Post on 16-Oct-2020
Product OverviewThe Enterasys N-Series flow-based switches offer the industry’s most granular visibility and control of individual users and voice/video/data applications. Capable of being deployed as a premium edge access device, distribution layer aggregation switch, enterprise-class core router, or data center server farm solution, the N-Series is the flagship hardware platform for the policy-based Secure Networks™ architecture. Policies ensure only the right users have access to the right information from the right place at the right time — adapting automatically every time there is a move, add, or change.
N-Series switches are available in the following form factors:
• Standaloneforsmallerwiringclosets
• 1-SlotchassisprovidingfullDistributedForwardingEngine(DFE)connectivity
• 3-Slotofferingover200portsofconnectivity
• 5-SlotoptimizedforPoEdeploymentswhileofferingover350ports
• 7-Slotofferingover500portsofconnectivity
AlloftheN-SeriesofferingsleveragetheEnterasysDFEarchitecturewherebytheswitching,routing, and management control functions are embedded in each module, delivering unsurpassed reliability, scalability, and fault tolerance. Customers can quickly and cost-effectively add connectivityasneededwhilescalingperformancecapacitywitheachnewblade.TheDFEhigh-availability architecture makes forwarding decisions, enforces security policies, and classifies/prioritizestraffic.DFEsensurethehighestQualityofService(QoS)forcriticalapplicationssuchasvoiceevenduringperiodsofover-subscription—whileproactivelypreventingDenialofService(DoS)attacks.
Optimized for edge, distribution, core, and data center deployments
Industry-leading technology lifecycle improves ROI and lowers TCO
Granular visibility and control of users and voice/video/data applications
Flow-based architecture optimized for iSCSI and Server Virtualization
Unique Distributed Forwarding Engine architecture assures business continuity for mission-critical applications
Point-to-point backplane architecture provides up to 1.68 Terabits of switching capacity
N-SeriesConvergence-ready,10GEModularL2/L3/L4SwitchforEdge-to-CoreandDataCenter
DATASHEET
There is nothing more important than our customers.
BenefitsBusiness Alignment• Standards-based,openarchitecture
for reliable and secure deployment of next generation business-critical applications
• Best-in-classQoSfunctionalityensuresreliable and predictable performance for convergence-based applications plus integrated support for standards-based Power over Ethernet (PoE)
• N-Seriesflow-basedarchitecturedelivers end-to-end visibility and control over users, services, and applications ensuring consistent end-user experience 24x7x365
Operational Efficiency• LowestTCOforanyproductinitsclass,
featuring a 10-year chassis life with guaranteed backward compatibility plus continued performance and density enhancements to meet future enterprise networking requirements
• Deploymentflexibilitysignificantlydrives down maintenance costs and simplifies management
• Lowestpowerconsumptionandthermal output BTU/Hour drives down data center power and cooling costs
Security• Unrivalledcapabilitytoprotect
business traffic from malicious attacks and maintain data integrity and application delivery
• Edgesecurityextendedtoexistingswitches and wireless access points allows authentication of thousands of users or devices simultaneously on a single port
• Integratednetworkaccesscontrol(NAC)andintrusiondetection&prevention (IDS/IPS) via Enterasys Security Modules
Support and Services• Industry-leadingcustomersatisfaction
and first call resolution rates
• Personalizedservices,includingsitesurveys, network design, installation, and training
DATA CENTER SOLUTIONS
For More Information:(866) 787-3271Sales@PTSdcs.com
The N Stand Alone(NSA)solutionprovidesapremiumedgeswitchfor smaller wiring closets or data center server clusters. This product provides48-portsof10/100/1000connectivityplusfourmodularGigabituplinkports(SFP).Itisa2RUstandaloneswitchthatsupportsallN-SeriesPlatinumDFEfeaturesandincludesredundantAC power supplies.
N1 System Bundles–Two24port,triplespeedfixedconfigurationN1solutionbundlesprovidecosteffective,advancedfunctionalitysolutions for smaller wiring closet or data center applications. One bundleincorporatesmodularGigabitEthernetuplinksupport.
Unlikecompetingsolutions,theN-Seriesimplementsagranular,flow-basedarchitecturetointelligentlymanageindividualuserandapplicationconversations—notjustportsorVLANs.Policyrules combined with deep packet inspection can intelligently sense and automatically respond to securitythreatswhileimprovingreliabilityandqualityoftheuserexperience.NetFlowdatacanbe collected at wire-speed without sacrificing performance or requiring sampling techniques. The N-Series is also the only enterprise switch to support multi-user, multi-method authentication on every port — absolutely essential when you have phones, computers, printers, copiers, security cameras, and badge readers on the network. When security matters, there is no better choice than the Enterasys N-Series.
System Summary
Multiple Platforms to Fit Any EnvironmentThe Enterasys N-Series family of flow-based switches bring high-performance distributed switching to the wiring closet, distribution layer, enterprise core, and data center. The N-Series portfolio consistsofthe7-slotN7,5-slotN5,3-slotN3,andthe1-slotN1chassisofferingsthatacceptDiamond,Platinum,andGoldDFEbladesandNetworkExpansionModules.Deliveringsomeofthe highest switching port densities available in the market today and scaling to provide overall systemcapacitiesof1.68Terabits,allchassissupportstandards-basedPoE,eitherviaanexternalpowershelforasafullyintegratedpowersystemintheN5.DistributedForwardingEnginescanbe installed in any chassis and their innovative design dramatically reduces startup costs since there is no need to purchase additional components such as supervisor engines, router modules, or managementmodules.TheN-Seriesdeliversnextgenerationperformancewith10GigabitEthernetuplinks and aggregation.
N1 N3 N5 N7
DFE Module Slots 1 3 5 7
Switching Throughput 13.5 Mpps 40.5 Mpps 67.5 Mpps 94.5 Mpps
Total Backplane Capacity 80 Gbps 240 Gbps 800 Gbps 1.68 Tbps
10/100 ports per system 72 216 360 504
100 Base-FX ports per system
54 162 270 378
10/100/1000 ports per system
72 216 360 504
10/100/1000 PoE ports per system
48 144 360 336
1000 Base-X ports per system
24 72 120 168
10 Gigabit ports per system 4 12 20 28
Page 2
Distributed Forwarding Engines (DFEs)TheN-SeriesDistributedForwardingEngines(DFEs)supportover18Gbpsofswitchcapacityperbladeanddeliverfullydistributedswitch management and route processing capabilities, where each interface module is individually driven and managed by on-board processors.Enterasysflow-basednTERAASICs,togetherwithfirmwaremicroprocessors, create a traffic control solution that delivers high performanceandflexibility.ThisdistributedASIC-basedarchitectureincreases processing power as modules are added for a higher level of scalability at significantly smaller startup costs than competing solutions whicharetypicallybuiltaroundcentralizedswitchfabricsandsupervisormanagement modules.
DFEsareavailableinawidearrayofinterfacetypestoaddressvariednetworkrequirementsincluding10/100Base-TX,10/100/1000Base-TX,100Base-FX,1000Base-X,and10-GigabitEthernet.SelectedDFEmodulesarealsoavailablewithintegratedPoE.SomeDFEsprovideanaddedlevelofflexibilitybyincludingNetworkExpansionModule(NEM)slots.Thisfurthersimplifiesnetworkdesignandreducesthecostofnetworkdeployments.CurrentNetworkExpansionModules(NEMs)includesupportfortheN-SeriesSecurityModule,N-SeriesWirelessController,six1000Base-Xports,and10GigabitEthernetconnectivity.
Inadditiontoprovidingportexpansion,NetworkExpansionModulesallow enterprises to integrate security applications, including the award-winningEnterasysIntrusionPreventiontechnology,directlyintotheN-SerieschassiswiththeN-SeriesSecurityModule.TheN-SeriesSecurityModuleisanopen,all-purposeprocessorthatprovidesthe capability to add applications directly into the network switch infrastructure.
DFEsaredesignedforimplementationfordifferentpositionswithinnetwork infrastructures, offering differentiated features and price points.
DiamondDFEshavebeenoptimizedforlarge-scale,multi-userpolicydeployments in data center server farms and at the distribution and core layersofthenetwork.DiamondDFEssupportthefullrangeofSecureNetworksfeatures,includingadvancedQualityofService(QoS)andper-usertrafficratelimiting.Availablein10/100/1000,1000Base-X,and10Gigabitconfigurations;DiamondDFE’sincludeadditionalprocessingpower,memory,policycapacityexpansion,andadvancedroutinglicensesfor medium to large enterprise backbone and distribution-layer routing applications.
PlatinumDFEssupportthefullrangeofSecureNetworksfeatures,butare primarily designed for deployment in access and distribution roles, withsupportforupto1000downstreamusers/devicesonasingleport(2000perchassis)withfulldistributedfault-tolerancecapabilities.Theadvancedroutinglicense(N-EOS-L3)andper-portpolicycapacitylicense(N-EOS-PPC)canbepurchasedinordertoprovidesimilarmulti-userauthenticationandroutingscalabilityastheDiamondDFEs.PlatinumDFEsprovideabroadrangeofEthernetconnectivityrangingfrom10/100to10GigabitEthernet,includingsupportforPoweroverEthernet.GoldDFEsaredesignedspecificallyforhigh-density,10/100,10/100/1000,and100FXnetworkedge/accessapplications,withoptions for Power over Ethernet.
GoldDFEsdeliverscalableperformanceandflexibilitytoensurecomprehensiveswitching,QoS,security,andbandwidthcontrol,providing a more cost-effective option for customers deploying flow-based switchingattheedgeofthenetwork.GoldDFEssupporttwouniqueusersperport(typicallyaworkstationandaVoIPhandset)incontrasttoPlatinumandDiamondwhichsupportupto1,000users/devicesperport.Throughanoptionalsoftwareupgrade(N-EOS-RED),GoldDFEmodulescansupport1+1redundancyformission-criticalnetworkapplications.
High-Performance Distributed ArchitectureThe N-Series was designed from inception to support high availability environments.TheN-Seriesbackplaneisapoint-to-pointmatrixdesignwith fully meshed inter-switch links that provide increased scalability and performance. Since there are no active backplane components, there is nosinglepointoffailure.Theinter-switchlinkscansupportupto80Gbpsofswitchingcapacityperlink.Totalsystemaggregateswitchingcapacityscalesto1.68Tbps.
The N-Series unique distributed architecture provides considerable advantages when compared to solutions that rely on centralised processing modules:
• N+6High-availability
• Performancescalesasmodulesareadded
• Inherentbackwardscompatibilityandfuture-proofingprovidesmarketleadingReturnonInvestment(ROI)
• Scalability:PortDensityandPerformance
• LowLatency:Eachmodulehasaconnectiontoeveryothermodule
• Modulesareautomaticallyupgradedandconfiguredastheyareplugged into the system
Fully Distributed Passive Backplane
ArchitecturalOverview
Page 3
Enabling Secure NetworksAn integral part of the Secure Networks architecture from Enterasys, the N-Series provides advanced security, priority, and bandwidth control mechanisms without compromising network performance. Secure Networks leverages the distributed, flow-based visibility and advanced policy-based control of the N-Series.
NetFlow Without CompromiseNetworkperformancemanagementandsecuritycapabilitiesviaNetFlowareavailableoneveryN-SeriesDFEwithoutslowingdownswitching/routingperformanceorrequiringthepurchaseofexpensivedaughtercards for every blade. Enterasys tracks every packet in every flow as opposed to competitor’s statistical sampling techniques.
The N-Series’ distributed, flow-based architecture allows for a very granular level of visibility and control for each user and application conversation, or flow, while simultaneously handling a large volume of traffic. The distributed architecture enables each switch module in a N-Series chassis to function independently of other modules and eliminates single points of failure. Each chassis is managed as a single systemusingasingleIPaddress.Thiscapabilityisuniqueintheindustryand provides security and management automation.
Distributed, Flow-Based ArchitectureInordertoensurethatgranularvisibilityandcontroloftrafficismaintained, without sacrificing performance, the N-Series deploys a distributed, flow-based architecture. This architecture ensures that when a specific communications flow is being established between two end points, the first packets in that communication are processed through themulti-layerclassificationengineintheswitch.Inthisprocess,therole is identified, the applicable policies are determined, the frames are inspected, and the action is determined. After the flow is identified, all subsequent frames associated with that flow are automatically handled in ASICswithoutanyfurtherprocessing.Ifthatflowweretochangeinanyway, a new flow would be identified and new policies would be applied. InthiswaytheN-Seriesisabletoapplyaverygranularlevelofcontroltoeach flow without sacrificing performance.
Multi-User Authentication and PolicyAuthenticationallowsenterpriseorganizationstocontrolnetworkaccessandprovidesmobilitytousersanddevices.Itprovidesawaytoknowwho or what is connected to the network and where this connection is at any time. The N-Series has unique, market-leading capabilities regarding thetypesofsimultaneousauthenticationmethods.DFEscansupportmultipleconcurrentauthenticationtechniques,including802.1Xauthentication;MACauthentication,whichisawaytoauthenticatedevicesonthenetworkusingtheMACaddress;andWeb-Basedauthentication,alsoknownasPortWebAuthentication(PWA),whereauser name and password are supplied through a browser. This capability providesgreatflexibilitytoenterpriseslookingtoimplementaccesscontrol mechanisms across their infrastructure.
Distribution
Enables simplified user/deviceidentification within a
Secure Network™
User authenticated/access and application control enforced here –
up to 1024 users per port
Edge
User physicallyconnected here
Features
Page 4
A significant additional feature of the N-Series is the capability to supportMulti-UserAuthentication,thismeansthatmultipleusers/devices can be connected to the same physical port, and that each one can be authenticated individually using one of the multi-method options (802.1x,MAC,orPWA).
Thevalueexistsintheabilitytoauthorizemultipleusers,eitherusingdynamicpolicyorVLANassignmentforeachauthenticateduser.Inthecaseofdynamicpolicy,thisiscalledMulti-UserPolicy.
Multi-userportcapacitieswiththeN-Seriesaredeterminedonaperport,perDFE,andpermulti-slotsystembasis.DefaultPlatinumDFEcapacities are as follows:
Perport:8-128 Perblade(DFE):1024 Perchassis:1024
Itispossibletoincreasethesecapacitiesbypurchasingadditionallicences. The N-EOS-PPC license increases user port capacity on a per DFEbasisfromthedefaultcapacityof8-128toamaximumof1024.Whenpresent,theN-EOS-PUCupgradelicensesetsthechassiscapacityat2048userspersystem,thisvaluecanbeoverriddenusingaCLIcommandsettingthemaximumof2048users/port.N-EOS-PPCandN-EOS-PUCarenotavailableforGoldDFEsandareanoptionalpurchaseforPlatinumDFEs.DiamondDFEsincludeN-EOS-PPC.
Muti-userauthenticationandpolicycanprovidesignificantbenefitstocustomersbyextendingsecurityservicestousersanddevicesconnectedto unmanaged devices, third party switches/routers, VPN concentrators, orwirelessLANaccesspointsattheedgeoftheirnetwork.Security, priority,andbandwidthcontrolareenhancedwhileprotectingexistingnetwork investments.
Dynamic, Flow-Based Packet ClassificationAnother unique feature that separates the N-Series from all competitive switchesisthecapabilitytoprovideUser-BasedMulti-layerPacketClassification/QoS.Withthewidearrayofnetworkapplicationsusedonnetworkstoday,traditionalMulti-layerPacketClassificationbyitselfisnotenough to guarantee the timely transport of business-critical applications. IntheN-Series,User-BasedMulti-layerPacketClassificationallowstraffic classification not just by packet type, but also by the role of the useronthenetworkandtheassignedpolicyofthatuser.WithUser-BasedMulti-layerPacketClassification,packetscanbeclassifiedbasedonuniqueidentifierslike“AllUsers”,“UserGroups”,and“IndividualUser”,thusensuringamoregranularapproachtomanagingand maintaining network confidentiality, integrity, and availability.
Layer 2• MAC Address• EtherType (IP, IPX, AppleTalk, etc.)
Layer 3• IP Address• IP Protocol (TCP, UDP, etc.)• ToS
Layer 4• TCP/UDP port (HTTP, SAP, Kazza, etc.)
Sw
itch
Por
tV
LAN
Use
rF
low
Deny
Priority/QoS
Rate Limit
Permit
Contain
N-Series
Access Control
Class of Service
User-Based Multi-layer Packet Classification/QoS
Integrated Services Design
IntegratedServicesDesignisakeydifferentiatorthatseparatestheN-SeriesDFEfromthecompetition.IntegratedServicesDesignreducesthe number and type of modules required to build typical wiring closet configurations,simplifyingtheoverallnetworkdesign.Inturn,thissignificantlyreducesthemaintenanceandsparingcostaseachDFEcanperform all of these services unlike competitive offerings which have a plethora of different line cards required in order to provide similar services.
Per DFE Integrated Services Design
Multi-layer packet classification - enables the delivery of critical applications to specific users via traffic awareness and control
• User,Port,andDeviceLevel(Layer2through4packetclassification)
• QoSmappingtopriorityqueues(802.1p&IPToS/DSCP)upto16queues per port
• Multiplequeuingmechanisms(WFQ,WRR,etc.)
• GranularQoS/ratelimiting
• VLAN-to-policymapping
Switching/VLAN services - provides high-performance connectivity, aggregation, and rapid recovery services
• Extensiveindustrystandardscompliance(IEEEandIETF)
• Inboundandoutboundbandwidthratecontrolperflow
• VLANservicessupport
−Linkaggregation(IEEE802.3ad),32trunksperN-Serieswithnolimittothenumberofportspertrunk;trunkscanspanDFEs
−Multiplespanningtrees(IEEE802.1s)
−Rapidreconfigurationofspanningtree(IEEE802.1w)
•Flowsetupthrottling
Feature Summary
Page 5
Distributed IP Routing-providesdynamictrafficoptimization,broadcastcontainment, and more efficient network resilience
• Baseroutingfeaturesincludestaticroutes,RIPv1/RIPv2,VRRP,IPv4,andMulticastroutingsupport(DVMRP,IGMPv1/v2,PIM-SM)
• AdvancedroutingfeaturesarelicensedseparatelythroughthepurchaseofN-EOS-L3andincludeLSNAT,DHCPrelay,PIM,OSPF,DVMRP,andExtendedACLs.DiamondDFEsincludeadvancedrouting at no additional charge.
Security (User, Network, and Host) - protects a business against network misuse and controls access to resources and confidential information
• Usersecurity
−Authentication(802.1X,MAC,andWeb),MAC(StaticandDynamic)portlocking(perport802.1XauthenticationwithRADIUSsupport)
−Multi-userauthentication/policies
•Networksecurity
−AccessControlLists(ACL)–basicandextended
−Policy-basedsecurityservices(examples:spoofing,unsupportedprotocolaccess,intrusionprevention,DoSattackslimits)
•Host
−SecureaccesstotheN-SeriesviaSSH,SSL,SNMPv3(switchloginwithRADIUSsupport)
Management,Control,andAnalysis-providestreamlinedtoolsformaintaining network availability and health
•Configuration
−Industry-standardCLIandwebsupport
−Multipleimageswitheditableconfigurationfiles
•NetworkAnalysis
−SNMPv1/v2c/v3,RMON/RMONII,andSMON(rfc2613)VLANandStats
−Port/VLANmirroring(one-to-one,one-to-many,many-to-many)
−LinerateNetFlow
•Automatedset-upandreconfiguration
−ReplacementDFEwillautomaticallyinheritpreviousDFEsconfiguration
– New blades added to chassis will automatically be updated with active configuration and firmware
Optimized, High-Availability ServicesAside from the standard high-availability features of typical wiring closet and data center switches, the N-Series includes many advanced features such as dynamic service fail-over, automatic module self-configuration, and multi-image support.
Dynamicservicefail-overenableseachDiamond/PlatinumDFEservice(e.g.,hostmanagement,switching/VLANs,routing,etc.)tobeautomaticallyswitchedtoanotherDiamond/PlatinumDFEinaneventofmoduleorprocessfailure.This“selfhealing”capabilityhappensinmillisecondsbecauseeachserviceisreplicatedoneveryDiamond/PlatinumDFE.
Automatic module self-configuration is another innovative feature that allowsaDFEmoduletoreceivetheirconfigurationfromotherDFEsautomatically. This is ideal for replacing failed modules without manually reconfiguringthereplacementDFE.
The N-series allow you to download and store multiple image files, this feature is useful for reverting back to a previous version in the event that a firmware upgrade fails. This multi-image support provides significant operational efficiencies especially with regard to the application of firmware patches.
Feature-Rich FunctionalityExamplesofadditionalfunctionalityandfeaturesthatcanbefoundwithin the N-Series include:
• NetFlow
• LSNAT
• NAT
• LLDP-MED
• FlowSetupThrottling
• WebCacheRedirect
• Node&AliasLocation
• WebCacheRedirect
• PortProtectionSuite
Toexpandonsomeoftheabove,networkperformancemanagementandsecuritycapabilitiesviaNetFlowareavailableoneveryN-SeriesDFEwithout slowing down switching/routing performance or requiring the purchaseofexpensivedaughtercardsforeveryblade.Enterasystracksevery packet in every flow as opposed to competitor’s statistical sampling techniques.TheEnterasysadvantageisthenTERAASICcapabilitiesthatcollectNetFlowstatisticsforeverypacketineveryflowwithoutsacrificingperformance,N-Seriesswitchescancollect9,000flowrecordspersecond,perbladeonGold,Platinum,andDiamondDFEs
ThisisanorderofmagnitudegreaterNetFlowcollectionperformancethananyotherNetFlowappliancevendor(over60,000flowrecordspersecondinafully-populatedchassis).
FlowSetupThrottling(FST)isaproactivefeaturedesignedtomitigatezero-daythreatsandDenialofService(DoS)attacksbeforetheycanwreakhavoconthenetwork.FSTdirectlycombatstheeffectsofzero-dayandDoSattacksbylimitingthenumberofneworestablishedflowsthat can be programmed on any individual switch port. This is achieved bymonitoringthenewflowarrivalrateand/orcontrollingthemaximumnumber of allowable flows.
Innetworkoperations,itisverytimeconsumingtolocateadeviceorfindexactlywhereauserisconnected.Thisisespeciallyimportantwhenreactingtosecuritybreaches.TheN-SeriesDFEsautomaticallytrackthenetwork’s user/device location information by listening to the network traffic as it passes through the switch. This information is then used to populate the Node/Alias table with information such as an end-station’s (Node’s)MACaddressandLayer3aliasinformation(IPAddress,IPXAddress,etc).ThisinformationcanthenbeutilizedbynetworkmanagementtoolstoquicklydeterminethatIPAddress123.145.2.23islocatedonswitch5port3andintheeventofasecuritybreachtake
Page 6
some form of action against that device. This node and alias functionality isuniquetoEnterasysandreducesthetimetopinpointtheexactlocation of a problem from hours to minutes.
FororganizationslookingtodeployVoiceoverIP(VoIP)technologiesthe N-Series provides significant capabilities through its support fortheindustrystandarddiscoveryprotocolLLDP-MED(LinkLayerDiscoveryProtocolforMediaEndpointDevices).Thisprotocolallowsfor the accurate representation of network topologies within Network ManagementSystems(NMS),N-Seriesswitchesareabletolearnaboutall the devices connected to them understanding whether or not they areaVoIPphone,tellthephonewhichVLANtouseforvoice,andevennegotiatethepowerthatthephonecanconsume.LLDP–MEDalsoenables911emergencyserviceslocationfunctionswherebythelocationof a phone can be determined by the switch port to which it is connected.
N-SeriessupportforNetworkAddressTranslation(NAT)providesapracticalsolutionfororganizationswhowishtostreamlinetheirIPaddressing schemes. NAT operates on a router connecting two networks, simplifyingnetworkdesignandconservingIPaddresses.NATcanhelporganizationsmergemultiplenetworkstogetherandenhancenetworksecurity by helping to prevent malicious activity initiated by outside hosts from entering the corporate network, improving the reliability of local systems by stopping worms, and augments privacy by discouraging scans.
Within server farm environments N-Series can help to increase reliability andperformanceviatheimplementationofLoadSharingNetworkAddressTranslation(LSNAT).BasedonRFC2391,LSNATusesanumber of load sharing algorithms to transparently offload network load on a single server and distributes the load across a pool of servers.
N-Series also supports a comprehensive portfolio of port protection capabilities,suchasSPANguardandMACLockwhichdetectunauthorizedbridgesinthenetworkandrestrictaMACaddresstoaspecificport.OtherportprotectionfeaturesincludeLinkFlap,BroadcastSuppression,andSpanningTreeLoopprotectionwhichprotectsagainstmis-configuration and protocol failure.
From the Edge to the CoreToday’s enterprise networking customers demand highly reliable, feature-rich networking devices to fulfill their requirements across all layers of thenetwork,providingthescalability,returnoninvestment(ROI),andsecurityrequiredofa21stcenturybusinessenvironment.
Enterasys N-Series switches provide industry-leading, high-performance distributed switching for enterprise networks, providing customers with the scalability, performance, and application control to meet the growing needsoftoday’senterprises.BuiltontheawardwinningnTERAASICarchitecture, N-Series solutions provide high-performance, feature-rich, andhighlyscalable10/100,10/100/1000,Gigabit,and10GigabitEthernet connectivity. This allows them to scale from the desktop right
to the heart of the network core where they are well positioned to meet emerging high-bandwidth requirements for core routing implementations.
High-performance,distributedcomputingincreasesthedemandforsecure campus networks, at the same time business-critical systems and services are becoming increasingly dependant upon enterprise backbone infrastructures. N-Series solutions have the capacity, scalability, and QoSfunctionalityrequiredtodealwiththesenewdemands.Architectedtoensurenosinglepointoffailurewithindustry-leadingN+6high-availability,N-SeriesutilizingDiamondDFE’saretheperfectsolutionforcore routing and secure data center applications.
Atthedistributionlayer,PlatinumDFEsdelivergranular,end-to-endvisibility and control over individual users, services, and applications, as well as firewall-like security on every port for downstream devices through
Deployment Scenarios
Page 7
multi-user,multi-methodauthentication,authorization,andaudit.Enterasys N-Series flow switches:
• Ensureonlytherightusersareaccessingtherightinformationfromthe right place at the right time
• Discover,classify,andprioritizevoiceandvideotrafficdistinctlyfromdatatrafficeventhoughasingleportmayhave1,000downstreamusers
N-Series can also be positioned at the edge of the network enabling user/devicelevelconnectivity.Highdensity10/100/1000connectivityand network access control functionality prevents the spread of worms orvirusesthroughoutanetwork,protectinguserswithinaVLANorworkgroup through quarantine and isolation of individual conversations. AdditionallystandardsbasedPoEsupportforIPtelephonyservicesandapplications ensure support for convergence applications.
Switching / VLAN Services•802.1pPriority •802.1QVLANs •802.1DMACBridges •802.1wRapid-reconvergenceofSpanningTree •802.1sMultipleSpanningTree •802.3Ethernet •802.3abGigabitEthernet(copper) •802.3uFastEthernet •802.3adLinkAggregation •802.3aeGigabitEthernet •802.3az10-GigabitEthernet •802.3xFlowControl •802.3zGigabitEthernet(fiber) •IPMulticast(IGMPsupportv1,v2,perVLANquerieroffload) •JumboPacketwithMTUDiscoverySupportforGigabit •LinkFlapDetection •DynamicEgress(AutomatedVLANPortConfiguration) •GenericVLANRegistrationProtocol(GVRP)
IP Routing•RFC1812GeneralRouting •RFC792ICMP •RFC1256ICMPRouterDiscoveryProtocol •RFC826ARP •RFC1027ProxyARP •StaticRoutes •RFC1058RIPv1 •RFC1723RIPv2withEqualCostMultipathLoadBalancing •RFC1812RIPRequirements •RFC1519CIDR •RFC2338VirtualRouterRedundancyProtocol(VRRP) •StandardACLs •DHCPServerRFC1541/RelayRFC2131
Extended IP Routing•RFC1583/RFC2328OSPFv2 •RFC1587OSPFv2NSSA •RFC1745OSPFInteractions •RFC1746OSPFInteractions •RFC1765OSPFDatabaseOverflow •RFC2154OSPFwithDigitalSignatures(Password&MD5) •OSPFwithMultipathSupport •OSPFPassiveInterfaces
•RFC2391LoadSharingusingNetworkAddressTranslation •ExtendedACLs •PolicyBasedRouting •RFC1112IGMP •RFC2236IGMPv2 •DVMRPv3-10 •RFC2361ProtocolIndependentMulticast-SparseMode
Network Security and Policy Management•802.1Xportbasedauthentication •Web-basedauthentication(PWA+) •MAC-basedauthentication •ConvergenceEndpointDiscoverywithDynamicPolicyMapping
(SiemensHFA,CiscoVoIP,H.323andSIP,LLDP-MED)•Multipleauthenticationtypesperportsimultaneously(802.1x,
MAC,PWA+)•MultipleauthenticatedUsersperportwithUniquePoliciesperUser/
endsystem(VLANassociationindependent)•RFC3580IEEE802.1RADIUSUsageGuidelines,withVLAN-to-Policy
Mapping&VLANassignmentviaauthentication•WormSuppression(FlowSet-UpThrottling)•BroadcastSuppression•ARPStormPrevention•MAC-to-PortLocking•SpanGuard(SpanningTreeProtection)•StatefulIntrusionDetectionSystemLoadBalancing•StatefulIntrusionPreventionSystemandFirewallLoadBalancing•BehavioralAnomalyDetection/FlowCollector(non-sampledNetflow
version5andversion9)•StaticMulticastGroupProvisioning•MulticastGroup,Sender,andReceiverPolicyControl•VLANTAGOverwrite
Class of Service•StrictPriorityQueuing•WeightedFairQueuingwithQueueBandwidthshaping•4/16TransmitQueuesperport(1000BaseXSFP)•4TransmitQueuesperport(10/100/1000)•16TransmitQueuesperport(10-GigabitEthernet)•Upto1024RateLimiters•PacketcountorBandwidth-basedRateLimiters.•IPToS/DSCPMarking/Remarking•802.1DPriority-to-TransmitQueueMapping
Standards and Protocols
Page 8
Management, Control, and Analysis•SNMPv1/v2c/v3•Web-basedManagementInterface•IndustryCommonCommandLineInterface•MultipleSoftwareImageSupportwithRevisionRollBack•Multi-configurationFileSupport•Editabletext-basedConfigurationFile•COMPortBootPromandImageDownloadviaZMODEM•TelnetServerandClient•SecureShell(SSHv2)•CabletronDiscoveryProtocol•CiscoDiscoveryProtocolv1/v2•IEEE802.1ABLLDP,TIA/ANSI1057LLDP-MED•Syslog•FTPClient•SimpleNetworkTimeProtocol(SNTP)•Netflowversion5andversion9•RFC3580VLANAuthorization•RFC2865RADIUS•RFC2866RADIUS Accounting•TACACS+forManagementAccessControl•ManagementVLAN•16Many-to-Oneport,One-to-ManyPorts,VLANMirrorSessions(64
whenDFEdeployedwithanN1/NSAChassis)
IETF and IEEE MIB Support•RFC1213&RFC2011IP-MIB•RFC1493BridgeMIB•RFC1659RS-232MIB•RFC1724RIPv2MIB•RFC1850OSPFMIB•RFC2012TCPMIB•RFC2013UDPMIB•RFC2096IPForwardingTableMIB•RFC2276SNMP-CommunityMIB•RFC2578SNMPv2SMI•RFC2579SNMPv2-TC•RFC2613SMONMIB•RFC2674802.1p/QMIB•RFC2737EntityMIB•RFC2787VRRPMIB•RFC2819RMONMIB(Groups1-9)•RFC2863IFMIB•RFC2864IFInvertedStackMIB•RFC2922PhysicalTopologyMIB•RFC3273HCRMONMIB•RFC3291INETAddressMIB•RFC3411SNMPFrameworkMIB
•RFC3412SNMP-MPDMIB•RFC3413SNMPv3Applications•RFC3414SNMPUser-BasedSMMIB•RFC3415SNMPView-BasedACMMIB•RFC3417SNMPv2-TM•RFC3418SNMPv2MIB•RFC3621PowerEthernetMIB•RFC3635EtherLikeMIB•RFC3636MAUMIB•IEEE802.3LAGMIB•IEEE802.1PAEMIB•RSTPMIB•USMTargetTagMIB•UBridgeMIB•Draft-ietf-idmr-dvmrp-v3-10MIB•Draft-ietf-pim-sm-v2-new-09MIB•SNMP-REARCHMIB•IANA-ADDRESS-FAMILY-NUMBERSMIB
Private MIBs•Ct-broadcastMIB•Ctron-CDPMIB•Ctron-ChassisMIB•Ctron-igmpMIB•Ctron-q-bridge-mib-extMIB•Ctron-rate-policyingMIB•Ctron-tx-queue-arbitrationMIB•Ctron-aliasMIB•Cisco-TCMIB•Cisco-CDPMIB•Cisco-netflowMIB•Enterasys-configuration-managementMIB•Enterasys-MAC-lockingMIB•Enterasys-convergence-endpointMIB•Enterasys-notification-authorizationMIB•Enterasys-netfowMIB•Enterasys-license-keyMIB•Enterasys-aaa-policyMIB•Enterasys-class-of-serviceMIB•Enterasys-multi-authMIB•Enterasys-mac-authenticationMIB•Enterasys-pwaMIB•Enterasys-upn-tcMIB•Enterasys-policy-profileMIB•Enterasys-flow-limitingMIB
Please refer to DFE release notes for a complete list of supported MIBs
Standards and Protocols (cont.)
Page 9
DDoS Attack ProtectionTested Against
•TCP/UDPPortScan •ChristmasTreeAttack •FraggleAttack •Fragmented&LargeICMP •ICMPFlood •InvalidICMPAttacks •ICMPRe-DirectAttack •LANd
•TCPSynFinAttack •TCPSynFlood •TearDropAttack •UDPPortFlood •InvalidUDPAttacks •InvalidIGMPAttacks •CiscoGlobalExploiter •ShadowcodeTTLAttack •NTPDoS •OpenTCPSessionAttacks •FloodTCPSession
Dimensions
NSA:8.81cm(3.48”)Hx144.46cm(17.62”)Wx51.92cm(20.44”)D
N1:8.81cm(3.48”)Hx144.46cm(17.62”)Wx51.92cm (20.44”)D
N3:35.56cm(14”)Hx49.53cm(19.5”)Wx44.45cm(17.5”)D
N5:58.67cm(23.1”)Hx44.45cm(17.5”)Wx47.5cm(18.7”)D
N7:77.47cm(30.5”)Hx36.83cm(14.5”)Wx44.04cm(17.34”)D
PoweroverEthernetPowerShelf:12.9cm(5.12”)Hx44.6cm(17.56”)Wx39.73cm(15.7”)D
Weight
NSA:6.36kg(14lbs)N1:6.36kg(14lbs)N3:19.1kg(42lbs)N5:27.2kg(60lbs)N7:23.6kg(52lbs)PoweroverEthernetPowerShelf:8.2kg(18lbs)
Rack Mounting
19”
Rack Unit HeightNSA:2N1:2N3:8N5:14N7:18PoweroverEthernetPowerShelf:3
Power Supply Redundancy
1+1
Power Supply Wattage
NSA:250wattsmaximumN1:250wattsmaximumN3:863wattsmaximumN5:1,200wattspersupplyN7:1,600wattspersupply
Power over Ethernet Power Shelf
N1,N3,andN7:ExternalviaN-POEN5:InternalPoEPowerSupply:1,200wattspersupplyMaximumPoEPower:4,800watts(4x1,200watts)
Input Frequency
Autoranging:50to60Hz
Input Voltage Range
Autoranging:100to125Vac,200to240Vac
Input Current
NSA:120V3.6Amps;240V1.6Amps
N1:120V3.6Amps;240V1.6Amps
N1:120V3.6Amps;240V1.6Amps
N3:120V12.0Amps;240V6.0Amps
N5:120V16.0Amps;240V8.0Amps
N7:DualInput:120V12.0Amps;240V6.0Amps
Minimum Power Supplies
One
Standards and Protocols (cont.)
Specifications
Physical Specifications
Page 10
Environmental Specifications
Operating Temperature
5°Cto+40°C(41°Fto104°F)
Storage Temperature
-30°Cto73°C(-22°Fto164°F)
Operating Humidity
5%–90%RH,non-condensing
Agency and Standards Specifications
Safety
UL60950,CSA60950,EN60950,EN60825,andIEC60950
Electromagnetic Compatibility
47CFRParts2and15,CSAC108.8,EN55022,EN55024,EN61000-3-2,EN61000-3-3,AS/NZSCISPR22,andVCCIV-3
MTBF (Calculated) Systems
NSA:>102,028hoursN1:>119,463hoursN3:>792,909hoursN5:>357,927hoursN7:>404,872hours
Ordering InformationPart Number Description
NSA
2G4072-52 NStandaloneserieswith48port10/100/1000Base-TXportsviaRJ45and41000Base-Xportsviamini-GBIC.Includesredundantinternalpower supplies.
N1
7C111 N1single-slotchassisincludingredundantACpowersuppliesandfans
2G4082-25-SYS N1systembundleincludes24port10/100/100andNetworkExpansionModuleslot
2G4082-25-SYS-U N1systembundleincludes24port10/100/100and6portMiniGBICNetworkExpansionModule
N3
7C103 N3Chassisandfantray
7C203-1 N3863-WattACpowersupply
7C403 FanunitforN3(spare)
N3-System N3systembundleincludingchassis,fantray,andonechassispowersupply(NorthAmericaonly)
N3-System-R N3systembundleincludingchassis,fantray,andtwochassispowersupplies(NorthAmericaonly)
N5
7C105-P N5ChassisandfantraywithintegratedPoEshelf
7C205-1 N51200-WattACpowersupply
7C405 FanunitforN5(spare)
N5-System N5systembundleincludingchassis,fantray,andonechassispowersupply(NorthAmericaonly)
N5-System-R N5systembundleincludingchassis,fantray,andtwochassispowersupplies(NorthAmericaonly)
N7
7C107 N7Chassisandfantray
6C207-3 N7/E71600-WattACpowersupplyincludestwo15Amppoweroutlets
6C407 FanunitforN7andE7(spare)
N7-System N7systembundleincludingchassis,fantray,andonechassispowersupply(NorthAmericaonly)
N7-System-R N7systembundleincludingchassis,fantray,andtwochassispowersupplies(NorthAmericaonly)
Power over Ethernet
N-POE PoweroverEthernetpowershelf(supportsfour1200-Wattpowersupplies)
N-POE-1200W 1200WattPoweroverEthernetpowersupplyforN5andN-POE
DFE-POE-CBL-2M N-POEtoDFEPoweroverEthernetcable—2Meters
Page 11
Formoreinformation,callEnterasysNetworkstollfreeat1-877-801-7082, or+1-978-684-1000andvisitusontheWebatenterasys.com
Contact Us
WarrantyThe Enterasys N-Series comes with a one year hardware warranty. Forfullwarrantytermsandconditionspleasegoto
http://www.enterasys.com/support/warranty.aspx.
Service and Support
Enterasys Networks provides comprehensive service offerings that range
fromProfessionalServicestodesign,deployandoptimizecustomer
networks,customizedtechnicaltraining,toserviceandsupporttailored
to individual customer needs. Please contact your Enterasys account
executiveformoreinformationaboutEnterasysServiceandSupport.
Additional Information
ForadditionalinformationonEnterasysN-Seriesvisit http://www.enterasys.com/products/switching/.
Notes
1. Please refer to DFE data sheets for information regarding connectivity modules 2. N1, N3, N5, and N7 chassis’ do not support 1st, 2nd, and 3rd generation modules 3. Basic EOS routing is included with each DFE; EOS supports static routing and RIP 4. Only one advanced routing license is required per chassis (N1,N3,N5,N7) 5. Advanced routing license included with Diamond DFEs 6. N-EOS-L3 includes support for OSPF, DVMRP and PIM-SM
Ordering Information (cont.)Part Number Description
Operating Software
N-EOS-L3 EnterasysOperatingSystem(EOS)Layer3routingandadvancedfeaturepackageforN-Series
N-EOS-PPC Enterasys Operating System (EOS) Platinum DFE port capacity increase key
N-EOS-PUC Enterasys Operating System (EOS) Platinum/Diamond extra user capacity activation key
N-EOS-RED Enterasys Operating System (EOS) 1+1 high availability upgrade for Gold DFEs
© 2009 Enterasys Networks, Inc. All rights reserved. Enterasys Networks reserves the right to change specifications without notice. Please contact your representative to confirm current specifications. Please visit http://www.enterasys.com/company/trademarks.aspx for trademark information.
03/09
PatentedInnovation
Delivering on our promises. On-time. On-budget.
DATA CENTER SOLUTIONS
For More Information:(866) 787-3271Sales@PTSdcs.com