Table of Contents
Advertisement
distributed IP Routing - provides dynamic traffic optimization, broadcast
containment and more efficient network resilience
• Base routing features include static routes, RIPv1/RIPv2, IPv4 and
Multicast routing support (DVMRP, IGMP v1/v2, PIM-SM)
• Advanced routing features are licensed separately through the
purchase of N-EOS-L3 and include LSNAT, VRRP, DHCP relay, PIM,
OSPF, DVMRP and Extended ACLs. Diamond DFEs include advanced
routing at no additional charge.
security (User, Network and host) - protects a business against network
misuse, and controls access to resources and confidential information
• User security
− Authentication (802.1X, MAC and Web), MAC (Static and Dynamic)
port locking
− Multi-user authentication/policies
• Network security
− Access Control Lists (ACL) – basic and extended
− Policy-based security services (examples: spoofing, unsupported
protocol access, intrusion prevention, DoS attacks limits)
• Host
− Secure access to the Matrix N-Series via SSH, SSL, SNMP v3
Management, Control and Analysis - provide streamlined tools for
maintaining network availability and health
• Configuration
− Industry-standard CLI and web support
− Multiple images with editable configuration files
• Network Analysis
− SNMP v1/v2c/v3, RMON/RMON II, and SMON (rfc2613) VLAN and
Stats
− Port/VLAN mirroring (one to one, one to many, many to many)
− Line rate NetFlow
• Automated set-up and reconfiguration
− Replacement DFE will automatically inherit previous DFEs
configuration
– New blades added to chassis will automatically be updated with
active configuration and firmware
Optimized high-availability services
Aside from the standard high-availability features of typical wiring closet
and data center switches, the Matrix N-Series includes many advanced
features such as dynamic service fail-over, automatic module self-
configuration, and multi-image support.
Dynamic service fail-over enables each Diamond/Platinum DFE
service (e.g., host management, switching/VLANs, routing, etc.) to be
automatically switched to another Diamond/Platinum DFE in an event
of module or process failure. This "self healing" capability happens
in milliseconds because each service is replicated on every Diamond/
Platinum DFE.
Automatic module self-configuration is another innovative feature that
allows a DFE modules to receive their configuration from other DFEs
automatically. This is ideal for replacing failed modules without manually
reconfiguring the replacement DFE.
Matrix N-series allow you to download and store multiple image files, this
feature is useful for reverting back to a previous version in the event that
a firmware upgrade fails. This multi-image support provides significant
operational efficiencies especially with regard to the application of
firmware patches.
Feature Rich Functionality
Examples of additional functionality and features that can be found
within the Matrix N-Series include;
• NetFlow
• LSNAT
• NAT
• LLDP-MED
• Flow Setup Throttling
• Web Cache Redirect
• Node & Alias Location
• Web Cache Redirect
• Port Protection Suite
To expand on some of the above, network performance management and
security capabilities via NetFlow are available on every Matrix N-Series
DFE without slowing down switching/routing performance or requiring the
purchase of expensive daughter cards for every blade. Enterasys tracks
every packet in every flow as opposed to competitor's statistical sampling
techniques. The Enterasys advantage is the nTERA ASIC capabilities that
collect NetFlow statistics for every packet in every flow without sacrificing
performance, Matrix™ N-Series switches can collect 9,000 flow records
per second, per blade on Gold, Platinum and Diamond DFEs
This is an order of magnitude greater NetFlow collection performance
than any other NetFlow appliance vendor (over 60,000 flow records per
second in a fully populated chassis).
Flow Setup Throttling (FST) is a proactive feature designed to mitigate
zero-day threats and Denial of Service (DoS) attacks before they can
wreak havoc on the network. FST directly combats the effects of zero-day
and DoS attacks by limiting the number of new or established flows
that can be programmed on any individual switch port. This is achieved
by monitoring the new flow arrival rate and/or controlling the maximum
number of allowable flows.
In network operations, it is very time consuming to locate a device or
find exactly where a user is connected. This is especially important when
reacting to security breaches. The Matrix N-Series DFEs automatically
track the network's user/device location information by listening to
the network traffic as it passes through the switch. This information is
then used to populate the Node/Alias table with information such as
an end-station's (Node's) MAC address and Layer 3 alias information
(IP Address, IPX Address, etc). This information can then be utilized
by NetSight management tools to quickly determine that IP Address
Page 6
Hide quick links:
Advertisement
Table of Contents
