Ati Awplus Ds
Ati Awplus Ds
AlliedWare Plus
Fully Featured Layer 3 Switch Operating System
™
Key Features
Allied Telesis Autonomous speed stacking links. This aggregates the switches, Bi-directional Forwarding Detection
Management Framework™ Plus which then appear as a single switch, or ‘virtual (BFD)
(AMF Plus) chassis’. The virtual chassis can be configured and ۼBFD enables fast detection of link failures, so
ۼAMF Plus is a sophisticated suite of management managed via a single serial console or IP address, recovery time is minimized. BFD works with static
tools that provide a simplified approach to network which provides greater ease of management in routes, and also alongside BGP and OSPF dynamic
management. Powerful features like centralized comparison to an arrangement of individually routing protocols supporting faster shutdown of
management, auto-backup, auto-upgrade, auto- managed switches, and often eliminates the need neighbor connections if a peer session goes down.
provisioning and auto-recovery enable plug-and- to configure protocols like VRRP and Spanning Tree. When using VRF-Lite, BFD is supported globally or
play networking and zero-touch management. within a domain.
Long-distance Stacking
ۼThe AMF Plus master enables auto-provisioning
and auto-upgrade by providing appropriate files ۼLong-distance stacking allows a VCStack to 802.1x, RADIUS Authentication and
to new network members. New network devices be created over longer distances, perfect for a Dynamic VLAN Assignment
can be pre-provisioned making installation easy distributed network environment. ۼThe IEEE 802.1x standard manages port-based
because no on-site configuration is required. network access. It provides authentication to
VCStack Plus™ devices attached to a LAN port by initiating a
ۼAMF Plus secure mode encrypts all AMF Plus traffic,
provides unit and user authorization, and monitors ۼTwo SwitchBlade x8100 chassis can be stacked connection, or preventing access if authentication
network access to greatly enhance network security. together into a single virtual unit using VCStack fails. Valuable for authenticating and controlling
Plus. The stacking link uses the 10 Gigabit front user traffic to a protected network, 802.1x is also
ۼAn AMF Plus license (from AW+ version 5.5.2-2 panel ports on the CFC960 control cards, which effective for dynamically varying encryption keys.
onwards) provides all standard AMF network provides a massive 160 Gigabits of stacking 802.1x attaches the Extensible Authentication
management and automation features, and also bandwidth. VCStack Plus provides a highly Protocol (EAP) to both wired and wireless LAN
enables the AMF Plus intent-based networking available system where network resources and media, and supports multiple authentication
features menu in Vista Manager EX (from version distribution switches are connected across the methods, such as token cards, Kerberos,
3.10.1 onwards). units for ultimate resiliency. Management is certificates, and public key authentication.
simplified as the two chassis operate as a single ۼ802.1x uses the RADIUS (Remote Authentication
AMF Plus Controller virtual unit. Dial In User Service) protocol to transfer
ۼAn AMF Plus master can manage networks of up to authentication and configuration information
300 nodes, which can be located locally or across In-Service Software Upgrade (ISSU) between the switch and a shared RADIUS
WAN links. This can be dramatically increased by ۼISSU (also called “hitless firmware upgrade”) authentication server, which manages a user
installing the AMF Plus Controller, which enables allows firmware to be updated without causing database and provides information to the client.
multiple AMF Plus Masters to be managed from any network disruption from a device reboot. This ۼDynamic VLAN assignment allows an 802.1x
a single point. With the AMF Plus Controller, a enables essential maintenance to be performed supplicant to be placed into a specific VLAN, based
network of up to 18,000 devices can be managed, when it is required rather than having to schedule a on information returned from the RADIUS server
allowing all the time saving, cost reducing benefits network outage or tolerate any loss of service. ISSU during authentication. This limits a supplicant’s
of AMF Plus to be multiplied and efficiencies to be is supported on dual controller systems and can be network access to a specific VLAN, and prevents
increased. used in conjunction with VCStack Plus, making it supplicants from connecting to VLANs for which
ideal for high availability applications. they are not authorized.
AMF Plus Cloud
ۼDynamic ACLs assigned via port authentication.
ۼAMF Plus Cloud allows the AMF Plus Master and/ Link Aggregation
or Controller to be virtual appliances rather than ۼLink aggregation allows a number of individual TACACS+ Command Authorization
integrated into an Allied Telesis switch or firewall. switch ports to be combined, forming a single
AMF Plus Cloud offers full AMF Plus functionality, ۼTACACS+ Command Authorization offers
logical connection of higher bandwidth. This centralized control over which commands may be
with the advantages of cloud-based access and provides a higher performance link, and also
flexibility. issued by each specific AlliedWare Plus device user.
provides redundancy for a more reliable and robust It complements authentication and accounting
network. services for a complete AAA solution.
Multiple Tenants on AMF Plus Cloud
ۼSupport multiple tenants (up to 300) on AMF Plus VCStack and Link Aggregation Access Control Lists (ACLs)
Cloud. Each tenant network is kept separate from ۼLink aggregation can be used across members of
other tenant networks for fully flexible deployment, ۼAlliedWare Plus delivers industry-standard access
a stack to protect against link and device failures. control functionality through Access Control
with central or individual network management This provides a resilient network solution that is
options. As an AMF Plus Master capable device Lists (ACLs). ACLs filter network traffic to control
easier to implement and administer than traditional whether packets are forwarded or blocked at the
is not required in every location, AMF Plus multi- redundant core networks. A VCStack solution in
tenant provides a high-value solution for large port interface. The switch examines each packet to
combination with link aggregation also achieves determine whether to forward or drop the packet,
distributed companies, as well as service providers load balancing, as the stacked devices share the
offering network provisioning and/or management based on criteria that is specified within the ACL,
network traffic. such as source and destination MAC or IP address,
services.
IP protocol, or TCP/UDP port. This provides a
MEF Certified powerful network security mechanism to select
Virtual Routing and Forwarding (VRF ۼSwitching products running AlliedWare Plus have the types of traffic to be analyzed, forwarded, or
Lite) been certified by the Metro Ethernet Forum (MEF) influenced in some way, for example, to restrict
ۼVRF Lite provides Layer 3 network virtualization by certification program, which tests products for routing updates or provide traffic flow control.
dividing a single router into multiple independent conformance to the strict requirements of Carrier
virtual routing domains. With independent routing Ethernet. Specifically, these products are certified VLAN Access Control List (ACLs)
domains, IP addresses can overlap without causing for compliance to MEF 9 and MEF 14 Ethernet
conflict, allowing multiple customers to have
ۼACLs simplify access and traffic control across
services tests. entire segments of the network. They can be
their own secure virtual network within the same
applied to a VLAN as well as a specific port.
physical infrastructure. VRF Lite supports IPv4 sFlow
(unicast and multicast) and IPv6 (unicast) traffic. ۼsFlow is an industry-standard technology for Bridge Protocol Data Unit (BPDU)
ۼThe DHCP Server built-in to many products is monitoring high-speed switched networks. It Protection
VRF aware, enabling the supply of IP addresses to provides complete visibility into network use,
clients across multiple isolated networks. enabling performance optimization, usage ۼBPDU protection adds extra security to the
accounting/billing, and defense against security Spanning Tree Protocol (STP). It protects the
threats. Sampled packets sent to a collector (up to 5 spanning tree configuration by preventing malicious
VCStack™ (Virtual Chassis Stacking) DoS attacks caused by spoofed BPDUs.
ۼVCStack makes networking simple. It allows collectors can be configured) ensure it always has a
multiple switches to be connected together via high real-time view of network traffic.
2 | AlliedWare Plus
AlliedWare Plus | Layer 3 Switch Operating System
ۼBPDU Protection is designed to be enabled on voice, video and data services, and at the same Continuous PoE
ports that should not receive BPDUs. These are time manage customer Service Level Agreements ۼContinuous PoE allows the switch to be restarted
edge ports connected to end user devices that do (SLAs). without affecting the supply of power to connected
not run spanning tree. If a spoofed BPDU packet is ۼFor enterprise customers, QoS features protect devices. Smart lighting, security cameras, and
received on a protected port, the BPDU Protection productivity by guaranteeing performance of other PoE devices will continue to operate during a
feature disables the port and alerts the network business-critical applications (including VoIP software upgrade on the switch.
manager. services), and help to restore and maintain the
responsiveness of enterprise applications in the Precision Time Protocol (PTP)
EPSRingsTM (Ethernet Protection workplace. ۼPTP (IEEE 1588) sychronizes clocks throughout the
Switched Ring) network with micro-second accuracy, supporting
ۼEPSRing and 10 Gigabit Ethernet allow several Link Layer Discovery Protocol - Media industrial automation and control systems. PTP
switches to form high-speed protected rings, Endpoint Discovery (LLDP - MED) operates on standalone or stacked switches.
capable of recovery within as little as 50ms. This ۼLLDP-MED extends LLDP’s basic network
feature is perfect for high performance and high endpoint discovery and management functions. Wireless Management
availability in enterprise networks. LLDP-MED allows for media end-point specific ۼAutonomous Wave Control (AWC) wireless controller
ۼSuperLoop Prevention (SLP) enables a link messages, providing detailed information on power manages a wireless network, and automatically
between two EPSR nodes to be in separate EPSR requirement, network policy, location discovery (for optimizes AP performance.
domains, improving redundancy and network fault emergency call services) and inventory. LLDP-MED ۼChannel Blanket allows simultaneous multi-channel
resiliency. is an important feature for simplifying VoIP, security and single-channel wireless operation, to support
camera and WLAN deployments. maximum performance and seamless roaming.
G.8032 Ethernet Ring Protection
ۼG.8032 provides standards-based high-speed ring Power over Ethernet Plus (PoE+) Media Access Control Security
protection, that can be deployed stand-alone, or ۼWith PoE, a separate power connection to end (MACSec)
interoperate with Allied Telesis EPSR. points such as IP phones and wireless access ۼ802.1AE MACSec secures all traffic on point-to-
ۼEthernet Connectivity Fault Monitoring (CFM) points is not necessary. PoE+ provides up to 30 point Ethernet links between directly connected
proactively monitors links and VLANs, and provides Watts per port, while PoE++ provides up to 90 nodes, ensuring protection against security threats
alerts when a fault is detected. Watts per port for even greater flexibility, and such as denial of service, intrusion, man-in-the-
the ability to connect and power devices such as middle, passive wiretapping, and playback attacks.
lighting controllers and ultra high resolution PTZ
Storm Protection
cameras.
Advanced packet storm control features protect the Modbus
network from broadcast storms:
Dynamic Host Configuration Protocol
ۼModbus enables communication with Supervisory
ۼBandwidth limiting minimizes the effects of the Control and Data Acquisition (SCADA) systems for
(DHCPv6)
storm by reducing the amount of flooding traffic. industrial automation.
ۼDHCPv6 is used to dynamically assign IPv6
ۼPolicy-based storm protection is more powerful addresses to hosts from a central location. Acting Media Recovery Protocol (MRP)
than bandwidth limiting. It restricts storm damage as DHCPv6 client enables the switch to receive an
to within the storming VLAN, and allows the traffic IPv6 address, and acting as server enables the ۼMRP enables high-availability automation networks,
rate that creates a broadcast storm to be defined. switch to dynamically allocate IPv6 addresses to and is specified for rings with up to 50 devices,
The action the device should take when it detects a hosts. The DHCPv6 server and client both support where it guarantees fully deterministic switchover
storm, such as disabling the port from the VLAN or the Prefix Delegation feature, which allocates a behavior.
shutting the port down, can also be configured. whole IPv6 subnet to a DHCP client. The client, in
Multicast Source Discovery Protocol
ۼPacket storm protection allows limits to be set on turn, can allocate addresses from this subnet to the
(MSDP)
the broadcast reception rate, multicast frames and hosts that are connected to it.
destination lookup failures. In addition, separate ۼMSDP enables two or more PIM-SM (Sparse
limits can be specified when the device will discard Find Me Mode) domains to share information on active
each of the different packet types. ۼIn busy server rooms consisting of a large number multicast sources, for more efficient forwarding of
of equipment racks, it can be quite a job finding multicast traffic.
Loop Protection the correct switch quickly among many similar
Link Monitoring (Linkmon)
ۼAlliedWare Plus provides two forms of Loop units. The “find me” feature is a simple visual way
Protection, Thrash Limiting and Loop Detection. to quickly identify the desired physical switch for ۼLinkmon enables network health monitoring by
maintenance or other purposes, by causing its regularly sending probes over key links to gather
ۼThrash Limiting, also known as rapid MAC LEDs to flash in a specified pattern. metrics comprising latency, jitter, and probe loss.
movement, detects and resolves network loops. This supports pro-active network management,
It is highly user-configurable — from the rate and can also be used with triggers to automate
Active Fiber Monitoring
of looping traffic to the type of action the switch a change to device or network configuration in
should take when it detects a loop. ۼActive Fiber Monitoring detects tampering on
optical links by regularly checking received optical response to the declining health of a monitored link.
ۼLoop Detection works in conjunction with Thrash power. This provides increased security by ensuring
Limiting. With Thrash Limiting, the switch only the integrity of short- and long-haul fiber links. Virtual Extensible LAN (VXLAN)
detects a loop when a storm has occurred, which tunnels
can potentially cause disruption to the network. ۼVXLAN tunnels let you join two or more L2
VLAN Mirroring (RSPAN)
To avoid this, Loop Detection sends special Loop
Detection Frame (LDF) packets that the switch ۼVLAN mirroring allows traffic from a port on a networks over an L3 IP network to form a single L2
remote switch to be analysed locally. Traffic being broadcast domain. VXLAN adds scalability to cloud
listens for. If an LDF packet is received, then the computing environments. Static VXLAN tunnels are
switch can be configured to either disable the port, transmitted or received on the port is duplicated
and sent across the network on a special VLAN. supported on the SBx908GEN2, x950 and x530
disable the link, or send an SNMP trap. Series switches.
Policy-Based Quality of Service (QoS) Upstream Forwarding Only (UFO)
ۼUFO lets you manage which ports in a VLAN can NETCONF/RESTCONF
ۼComprehensive, low latency QoS features
operating at wirespeed provide flow-based traffic communicate with each other, and which only have ۼNETCONF/RESTCONF with YANG data modeling
upstream access to services, for secure multi-user provide a standardized way to represent data,
management with full classification, prioritization,
deployment. and securely configure devices from modern
traffic shaping and min/max bandwidth profiles.
management systems..
ۼOur QoS features are ideal for Service Providers
wanting to ensure maximum availability of premium
AlliedWare Plus | 3
AlliedWare Plus | Layer 3 Switch Operating System
1
Subscription licenses are available for 1 year or 5 years
4 | AlliedWare Plus
AlliedWare Plus | Layer 3 Switch Operating System
AT-FL-x550-01 AT-SW-APM101, 2
ۼRIP (256 routes) ۼAMF Plus Master (up to 10 nodes)
ۼOSPF (256 routes) AT-FL-x550-OF131
ۼBGP (256 routes) ۼOpenFlow v1.3
ۼPIMv4-SM, DM and SSM AT-FL-x550-8032
ۼEPSR master ۼG.8032 ring protection
ۼVLAN double tagging (Q-in-Q) ۼEthernet CFM
x550 Series ۼRIPng (256 routes)
AT-FL-x550-CPOE
ۼOSPFv3 (256 routes) ۼContinuous PoE for XSPQ model
ۼMLDv1 and v2
ۼPIMv6-SM AT-SW-AWC101
ۼUDLD ۼAWC (up to 10 access points)
ۼPTP Transparent mode AT-SW-CB10-20221
ۼ AWC-CB and AWC-SC (up to 10 access points)
1
Subscription licenses are available for 1 year or 5 years
2
From AW+ version 5.5.2-2 onwards, AMF Plus licenses provide all standard AMF network management and automation features. They also enable the AMF Plus intent-based networking
features menu in Vista Manager EX (from version 3.10 onwards)
3
64 routes are included for free in the base firmware
4
RADIUS-Full increases the local RADIUS database limits to 1,000 NAS devices and 5,000 users
AlliedWare Plus | 5
AlliedWare Plus | Layer 3 Switch Operating System
AT-FL-x950-01 AT-SW-APM10 1, 2
AT-FL-x950-ASEC1
ۼOSPF (16,000 routes)3 ۼAMF Plus Master (up to 10 nodes) ۼ AMF-Sec
ۼBGP4 (5,000 routes)3 AT-FL-x950-AAP1 AT-SW-AWC101
ۼPIMv4-SM, DM and SSM (2,000 entries) ۼAMF Application Proxy ۼAWC (up to 10 access points)
ۼVLAN double tagging (Q-in-Q) AT-FL-x950-OF131 AT-SW-CB10-20221
ۼRIPng (5,000 routes) ۼOpenFlow v1.3 ۼ AWC-CB and AWC-SC (up to 10 access points)
ۼOSPFv3 (8,000 routes) AT-FL-x950-8032
x950 Series ۼBGP4+ (5,000 routes) ۼG.8032 ring protection
ۼMLDv1 and v2 ۼEthernet CF
ۼPIMv6-SM and SSM (1,000 entries)
AT-FL-x950-MODB
ۼVRF lite (63 domains) ۼModbus for industrial applications
ۼRADIUS Full4
ۼUDLD AT-FL-x950-MSEC
ۼMedia Access Control Security
ۼVLAN Translation
ۼVXLAN AT-FL-x950-VLF
ۼPTP Transparent mode ۼVRF Lite (600 domains)
AT-FL-GEN2-01 AT-SW-APM101, 2
ۼOSPF (16,000 routes)3 ۼAMF Plus Master (up to 10 nodes)
ۼBGP4 (5,000 routes)3 AT-SW-APC101, 2
ۼPIMv4-SM, DM and SSM (2,000 entries) ۼAMF Plus Controller (up to 10 areas)
ۼVLAN double tagging (Q-in-Q) AT-FL-GEN2-OF131
ۼRIPng (5,000 routes) ۼOpenFlow v1.3
ۼOSPFv3 (8,000 routes)
AT-FL-GEN2-MSEC
ۼBGP4+ (5,000 routes) ۼMedia Access Control Security
ۼMLDv1 and v2
ۼPIMv6-SM and SSM (1,000 entries) AT-FL-GEN2-VLF
SwitchBlade x908 GEN2 ۼVRF Lite (600 domains)
ۼVRF lite (63 domains)
ۼRADIUS Full4 AT-FL-GEN2-ASEC1
ۼUDLD ۼAMF-Sec
ۼVLAN Translation AT-SW-CB10-20221
ۼG.8032 resilient rings ۼAWC-CB and AWC-SC (up to 10 access points)
ۼEthernet CFM
ۼVXLAN
ۼPTP Transparent mode
AT-FL-CFC960-01 AT-FL-CF9-VCSPL
ۼ OSPF (5K routes or 10K with XLEM)3 ۼVCStack Plus
ۼ BGP4 (5K routes or 100K with XLEM)3 AT-SW-APM101, 2
ۼ PIMv4-SM, DM, SSM ۼAMF Plus Master (up to 10 nodes)
ۼ VLAN Q-in-Q
AT-SW-APC101, 2
ۼ RIPng (1K routes or 3.5K with XLEM) ۼAMF Plus Controller (up to 10 areas)
ۼ UDLD
AT-FL-CF9-8032
ۼ OSPFv3 (1K routes or 5K with XLEM) ۼG.8032 ring protection
SwitchBlade x8100 Series ۼ BGP4+ (1K routes or 50K with XLEM) ۼEthernet CFM
with CFC960 controller card
ۼ MLDv1 & v2
ۼ PIMv6-SM, SSM
ۼ RADIUS-Full4
ۼ VRF lite (64 domains)
ۼ VLAN Translation
1
Subscription licenses are available for 1 year or 5 years
2
From AW+ version 5.5.2-2 onwards, AMF Plus licenses provide all standard AMF network management and automation features. They also enable the AMF Plus intent-based networking
features menu in Vista Manager EX (from version 3.10 onwards)
3
64 routes are included for free in the base firmware
4
RADIUS-Full increases the local RADIUS database limits to 1,000 NAS devices and 5,000 users
6 | AlliedWare Plus
AlliedWare Plus | Layer 3 Switch Operating System
1
Subscription licenses are available for 1 year or 5 years
AT-AMFCLOUD-PLUS-BASE-5YR 2
5 year AMF Plus Master license for up to 10 nodes
AT-AMFCLOUD-PLUS-EX1-1YR 2 1 year AMF Plus Master 1 node add-on license (maximum 300 nodes)
AT-AMFCLOUD-PLUS-EX1-5YR 2 5 year AMF Plus Master 1 node add-on license (maximum 300 nodes)
AT-AMFCLOUD-PLUS-EX10-1YR 2
1 year AMF Plus Master 10 node add-on license (maximum 300 nodes)
AT-AMFCLOUD-PLUS-EX10-5YR 2 5 year AMF Plus Master 10 node add-on license (maximum 300 nodes)
AT-AMFCLOUD-PLUS-CTRL-1YR 2
1 year AMF Plus Controller 10 areas base/add-on license (maximum 1000 areas)
AT-AMFCLOUD-PLUS-CTRL-5YR 2 5 year AMF Plus Controller 10 areas base/add-on license (maximum 1000 areas)
2
From AW+ version 5.5.2-2 onwards, AMF Plus licenses provide all standard AMF network management and automation
features. They also enable the AMF Plus intent-based networking features menu in Vista Manager EX (from version 3.10
onwards)