Enterasys Secure Networks

Enterasys S-Series Stand Alone (SSA)
48 ports of Triple Speed Ethernet or 48 ports of Gigabit Ethernet SFP connectivity and 4 ports of 10 Gigabit Ethernet SFP+ connectivity

Enterasys S-Series Stand Alone (SSA)

Enterasys Products
S-Series Chassis
Enterasys SSA S130 Class 48 Ports 10/100/1000BASE-T via RJ45 with PoE (802.3at) and 4 10GBASE-X Ethernet ports via SFP+
(Power supplies not included)
#SSA-T4068-0252
List Price: $15,995.00
Our Price: $13,595.00
Enterasys SSA S150 Class 48 Ports 10/100/1000BASE-T via RJ45 with PoE (802.3at) and 4 10GBASE-X Ethernet ports via SFP+
(Power supplies not included)
#SSA-T1068-0652
List Price: $21,995.00
Our Price: $18,695.00
Enterasys SSA S150 Class 48 Ports 1000BASE-X via SFP and 4 10GBASE-X Ethernet ports via SFP+
(Power supplies not included)
#SSA-G1018-0652
List Price: $22,995.00
Our Price: $19,545.00

Click here to jump to more pricing!

Overview:

Enterasys S-Series AppliancesThe Enterasys S-Series delivers a powerful combination of Terabit-class performance along with granular visibility and control over users, services, and applications to meet the increasing demands of today's businesses and enable optimization of key technologies including voice and video, virtualization, and cloud computing. Unlike competitive solutions lacking comprehensive centralized management and adequate high availability services, the Enterasys S-Series drives down operational costs through a combination of management automation, a robust and highly resilient distributed architecture, built-in security, and flexible power configurations specifically designed to reduce power and cooling costs. The highly versatile Enterasys S-Series delivers both the comprehensive functionality and configuration flexibility to be deployed as a premium high-density network edge access device, high performance distribution layer switch, resilient enterprise class multi-Terabit core router, or as a data center virtualization solution.

  • Terabit-class performance with granular traffic visibility and control
  • Automated network provisioning for virtualized, cloud, and converged voice/video/data environments
  • High availability features including self-healing maximize business continuity for critical applications
  • Versatile high density solution with highly flexible connectivity and power options reduces cost of ownership
  • Greater than 6 Tbps backplane capacity with 1.28 Tbps switching capacity and 960 Mpps throughput

The S-Series provides a highly resilient distributed switching and routing architecture with management and control functions embedded in each module, delivering unsurpassed reliability, scalability, and fault tolerance. Organizations can cost-effectively add connectivity as needed while scaling performance capacity with each new module. The highly available architecture makes forwarding decisions, and enforces security policies and roles while classifying/prioritizing traffic at wire speed. All I/O modules provide the highest Quality of Service Q( oS) features for critical applications such as voice and HD video even during periods of high network traffic load while also proactively preventing Denial of Service (DoS) attacks and malware propagation.

The S-Series implements an industry-leading, flow-based switching architecture to intelligently manage individual user and application conversations—far beyond the capabilities of switches that are limited to using VLANs, ACLs, and ports to implement role-based access controls. Users are identified and roles are applied to ensure each individual user can access their business-critical applications no matter where they connect to the network. S-Series policy rules combined with deep packet inspection can intelligently sense and automatically respond to security threats while improving reliability and quality of the user experience.

A significant differentiator for the S-Series is the ability toc ollect NetFlow data at wire-speed on every port, providing total visibility into network resource consumption for users and applications. The S-Series is the only enterprise switch to support multi-user, multi-method authentication on every port — absolutely essential when you have devices such as IP phones ,computers, printers, copiers, security cameras, badge readers, and virtual machines connected to the network. When quality of service, device and application prioritization, and security matters there is no better choice than the Enterasys S-Series.

Features:


Unified Cross-Platform Operating System

The Enterasys S-Series firmware adds the benefit of becoming a multi-platform operating system that unifies the Enterasys N-Series and S-Series into a single firmware image that operates on both platforms ensuring feature parity and consistent operation across the flow-based switches. This provides many customer benefits: reduced TCO via a single, unified operating system from network edge/access layer to the network core and data center, feature and function consistency across platforms, and easy deployment and upgrades to ensure operational efficiency.

Integrated Services Design

Integrated services design is a key differentiator that separates the Enterasys S-Series from the competition. Integrated services design reduces the number and type of modules required to build typical wiring closet configurations, simplifying the overall network design. In turn, this significantly reduces the maintenance and sparing cost as each I/O fabric or I/O module can perform all of these services, unlike competitive offerings with multiple dedicated module types for each specific service.

Multi-layer packet classification – enables the delivery of critical applications to specific users via traffic awareness and control

  • User, Port, and Device Level (Layer 2 through 4 packet classification)
  • QoS mapping to priority queues (802.1p & IP ToS/ DSCP) up to 11 queues/port for S130/S150; 15 queues/port for S155
  • Multiple queuing mechanisms (SPQ, WFQ, WRR, and Hybrid)
  • Granular QoS/rate limiting
  • VLAN to policy mapping a guest access role, helping to protect corporate applications and information.

Switching/VLAN services - provides high performance connectivity, aggregation, and rapid recovery services

  • Extensive industry standards compliance (IEEE and IETF)
  • Inbound and outbound bandwidth rate control per flow
  • VLAN services support
    • Link aggregation (IEEE 802.3ad)
    • Multiple spanning trees (IEEE 802.1s)
    • Rapid reconfiguration of spanning tree (IEEE 802.1w)
  • Provider Bridges (IEEE 802.1ad), Q-in-Q Ready
  • Flow setup throttling

Distributed IP Routing - provides dynamic traffic optimization, broadcast containment, and more efficient network resilience

  • Standard routing features include static routes, OSPFv2, RIPv2, IPv4, and Multicast routing support (DVMRP, IGMP v1/v2/v3, PIM-SM), Policy Based Routing and Route Maps, and VRRP
  • Extended ACLs
  • S150 class I/O Modules and I/O fabric modules include all standard IP routing features and also include the following features:
    • NAT (Network Address Translation)
    • LSNAT (Load sharing Network Address Translation) for server load balancing
    • TWCB (Transparent Web Cache Balancing) redirects web page requests to local web cache servers to efficiently manage web access bandwidth and increase web page response time
  • S155 class fabric modules have all the standard IP routing features and deliver a hardware upgrade to enhance protocol capacities including:
    • BGP: Larger route tables (Multiple copies of internet tables)
    • Enhanced queuing
    • Virtual Switch Bonding

Security (User, Network, and Management)

  • User security
    • Authentication (802.1X, MAC and PWA+, CEP), MAC (Static and Dynamic) port locking
    • Multi-user authentication/policies
  • Network security
    • Access Control Lists (ACL) – basic and extended
    • Policy-based security services (examples: spoofing, unsupported protocol access, intrusion prevention, DoS attacks limits)
  • Management Security
    • Secure access to the S-Series via SSH, SNMP v3

Management, Control, and Analysis - provide streamlined tools for maintaining network availability and health

  • Configuration
    • Industry-standard CLI and web management support
    • Multiple firmware images with editable configuration files
  • Network Analysis
    • SNMP v1/v2c/v3, RMON (9 groups), and SMON (rfc2613) VLAN and Stats
    • Port/VLAN mirroring (one-to-one, one-to-many, many-to-many)
    • Unsampled NetFlow on every port with no impact on system switching and routing performance
  • Automated set-up and reconfiguration
    • Replacement I/O module will automatically inherit previous modules configuration
    • New modules added to chassis will automatically be updated with active configuration and firmware

Feature-Rich Functionality

Examples of additional functionality and features that are supported by the Enterasys S-Series:

  • NetFlow - Provides real-time visibility, application profiling, and capacity planning
  • Server Load Balancing - Enabled via LSNAT without requiring costly external server load balancing hardware and software
  • NAT - Network Address Translation (NAT) streamlines IP addressing and IP address management schemes
  • LLDP-MED - Link Layer Discovery Protocol for Media Endpoint Devices enhances VoIP deployments
  • Flow Setup Throttling - (FST) effectively preempts and defends against DoS attacks
  • Web Cache Redirect - Increases WAN and Internet bandwidth efficiency
  • Node & Alias Location - Automatically tracks user and device location and enhances network management productivity and fault isolation
  • Port Protection Suite - Maintain network availability by ensuring good protocol and end station behavior
  • Flex-Edge Technology - Provides advanced bandwidth management and allocation for demanding access/edge devices
  • Virtual Switch Bonding - Provides increased resiliency and performance by combining two or more physical switches to create a single logical switch
  • High Availability Firmware Upgrade (In-Service Software Upgrade) - System software upgrade without service interruption
  • Secure https switch management via NetSight OneView

Network performance, management, and security capabilities via NetFlow are available on every S-Series I/O Fabric and I/O Module without affecting switching/routing performance or requiring the purchase of expensive daughter cards for every blade. The S-Series tracks every packet in every flow unlike competitor's statistical sampling techniques. The Enterasys advantage is the Enterasys ASIC capabilities that collect NetFlow statistics for every packet in every flow without sacrificing performance. Enterasys S-Series switches can output 9,000 flow records per second, per I/O module. This is an order of magnitude greater NetFlow performance than any other NetFlow appliance vendor (over 70,000 flow records per second in a fully populated S8 chassis).

Flow Setup Throttling (FST) is a proactive feature designed to mitigate zero-day threats and Denial of Service (DoS) attacks before they can affect the network. FST directly combats the effects of zero-day and DoS attacks by limiting the number of new or established flows that can be programmed on any individual switch port. This is achieved by monitoring the new flow arrival rate and/or controlling the maximum number of allowable flows.

In network operations, it is very time consuming to locate a device or find exactly where a user is connected. This is especialy important when reacting to security breaches. Enterasys S-Series modules automatically track the network's user/device location information by listening to network traffic as it passes through the switch. This information is then used to populate the Node/Alias table with information such as an end-station's MAC address and Layer 3 alias information (IP address, IPX address, etc). This information can then be utilized by Enterasys NMS Suite management tools to quickly determine the switch and port number for any IP address and take action against that device in the event of a security breach. This node and alias functionality is unique to Enterasys and reduces the time to pinpoint the exact location of a problem from hours to minutes.

For organizations looking to deploy VoIP technologies, the Enterasys S-Series provides significant capabilities through its support for the industrystandard discovery protocol, LLDP-MED (Link Layer Discovery Protocol for Media Endpoint Devices). This protocol allows for the accurate representation of network topologies within Network Management Systems (NMS). S-Series switches are able to learn about all the devices connected to them to identify VoIP phones, tell the phone which VLAN to use for voice, and even negotiate the power that the phone can consume. LLDP–MED also enables 911 emergency services location functions whereby the location of a phone can be determined by the switch port.

Enterasys S-Series support for Network Address Translation (NAT) provides a practical solution for organizations who wish to streamline their IP addressing schemes. NAT operates on a router connecting two networks, simplifying network design and conserving IP addresses. NAT can help organizations merge multiple networks together and enhance network security by helping to prevent malicious activity initiated by outside hosts from entering the corporate network; this improves the reliability of local systems by stopping worms and augments privacy by discouraging scans.

Within server farm environments, the S-Series can help to increase reliability and performance via the implementation of Load Sharing Network Address Translation (LSNAT). Based on RFC 2391, LSNAT uses a number of load sharing algorithms to transparently offload network load on a single server and distributes the load across a pool of servers.

The S-Series also supports a comprehensive portfolio of port protection capabilities, such as SPANguard and MACLock, which provide the ability to detect unauthorized bridges in the network and restrict a MAC address to a specific port. Other port protection features include Link Flap, Broadcast Suppression, and Spanning Tree Loop protection which protects against mis-configuration and protocol failure. The S-Series Virtual Switch Bonding technology allows two or more S-Series systems to create a single virtual switch.

Enterasys S-Series Flex-Edge technology provides line rate traffic classification for all access ports with guaranteed priority delivery for control plane traffic and high-priority traffic as defined by the Enterasys policy overlay. In addition to allocating resources for important network traffic, prioritized bandwidth can be assigned on a per port or per authenticated user basis. Flex-Edge technology is ideal for deployment in wiring closets and distribution points that can often suffer from spikes in utilization that cause network congestion. With Flex-Edge technologies, organizations no longer have to fear a momentary network congestion event that would result in topology changes and random packet discards.

CoreFlow2 policy enabled edge and core switches managed via NetSight play fundamental and essential roles in moving data reliably, efficiently and securely. The combined hardware and management suite provide superior traffic visibility, enforcement and security.

Traffic control and monitoring features include: Automatic application of ingress and egress policies for bi-directional traffic control; Rule Hit Accounting for network visibility and troubleshooting; and Flow Based Mirroring allowing for tapping individual traffic streams. Security features include: RA Guard (IPv6 Router advertisement containment) and features similar to DHCP Snooping, IP Source Guard and Dynamic ARP Inspection.

Benefits:

Business Alignment

  • A future-proofed, standards-based multi-Terabit architecture for secure, reliable deployment of business-critical applications
  • Best-in-class Quality of Service functionality for predictable performance of demanding voice, video, and data applications
  • Flow-based architecture delivers unrivalled end-to-end visibility and control over users, services, and applications ensuring consistent end-user experience
  • Built-in hardware support for 40 and 100 Gbps Ethernet, emerging protocols (IPv6) and large scale deployment protocols (MPLS)

Operational Efficiency

  • Edge-to-core architecture flexibility reduces deployment and maintenance costs and simplifies network management
  • Management automation and built-in resiliency features combine to drive down operational costs and maximize uptime
  • Optimized flow-based architecture for iSCSI, CEE, and virtualization enabling consolidation of servers, applications, and storage, while reducing data center operational costs
  • Flexible power configurations optimized for low power consumption and thermal output drives down data center power and cooling costs
  • High-density, small form factor chassis providing over 1700 ports in a standard equipment rack that reduces footprint costs and scales from hundreds of Gigabits to multi-Terabit performance

Security

  • Unrivalled capabilities to protect business traffic from malicious attacks and maintain information confidentiality, integrity, and availability
  • Built-in not bolted-on security reduces cost of ownership and network administration complexity
  • Multi-method network access control and role-based security that extends to existing edge switches and wireless access points allowing authentication of thousands of users or devices simultaneously on a single port

Support and Service

  • Industry-leading customer satisfaction and first call resolution rates
  • Personalized services, including site surveys, network design, installation, and training

Standards and Protocols:


Switching/VLAN Services
  • Generic VLAN Registration Protocol (GVRP)
  • 802.3u Fast Ethernet
  • 802.3ab Gigabit Ethernet (copper)
  • 802.3z Gigabit Ethernet (fiber)
  • 802.3ae 10 Gigabit Ethernet (fiber)
  • 802.1aq (SPB) Shortest Path Bridging (Ready)
  • 802.1az (DCBX) Data Center Bridging Exchange
  • 802.1az (ETS)
  • Enhanced Transmission Selection
  • 802.1Q VLANs
  • 802.1D MAC Bridges
  • Provider Bridges (IEEE 802.1ad) Ready
  • 802.1w Rapid re-convergence of Spanning Tree
  • 802.1s Multiple Spanning Tree
  • 802.3ad Link Aggregation
  • 802.3ae Gigabit Ethernet
  • 802.3x Flow Control
  • IP Multicast (IGMPv1,v2 support & IGMPv3)
  • Jumbo Packet with MTU Discovery Support for Gigabit
  • Link Flap Detection
  • Dynamic Egress (Automated VLAN Port Configuration)
  • 802 1ab LLDP-MED

Network Security and Policy Management

  • 802.1X Port-based Authentication
  • Web-based Authentication
  • MAC-based Authentication
  • Convergence Endpoint Discovery with Dynamic Policy Mapping (Siemens HFA, Cisco VoIP, H.323, and SIP)
  • Multiple Authentication Types per Port Simultaneously
  • Multiple Authenticated users per Port with unique policies per user/ End System (VLAN association independent)
  • RFC 3580 IEEE 802.1 RADIUS Usage Guidelines, with VLAN to Policy Mapping
  • Worm Prevention (Flow Set-Up Throttling)
  • Broadcast Suppression
  • ARP Storm Prevention
  • MAC-to-Port Locking
  • Span Guard (Spanning Tree Protection)
  • Stateful Intrusion Detection System Load Balancing
  • Stateful Intrusion Prevention System and Firewall Load Balancing
  • Behavioral Anomaly Detection/Flow Collector (non-sampled Netflow)
  • Static Multicast Group Provisioning
  • Multicast Group, Sender and Receiver Policy Control
Class of Service
  • Strict Priority Queuing
  • Weighted Fair Queuing with Shaping
  • 11 Transmit Queues per Port
  • Up to 3,072 rate limiters for S130 Class products and up to 12,288 rate limiters for S150 Class products
  • Packet Count or Bandwidth based Rate Limiters. (Bandwidth Thresholds between 8 Kbps and 4 Gbps)
  • IP ToS/DSCP Marking/Remarking
  • 802.1D Priority-to-Transmit Queue Mapping

Enterasys Network Management Suite (NMS)

  • NMS Console
  • NMS Policy Manager
  • NMS Inventory Manager
  • NMS Automated Security Manager
  • NMS NAC Manager

Management, Control and Analysis

  • SNMP v1/v2c/v3
  • Web-based Management Interface
  • Industry Common Command Line Interface
  • Multiple Software Image Support with Revision Roll Back
  • Multi-configuration File Support
  • Editable Text-based Configuration File
  • COM Port Boot Prom and Image Download via ZMODEM
  • Telnet Server and Client
  • Secure Shell (SSHv2) Server and Client
  • Cabletron Discovery Protocol
  • Cisco Discovery Protocol v1/v2
  • Syslog
  • FTP Client
  • Simple Network Time Protocol (SNTP)
  • Netflow version 5 and version 9
  • RFC 2865 RADIUS
  • RFC 2866 RADIUS Accounting
  • TACACS+ for Management Access Control
  • Management VLAN
  • 15 Many to-One-port, One-to-Many Ports, VLAN Mirror Sessions

IETF and IEEE MIB Support

  • RFC 1156/1213 & RFC 2011 IP-MIB
  • RFC 1493 Bridge MIB
  • RFC 1659 RS-232 MIB
  • RFC 1724 RIPv2 MIB
  • RFC 1850 OSPF MIB
  • RFC 2578 SNMPv2 SMI
  • RFC 2579 SNMPv2-TC
  • RFC 3417 SNMPv2-TM
  • RFC 3418 SNMPv2 MIB
  • RFC 2012 TCP MIB
  • RFC 2013 UDP MIB
  • RFC 2096 IP Forwarding Table MIB
  • RFC 3411 SNMP Framework MIB
  • RFC 3412 SNMP-MPD MIB
  • RFC 3413 SNMPv3 Applications
  • RFC 3414 SNMP User-Based SM MIB
  • RFC 2276 SNMP-Community MIB
  • RFC 2613 SMON MIB
  • RFC 2674 802.1p/Q MIB
  • RFC 2737 Entity MIB
  • RFC 2787 VRRP MIB
  • RFC 2819 RMON MIB (Groups 1-9)
  • RFC 3273 HC RMON MIB
  • RFC 2863 IF MIB
  • RFC 2864 IF Inverted Stack MIB
  • RFC 2922 Physical Topology MIB
  • RFC 3291 INET Address MIB
  • RFC 3621 Power Ethernet MIB
  • RFC 3415 SNMP View Based ACM MIB
  • RFC 3635 EtherLike MIB
  • RFC 3636 MAU MIB
  • RFC 4022 MIB for the Transmission Control Protocol (TCP)
  • RFC 4087 IP Tunnel MIB
  • RFC 4113 MIB for the User Datagram Protocol (UDP)
  • RFC 4275 BGP-4 MIB Implementation Survey
  • RFC 4292 IP Forwarding MIB
  • RFC 4293 MIB for Internet Protocol (IP)
  • RFC 4444 MIB for IS-IS
  • RFC 4560 DISMAN-PING-MIB
  • RFC 4560 DISMAN-TRACEROUTE-MIB
  • RFC 4560 DISMAN-NSLOOKUP-MIB
  • RFC 4750 OSPFv2 MIB
  • RFC 5060 PIM MIB
  • RFC 5240 PIM Bootstrap Router MIB
  • RFC 5643 OSPFv3 MIB
  • IEEE 8023 LAG MIB
  • RSTP MIB
  • USM Target Tag MIB
  • U Bridge MIB
  • Draft-ietf-idmr-dvmrp-v3-10 MIB
  • Draft-ietf-pim-sm-v2-new-09 MIB
  • SNMP-REARCH MIB
  • IANA-address-family-numbers MIB
  • IEEE 802.1PAE MIB
IP Routing Features
  • Static Routes
  • Standard ACLs
  • OSPF with Multipath Support
  • OSPF Passive Interfaces
  • IPv6 Routing Protocol
  • Extended ACLs
  • Policy-based Routing
  • NAT Network Address Translation
  • TWCB Transparent Web Cache Redirect
  • VRF Virtual Routing and Forwarding (IPv6 and IPv4)
  • Border Gateway Routing Protocol - BGPv4
  • PIM Source Specific Multicast - PIM SSM
  • RFC 792 ICMP
  • RFC 826 ARP
  • RFC 1027 Proxy ARP
  • RFC 1112 IGMP
  • RFC 1195 Use of OSI IS-IS for Routing in TCP/IP
  • RFC 1265 BGP Protocol Analysis
  • RFC 1266 Experience with the BGP Protocol
  • RFC 1519 CIDR
  • DHCP Server RFC 1541/ Relay RFC 2131
  • RFC 1583/RFC 2328 OSPFv2
  • RFC 1587 OSPFv2 NSSA
  • RFC 1657 Managed Objects for BGP-4 using SMIv2
  • RFC 1723 RIPv2 with Equal Cost Multipath Load Balancing
  • RFC 1745 OSPF Interactions
  • RFC 1746 OSPF Interactions
  • RFC 1765 OSPF Database Overflow
  • RFC 1771 A Border Gateway Protocol 4 (BGP-4)
  • RFC 1772 Application of BGP in the Internet
  • RFC 1773 Experience with the BGP-4 protocol
  • RFC 1774 BGP-4 Protocol Analysis
  • RFC 1812 General Routing/RIP Requirements
  • RFC 1886 DNS Extensions to support IP version 6
  • RFC 1924 A Compact Representation of IPv6 Addresses
  • RFC 1930 Guidelines for creation, selection, and registration of an Autonomous System (AS)
  • RFC 1966 BGP Route Reflection
  • RFC 1981 Path MTU Discovery for IPv6
  • RFC 1997 BGP Communities Attribute
  • RFC 1998 BGP Community Attribute in Multi-home Routing
  • RFC 2080 RIPng (IPv6 extensions)
  • RFC 2082 RIP-II MD5 Authentication
  • RFC 2113 IP Router Alert Option
  • RFC 2154 OSPF with Digital Signatures (Password & MD5)
  • RFC 2236 IGMPv2
  • DVMRP v3-10
  • RFC 2260 Support for Multi-homed Multi-prov
  • RFC 2270 Dedicated AS for Sites Homed to one Provider
  • RFC 2361 Protocol Independent Multicast - Sparse Mode RFC2373
  • RFC 2373 Address notation compression
  • RFC2374 IPv6 Aggregatable Global Unicast Address Format
  • RFC2375 IPv6 Multicast Address Assignments
  • RFC 2385 BGP TCP MD5 Signature Option
  • RFC 2391 Load Sharing Using Network Address Translation (LSNAT)
  • RFC2401 Security Architecture for the Internet Protocol
  • RFC2404 The Use of HMAC-SHA-1-96 within ESP and AH
  • RFC2406 IP Encapsulating Security Payload (ESP)
  • RFC2407 Internet IP Security Domain of Interpretation for ISAKMP
  • RFC2408 Internet Security Association and Key Management Protocol (ISAKMP)
  • RFC 2439 BGP Route Flap Damping
  • RFC 2450 Proposed TLA and NLA Assignment Rule
  • RFC 2453 RIPv2
  • RFC 2460 IPv6 Specification
  • RFC 2461 Neighbor Discovery for IPv6
  • RFC 2462 IPv6 Stateless Address Autoconfiguration
  • RFC 2463 ICMPv6
  • RFC 2464 Transmission of IPv6 over Ethernet
  • RFC 2473 Generic Packet Tunneling in IPv6 Specification
  • RFC 2474 Definition of DS Field in the IPv4/v6 Headers
  • RFC 2519 A Framework for Inter-Domain Route Aggregation
  • RFC 2545 BGP Multiprotocol Extensions for IPv6
  • RFC 2553 BasiCSocket Interface Extensions for IPv6
  • RFC 2710 IPv6 Router Alert Option
  • RFC 2711 Multicast Listener Discovery (MLD) for IPv6
  • RFC 2740 OSPF for IPv6
  • RFC 2763 Dynamic Hostname Exchange Mechanism for IS-IS
  • RFC 2784 Generic Routing Encapsulation Ready
  • RFC 2796 BGP Route Reflection
  • RFC 2858 Multiprotocol Extensions for BGP-4
  • RFC 2894 Router Renumbering
  • RFC 2918 Route Refresh Capability for BGP
  • RFC 2966 Prefix Distribution with Two-Level IS-IS
  • RFC 2973 IS-IS Mesh Groups
  • RFC 3031 Multi Protocol Label Switching Ready
  • RFC 3065 Autonomous System Confederations for BGP
  • RFC 3345 BGP Persistent Route Oscillation
  • RFC 3359 TLV Codepoints in IS-IS
  • RFC 3373 Three-Way Handshake for IS-IS
  • RFC 3376 IGMPv3
  • RFC 3392 Capabilities Advertisement with BGP-4
  • RFC 3446 Anycast RP mechanism using PIM and MSDP
  • RFC 3484 Default Address Selection for IPv6
  • RFC 3493 Basic Socket Interface Extensions for IPv6
  • RFC 3513 RFC 3513 IPv6 Addressing Architecture
  • RFC 3542 Advanced Sockets API for IPv6
  • RFC 3562 Key Mgt Considerations for TCP MD5 Signature Opt
  • RFC 3567 IS-IS Cryptographic Authentication
  • RFC 3587 IPv6 Global Unicast Address Format
  • RFC 3590 RFC 3590 MLD Multicast Listener Discovery
  • RFC 3595 Textual Conventions for IPv6 Flow Label
  • RFC3596 DNS Extensions to Support IP Version 6
  • RFC 3719 Recommendations for Interop Networks using IS-IS
  • RFC 3768 VRRP
  • RFC 3769 Requirements for IPv6 Prefix Delegation
  • RFC 3787 Recommendations for Interop IS-IS IP Networks
  • RFC 3810 MLDv2 for IPv6
  • RFC 3847 Restart signaling for IS-IS
  • RFC 3879 Deprecating Site Local Addresses
  • RFC 3956 Embedding the RP Address in IPv6 MCAST Address
  • RFC 4007 IPv6 Scoped Address Architecture
  • RFC 4193 Unique Local IPv6 Unicast Addresses
  • RFC 4213 Basic Transition Mechanisms for IPv6
  • RFC 4222 Prioritized Treatment of OSPFv2 Packets
  • RFC 4264 BGP Wedgies
  • RFC 4271 A Border Gateway Protocol 4 (BGP-4)
  • RFC 4272 BGP Security Vulnerabilities Analysis
  • RFC 4273 Managed Objects for BGP-4 using SMIv2
  • RFC 4274 BGP-4 Protocol Analysis
  • RFC 4276 BGP-4 Implementation Report
  • RFC 4277 Experience with the BGP-4 protocol
  • RFC 4291 IP Version 6 Addressing Architecture
  • RFC 4294 IPv6 Node Requirements
  • RFC 4301 Security Architecture for IP
  • RFC 4302 IP Authentication Header
  • RFC 4303 IP Encapsulating Security Payload (ESP)
  • RFC 4305 Crypto Algorithm Requirements for ESP and AH
  • RFC 4308 Cryptographic Suites for IPSec
  • RFC 4360 BGP Extended Communities Attribute
  • RFC 4384 BGP Communities for Data Collection
  • RFC 4443 ICMPv6 for IPv6
  • RFC 4456 BGP Route Reflection
  • RFC 4486 Subcodes for BGP Cease Notification Message
  • RFC 4451 BGP MULTI_EXIT_DISC (MED) Considerations
  • RFC 4541 MLD Snooping
  • RFC 4552 Authentication/Confidentiality for OSPFv3
  • RFC 4601 PIM-SM
  • RFC 4604 IGMPv3 & MLDv2 & Source-Specific Multicast
  • RFC 4607 Source-Specific Multicast for IP
  • RFC 4608 PIM--SSM in 232/8
  • RFC 4610 Anycast-RP Using PIM
  • RFC 4632 Classless Inter-Domain Routing (CIDR)
  • RFC 4724 Graceful Restart Mechanism for BGP
  • RFC 4760 Multiprotocol Extensions for BGP-4
  • RFC 4835 CryptoAlgorithm Requirements for ESP and AH
  • RFC 4861 Neighbor Discovery for IPv6
  • RFC 4862 IPv6 Stateless Address Autoconfiguration
  • RFC 4884 Extended ICMP Multi-Part Messages
  • RFC 4893 BGP Support for Four-octet AS Number Space
  • RFC 5059 Bootstrap Router (BSR) Mechanism for (PIM)
  • RFC 5065 Autonomous System Confederations for BGP
  • RFC 5095 Deprecation of Type 0 Routing Headers in IPv6
  • RFC 5186 IGMPv3/MLDv2/MCAST Routing Protocol Interaction
  • RFC 5187 OSPFv3 Graceful Restart
  • RFC 5240 PIM Bootstrap Router MIB
  • RFC 5250 The OSPF Opaque LSA Option
  • RFC 5291 Outbound Route Filtering Capability for BGP-4
  • RFC 5292 Address-Prefix-Outbound Route Filter for BGP-4
  • RFC 5301 Dynamic Hostname Exchange Mechanism for IS-IS
  • RFC 5302 Domain-wide Prefix Distribution with IS-IS
  • RFC 5303 3Way Handshake for IS-IS P2P Adjacencies
  • RFC 5304 IS-IS Cryptographic Authentication
  • RFC 5306 Restart Signaling for IS-IS
  • RFC 5308 Routing IPv6 with IS-IS
  • RFC 5309 P2P operation over LAN in link-state routing
  • RFC 5310 IS-IS Generic Cryptographic Authentication
  • RFC 5340 OSPF for IPv6
  • RFC 5396 Textual Representation AS Numbers
  • RFC5398 AS Number Reservation for Documentation Use
  • RFC 5492 Capabilities Advertisement with BGP-4
  • RFC 5798 Virtual Router Redundancy Protocol (VRRP) Version 3
  • RFC 6164 Using 127-Bit IPv6 Prefixes on Inter-Router Links

Private MIBs

  • Ct-broadcast MIB
  • Ctron-CDP MIB
  • Ctron-Chassis MIB
  • Ctron-igmp MIB
  • Ctron-q-bridge-mib-ext MIB
  • Ctron-rate-policying MIB
  • Ctron-tx-queue-arbitration MIB
  • Ctron-alias MIB
  • Cisco-TC MIB
  • Cisco-CDP MIB
  • Cisco-netflow MIB
  • Enterasys-configuration-management MIB
  • Enterasys-MAC-locking MIB
  • Enterasys-convergence-endpoint MIB
  • Enterasys-notification-authorization MIB
  • Enterasys-netfow MIB
  • Enterasys-license-key MIB
  • Enterasys-aaa-policy MIB
  • Enterasys-class-of-service MIB
  • Enterasys-multi-auth MIB
  • Enterasys-mac-authentication MIB
  • Enterasys-pwa MIB
  • Enterasys-upn-tc MIB
  • Enterasys-policy-profile MIB

 


Specifications:

S-Series Models SSA130 SSA150
  SSA130 SSA150
System Summary
System Switching Capacity 40 Gbps 120 Gbps
System Switching Throughput 30 Mpps 90 Mpps
Total Backplane Capacity - -
Maximum 10/100/1000BASE-TX Class 3 PoE ports per system 48 48
Maximum 1000BASE-X SFP (MGBIC) ports per system - 48
Maximum 10GBASE-X SFP+ ports per system 4 4
Performance/Capacity
Switching Fabric Bandwidth 1280 Gbps Load Sharing Fabric Pair
Switching Throughput 960 Mpps (Measured in 64-byte packets)
IPv4/IPv6 Routing Throughput 960 Mpps (Measured in 64-byte packets)
Address Table Size 65k MAC Addresses
VLANs Supported 4094
Transmit Queues 11
Classification Rules 57k/chassis
Memory 1 GB Per Module 1 GB Per Module
Packet Buffering 1.0GB 1.5GB
Physical Specifications
Dimensions (H x W x D) 4.44 cm x 44.70 cm x 59.43 cm (1.75" x 17.60" x 23.40"), 1U
Environmental Specifications
Operating Temperature +5 °C to +40 °C (41 °F to 104 °F)
Storage Temperature -30 °C to +73 °C (-22 °F to 164 °F)
Operating Humidity 5% to 95% relative humidity, non-condensing
Storage Humidity 5% to 95% relative humidity, non-condensing
Power Requirements 100 to 125 VAC or 200 to 250 VAC; 50 to 60 Hz
Operational Altitude 10K Feet
Agency and Standards Specifications
Safety UL 60950-1, FDA 21 CFR 1040.10 and 1040.11, CAN/CSA C22.2 No. 60950-1, EN 60950-1, EN 60825-1, EN 60825-2, IEC 60950-1, 2006/95/EC (Low Voltage Directive)
Electromagnetic compatibility FCC 47 CFR Part 15 (Class A), ICES- 003 (Class A), EN 55022 (Class A), EN 55024, EN 61000-3-2, EN 61000-3-3, AS/NZ CISPR-22 (Class A). VCCI V-3. CNS 13438 (BSMI), 2004/108/EC (EMC Directive)
Power over Ethernet (PoE) Specifications
Power over Ethernet (PoE)
  • IEEE 802.3af
  • IEEE 802.3at
  • Total PoE Power: 16,000 Watts @ 240vAC input or 9,600 Watts @ 120vAC input (8 Bay PoE power system)
  • Total PoE Power: 8,000 Watts @ 240vAC input or 4,800 Watts @ 120vAC input (4 Bay PoE power system)
  • Maximum available PoE power for the SSA switch is 650 watts with two power supplies installed in redundant mode and 1,650 watts in additive mode when using 1000 watt power supplies
  • Automated or manual PoE power distribution
  • Per-port enable/disable, power level, priority safety, overload, and shortcircuit protection
  • System power monitor

Solutions:


Optimized, High-Availability and Self Healing Services

Aside from the standard high-availability features of typical wiring closet and data center switches, the Enterasys S-Series includes many advanced self healing features such as dynamic service fail-over, automatic module self-configuration, and multi-image support.

Dynamic service fail-over enables each I/O module service (e.g., management, switching/VLANs, routing, etc.) to be automaticaly switched to another I/O module in an event of module or process failure. This "self healing" capability happens in milliseconds because each service is replicated in real-time on every I/O fabric and I/O module.

Automatic module self-configuration is another innovative feature that allows I/O modules to receive their configuration from other I/O modules automatically. This is ideal for replacing failed modules without manually reconfiguring the replacement module.

The Enterasys S-Series allows users to download and store multiple firmware image files; this feature is useful for reverting back to a previous version in the event that a firmware upgrade fails. This multi-image support provides significant operational efficiencies especially with regard to the application of firmware patches.

Distributed, Flow-Based ArchitectureDistributed, Flow-Based Architecture

In order to ensure granular visibility and manage of traffic wihtout sacrificing performance, the Enterasys S-Series deploys a distributed, flow-based architecture. This architecture ensures that when a specific communications flow is being established between two end points, the first packets in that communication are processed through the multilayer classification engines in hte switch I/O modules and I/O fabric modules . In this process, the role is identified, the applicable policies are determined, the packets are inspected, and the action is determined. After the flow is identified, all usbsequent packets associated with that flow are automatically handled in the Enterasys ASICs without any further processing. In this way the Enterasys S-Series is able to apply a very granular level of control to each flow at full line rate.

Multi-User/Method Authentication and Policy

Authentication allows enterprise organizations to manage network access and provide mobility to users and devices. It provides a way to know who or what is connected to the network and where this connection is at any time. The Enterasys S- Series has unique, industry leading capabilities regarding types of simultaneous authentication methods. S-Series modules can support multiple concurrent authentication techniques, including:

  • 802.1X authentication
  • MAC authentication, which is a way to authenticate devices on the network using the MAC address
  • Web-based authentication, also known as Port Web Authentication (PWA), where a user name and password are supplied through a browser
  • CEP, also known as Convergence End Point, where multiple vendors VoIP phones are identified and authenticated; this capability provides great flexibility to enterprises looking to implement access control mechanisms across their infrastructure

Multi-User/Method Authentication and Policy

A significant additional feature of the S-Series is the capability to support multi-user authentication. This allows multiple users and devices to be connected to the same physical port and each user or device to be authenticated individually using one of the multi-method options (802.1x, MAC, PWA, or CEP). The major benefit of multi-user authentication is to authorize multiple users, either using dynamic policy or VLAN assignment for each authenticated user. In the case of dynamic policy, this is called Multi-User Policy. Multi-user port capacities with the S-Series are determined on a per port, per I/O module, and per multi-slot system basis. Default I/O module capacities are detailed below.

Muti-user authentication and policy can provide significant benefits to customers by extending security services to users connected to unmanaged devices, third party switches/routers, VPN concentrators, or wireless LAN access points at the edge of their network. Using authentication provides security, priority, and bandwidth control are enhanced while protecting existing network investments. The S-Series supports up to 9000 concurrently authenticated users in a single system.

Dynamic, Flow-Based Packet Classification

Another unique feature that separates the Enterasys S-Series from all competitive switches is the capability to provide User- Based Multi-layer Packet Classification/QoS. With the wide array of network applications used on networks today, traditional Multi-layer Packet Classification by itself is not enough to guarantee the timely transport of businesscritical applications. In the S-Series, User-Based Multi-layer Packet Classification allows traffic classification not just by packet type, but also by the role of the user on the network and the assigned policy of that user. With User-Based Multi-layer Packet Classification, packets can be classified based on unique identifiers like "All Users", "User Groups", and "Individual User", thus ensuring a more granular approach to managing and maintaining network confidentiality, integrity, and availability.

Dynamic, Flow-Based Packet Classification

Network Visibility From High Fidelity NetFlow

Network performance management and security capabilities via NetFlow are available on every Enterasys S-Series switch port without slowing down switching and routing performance or requiring the purchase of expensive daughter cards for every module. Enterasys NetFlow tracks every packet in every flow as opposed to competitor's statistical sampling techniques or restrictive appliance-based implementations. The value of unsampled, real-time NetFlow monitoring is the visibility into exactly what traffic is traversing the network and if something abnormal occurs it will be captured by NetFlow and appropriate action can be applied. Additionally, NetFlow can be used for capacity planning allowing the network manager to monitor the traffic flows and volumes of traffic in the network and understand where the network needs to be reconfigured or upgraded. This will save time and money, by enabling administrators to know when and where upgrades might be needed. The S-Series flow monitoring capabilities are industry leading, it can concurrently monitor in excess of 70,000 flows per second, a far greater capacity than any other vendors switch or router.

Sample Deployment Scenario:

Sample Deployment Scenario From the Network Edge to the Core and Data Center

From the Network Edge to the Core and Data Center

Today's enterprise networking customers demand highly-reliable, feature-rich networking devices to fulfill their requirements across all layers of the network, providing the scalability, return on investment (ROI), and security required of a 21st century business environment.

Enterasys S-Series switches provide industry-leading, high performance distributed switching for enterprise networks, providing customers with the scalability, performance, and application control to meet the growing needs of today's enterprises. S-Series solutions provide high-performance, featurerich, and highly scalable 10/100/1000, Gigabit, and 10 Gigabit Ethernet connectivity and the scalability to support future 40/100 Gigabit technologies. This allows them to scale from the network access/edge right to the heart of the network core where they are well positioned to meet emerging high bandwidth requirements for core routing implementations.

High performance distributed computing increases the demand for secure campus networks, at the same time business-critical systems and services are becoming increasingly dependent upon enterprise backbone infrastructures. Enterasys S-Series solutions have the capacity, scalability, and QoS functionality required to deal with these new demands. Architected to ensure no single point of failure with industry-leading high-availability, S-Series switches are the perfect solution for core routing and secure data center applications. With I/O Fabric and modules that are optimized for multi tier network deployments there is an S-Series solution ideally suited to any enterprise or campus network.

Enterasys S-Series modular switches use common power supplies, fan trays, and I/O modules that are interchangeable between chassis. This reduces capital investment in on-site spares.

Documentation:

PDF File
Download the Enterasys S-Series Datasheet (PDF).

 

Enterasys Products
S-Series Chassis
Enterasys SSA S130 Class 48 Ports 10/100/1000BASE-T via RJ45 with PoE (802.3at) and 4 10GBASE-X Ethernet ports via SFP+
(Power supplies not included)
#SSA-T4068-0252
List Price: $15,995.00
Our Price: $13,595.00
Enterasys SSA S150 Class 48 Ports 10/100/1000BASE-T via RJ45 with PoE (802.3at) and 4 10GBASE-X Ethernet ports via SFP+
(Power supplies not included)
#SSA-T1068-0652
List Price: $21,995.00
Our Price: $18,695.00
Enterasys SSA S150 Class 48 Ports 1000BASE-X via SFP and 4 10GBASE-X Ethernet ports via SFP+
(Power supplies not included)
#SSA-G1018-0652
List Price: $22,995.00
Our Price: $19,545.00