Datasheet
7
Supported RFCs (continued)
• RFC 2597 DiServ Assured Forwarding (AF)
• LLDP-MED, ANSI/TIA-1057, dra 08
• RFC 2328 OSPF v2
• RFC 3768 VRRP
• RFC 4271 BGP4
• RFC 4601 PIM-SM
• RFC 3973 PIM-DM
• RFC 3569 PIM-SSM
• RFC 3618 Multicast Source Discovery Protocol (MSDP)
Security
• MAC limiting
• Allowed MAC addresses, configurable per port
• Dynamic ARP inspection (DAI)
• Proxy ARP
• Static ARP support
• DHCP snooping
• IP source guard
• 802.1X port-based
• 802.1X multiple supplicants
• 802.1X with VLAN assignment
• 802.1X with authentication bypass access (based on host MAC
address)
• 802.1X with VoIP VLAN support
• 802.1X dynamic access control list (ACL) based on RADIUS
attributes
• 802.1X supported EAP types: Message Digest 5 (MD5), Transport
Layer Security (TLS), Tunneled Transport Layer Security (TTLS),
Protected Extensible Authentication Protocol (PEAP)
• Access control lists, (Junos OS firewall filters)
• Port-based ACL (PACL)—ingress and egress
• VLAN-based ACL (VACL)—ingress and egress
• Router-based ACL (RACL)—ingress and egress
• ACL entries (ACE) in hardware per system: 1,500
• ACL counter for denied packets
• ACL counter for permitted packets
• Ability to add/remove/change ACL entries in middle of list (ACL
editing)
• L2-L4 ACL
• Trusted Network Connect (TNC) certified
• Static MAC authentication
• MAC-RADIUS
• Control plane denial-of-service (DoS) protection
• Firewall filter on me0 interface (control plane protection)
• Captive Portal – Layer 2 interfaces
• Fallback authentication
High Availability
• External redundant power system option
• Link aggregation:
- 802.3ad (LACP) support
› Number of link aggregation groups (LAGs) supported: 32
› Maximum number of ports per LAG: 8
- LAG load sharing algorithm—bridged unicast trac
› IP: S/D MAC, S/D IP
› TCP/UDP: S/D MAC, S/D IP, S/D port
› Non-IP: S/D MAC
• LAG sharing algorithm—routed unicast trac
- IP: S/D IP
- TCP/UDP: S/D IP, S/D port
High Availability (continued)
• LAG load sharing algorithm—bridged multicast trac
• IP: S/D MAC, S/D IP
- TCP/UDP: S/D MAC, S/D IP, S/D port
- Non-IP: S/D MAC
• LAG sharing algorithm—routed multicast trac
- IP: S/D IP
- TCP/UDP: S/D IP, S/D port
• Tagged ports support in LAG
• Graceful Route Engine Switchover (GRES) for IGMP v1/v2/v3
snooping
• Non-stop Routing (OSPF v1/v2/v3, RIP/RIPng, BGP, BGP v6,
ISIS, PIM)
• Non-Stop Soware Upgrade (NSSU)
Quality of Service (QoS)
• Layer 2 QoS
• Layer 3 QoS
• Ingress policing: 1 rate 2 color
• Hardware queues per port: 8
• Scheduling methods (egress): Strict Priority (SP), SDWRR
• 802.1p, DiServ code point (DSCP/IP) precedence trust and
marking
• L2-L4 classification criteria, including Interface, MAC address,
Ethertype, 802.1p, VLAN, IP address, DSCP/IP precedence, and
TCP/UDP port numbers
• Congestion avoidance capabilities: Tail drop
Multicast
• IGMP snooping entries: 3,000
• IGMP snooping
• IGMP v1/v2/v3
• PIM-SM, PIM-SSM, PIM-DM
• VRF-Lite support for PIM and IBMP
• IPv6 multicast snooping MLD v1/v2
• MLD v1/v2 snooping
• IGMP filter
• Multicast Source Discovery Protocol (MSDP)
• PIM for IPv6 multicast
• MBGP
Specifications (continued)