Manualshelf

Datasheet

ManualsBrandsExtreme Networks Manualschassis components41541
12345678910
Extreme Networks Data Sheet
© 2010 Extreme Networks, Inc. All rights reser ved. BlackDiamond 8800 Series—Page 8
Technical Specifications
ExtremeXOS 12.4
Supported Protocols
Switching
RFC 3619 Ethernet Automatic Protection
Switching (EAPS) and EAPSv2
IEEE 802.1D 1998 Spanning Tree Protocol (STP)
IEEE 802.1D – 2004 Spanning Tree Protocol
(STP and RSTP)
IEEE 802.1w – 2001 Rapid Reconfiguration for
STP, RSTP
IEEE 802.1Q – 2003 (formerly IEEE 802.1s)
Multiple Instances of STP, MSTP
EMISTP, Extreme Multiple Instances of
Spanning Tree Protocol
PVST+, Per VLAN STP (802.1Q interoperable)
Draft-ietf-bridge-rstpmib-03.txt – Definitions of
Managed Objects for Bridges with Rapid
Spanning Tree Protocol
Extreme Standby Router Protocol
(ESRP)
IEEE 802.1Q – 1998 Virtual Bridged Local
Area Networks
IEEE 802.3ad Static load sharing configuration
and LACP based dynamic configuration
Software Redundant Ports
IEEE 802.1AB – LLDP Link Layer
Discovery Protocol
LLDP Media Endpoint Discovery (LLDP-MED),
ANSI/TIA-1057, draft 08
Extreme Discovery Protocol (EDP)
Extreme Loop Recovery Protocol (ELRP)
Extreme Link State Monitoring (ELSM)
IEEE 802.1ag L2 Ping and traceroute,
Connectivity Fault Management
ITU-T Y.1731 Frame delay measurements
Management and Trafc Analysis
RFC 2030 SNTP, Simple Network Time
Protocol v4
RFC 854 Telnet client and server
RFC 783 TFTP Protocol (revision 2)
RFC 951, 1542 BootP
RFC 2131 BOOTP/DHCP relay agent and
DHCP server
RFC 1591 DNS (client operation)
RFC 1155 Structure of Mgmt Information (SMIv1)
RFC 1157 SNMPv1
RFC 1212, RFC 1213, RFC 1215 MIB-II,
Ethernet-Like MIB & TRAPs
RFC 1573 Evolution of Interface
RFC 1650 Ethernet-Like MIB (update of
RFC 1213 for SNMPv2)
RFC 1901, 1905 – 1908 SNMP v2c, SMIv2
and Revised MIB-II
RFC 2576 Coexistence between SNMP
Version 1, Version 2 and Version 3
RFC 2578 – 2580 SMIv2 (update to
RFC 1902 – 1903)
RFC 3410 – 3415 SNMPv3, user based
security, encryption and authentication
RFC 3826 – The Advanced Encryption
Standard (AES) Cipher Algorithm in the SNMP
User-based Security Model
RFC 1757 RMON 4 groups: Stats, History,
Alarms and Events
RFC 2021 RMON2 (probe configuration)
RFC 2613 SMON MIB
RFC 2925 Ping/Traceroute MIB
RFC 2668 802.3 MAU MIB
draft-ietf-hubmib-mau-mib-v3-02.txt
RFC 1643 Ethernet MIB
RFC 1493 Bridge MIB
RFC 2096 IPv4 Forwarding Table MIB
RFC 2737 Entity MIB v2
RFC 2233 Interface MIB
RFC 3621 PoE-MIB (PoE switches only)
IEEE 802.1ag MIB
Secure Shell (SSH-2) client and server
Secure Copy (SCP-2) client and server
Secure FTP (SFTP) server
sFlow version 5
Configuration logging
Multiple Images, Multiple Configs
RFC 3164 BSD Syslog Protocol with Multiple
Syslog Servers
999 Local Messages (criticals stored
across reboots)
Extreme Networks vendor MIBs (includes
FDB, PoE, CPU, Memory MIBs)
XML APIs over Telnet/SSH and HTTP/HTTPS
Web-based device management interface –
ExtremeXOS ScreenPlay
IP Route Compression
Security, Switch and
Network Protection
In 8800- and 8900-series modules only
Secure Shell (SSH-2), Secure Copy (SCP-2) and
SFTP client/server with encryption/authentication
(requires export controlled encryption module)
SNMPv3 user based security, with
encryption/authentication (see above)
RFC 1492 TACACS+
RFC 2138 RADIUS Authentication
RFC 2139 RADIUS Accounting
RFC 3579 RADIUS EAP support for 802.1x
RADIUS Per-command Authentication
Access Profiles on All Routing Protocols
Access Policies for Telnet/SSH-2/SCP-2
Network Login – 802.1x, Web and
MAC-based mechanisms
IEEE 802.1x – 2001 Port-Based Network
Access Control for Network Login
Multiple supplicants with multiple VLANs for
Network Login (all modes)
Fallback to local authentication database
(MAC and Web-based methods)
Guest VLAN for 802.1x
RFC 1866 HTML – used for Web-based
Network Login and ExtremeXOS ScreenPlay
SSL/TLS transport – used for Web-based
Network Login and ExtremeXOS ScreenPlay
(requires export controlled encryption module)
MAC Security – Lockdown and Limit
IP Security – RFC 3046 DHCP Option 82 with
port and VLAN ID
IP Security – Trusted DHCP Server
Layer 2/3/4 Access Control Lists (ACLs)
RFC 2267 Network Ingress Filtering
RPF (Unicast Reverse Path Forwarding)
Control via ACLs
Wire-speed ACLs
Rate Limiting/Shaping by ACLs
IP Broadcast Forwarding Control
ICMP and IP-Option Response Control
SYN attack protection
CPU DoS Protection with trafc rate-limiting
to management CPU
Robust against common Network Attacks:
CERT (http://www.cert.org)
CA-2003-04: “SQL Slammer”
CA-2002-36: “SSHredder
CA-2002-03: SNMP vulnerabilities
CA-98-13: tcp-denial-of-service
CA-98.01: smurf
CA-97.28:Teardrop_Land -Teardrop and
“LAND“ attack
CA-96.26: ping
CA-96.21: tcp_syn_flooding
CA-96.01: UDP_service_denial
CA-95.01: IP_Spoofing_Attacks_and_
Hijacked_ Terminal_Connections
IP Options Attack
Host Attacks
Teardrop, boink, opentear, jolt2, newtear,
nestea, syndrop, smurf, fraggle, papasmurf,
synk4, raped, winfreeze, ping –f, ping of
death, pepsi5, Latierra, Winnuke, Simping,
Sping, Ascend, Stream, Land, Octopus
Security, Router Protection
IP Security – DHCP enforcement via Disable
ARP Learning
IP Security – Gratuitous ARP Protection
IP Security – DHCP Secured ARP/ARP Validation
Routing protocol MD5 authentication
Security Detection and Protection
In 8800- and 8900-series modules only
CLEAR-Flow, threshold-based alerts and actions
IPv4 Host Requirements
RFC 1122 Host Requirements
RFC 768 UDP
RFC 791 IP
RFC 792 ICMP
RFC 793 TCP
RFC 826 ARP
RFC 894 IP over Ethernet
RFC 1027 Proxy ARP
RFC 2068 HTTP server
IGMP v1/v2/v3 Snooping with Configurable
Router Registration Forwarding
IGMP Filters
PIM Snooping
Static IGMP Membership
Multicast VLAN Registration (MVR)
IPv4 Router Requirements
RFC 1812 Requirements for IP Version 4 Routers
RFC 1519 CIDR
RFC 1256 IPv4 ICMP Router Discovery (IRDP)
Static Unicast Routes
Static Multicast Routes
RFC 1058 RIP v1
RFC 2453 RIP v2
Static ECMP
RFC 1112 IGMP v1
RFC 2236 IGMP v2
RFC 3376 IGMP v3
RFC 2933 IGMP MIB
RFC 2096 IPv4 Forwarding Table MIB