICMP, IGMP, TCP, and

UDP.AMACltercanbeappliedonaport

andmirroratrafcstreambasedona

source/destination MAC address. VLAN-

based mirroring is another option for CALEA

compliance (that is, lawful intercept). Many

enterpriseshaveservice-specicVLANs,

such as voice VLANs. With VLAN mirroring,

alltrafconanentireVLANwithinaswitch

canbemirrored,orspecicVLANscanbe

transferred to a remote server.

Secure Network Access

The FastIron WS Series supports Brocade

IronShield 360, a unique and powerful

closed-loop threat mitigation solution that

uses best-of-breed intrusion detection

systemstoinspectsFlowtrafcsamples

for possible network attacks. In response

to a detected attack, Brocade Network

Advisor can apply a security policy to the

compromised port. This automated threat

detection and mitigation helps stop

network attacks in real time, without

human intervention.

IronShield 360 detects and mitigates

zero-day (anomaly-based) and known

(signature-based) network attacks. It

leverages hardware-based sFlow packet

sampling technology embedded in FastIron

WS Series switches. The combination of

sFlow packet sampling, Brocade Network

Advisor, and Snort intrusion detection

protects the enterprise from network

attacks. This advanced security capability

provides a network-wide security umbrella

without the added complexity and cost of

ancillary sensors.

Organizations can rely on features such as

multi-device and 802.1X authentication

with dynamic policy assignment to

control network access and perform

targeted authorization on a per-user

level. Additionally, the FastIron WS Series

supports enhanced static MAC with the

abilitytodenytrafctoandfromaMAC

address on a per-VLAN basis, allowing

organizations to control and deploy access

policies per endpoint MAC address. This

provides a powerful tool for controlling

access policies per endpoint device.

Standards-based NAC enables organizations

to deploy best-of-breed NAC solutions for

authenticating network users and validating

the security posture of a connecting device.

Support for policy-controlled, MAC-based

VLANs provides additional control of

network access, allowing for policy-based

assignments of devices to Layer 2 VLANs.

Secure Element Management

The FastIron WS Series includes Secure

Shell (SSHv2), Secure Copy, and SNMPv3

to restrict and encrypt management

communications to the system. Additionally,

support for Terminal Access Controller

Access Control Systems (TACACS/TACACS+)

and RADIUS authentication help ensure

secure operator access.

UNIFIED WIRED/WIRELESS

NETWORK MANAGEMENT WITH

BROCADE NETWORK ADVISOR

Managing enterprise campus networks

continues to become more complex due

to the growth in services that rely on wired

and wireless networks. Services such

as Internet, e-mail, video conferencing,

real-time collaboration, and distance