Sound Security Protection Policies
Address Resolution Protocol (ARP) viruses or attacks are a type of common and influential network attack. The RG-S5300-E series switches support ARP spoofing prevention in multiple modes. Regardless of whether clients automatically obtain addresses from the DHCP server or use static IP addresses, the RG-S5300-E series switches record clients’ authentic IP+MAC addresses and compare addresses in ARP packets with recorded IP+MAC addresses when switch ports receive the ARP packets from hosts. The switches forward only ARP packets whose addresses match the recorded IP+MAC addresses and discard fake ARP packets. In this way, ARP spoofing is shielded outside the network and network users are protected from ARP virus attacks.
The RG-S5300-E series switches are capable of actively defending against various Distributed Denial of Service (DDoS) attacks on networks. Computers may be infected with viruses due to network openness or attackers may launch attacks on network devices and servers for various purposes, resulting in network unavailability. The common ARP flooding attacks can lead to the failure of the gateway to respond to requests. ICMP flooding attacks can paralyze network devices due to high CPU load. DHCP request flooding attacks deplete addresses of the DHCP server, and users cannot obtain IP addresses for network access.
The RG-S5300-E series switches provide an efficient hardware CPU protection mechanism: CPU Protect Policy (CPP). It classifies data traffic sent to the CPU, processes the traffic by queue priority, and limits the bandwidth rate as required. This protection mechanism greatly protects the CPU against illegitimate traffic occupancy, malicious attacks, and resource consumption, thereby ensuring the CPU security and protecting the switches.
The RG-S5300-E series switches adopt the innovative Network Foundation Protection Policy (NFPP) technology to limit the rate of ARP packets, ICMP requests, DHCP requests, and other packets sent to networks. The switches discard packets whose rate exceeds the threshold, identify attack behaviors, and isolate users launching attacks. In this way, the basic networks are protected from network attacks, and therefore the network stability is guaranteed.
DHCP snooping enables the RG-S5300-E series switches to receive DHCP responses only from trusted ports and prevent spoofing from unauthorized DHCP servers. With DHCP snooping, the switches dynamically monitor ARP packets, check users’ IP addresses, and discard illegitimate packets that do not match bound entries, thereby effectively preventing ARP spoofing and source IP address spoofing.
Virtual Switching Unit
The RG-S5300-E series switches support the Virtual Switching Unit (VSU), in which multiple physical devices are connected and virtualized into one logical device. The devices use the same IP address, Telnet process, and command line interface (CLI) for management and support automatic version check and automatic configuration. Users need to manage only this logical device to enjoy the work efficiency and use experience brought by multiple devices.
Simplified management: Administrators can manage multiple switches in a unified manner, with no need to connect to each switch for configuration and management.
Simplified network topology: A VSU serves as a switch on a network and connects to peripheral devices through aggregate links. Therefore, no layer-2 loop exists and the Multiple Spanning Tree Protocol (MSTP) does not need to be configured. Various control protocols run on the VSU.
Fault recovery within milliseconds: A VSU connects to peripheral devices through aggregate links. If one device or member link in the VSU malfunctions, data and services can be switched to another member link within only 50–200 milliseconds.
High scalability: User devices can be added to or removed from a virtualized network in a “hot swap” manner, without affecting normal operation of other devices.
Increase in return on investment: Aggregate links used for connecting the VSU to peripheral devices not only provide redundancy links but also implement load balancing. All network devices and bandwidth resources are properly leveraged. Any 10G port can be used to build a VSU virtual network through data transmission cables. No additional cables and expansion cards are required, and the types of ports and cables are not limited. Therefore, the return on investment is best protected.
The Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and MSTP help the RG-S5300-E series switches achieve fast convergence, improve the fault tolerance capability, and ensure stable network operation and load balance of links. The switches utilize network channels appropriately to raise the utilization of redundant links.
The Virtual Router Redundancy Protocol (VRRP) helps the switches effectively ensure the network stability.
With the Rapid Link Detection Protocol (RLDP), the switches can quickly detect the link connectivity and unidirectional optical fiber links. The port loop detection function helps the switches prevent network failures caused by loops resulting from unauthorized port connection to hubs.
The RG-S5300-E series switches support the Ethernet Ring Protection Switching (ERPS) technology, which is an international layer-2 link redundancy backup protocol designed for the core Ethernet. The loop block and link recovery of ERPS are implemented on the controlling device, and non-controlling devices directly report their link status to the controlling device, without processing from other non-controlling devices. Therefore, loop disruption and recovery time of ERPS is faster than that of STP. Based on the above differences, ERPS supports link recovery within milliseconds in the ideal environment.
When STP is disabled, the Rapid Link Protection Protocol (RLDP) can still provide basic link redundancy and millisecond-level fault recovery faster than STP.
With the Bidirectional Forwarding Detection (BFD), the switches are able to detect links within milliseconds, and quickly converge routing and other services through the correlation with upper-layer routing protocols, ensuring the continuity of services.
Software-Defined Networking (SDN)
The RG-S5300-E series support OpenFlow 1.3 as the times require, and will collaborate with Ruijie’s SDN controller to easily build large-scale L2/L3 networks. The switches allow you to smoothly upgrade the whole network to an SDN network and provide access control, visualized O&M, and other SDN features. The products greatly reduce network O&M costs while significantly simplifying network management.
In response to China’s call for energy efficiency, Ruijie deeply studies noise and energy consumption issues of conventional switches and integrates multiple energy-saving design ideas into the RG-S5300-E series switches. The switches reduce loud noise produced by deployment in offices and solve excessive energy consumption resulted from the large-scale deployment of access devices.
In addition, the RG-S5300-E series adopt the new-generation hardware architecture as well as advanced energy-efficient circuit design and components, to significantly save energy and lower noise. The entire series are equipped with variable-speed axial fans to intelligently control the fan speed based on the ambient temperature, which reduces the power consumption and noise while ensuring stable operation of the devices.
In the PoE networking environment, the RG-S5300-E series provide automatic PoE mode and energy-saving PoE mode to meet needs of users.
Easy Network Maintenance
The RG-S5300-E series switches support the Simple Network Management Protocol (SNMP), Remote Network Monitoring (RMON), Syslog, Sampled Flow (sFlow), log and configuration backup using USB flash drives for routine network diagnosis and maintenance. Administrators can also use CLI, Web-based management, telnet, CPE WAN Management Protocol (CWMP(TR069) based zero configuration and other methods to manage and maintain devices conveniently.
An LED Mode button is available on the panel of the switches. You can press this button to check the current communication status and PoE status of all ports on the switches.
IPv4/IPv6 Dual-stack Multi-layer Switching
The hardware of the RG-S5300-E series switches supports line-rate IPv4/IPv6 dual-stack multi-layer switching, distinguishes and processes IPv4 and IPv6 protocol packets. In that case, the switches can plan networks or maintain the network status based on IPv6 network requirements, and flexibly create IPv6 network communication solutions. The RG-S5300-E series switches support a wide range of IPv4 routing protocols, including static routing, RIP, OSPFv2, IS-ISv4 and BGP4. Users can select appropriate routing protocols based on network environments to flexibly build networks. The RG-S5300-E series switches also support abundant IPv6 routing protocols, including static routing, Routing Information Protocol next generation (RIPng), OSPFv3, IS-ISv6 and BGP4+, which can be selected flexibly to either upgrade the existing network to an IPv6 network or build a new IPv6 network.