Specifications

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesHigh Density 10 Gigabit Ethernet Switches

WWW.EXTREMENETWORKS.COM

Identity Management

Identity Manager allows network managers to track users

who access their network. User identity is captured based

on NetLogin authentication, LLDP discovery and Kerberos

snooping. ExtremeXOS uses the information to then report

on the MAC, VLAN, computer hostname, and port location

of the user. Further, Identity Manager can create both roles

and policies, and then bind them together to create role-

based proﬁles based on organizational structure or other

logical groupings, and apply them across multiple users to

allow appropriate access to network resources. In addition,

support for Wide Key ACLs further improves security by

going beyond the typical source/destination and MAC

address as identiﬁcation criteria access mechanism to

provide ﬁltering capabilities.

Threat Detection and Response

Clear-Flow Security Rules Engine

CLEAR-Flow Security Rules Engine provides ﬁrst-order

threat detection and mitigation, and mirrors trac to

security appliances for further analysis of suspicious trac

in the network.

sFlow

The X670-G2 series supports hardware-based sFlow®

sampling that provides the ability to sample application-

level trac ﬂows on all interfaces simultaneously.

Port Mirroring

To allow threat detection and prevention, the X670-G2

supports many-to-one and one-to-many port mirroring.

This allows the mirroring of trac to an external network

appliance such as an intrusion detection device for trend

analysis or for utilization by a network administrator for

diagnostic purposes. Port mirroring can also be enabled

across switches in a stack.

Line-Rate Ingress and Egress ACLS

ACLs are one of the most powerful components used

in controlling network resource utilization as well as in

protecting the network. The X670-G2 series supports up

to 4,096 ingress ACLs and 1,024 egress ACLs per system

based on Layer 2-, 3- or 4-header information such as the

MAC or IP source/destination address. ACLs are used for

ﬁltering the trac, as well as classifying the trac ﬂow to

control bandwidth, priority, mirroring, and policy-based

routing/switching.

Denial of Service Protection

The X670-G2 series eectively handles Denial of Service

(DoS) attacks. If the switch detects an unusually large

number of packets in the CPU input queue, it assembles

ACLs that automatically stop these packets from reaching

the CPU. After a period of time these ACLs are removed,

and reinstalled if the attack continues. ASIC-based LPM

routing eliminates the need for control plane software to

learn new ﬂows, allowing more network resilience against

DoS attacks.

Secure and Comprehensive Network Management

As the network becomes a foundation of the enterprise

application, network management becomes an

important piece of the solution. The X670-G2 supports

comprehensive network management through Command

Line Interface (CLI), SNMP v1, v2c, v3, and ExtremeXOS

ScreenPlay embedded XML-based Web user interface. With

a variety of management options and consistency across

other Extreme Networks modular and stackable switches,

X670-G2 series switches provide ease of management for

demanding converged applications.

Supported Protocols and

Standards

A list of supported protocols and standards is

available on the Extreme Networks website at:

http://www.extremenetworks.com/go/xos