Appearance of the S5348TP-PWR-SI
The chassis of the S5348TP-PWR-SI is 1 U (1 U = 44.45 mm) high and its dimensions are 442.0 mm x 420.0 mm x 43.6 mm (width x depth x height).
The two power supplies are on the left-rear side of the chassis, and the fan is at the middle-rear of the chassis.
- The S5348TP-PWR-SI uses the AC power supply.
- The 48 downlink electrical ports of the S5348TP-PWR-SI support PoE power supply. Each port provides a maximum of 30 W power. The PoE power supply complies with the IEEE 802.3at. The S5348TP-PWR-SI can provide the maximum power for at most 24 ports.
- The SCU provides one console port, one MEth port, forty-eight 10/100/1000BASE-T ports, four 100/1000BASE-X combo ports (multiplexed with the last four 10/100/1000BASE-T ports), and one USB port.
- The rear card slot supports the stack card.
- The S5300 provides the enhanced selective QinQ function to add outer VLAN tags to packets, without occupying ACL resources. The S5300 can map the CoS value in the inner VLAN tag of a packet to the outer VLAN tag or change the CoS value in the outer VLAN tag. In addition, the S5300 can flexibly mark the QoS classes of different services to carry various services.
- The S5300 supports IGMP snooping, IGMPv3 snooping, IGMP filter, IGMP fast leave, and IGMP proxy. The S5300 supports line-speed replication of multicast packets between VLANs, multicast load balancing among member interfaces of a trunk, and controllable multicast, meeting requirements for IPTV services and other multicast services.
- The S5300 provides the MCE function to isolate users of different VPNs on a device, thus ensuring the security of user data and reducing the investments of users.
- In addition to traditional STP, RSTP, and MSTP, the S5300 supports enhanced Ethernet technologies such as Smart Link and RRPP, implements millisecond-level protection switchover for links, and ensures the network quality. Smart Link and RRPP both support multi-instance to implement load balancing among links, further improving bandwidth usage.
- The S5300 supports E-Trunk. With this function, a CE can be dual-homed to two PEs through an E-Trunk. E-Trunk greatly enhances link reliability between devices and implements link aggregation and load balancing between devices. Reliability of access devices is thus improved.
- The S5300 supports SEP, a ring network protocol applied to the link layer of an Ethernet network. SEP is applicable to open ring networks and can be deployed on upper-layer aggregation devices to provide fast switchover within 50 ms without interrupting services. Huawei devices have implemented Ethernet link management through SEP. SEP features simplicity, high reliability, high switchover performance, convenient maintenance, and flexible topology and enables you to mange and plan networks conveniently.
- The S5300 supports dual power modules for backup, and supports AC power input and DC power input at the same time. Users can select the operation mode of the power supply module, that is, single power supply or dual power modules, which improves the reliability of devices. The S5300 EI series support VRRP, and can set up VRRP backup groups with other Layer 3 switches.
- The S5300 can set up the backup topology structure when faults occur and keeps the continuity and reliability of communications, which effectively ensures the stability of networks. Multiple equal-cost routes can be configured on the S5300 to implement uplink route redundancy. When the active uplink route is faulty, traffic is automatically switched to a standby route. Thus, multi-level backup is implemented for uplink routes.
- The S5300 supports BFD and provides millisecond-level detection for protocols such as OSPF, IS-IS, VRRP, and PIM to improve network reliability. Conforming to IEEE 802.3ah and 802.1ag, the S5300 supports point-topoint Ethernet fault management. It can detect faults in the last mile of a direct link on the user side. Ethernet OAM improves network management and maintenance capabilities on Ethernet and guarantees the stability of networks.
- The S5300 can implement complex traffic classification based on the information such as the quintuple information, IP preference, ToS, DSCP, IP protocol type, ICMP type, TCP source interface, VLAN ID, the protocol type of an Ethernet frame, and CoS. The S5300 supports inbound and outbound ACLs. The S5300 supports the flow-based two rate and three color CAR. Each interface supports eight priority queues and multiple queue scheduling algorithms such as WRR, DRR, SP, WRR+SP, and DRR+SP, which effectively ensures the quality of voice, video and data services.
- The S5300 provides multiple security measures to protect information security. It can defend against DoS attacks, attacks to networks, and attacks to users. DoS attacks include SYN Flood attacks, Land attacks, Smurf attacks, and ICMP Flood attacks. Attacks to networks refer to STP BPDU/root attacks. Attacks to users include bogus DHCP serer attacks, man-in-the-middle attacks, IP/MAC spoofing attacks, DHCP request flood attacks, and DoS attacks that change the CHADDR values of packets.
- The S5300 listens to information about the MAC or IP address of an access user, lease, VLAN ID, and interface by establishing and maintaining a DHCP snooping binding table. In this manner, the problem of locating IP addresses and interfaces of DHCP users is solved. The S5300 directly discards invalid packets that do not match binding entries, such as ARP spoofing packets and packets with tampered IP addresses, to prevent man-in-themiddle attacks to campus networks that hackers initiate by using ARP packets. The trusted interface can also be configured to ensure validity of the DHCP server.
- The S5300 supports strict learning of ARP entries to prevent ARP spoofing attackers from exhausting ARP entries so that users can access the Internet normally. It also supports IP source check to prevent DoS attacks caused by MAC address spoofing, IP address spoofing, and MAC/IP spoofing. User information such as the user name, IP address, MAC address, VLAN, access interface, and flag indicating whether anti-virus software is installed on the client can be bound statically or dynamically, and policies (VLAN, QoS, ACL) can be delivered dynamically.
- The S5300 can limit the number of MAC addresses learned on an interface to prevent attackers from exhausting MAC address entries by using bogus source MAC address. In this way, MAC addresses of normal users can be learned and flooding is prevented.
- The S5300 supports automatic configuration, plug-and-play, deployment through USB interfaces, and batch remote upgrade. Upgrade and service delivery of the S5300 can be completed at one time, which simplifies management and performance in the future. The maintenance costs are thus greatly reduced. The S5300 supports diversified management and maintenance modes such as SNMPv1/v2/v3, CLI, Web network management, and HGMP, which makes device management more flexible. In addition, the S5300 supports NTP, SSHv2.0, TACACS+, RMON, multi-log host, interface-based traffic statistics, and NQA, which helps to better plan and adjust networks.
- The S5300 can use PoE power modules with different power levels to provide the PoE function. Powered devices (PDs) such as IP Phone, WLAN AP, Security, and Buletooth AP can be connected to the S5300 through ethernet cable. The S5300 provides –48V DC power for the connected PDs. As the power sourcing equipment (PSE), the S5300 complies with IEEE 802.3af and 802.3at (PoE+) and is compatible with PDs that are incompatible with 802.3af or 802.3at. Each port provides a maximum power of 30 W, complying with IEEE 802.3at. The PoE+ function increases the maximum power of each port and implements intelligent power management in highpower applications, which helps you use PDs conveniently. In addition, the S5300 can work in power-saving mode. The S5300 PWR series support improved PoE solutions and you can determine whether a PoE port provides power and the time a PoE port provides power.
- The S5300 series switches support iStack. Multiple S5300s start to construct a virtual chassis-shaped structure immediately after stacking cables are connected. Stack members are classified into master, slave, and backup switches. The backup switch reduces the duration of service interruption when the master switch fails. The S5300 supports intelligent upgrade. Therefore, the software version of a new switch does not need to be changed when it is added to a stack. The stacking technology enables you to connect multiple switches through cables to expand the system capacity and manage switches in a stack by using a single IP address, which greatly reduces costs of system expansion, operation, and maintenance. Compared with traditional networking technologies, the iStack stacking technology has advantages in extensibility, reliability, and system architecture.
- The S5300 supports GVRP, which dynamically assigns, registers, and propagates VLAN attributes to reduce the network administrator's workload and ensure correct configuration of VLANs. The GVRP technology implements dynamic configuration of VLANs. On a complicated network, GVRP can simplify VLAN configuration and reduce network communication faults caused by incorrect configuration of VLANs
- The S5300 supports MUX VLAN. The MUX VLAN function is used to isolate Layer 2 traffic between interfaces on a VLAN. Subordinate VLANs can communicate with the MUX VLAN but cannot communicate with each other. MUX VLAN is usually applied to enterprise intranets. With this function, a user interface can communicate with a server interface but cannot communicate with other user interfaces. MUX VLAN prevents communication between network devices connected to some interfaces or interface group but allows these devices to communicate with the default gateway.
- The S5300 provides dual protocol stacks and supports smooth upgrade. The S5300 hardware supports the IPv6/ IPv6 dual stack, IPv6 over IPv4 tunnels (including manual tunnels, 6to4 tunnels, and ISATAP tunnels), and Layer 3 line-speed forwarding. Therefore, the S5300 can be deployed on IPv4 networks, IPv6 networks, and networks that run both IPv4 and IPv6. This makes networking flexible and enables a network to migrate from IPv4 to IPv6.
FSD Park II. 2.emelet