h3c s3100 ei intelligent secure switches content
play

H3C S3100-EI Intelligent Secure Switches Content Introduction - PowerPoint PPT Presentation

Aug 18, 2023 •320 likes •553 views

H3C S3100-EI Intelligent Secure Switches Content Introduction Highlight Features Typical Solutions www.h3c.com.cn 2 Content Introduction Highlight Features Typical Solutions www.h3c.com.cn 3 Hardware Specification

  1. H3C S3100-EI Intelligent Secure Switches

  2. Content  Introduction  Highlight Features  Typical Solutions www.h3c.com.cn 2

  3. Content  Introduction  Highlight Features  Typical Solutions www.h3c.com.cn 3

  4. Hardware Specification S3100-26TP-EI S3100-16TP-EI S3100-8TP-EI S3100-26TP-PWR-EI S3100-16TP-PWR-EI S3100-8TP-PWR-EI Highlights  8/16/24 * 10/100Base-TX (PoE) + 1/2 * 10/100/1000Base-T and 2 * 1000Base-SFP  Switch Capacity: up to 17.6Gbps / Throughput 13.1Mpps  Full wire speed FE ports and GE uplink  PoE www.h3c.com.cn 4

  5. Content  Introduction  Highlight Features  Typical Solutions www.h3c.com.cn 5

  6. Highlights of S3100-EI  Up to 17.6Gbps witching fabric Performance  Up to 6.55Mpps  8K MAC  4K VLAN  VLAN and port based ACL Security  ARP detection  Port security  IP source guard  DHCP snooping trust  Smart link Availability  Power over Ethernet  Voice VLAN  SNMPv1/v2/v3 Management  IPv6 host S3100-EI & Maintenance  RSPAN  VCT, DLDP  LDT www.h3c.com.cn 6

  7. ARP Spoofing ARP Spoofing – How to attack How to attack Devi evice ce A ARP table ARP table IP :10 IP :10.1.1.1 MAC MAC IP IP MAC A:0002: 02:554 5547:b 7:bc34 c34 0009:6b71:877e 9:6b71:877e 10.1.1.20 1.1.20 0010:a4aa:36db 0:a4aa:36db 10.1.1.50 1.1.50 0009:6b71:877e 9:6b71:877e 10.1.1.50 1.1.50 Fr Free ARP ARP 10.1. 1.1.5 1.50=M 0=MAC B AC B Devi evice ce B B IP : :10.1 .1.1. .1.50 50 Devi evice ce C MAC C:0010: 10:a4a a4aa:3 a:36db 6db IP : :10.1 .1.1. .1.20 20 MAC B:0009: 09:6b7 6b71:8 1:877e 77e Fr Free ARP ARP ARP table ARP table 10.1. 1.1.1 1.1=MA =MAC B C B ARP table ARP table MAC MAC IP IP MAC MAC IP IP 0009:6b71:877e 9:6b71:877e 10.1.1.20 1.1.20 图例: 0002:5547:bc34 2:5547:bc34 10.1.1.1 1.1.1 0002:5547:bc34 2:5547:bc34 10.1.1.1 1.1.1 Normal flow 0010:a4aa:36db 0:a4aa:36db 10.1.1.50 1.1.50 0009:6b71:877e 9:6b71:877e 10.1.1.1 1.1.1 Attacked flow www.h3c.com.cn 7

  8. How To How To Anti Anti ARP Spoofing ARP Spoofing Gatew eway 1 ay 10.1.1 1.1.1 .1  DHCP Snooping DHCP Snooping MAC AC A Create dynamic binding table of MAC+IP+Port+VLAN Detect if the De if the ARP ARP  ARP ARP Intrusion Detection Intrusion Detection pack acket et match tch with th Fr Free ARP ARP DHCP HCP bind nding ng table ble Detect the ARP packet if match with 10.1. 1.1.5 1.50=M 0=MAC B AC B binding table; if no, discard the NO! NO! packet to anti ARP spoofing  ARP Packet Rate Limit ARP Packet Rate Limit ARP RP rate l te limi mit Limit ARP packet rate on the ports in order to protect CPU from the massive abnormal packets Only Only ARP ARP Intrusio Intrusion Detectio n Detection n Free ARP Fr ARP can solve the problem can solve the problem of of ARP ARP 10.1. 1.1.1 1.1=MA =MAC B C B Spoofing Spoofi ng Atta ttack cker 1 r 10.1 .1.1 .1.20 20 Vict ictim im 10.1. .1.1.5 .50 MAC AC B MAC AC C www.h3c.com.cn 8

  9. VLAN Based ACL  Traditional ACL policy is configured based on port, so users have to configure ACL policy on all ports one by one;  S5500-EI supports VLAN based ACL policy. Therefore users can define ACL policy easily and flexibly VLAN based ACL VLAN based ACL Traditional port based ACL: # # Interface Port 1> Vlan 100> Deny ftp Deny ftp Permit any Permit any # # Interface Port 2> Deny ftp Permit any # Interface Port 3> Deny ftp Permit any # Interface Port 3> Deny ftp Permit any # … www.h3c.com.cn 9

  10. EAD solves end use secure access problems What can Are you you do? secure? Identity Security Dynamic Authentication Authentication Authorization Access Qualified User Legal User Request Enterprise Network Unqualified Deny Different user user is directed Invalid user has different to isolation access right zone Who are What are Isolation Zone you? you doing? Reinforcement Activity Audit www.h3c.com.cn 10

  11. EAD Basic Function Inspect end point security status and defense ability OS version, Hot Fix, Virus check; Enhanced Identity Guarantee user End point Antivirus software version, Shared Folder check; Authentication (user security & Security Virus Definition; Screen saver pwd check; name, password, IP, defense ability Inspection Unqualified software MAC binding) installation & execution; Isolate those not complying with security policy Prevent cross Stop invalid user through 802.1x, Portal authentication Unqualified infection Limit user access authority by VLAN, ACL restriction User Isolate end user who does not update system patch or virus definition & virus Isolation Isolate end user who install, run unqualified software outbreak Force repair of system patch & update antivirus software Enhance System immunity Notify and assist user to repair system hole Security Security policy Implement & Increase Automated or compulsory manual system patch or virus definition update Reinforcement security www.h3c.com.cn 11

  12. Smart Link B S7800 Backup Link Active Link S7800 Blocking Metro Ethernet DSLAM I P/ MPLS Core Network A LSW Blocking CE Backup Link Active Link S7800 C AMG  Suitable for dual uplink circumstances, better than Spanning tree technology for brings higher reliability to the network;  Working in the active/standby mode, once active link gets failed, standby link will be enabled, and the recovery time is less than 50ms; www.h3c.com.cn 12

  13. VCT – Virtual Cable Test S5500-EI VCT (Virtual Cable Test) testing items include: whether short or open circuit exists in the Rx/Tx direction of the cable, and what is the length of the cable in normal X status or the length from the port to the fault point of the cable. S3100 [S5500-Ethernet0/4]virtual-cable-test Cable pair: RX Status:Open Cable Error lenth:5 metres Cable pair: TX Status:Open Cable Error lenth:5 metres www.h3c.com.cn 13

  14. LDT: Loopback Detection [S5500-EI]loopback-detection enable [S5500-EI]display loopback-detection Port loopback-detection is running System Loopback-detection is running Loopback Detection is Detection interval time is 30 seconds used to monitoring the Loopback link is Dectected The Loopback link is Port 3 network to avoid loop, which may bring broadcast storm to influence the common network application www.h3c.com.cn 14

  15. Remote Remote Switch Port Switch Port Analysis Analysis ( RS RSPAN PAN ) Application s lication server f er farm Remote mirroring Remote mirroring Port Port NetStream NetStream Local mirroring port Local mirroring port Module Module Sour ource ce port rt Local mirror Local mirror RSPAN c RSPAN can realize an realize port mirroring across port mirroring across devices; working with devices; working with Netstream Netstream module, i module, it can t can realize the traffic analysis realize the traffic analysis and monitoring of and monitoring of the whole the whole network network www.h3c.com.cn 15

  16. Power Over Ethernet (POE) S5500-EI can provide power to those powered devices including wireless AP, IP Phone, web camera over the unified Ethernet.  Support IEEE 802.3af standard, providing maximum 15.4w to each port  Support THREE levels of power provide: critical/high/low  Equipped with 370w high power supply to cover maximum 24 ports powered devices S5500-EI PD switch AP Power over Ethernet PD : Powered Device AP: Access Point www.h3c.com.cn 16

  17. Voice VLAN 1. Mac address 00E0-BB00-0000 mask ffff-ff00-0000 2. Ah! It is an IP Phone of Vendor A, B, C……( Totally, 16 Vendors) 3. Put the traffic from IP Phone into Voice VLAN automatically 4. Other traffic will be processed with lower priority Voice Queue Data Queue 1 Voice Data Data Queue 2 Other Data Benefits: ✔ Guarantee the QoS of voice data ✔ Improve the security www.h3c.com.cn 17

  18. RoHS Product H3C always pa H3C always pay great inves y great investment on the tment on the R&D and even R&D and even the advanced the advanced manufacture t manufacture technology as echnology as well. well. H3C S3100-EI H3C S3100 EI ’ s whole s whole design and manufacturing design and manufacturing process complied to process complied to RoHS standard RoHS standard released by released by European gove European government, there rnment, therefore, it is fore, it is an a an absolutely bsolutely GREEN product which won GREEN product which won ’ t pollute t pollute the environment. the environment. RoHS ( The Restriction of the use of certain Hazardous substances in Electnical and Electronic Equipment ) www.h3c.com.cn 18

  19. Content  Introduction  Highlight Features  Typical Solutions www.h3c.com.cn 19

  20. Edge of Campus Network S9500/S7500E/S7500 S5500 S5500 S5500 S3100-EI S3100-EI S3100-EI www.h3c.com.cn 20

  21. Core of Mid-to-small sized Network Server Farm CAMS NMS GE S5500-EI S5500-EI Firewall 10 GE S5500-SI S5500-SI S5500-SI S5500-SI S5100-SI S5100-SI GE PoE PoE GE GE GE PoE GE GE GE GE PoE PoE GE GE www.h3c.com.cn 21

Recommend

SERIES 500 SWITCHES SLIDE SWITCHES SWITCHES TACT SPECIFICATIONS Contact Rating: Gold, 0.4 VA

SERIES 500 SWITCHES SLIDE SWITCHES SWITCHES TACT SPECIFICATIONS Contact Rating: Gold, 0.4 VA

SERIES 500 SWITCHES SLIDE SWITCHES SWITCHES TACT SPECIFICATIONS Contact Rating: Gold, 0.4 VA @ 20 VAC or DC NAVIGATION SWITCHES Silver, 5A @ 120 VAC, 2A @ 250 VAC Life Expectancy: 50,000 make-and-break cycles at full load Contact

575 views • 23 slides
AI-synthesized content 'Deepfakes': Challenges for news and content providers Im not

AI-synthesized content 'Deepfakes': Challenges for news and content providers Im not

AI-synthesized content 'Deepfakes': Challenges for news and content providers Im not artificial! - Am I intelligent? First: I need to understand - then Im intelligent. Michael Coldewey, February 19th, 2020 Almost all my life,

272 views • 14 slides
H3C S3600 Series Switches Agenda Market Trends S3600 Overview S3600 Key Features V1. V1.5 New

H3C S3600 Series Switches Agenda Market Trends S3600 Overview S3600 Key Features V1. V1.5 New

H3C S3600 Series Switches Agenda Market Trends S3600 Overview S3600 Key Features V1. V1.5 New New Feat Feature IRF IRF RPS10 S1000 00-A Featu ature S re Summar mary End-to-End Intelligent Solution Summary www.h3c.com.cn 2

502 views • 48 slides
1 AGENDA Limit Switches Production Overview Standards Overview Limit switches

1 AGENDA Limit Switches Production Overview Standards Overview Limit switches

1 AGENDA Limit Switches Production Overview Standards Overview Limit switches part and code creation Materials, cable inlets, connections Contact blocks features Label information How to read a diagram

1.03k views • 48 slides
Enterprise 2.0 Secure Cloud Mail and Content Collaboration

Enterprise 2.0 Secure Cloud Mail and Content Collaboration

Use Case Sharing: Enterprise 2.0 Secure Cloud Mail and Content Collaboration Market Development Director / Andy Lin Secure Mail & Collaboration Solution Provider 4 5 On-Premise Cloud OEM Cloud

657 views • 32 slides
ETHERNET (Functions, Standards, Hubs, Bridges, Switches, Segments & Frames) ECE 422

ETHERNET (Functions, Standards, Hubs, Bridges, Switches, Segments & Frames) ECE 422

ETHERNET (Functions, Standards, Hubs, Bridges, Switches, Segments & Frames) ECE 422 Thursday, 18 August 2016 WHERE ARE WE IN THE SYLLABUS Course Content: Introduction: Overview of Data Communications and Networking. Physical Layer:

495 views • 25 slides
H3C S5500-EI 10G IPv6 Switches Content Introduction Highlight Features Typical

H3C S5500-EI 10G IPv6 Switches Content Introduction Highlight Features Typical

H3C S5500-EI 10G IPv6 Switches Content Introduction Highlight Features Typical Solutions www.h3c.com.cn 2 Content Introduction Highlight Features Typical Solutions www.h3c.com.cn 3 Hardware Specification S5500-28C-SI

431 views • 29 slides
Sit somewhere new! Find the 82 resistors in your kit (gray-red-black). Pull out both switches

Sit somewhere new! Find the 82 resistors in your kit (gray-red-black). Pull out both switches

Sit somewhere new! Find the 82 resistors in your kit (gray-red-black). Pull out both switches and an LED Unwrap your medium or large breadboard ENGR 40M, Lecture 6: Switches, logic, and truth tables Steven Bell 7 July 2016 By the end of

302 views • 15 slides
Principles for secure implementation Some of the slides and content are from Mike Hicks

Principles for secure implementation Some of the slides and content are from Mike Hicks

Principles for secure implementation Some of the slides and content are from Mike Hicks Coursera course Trusted computing bases Every system has a TCB Your reference monitor Compiler OS CPU Memory Keyboard..

1.61k views • 143 slides
Principles for secure design Some of the slides and content are from Mike Hicks Coursera

Principles for secure design Some of the slides and content are from Mike Hicks Coursera

Principles for secure design Some of the slides and content are from Mike Hicks Coursera course Making secure software Making secure software Flawed approach : Design and build software, and ignore security at first Add security once

1.27k views • 109 slides
ETHERNET (Functions, Standards, Hubs, Bridges, Switches, Segments & Frames) ECE 422 Data

ETHERNET (Functions, Standards, Hubs, Bridges, Switches, Segments & Frames) ECE 422 Data

ETHERNET (Functions, Standards, Hubs, Bridges, Switches, Segments & Frames) ECE 422 Data Communication & Computer Networks Wednesday, 19 February 2020 WHERE ARE WE IN THE SYLLABUS Course Content: Introduction: Overview of Data

638 views • 28 slides
PLANING CRITERIA TO LOCATE SWITCHES IN DISTRIBUTION SYSTEMS Juan M. Gers, PhD Cuernavaca, Mexico

PLANING CRITERIA TO LOCATE SWITCHES IN DISTRIBUTION SYSTEMS Juan M. Gers, PhD Cuernavaca, Mexico

PLANING CRITERIA TO LOCATE SWITCHES IN DISTRIBUTION SYSTEMS Juan M. Gers, PhD Cuernavaca, Mexico September 19 th , 2018 Content Introduction to Smart Grids and SGMM Optimal Topology Switch Location Feeder Reconfiguration

453 views • 34 slides
Principles for secure design Some of the slides and content are from Mike Hicks Coursera

Principles for secure design Some of the slides and content are from Mike Hicks Coursera

Principles for secure design Some of the slides and content are from Mike Hicks Coursera course Making secure software Flawed approach : Design and build software, and ignore security at first Add security once the functional

830 views • 70 slides
Principles for secure design Some of the slides and content are from Mike Hicks Coursera

Principles for secure design Some of the slides and content are from Mike Hicks Coursera

Principles for secure design Some of the slides and content are from Mike Hicks Coursera course Making secure software Flawed approach : Design and build software, and ignore security at first Add security once the functional

2.04k views • 152 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
CS 528 Mobile and Ubiquitous Computing Lecture 10a: Attention, Boredom, Intelligent

CS 528 Mobile and Ubiquitous Computing Lecture 10a: Attention, Boredom, Intelligent

CS 528 Mobile and Ubiquitous Computing Lecture 10a: Attention, Boredom, Intelligent Notifications, Smartphone Overuse Emmanuel Agu Designing Content-Driven Intelligent Notification Mechanisms , Mehrota et al, Ubicomp 2015 Notifications Galore!

594 views • 46 slides
Designing Content-driven Intelligent No2fica2on Mechanisms for

Designing Content-driven Intelligent No2fica2on Mechanisms for

Designing Content-driven Intelligent No2fica2on Mechanisms for Mobile Applica2ons Abhinav Mehrotra Mirco Musolesi University College London University College London

265 views • 22 slides
AN INTELLIGENT EDUCATION SYSTEM AND CONTENT PROVIDER 1 SECTIONS CORPORATE OVERVIEW Introduction

AN INTELLIGENT EDUCATION SYSTEM AND CONTENT PROVIDER 1 SECTIONS CORPORATE OVERVIEW Introduction

CHINA EDUCATION RESOURCES INC. PRESENTATION AN INTELLIGENT EDUCATION SYSTEM AND CONTENT PROVIDER 1 SECTIONS CORPORATE OVERVIEW Introduction Section 1 PROGRESS TO DATE BACKGROUND TEXTBOOK PUBLISHING OVERVIEW HIGHLIGHTS AND MILESTONES

446 views • 23 slides
Microprocessors & Interfacing Input switches Basics of switches Keypads

Microprocessors & Interfacing Input switches Basics of switches Keypads

Lecture Overview Input devices Microprocessors & Interfacing Input switches Basics of switches Keypads Input/Output Devices Output devices LCD Lecturer : Dr. Annie Guo S2, 2008 COMP9032 Week8 1 S2, 2008

487 views • 13 slides
Using CPU as a Traffic Co-processing Unit in Commodity Switches Guohan Lu , Rui Miao + , Yongqiang

Using CPU as a Traffic Co-processing Unit in Commodity Switches Guohan Lu , Rui Miao + , Yongqiang

Using CPU as a Traffic Co-processing Unit in Commodity Switches Guohan Lu , Rui Miao + , Yongqiang Xiong and Chuanxiong Guo Microsoft Research Asia + Tsinghua University Background Commodity switches are the basic building blocks in

178 views • 17 slides
SECURE ENTERPRISE MOBILITY CONTENT PLATFORM AGENDA About us Solution overview

SECURE ENTERPRISE MOBILITY CONTENT PLATFORM AGENDA About us Solution overview

ANY DEVICE ANY STORAGE ONE PLATFORM SECURE ENTERPRISE MOBILITY CONTENT PLATFORM AGENDA About us Solution overview Supported platforms Use cases Contacts ABOUT US ABOUT CLOUDFUZE CloudFuze Inc. Founded in 2012 Based in

655 views • 24 slides
Recommender Systems From Content to Latent Factor Analysis Michael Hahsler Intelligent Data

Recommender Systems From Content to Latent Factor Analysis Michael Hahsler Intelligent Data

Recommender Systems From Content to Latent Factor Analysis Michael Hahsler Intelligent Data Analysis Lab (IDA@SMU) CSE Department, Lyle School of Engineering Southern Methodist University CSE Seminar September 7, 2011 Michael Hahsler

689 views • 38 slides
intelligent cargo handling Investor presentation March 2017 1 Content 1. Cargotec in brief 2.

intelligent cargo handling Investor presentation March 2017 1 Content 1. Cargotec in brief 2.

Investor presentation, March 2017 Becoming the leader in intelligent cargo handling Investor presentation March 2017 1 Content 1. Cargotec in brief 2. Investment highlights 3. Kalmar 4. Hiab 5. MacGregor 6. Q4 2016 financials 7.

1.34k views • 86 slides
Becoming the leader in intelligent cargo handling Investor presentation July 2017 1 Content

Becoming the leader in intelligent cargo handling Investor presentation July 2017 1 Content

Investor presentation, July 2017 Becoming the leader in intelligent cargo handling Investor presentation July 2017 1 Content 1. Cargotec in brief 2. Investment highlights 3. Kalmar 4. Hiab 5. MacGregor 6. Q2 2017 financials 7. Appendix

1.36k views • 88 slides

More recommend