Datasheet

ManualsBrandsEnterasys ManualsNetworkingKT2006-0224

Examples of additional functionality and features that are supported by

the Enterasys K-Series:

• NetFlow-Providesreal-timevisibility,applicationprolingand

capacity planning

• LLDP-MED-LinkLayerDiscoveryProtocolforMediaEndpoint

Devices enhances VoIP deployments

• FlowSetupThrottling-(FST)effectivelypreemptsanddefends

against DoS attacks

• Node&AliasLocation-Automaticallytracksuseranddevicelocation

and enhances network management productivity and fault isolation

• PortProtectionSuite-Maintainnetworkavailabilitybyensuringgood

protocol and end station behavior

• Flex-EdgeTechnology-Providesadvancedbandwidthmanagement

and allocation for demanding access/edge devices

Flow Setup Throttling (FST) is a proactive feature designed to mitigate

zero-day threats and Denial of Service (DoS) attacks before they can

affect the network. FST directly combats the effects of zero-day and

DoS attacks by limiting the number of new or established ﬂows that

can be programmed on any individual switch port. This is achieved by

monitoring the new ﬂow arrival rate and/or controlling the maximum

number of allowable ﬂows.

In network operations, it is very time consuming to locate a device or

ﬁnd exactly where a user is connected. This is especially important when

reacting to security breaches. Enterasys K-Series modules automatically

track the network’s user/device location information by listening to

network trafﬁc as it passes through the switch. This information is then

used to populate the Node/Alias table with information such as an

end-station’sMACaddressandLayer3aliasinformation(IPaddress,

IPXaddress,etc.).ThisinformationcanthenbeutilizedbyEnterasys

NMSSuitemanagementtoolstoquicklydeterminetheswitchandport

number for any IP address and take action against that device in the

event of a security breach. This node and alias functionality is unique

to Enterasys and reduces the time to pinpoint the exact location of a

problem from hours to minutes.

For organizations looking to deploy Uniﬁed Communications, the

Enterasys K-Series combines policy-based automation with support for

multiplestandards-baseddiscoverymethods,includingLLDP-MED,SIP

andH.323,toautomaticallyidentifyandprovisionUCservicesforIP

phones from all major vendors. K-Series switches also provide dynamic

mobility for IP clients; when an IP phone moves and plugs in elsewhere

in the enterprise network, its VoIP service provisioning, security and

trafﬁc priority settings move with it, with none of the typical manual

administration required for moves, adds and changes.

The K-Series also supports a comprehensive portfolio of port protection

capabilities,suchasSPANguardandMACLock,whichprovidethe

abilitytodetectunauthorizedbridgesinthenetworkandrestrictaMAC

addresstoaspecicport.OtherportprotectionfeaturesincludeLink

Flap, Broadcast Suppression and Spanning Tree Loop protection which

protects against mis-conﬁguration and protocol failure.

Enterasys K-Series Flex-Edge technology provides line rate trafﬁc

classiﬁcation for all access ports with guaranteed priority delivery for

control plane trafﬁc and high-priority trafﬁc as deﬁned by the Enterasys

policy overlay. In addition to allocating resources for important network

trafﬁc, prioritized bandwidth can be assigned on a per port or per

authenticated user basis. Flex-Edge technology is ideal for deployment in

wiring closets and distribution points that can often suffer from spikes in

utilizationthatcausenetworkcongestion.WithFlex-Edgetechnologies,

organizations no longer have to fear a momentary network congestion

event that would result in topology changes and random packet discards.

Feature-RichFunctionality

Page 4

StandardsandProtocols

Switching/VLAN Services

• GenericVLANRegistrationProtocol(GVRP)

• 802.3uFastEthernet

• 802.3abGigabitEthernet(copper)

• 802.3zGigabitEthernet(ber)

• 802.3ae10GigabitEthernet(ber)

•802.1QVLANs

•802.1DMACBridges

•ProviderBridges(IEEE802.1ad)Ready

• 802.1wRapidre-convergenceofSpanning

Tree

• 802.1sMultipleSpanningTree

• 802.3adLinkAggregation

•802.3aeGigabitEthernet

• 802.3xFlowControl

• IPMulticast(IGMPsupportv1,v2,v3,per-

VLAN querier ofﬂoad)

• JumboPacketwithMTUDiscoverySupport

forGigabit

• LinkFlapDetection

• DynamicEgress(AutomatedVLANPort

Conﬁguration)

• 802.S1abLLDP-MED

Standard IP Routing Features

•StaticRoutes

•StandardACLs

• OSPFwithMultipathSupport

• OSPFPassiveInterfaces

• IPv6RoutingIPv6RoutingCapable

•ExtendedACLs

• Policy-basedRouting

•RFC147DenitionofaSocket

•RFC768UDP

•RFC781Specicationof(IP)Timestamp

 Option

•RFC783TFTP

•RFC791InternetProtocol

•RFC792ICMP

•RFC793TCP

•RFC826ARP

•RFC854Telnet

•RFC894TransmissionofIPoverEthernet

Networks

•RFC919BroadcastingInternetDatagrams

•RFC922BroadcastingIPDatagramsover

Subnets

•RFC925Multi-LANAddressResolution

•RFC950InternetStandardSubnetting

Procedure

•RFC951BOOTP

•RFC959FileTransferProtocol

•RFC1027ProxyARP

• RFC1112IGMP

•RFC1122RequirementsforIPHosts-

Comm Layers