S3900 Series Switches

Thank You
Main Slides

www.huawei.com

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved

Agenda

 S3900 Overview
 S3900 Key Features
 End-to-End Intelligent Solution
 Summary

HUAWEI TECHNOLOGIES CO., LTD.

 Five Key Factors for Enterprise Network
• Reliability
– Achieving reliable networks is still a challenge

• Network Management
– Network management is a labor intensive and costly job

• Intelligence
– Effective Application-Awareness

• Network Expansion
– Continue to be a “puzzle” for network administrators – even the
simplest expansion can bring hidden threats to reliability
– Existing network expansion technologies are like adding a floor
to an existing house – an “add on” but never “true part of it”

• Security
– To protect your network against illegal use / anonymous virus

HUAWEI TECHNOLOGIES CO., LTD.

 Comprehensive Switch Portfolio
S8500 Core Routing switch
Gigabit / 10G
S6500 modular chassis switch
S5000/S5600 Intelligent Switch
10/100M
S3900/S3500 L2/3 Switch
S3000-EI L2 Switch
S2000-EI Switch
HUAWEI TECHNOLOGIES CO., LTD.
Core Modular Chassis
• Multiple service options
• Highest availability & 10/100/1000
densities
• Abundant service modules
• Wire-speed 10GE aggregation
Mid-range Modular Chassis
• Resilient L3 routing & Intelligent L4 • Medium wiring closet
services
• Highest density 10/100/1000
• 10GE aggregation
Advanced GE fixed configuration
• Resilient L3 routing & Intelligent L4 • wiring closet
services
• Medium density 10/100/1000
• Resilient stacking
• 10GE uplinks
Optimized fixed configuration
• Wire-speed L2 switching and
resilient L3/L4 services
• 10/100 + 4 x GE uplinks
• Resilient stacking
• Advanced QoS mechanism
Basic fixed configuration
• Wire-speed L2 switching
• Stacking
• Intelligent Service
Deployment Focus
• Core
• Distribution
• Data center access/core service
• High performance wiring closet
Deployment Focus
• Small/Medium Distribution/Core
• Data center access/core
• Large/Medium branch
Deployment Focus
• Middle branch office
• Data center
• Medium Network aggregation
Deployment Focus
• Small wiring closet
• Small branch office
• Small network aggregation
• Desktop/Workgroup switch
Deployment Focus
• Small wiring closet
• Small branch office
• Desktop/Workgroup switch
S3900 FE Series Switches

S3928TP-SI S3928F-EI S3952P-SI

S3928P-SI S3952P-EI
S3928P-EI S3952P- PWR-EI
S3928P- PWR - EI

 24 / 48 10/100M Ethernet Ports Switch Capacity : 12.8Gbps/17.6Gbps

 4 x 1000 Base-X SFP Port
Forwarding rate: 9.5/11.78 Mpps
 802.3af POE compatible
 8 Hardware Queues Deployment Focus
 Voice VLAN • Small wiring closet
 Enhanced L2-L4 functionalities • Small branch office
 Static/RIP/OSPF(EI) • Small network aggregation (EI)
• Desktop/Workgroup switch
 802.1x local / external radius authentication
 ACL both inbound and outbound direction

HUAWEI TECHNOLOGIES CO., LTD.

S3900-SI Series Switches Features
Switch 3900 -- The new choice for access network deployments
Key Points

Includes Standard Image (SI) software Target use: Enterprise wiring

Quidway S3928P 24-Port + 4 SFP
Quidway S3928TP 24-Port
+ 2*10/100/1000Base-T+2SFP
Quidway S3952P 48-Port + 4 SFP
Port Configurations:
24 x 10/100 Ports + 4 SFP
48 x 10/100 Ports + 4 SFP
closet access switch;
branch office switch
IRF: Distributed Device Management
• Scalable to 384 10/100 + 32 SFP Availability: Simply power the
• Mix and match any 3900-SI product in a stack switch via a standard AC
• Built-in resilient loop stacking via SFP ports input
Features Highlights: Scalability: Patented IRF
• 64 Static Routes technology automatically
• Dynamic routing (RIPv1/2) – 1K entries creates a stack of switches
• 2K ARP Table and allows single IP
• Intelligent security services including 802.1X management
• RADA – RADIUS Authenticated Device Access
• SSHv1.5 / SNMPv3 Connectivity: Each switch
• Full QoS Prioritisation and full classification allows up to 4 active Gigabit
• 8 Egress Queues ports with any combination
• 4K Port-Based VLANs of copper and/or fibre
• AC input accepted
• 802.3ad Link Aggregation – up to 8 groups
• Multiple/Rapid Spanning Tree with STP Route Guard Application-Aware:
• IGMP Snooping V1/V2 Automatically detects,
• NTP / FTP Server and Client prioritizes and places VoIP
traffic in a separate VLAN

HUAWEI TECHNOLOGIES CO., LTD.

S3900-EI Series Switches Features
Switch 3900 -- The new choice for access network deployments
Quidway S3928P 24-Port + 4 SFP
Quidway S3952P 48-Port + 4 SFP
Quidway S3928P 24-Port + 4 SFP
PWR
Quidway S3952P 48-Port + 4 SFP
PWR
Quidway S3928F 24-Port + 2 SFP + 2
1000BaseT
HUAWEI TECHNOLOGIES CO., LTD.
Key Points
Includes Enhanced Image (EI) software Target use: Advanced Enterprise
• Includes ALL SI software plus: wiring closet access switch;
IRF small aggregation
• Distributed Device Management
Mix and match any S3900-EI product in a stack, Availability: Routing functions
including PWR are totally distributed across
all switches in the stack
• Distributed Link Aggregation
Allows up to 8 groups to be spread across any massively increasing
performance and uptime
ports in the stack (8 FE / 4 GE per group)
• Distributed Resilient Routing
All switches in the stack are actively routing and Scalability: Extend connectivity
sharing LSDB and ARP tables with a mixture of PoE and fibre
switches
RIP/OSPF
Multicast Routing PIM Sparse Mode / Dense
Mode Connectivity: Jumbo Frames are
• JumboFrame supported on all gigabit
uplinks for interoperability with
• AC & DC input
equipment downstream
• Central MAC authentication
• Time-based Access Control Lists
• DHCP Tracker Application-Aware: Advanced
• Time-Based ACLs are
ECMP,VRRP,QinQ
supported that can be
• Traffic Redirection automatically executed on a
• Traffic Mirroring per user or machine basis
• Syslog
Enterprise Networking with S3900
• IP Unicast Routing
Availability - Static, RIPv1/v2, OSPF, S3900
• IP Multicast Routing 10/100M Desktops
• VRRP
• DTP and PAgP
• Dynamic VLANs
• IGMP snooping
• STP enhancements
• Distributed L2/L3 functions
Mission-Critical
Security • MAC address notification 10/100/1000M
• DHCP interface tracker Workstations
• CMS security wizard
• Access control lists
• Private VLAN edge
• Port security
• SNMPv3 Space -Constrained
• 802.1x Server Racks
• SSH

• Queue servicing:
Quality of - Shaped round robin and
strict priority queuing
Service - Weighted tail drop
- Ingress traffic policing Network Core
- Egress traffic shaping
• 802.1p CoS and DSCP
• Congestion avoidance
- Granular rate limiting
- Jumbo Frames

HUAWEI TECHNOLOGIES CO., LTD.

Agenda

 Market Trends
 S3900 Overview
 S3900 Key Features
 V1.5 New Feature
 IRF
 RPS1000-A
 Feature Summary
 End-to-End Intelligent Solution
 Summary

HUAWEI TECHNOLOGIES CO., LTD.

Features

S3900 Features
✔VRRP (EI)
✔HGMPv2
✔DHCP-SERVER (EI)
✔QINQ
✔GVRP
✔MVR
✔DLDP

HUAWEI TECHNOLOGIES CO., LTD.

Features (Cont.)

S3900 Features
✔IGMP Snooping Fast Leave
✔DHCP Snooping Trust
✔DHCP Relay Security
✔DHCP Option 82
✔802.1X and Mac address Authentication At the Same Time/ Port
✔802.1X with PEAP/TLS

HUAWEI TECHNOLOGIES CO., LTD.

Features (Cont.)

S3900 Features
✔Dynamic VLAN Delivery
✔Guest VLAN
✔Jumbo Frame for SI
✔Group Policy
✔Protocol Based VLAN
✔SSHv2
✔VCT (Virtual Circuit Test)
✔RSPAN (Remote Port Mirroring)

HUAWEI TECHNOLOGIES CO., LTD.

802.1X with PEAP/TLS
802.1X authentication Radius/EAP server

Efficient port/MAC based

Built-in 802.1X server
Support EAP relay function

S5600 Series
S3900
Authenticator EAPoRadius
Benefits:
✔ Improve the security
✔ Provide AAA (Authentication, Authorization,
EAPoL Accounting) functions

PC PC PC
Supplicant Supplicant Supplicant

HUAWEI TECHNOLOGIES CO., LTD.

802.1X and MAC Authentication
How can PC and IP phone be authenticated on the same port?

IP Phone
Without 802.1X Client

S3900 supports 802.1X and

MAC Authentication at the
Same Time on One Port
With 802.1X Client
PC Benefits:
✔ Authenticate devices with or without
802.1x Client at the same time

HUAWEI TECHNOLOGIES CO., LTD.

What is IRF ?
Intelligent Resilient Framework
• Huawei-3Com’s industry leading stacking
technology
• Innovation of LAN switching
• Create Intelligent Resilient Framework Network

• Core features:
Distributed Fabric

I
 Distributed Device Management (DDM)
R F
 Distributed Link Aggregation (DLA)
Flexible
High efficient
 Distributed Resilient Routing (DRR) Cost-effective

HUAWEI TECHNOLOGIES CO., LTD.

IRF Based Easy Management
Distributed Device Management (DDM)
• All switches act as a single logical device Stack Management
• Resilient architecture provides access to • Single entity for SNMP, WEB and CLI
management in the event of ANY switch failing Management
• Rapid stack-wide feature configuration • ACL configurations in one screen with All the
• Hot-insert and removal of switches device View

• Automatic and manual stack configuration • Reduces configuration time

• Stack up to 8 units • Improved monitoring responsiveness

3 4

4 3

1 2
Only one logical device

IRF fabric

HUAWEI TECHNOLOGIES CO., LTD.

S3900 IRF Stacking
IRF Stacking
• Each switch uses the last two ports to provide a 2 * 2
Quidway S3900
Gbps stacking,

No extra hardware required

• Stack up to 8 units
• Automatic or manual stack configuration
• A return link provides rapid fail-over in the event of a
normal link or unit failing
• IRF Stack units together over 70Km apart

Normal Stacking Link:

1 Gbps UP / 1 Gbps DOWN

Standby Stacking loop connection:

1 Gbps UP / 1 Gbps DOWN
Use SFP to link the units together

HUAWEI TECHNOLOGIES CO., LTD.

Basic Security Features
• SNMPv3/ SSHv2
• Authorized IP for management:
• support 16 authorized management IP
• User authentication
• 802.1x
• Centralized Mac authentication
• Local password base authentication (128 users )
• Radius based authentication (1024 users)
• Packet Filtering
• L2/L3/L4
• Time-based ACLs
• ACL entries per port
• Others
• DoS protection
• DHCP security
• Port Mirroring/Traffic Mirroring

HUAWEI TECHNOLOGIES CO., LTD.

Device Security
Advanced Device Security

• Access Levels – 4 levels can be set for multiple users

• SNMPv3 / SSHv2 - Encrypt all SNMP and Telnet

traffic to stop middle-man attacks 56bit / 168bit

• Authorized IP - Lock access to the management

interface by routed Access Control List

• Switch Login (RADIUS) – Support RADIUS

Authentication for CLI / Console and web interfaces.
RADIUS return attribute will set individual privilege
levels

• Denial of Service Attack Preventions – Attacks to

the host CPU sub systems and memory are protected
via a traffic classification queuing system

• Syslog - All commands can be tracked and sent to a

Syslog server

HUAWEI TECHNOLOGIES CO., LTD.

Application-Aware Services
• Advanced Traffic Management
– Voice VLAN – All voice traffic can be automatically placed
into a private secure VLAN; switch will detect VoIP phone OUI
and register with the correct VLAN

– Traffic Redirection / Mirror – Mirror or redirect any

type of network traffic based upon an ACL to any port Define your own
Classification rule and mask for
– Configurable Queue Processing – 8 hardware- the ACL
based queues; Strict Priority; Weighted Round Robin;
Weighted Fair Queuing; WRED; WRR + SP
Define ACLs based upon
– Advanced Traffic Classification – All ACL Ingress & Egress Control
classifications are available
Source / Destination IP Address
Source / Destination MAC address
– Traffic Actions – Remark DSCP; Drop or set the IP- Source / Destination TCP and/or UDP Port
Precedence, rate limit (64kbps granularity) ICMP
DSCP / COS / Precedence / TOS
VLAN

HUAWEI TECHNOLOGIES CO., LTD.

Voice VLAN
1. Mac address 00E0-BB00-0000 mask ffff-ff00-0000 Voice VLAN
2. Ah! It is an IP Phone of Vendor A, B, C……( Totally, 16 Vendors)
3. Put the traffic from IP Phone into Voice VLAN automatically
4. Other traffic will be processed with lower priority
Voice Data

Other Data

Voice Queue

Data Queue 1
Benefits:
✔ Guarantee the QoS of voice data
Data Queue 2
✔ Improve the security

HUAWEI TECHNOLOGIES CO., LTD.

RPS1000-A Front Panel

HUAWEI TECHNOLOGIES CO., LTD.

RPS1000-A Rear Panel
Two Outputs for PoE Six Outputs for Non PoE
Device or Non PoE Device Only
Device

The two main

inputs are for
the two PSUs in
the RPS1000-A
rack respectively

HUAWEI TECHNOLOGIES CO., LTD.

S3900 Rear Panel
S3900-SI rear panel, AC
input socket

S3900-SI

（1） （2）
S3900-EI rear panel, S3900-EI rear panel,
AC input socket DC input socket.

S3900-EI
(1) (2) (3)

RPS Connects Here! Only

S3900-EI Supports RPS

HUAWEI TECHNOLOGIES CO., LTD.

Feature Summary
• Port Features
– SPAN (Port Mirroring)
– RSPAN (Remote Port Mirroring)
– Port Isolation
– Port Rate-limiting (64kbps)
– IP + MAC + Port Binding
– DUD (Disconnect Unauthorized Device)
– DLDP (smillar to UDLD)
– VCT (Virtual Cable Test)
• High Performance
– 4 GE uplinks
– 4K VLAN/16K MAC
– Jumbo Frame
• High Reliability
– STP/RSTP/MSTP
– VRRP for S3900-EI
– ECMP for S3900-EI
– Redundant Power Supply for S3900-EI
– Redundant Power Supply for S3900-EI
– Distributed Layer 2 and Layer 3 IRF!
– Layer 2/3 failover with nonstop forwarding IRF!
– 4Gbps fault tolerant bidirectional stack interconnection IRF!
– Cross-stack link aggregations technology, cross-stack QoS IRF!

HUAWEI TECHNOLOGIES CO., LTD.

Feature Summary (Cont.)
• Abundant Security
– SSHv2
– SNMPv3
– MAC Black Hole
– Disconnect Unauthorized Device
– 802.1X with PEAP/TLS
– Centralized MAC Address Authentication
– Enable 802.1X and MAC Authentication on the same port
– Dynamic VLAN Delivery/Guest VLAN
– DHCP Relay Security
– DHCP Snooping Trust
• Abundant QACL
– WRED
– 8 Queues/SP/WRR/WFQ/SP+WRR/SP+WFQ
– CAR
– Ingress & Egress ACL
– ACL Traffic Limit
– Traffic Classification/Traffic Shaping
– Tail Drop
– DSCP<->CoS
– Voice VLAN

HUAWEI TECHNOLOGIES CO., LTD.

Feature Summary (Cont.)
• Multicast
– MVR
– IGMPv1/v2 Snooping
– IGMPv1/v2 Snooping Fast Leave
– PIM-SM/PIM-DM for S3900-EI
– Extends Web-based management suite
• Ease Management
– GVRP
– SNMPv1/v2/v3
– HGMPv2
– One IP address and configuration file for entire stack IRF!
– Extends Web-based management suite
– Automatic stacking configuration of new units when connected to the stack IRF!
• Cost Effective
– PoE
– QinQ
– 802.1X Server
– DHCP Option 82
– DHCP Server for S3900-EI
• Return of Investment
– High Performance/Cost Ratio
– Seamless Network Expansion IRF!

HUAWEI TECHNOLOGIES CO., LTD.

Agenda

 Market Trends
 S3900 Overview
 S3900 Key Features
 End-to-End Intelligent Solution
 Summary

HUAWEI TECHNOLOGIES CO., LTD.

S3900 Deployment Scenario
Application server farm
 Voice VLAN
 POE
 IRF stacking

IRF
king
Stac
Quidway
S5600

Quidway
S5600
IRF
king Quidway
Stac
S3900
Quidway
S3900
Quidway
S3900
Quidway
S3900

HUAWEI TECHNOLOGIES CO., LTD.

End-to-End Intelligent Solution
Service System Fully Standards Based Infrastructure
Application server farm Best of Breed Core Performance
Industry leading Terabit Performance with
investment protected backplane
S8500
Industry Leading Performance
Router AR4600 Unique Distributed Resilient 96Gbps
link via IRF

Total Flexibility
Comprehensive
media flexibility for
SecPath Security abundant
System applications

Unique Investment Protection S6500

Add Power over Ethernet anytime to the Switch
S5600
S3900
S5600

Security Policy Control Security S3900

Automatic User Security Authentication,
Authorisation and Accounting; Peace of PoE: Powered, traffic optimized
mind for businesses and secured by Switch 3900

HUAWEI TECHNOLOGIES CO., LTD.

Agenda

 Market Trends
 S3900 Overview
 S3900 Key Features
 End-to-End Intelligent Solution
 Summary

HUAWEI TECHNOLOGIES CO., LTD.

Summary
• Enterprise-class services
– High Availability: IP Routing, VRRP, MSTP, 802.1s/w, IGMP snooping, RPS
– Security: ACL, port security, MAC address notify, RADIUS/TACAC+, 802.1x,
SSHv2, SNMPv3, DUD,
– Advanced QoS: Layer 2–4 QoS with CoS/DSCP, shaped round robin, WRR,strict
priority queuing, Ingress and Egress ACL (only for S3900)
– VOICE VLAN/PoE
• Abundant Security
– SSHv2/SNMPv3
– 802.1X with PEAP/TLS, Centralized MAC Address Authentication/Enable 802.1X
and MAC Authentication on the same port
– Dynamic VLAN Delivery/Guest VLAN
– DHCP Relay Security/DHCP Snooping Trust
• IRF technology
– 4Gbps fault tolerant bidirectional stack interconnection
– Distributed architecture
– Layer 2/3 failover with nonstop forwarding
– Cross-stack link aggregations technology, cross-stack QoS
– Single network instance (IP, SNMP, CLI, STP, VLAN)

HUAWEI TECHNOLOGIES CO., LTD.

Summary (Cont.)
• High performance
– Gigabit Ethernet and Fast Ethernet configurations
provide
– Distributed Layer 2 and Layer 3
• Ease of management/deployment
– One IP address and configuration file for entire stack
– Extends Web-based management suite to Layer 2/3/4
services
– Automatic stacking configuration of new units when
connected to the stack
• Return of Investment
– High Performance/Cost Ratio
– Seamless Network Expansion

HUAWEI TECHNOLOGIES CO., LTD.

Thank You
www.huawei.com