Zte ZXR10 2900E series Configuration Manual page 13

It supports MAC/IP/VLAN/Port combination at random, which effectively prevents
à
illegal users from accessing the network.
Port isolation ensures that a user can neither monitor traffic of another user on
à
the same switch nor obtain the user's information.
It supports the GuestVlan and anti-proxy function, which facilitates its applications
à
in educational networks and other complex network environments.
Dynamic Host Configuration Protocol (DHCP) monitoring prevents malicious
à
users from deceiving the DHCP server and sending spurious address information.
It can also enable IP source protection and create a binding table for the IP
address, MAC address, and port of the client and the VLAN to prevent a user
from accessing or using the IP address of another user.
l
Equipment-level security control
The CPU security control technology prevents Denial of Service (DoS) attacks.
à
The Secure Shell (SSH)/Simple Network Management Protocol (SNMP)v3
à
ensures network management security.
Multi-level access security of the console prevents unauthorized users from
à
changing the switch configuration.
The Remote Authentication Dial In User Service (RADIUS)/Terminal Access
à
Controller Access-Control System Plus (TACACS+) identification authentication
puts the switch under centralized control and prevents unauthorized users from
modifying the configuration.
l
Network security control
The Access Control List (ACL) based on ports and VLANs makes it possible for
à
users to apply security strategies to each port or trunk of the switch.
MAC address binding and source- or destination-based filtering provide effective
à
address-based traffic control.
The port mirroring function provides an effective tool for network management
à
analysis.
QoS Guarantee
The ZXR10 2900E provides the following applications of Quality of Service (QoS):
l
Provides Standard 802.1p Class of Service (CoS) and Differentiated Services Code
Point (DSCP) field sorting.
performed by using source and destination IP addresses, source and destination
MAC addresses, and Transfer Control Protocol (TCP)/User Datagram Protocol
(UDP) port numbers.
l Provides queue scheduling algorithms including Strict Priority (SP) and Weighted
Round Robin (WRR).
l
Supports the Committed Access Rate (CAR) function. It manages asynchronous
uplink and downlink data flows from uplinks by ingress strategy control and egress
SJ-20130731155059-002|2013-11-27 (R1.0)
Single group-based labeling and re-sorting can be
2-3
ZTE Proprietary and Confidential
Chapter 2 System Overview