GS-2224L, a 24-port Gigabit L2 Plus Managed Switch, is a standard switch that meets all IEEE 802.3/u/x/z Gigabit, Fast Ethernet specifications. The switch includes 20-Port 10/100/1000Mbps TP and 4-Port Gigabit TP/SFP Fiber dual media management Ethernet switch. The switch can be managed through RS-232 serial port, or through Ethernet port using CLI or Web-based management unit, associated with SNMP agent. With the SNMP agent, the network administrator can logon the switch to monitor, configure and control each port’s activity in a friendly way. The overall network management is enhanced and the network efficiency is also improved to accommodate high bandwidth applications. In addition, the switch features comprehensive and useful functions DHCP Snooping (Including Option 82), QoS (Quality of Service), Spanning Tree, RSTP/MSTP, VLAN, Port Trunking, Bandwidth Control, Port Security, SNMP/RMON, LLDP and IGMPv3 Snooping capability via the intelligent software. It is suitable for both Metro-LAN and office applications. Others the switch increase support the Power saving for reduce the power consumption. It could efficient saving the switch power with auto detect the client idle and cable length to provide different power.
n 4 dual media for flexible fiber connection
Aftur í vörur Panta vöru
n Support Jumbo Frame size up to 9KB
n IEEE 802.1x Access Control improves network security
n Port Mirroring helps supervisor monitoring network
n Support Q-in-Q(Double-tag)
n IEEE802.1q tag-base VLAN, 4094 entries and port-base VLAN
n IEEE 802.1d Compatible, 802.1w Rapid Spanning Tree and 802.1s Multiple Spanning Tree
n Unknown Unicast/Broadcast/Multicast storm control
n Multicast VLAN Registration for IPTV
n IP-MAC-Port binding for LAN security
n Support QoS (QCL/QCE) for traffic control
n ACL Based on Ethernet Type / ARP / IPv4 for packets permit or deny, rate limitation and port copy
n DHCP Snooping (Including DHCP Option 82)
n Support IGMPv3 snooping and IGMP proxy(*)
n Support ACLs (Access Control List) for performance & security
n SSH/SSL/TACACS+/RADIUS (Optional for project requirement) for security network management
n Support “power saving” for Green Ethernet requirement
n Support LLDP (Link Layer Discovery Protocol) provides a standards-based method for enabling switches to advertise themselves.
QoS with four priority queues
The QoS(Quality Of Service) feature provides four internal queues to support four different classifications of traffic. High priority packet streams experience less delay inside the switch, which supports lower latency for certain delay-sensitive traffic. The GS-2224L can classify the packet as one of the four priorities according to vip port, 802.1p priority tag, DiffServ. The QoS operates at full wire speed. The actual scheduling at each egress port can be based upon a strict priority, weighted round robin.
This mechanism helps track network errors or abnormal packet transmission without interrupting the flow of data, allowing ingress traffic to be monitored by a single port that is defined as mirror capture port. The mirror capture port can be any 10/100/1000 port. Mirroring multiple ports is possible but can create congestion at the mirror capture port.
Q-in-Q VLAN for performance & security
The Q-in-Q (Double-Tag)VLAN feature in the switch offers the benefits of both security and performance. VLAN is used to isolate traffic between different users and thus provides better security. Limiting the broadcast traffic to within the same VLAN broadcast domain also enhances performance and use of double VLAN tags.
Isolated Group, provides protection for certain ports
The isolated group feature allows certain ports to be designated as protected. All other ports are non-isolated. Traffic between isolated group members is blocked. Traffic can only be sent from isolated group to non-isolated group.
Mac-based 802.3ad LACP with automatic link fail-over
Dynamic fail-over means packets will not get assigned to any trunk member port that has failed. If one of the ports were to fail, traffic will automatically get distributed to the remaining active ports.
802.1x Access Control improves network security
802.1x features enable user authentication for each network access attempt. Port security features allow you to limit the number of MAC addresses per port in order to control the number of stations for each port. Static MAC addresses can be defined for each port to ensure only registered machines are allowed to access. By enabling both of these features, you can establish an access mechanism based on user and machine identities, as well as control the number of access stations.
802.1d Compatible & 802.1w Rapid Spanning Tree & 802.1s Multiple Spanning Tree
For mission critical environments with multiple switches supporting STP, you can configure the switches with a redundant backup bridge path, so transmission and reception of packets can be guaranteed in event of any fail-over switch on the network.
MSTP is according to IEEE 802.1Q 2005 Clause 13 – Multiple Spanning Tree Protocol. MSTP allows frames assigned to different VLANs to follow separate paths, each based on an independent Multiple Spanning Tree Instance (MSTI), within Multiple Spanning Tree (MST) Regions composed of LANs and or MST Bridges.
DHCP Snooping (Including DHCP Option 82)
This DHCP Snooping enables the Dynamic Host Configuration Protocol (DHCP) relay agent information (option 82) was included in the feature. To include information about itself and the attached client when forwarding DHCP requests from a DHCP client to a DHCP server via Trust Port. The DHCP server can use this information to assign IP addresses、gateway、subnet mask、DNS for each subscriber of a service-provider network. The DHCP Snooping is using Trust Port and Trust DHCP Server IP Address to filter the illegal DHCP server traffic.
By default, layer 2 Ethernet switches treat IP multicast traffic in the same manner as broadcast traffic – namely, by forwarding frames received on one interface to all other interfaces. This may create excessive traffic on the network and degrade the performance of hosts attached to the switches. The IGMPv3 snooping can significantly reduce traffic from streaming media and other bandwidth-intensive IP multicast applications.
The IGMP proxy and IGMPv3 Snooping is the same functional target, but mechanism has some thing different as below:
1. IGMP Proxy can send v1/v2 IGMP query together.
2. IGMP Proxy supports General Query Mac Response Timeout for checking the „client alive status“ and speed up the convergence of multicast group member.
3. IGMP Proxy provides Specific (Last member) Query to check (can be multiple times) whether other members interest in the same multicast group exist when the port receives IGMP leave.
4. IGMP Proxy checks (can be multiple times) the latest status of the group member by scheduled polling from General/Specific Query. It avoids instant port link-down that makes the members to be removed from multicast group.
The IGMP Proxy is providing better performance than IGMPv3 Snooping for IGMP join and leave message exchange in the switch.
4 dual media ports for flexible fiber connection
4-Port 21,22,23,24 dual media ports are provided for flexible fiber connection. You can select to install optional transceiver modules in these slots for short, medium or long distance fiber backbone attachment. Use of the SFP will disable their corresponding built-in 10/100/1000Base-T connections.
Multicast VLAN Registration (MVR) can support carrier to serve content provider using multicast for Video streaming application in the network. Each content provider Video streaming has a dedicated multicast VLAN. The MVR routes packets received in a multicast source VLAN to one or more receive VLANs. Clients are in the receive VLANs and the multicast server is in the source VLAN.
Broadcast/Multicast/Unknown-Unicast Storm Control
To limit too many broadcast/multicast/unknown-unicast flooding in the network, broadcast/multicast storm control is used to restrict excess traffic. Threshold values are available to control the rate limit for each port. Packets are discarded if the count exceeds the configured upper threshold.
The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. Binding these two address types together allows the transmission of data between the layers. The primary purpose of IP-MAC binding is to restrict the access to a switch to a number of authorized users. Only the authorized client can access the Switch’s port by checking the pair of IP-MAC Addresses and port number with the pre-configured database. If an unauthorized user tries to access an IP-MAC binding enabled port, the system will block the access by dropping its packet.
Access Control List (ACL)
The ACLs are divided into EtherTypes. IPv4, ARP protocol, MAC and VLAN parameters etc. Here we will just go over the standard and extended access lists for TCP/IP. As you create ACEs for ingress classification, you can assign a policy for each port, the policy number is 1-8, however, each policy can be applied to any port. This makes it very easy to determine what type of ACL policy you will be working with.
SSL and SSH for secure Management (Optional by Project requirement)
Secure Sockets Layer (SSL) supports the encryption for all HTTP traffic, allowing secure access to the browser-based management GUI in the switch. And Secure Shell (SSH) which supports the encryption for all transmitted data for secure, remote command-line interface (CLI) access over IP networks
TACACS+ for Management Authentication (Optional by Project requirement)
The switch supports the TACACS+ authentication for secure switch CLI Logon. It provides more secure authentication for management.
LLDP (IEEE 802.1AB Link Layer Discovery Protocol)
The switch supports the LLDP that automated device discovery protocol for easy mapping by network management applications.
The power saving provide detection the client idle and cable length to provides the different power. It could efficient to save the switch power and reduce the power consumption.
n Standard compliance
n IEEE 802.3 10Base-T Ethernet (Twisted-pair Copper)
n IEEE 802.3u 100Base-TX Ethernet (Twisted-pair Copper)
n IEEE 802.3ab 1000Base-TX Ethernet (Twisted-pair Copper)
n IEEE 802.3z 1000Base-X Ethernet
n IEEE 802.3x Flow Control Capability
n ANSI/IEEE 802.3 Auto-negotiation
n IEEE 802.1q VLAN
n IEEE 802.1p Class of Service
n IEEE 802.1x Access Control
n IEEE 802.1d Spanning Tree
n IEEE 802.1w Rapid Spanning Tree
n IEEE 802.1s Multiple Spanning Tree
n IEEE 802.3ad Link Aggregation Control Protocol (LACP)
n RoHS Compliance
n Power Saving for green ethernet Requirement
n LLDP automated device discovery protocol for easy mapping by network management applications
n Switching capacity:
n 24 Gigabit Ethernet ports with non-blocking wise speed performance.
n 48Gbps switch capacity
n 8K MAC addresses
n Supports Jumbo frame up to 9K
n Unknown Unicast/Broadcast/Multicast Storm Suppression
n Port Mirroring
n Port-base VLAN
n IEEE802.1q tag-base VLAN, up to 4k active VLANs
n Support the Q-in-Q (Double-tag)
n Support MVR (Multicast VLAN Registration)QoS
n Supports Port Based, 802.1p and Diffserv (IPv4 ) QoS packet classification
n Supports two scheduling, WRR and Strict
n Supports 802.1p QoS with four level priority queue
n Bandwidth Control
n Supports bandwidth rating per port ingress and egress rate limit 500Kbps~1000Mbps with 1Kbps
n VSM (Virtual Stacking Management):
n Up to 16 switches can be managed via Single IP limited to any specific Ruby-Tech models.
n Virtual stacking, no extra stacking hardware is required
n Distributed stacking, no physical central wiring closet is needed
n Port trunking with 12 trunking group
n Up to 16 ports for each group.
n 802.1q with GVRP/ GARP
n Supports IGMPv3 snooping including active and passive mode
n Supports IGMP proxy including active and passive mode
n Network Security
n 802.1x access control for port based and MAC based authentication
n Management Access Policy Control
n Access Control List
n IP-MAC-Port binding
n DHCP Snooping (Including DHCP Option 82)
n SSL/ SSH for Management (Optional by Project Requirement)
n TACACS+ for Management Authentication (Optional by Project Requirement)
n Snmpv1,v2c Network Management
■ RFC 1213 MIB (MIB-II)
■ RFC 1757 RMON MIB
■ Interface MIB
■ Statistics Group 1
■ Address Translation MIB
■ History Group 2
■ IP MIB
■ Alarm Group 3
■ ICMP MIB
■ Event Group 9
■ TCP MIB
■ RFC 1493 Bridge MIB
■ UDP MIB
■ RFC 1643 Ethernet MIB
■ SNMP MIB
■ Enterprise MIB