Description:

With a new system architecture design, it can be put online on the network management platform (NMC/NAC) with zero configuration, just like the thin AP mode, to achieve plug-and-play of the switching host. The network management platform can realize the full-cycle management of the switching host, including IP configuration, port configuration, VLAN configuration, ACL configuration, QoS configuration, etc., and the switching host can be fully visualized, including switch load, port forwarding load, loop status, terminal access type, etc. At the same time, it supports intelligent sensing functions such as service quality perception and path chain based on AI simulated traffic. In addition, the switching host is more secure than traditional switches, and can be linked with wireless networks and security devices to achieve safer network management and control.

Features:

* It can realize visual management of access terminals, manage terminal access methods and access terminal types in multiple dimensions, display the behavioral changes of terminals after access in real time, and perform terminal asset statistics.

* It can realize visual management of IP addresses. Through the DHCP address pool security visual management function, it can automatically detect the remaining lease time distribution, IP address reservation and other IP address usage before allocating IP addresses. It can effectively solve the problems of IP address conflicts and low IP address utilization rate caused by the lack of effective management of IP addresses.

* It supports simulating AI terminals to actively perceive the service experience quality around the clock, perceive the service quality from the user's perspective, intuitively present the service usage experience, present the service health in card format, and support service quality status backtracking.

* It supports active perception of the availability of ports across the entire network, making it easy to complete connectivity checks on global information points. The switch intelligently perceives the quality of traffic paths, intuitively presents faulty nodes, and provides professional troubleshooting suggestions.

* It supports the path chain function, supports querying the actual traffic trend from any source to any destination within 30 days, and accurately locates the path failure node.

* Supports exporting network operation reports and multi-dimensional perception reports through the NMC/vNMC platform, focusing on operation and maintenance to save time and effort.

* The "zero deployment" online mode is adopted. After the switch is connected to the network cable, it will be automatically displayed in the activation list. No configuration is required and it can be activated with one click. At the same time, the controller can also restart and replace the faulty switch with one click, saving operation and maintenance time to the greatest extent.

* Supports automatic topology generation. After the devices are connected, the management platform automatically generates the network topology and can directly configure the devices based on the topology.

* It greatly improves the efficiency of troubleshooting. For example, when the channel between the switch and the control platform is disconnected due to a configuration error, the switch configuration can be modified directly in the topology without having to go to the device site.

* It supports a variety of authentication methods, including 802.1x, CA certificate authentication, Portal, mobile phone self-registration, SMS, APP, QR code review, etc., and also supports two-factor security authentication.

* Supports a variety of access control policies, including ACL policies based on protocols (such as OSPF, UDP, ARP) and custom protocol numbers, switch single ports, aggregation ports, source and destination IP addresses, MAC addresses, time and other dimensions.

* Support DHCP Snooping function. By setting trusted (Trust) and untrusted (Untrust) ports, the switch only forwards DHCP OFFER/ACK/NAK messages from trusted ports and discards DHCP OFFER/ACK/NAK messages from untrusted ports, thereby blocking illegal DHCP servers. In addition, it supports monitoring DHCP data packets passing through the switch, and combined with DAI (Dynamic ARP Inspection) and IPSG (IP Source Guard), it can realize ARP anti-spoofing and IP flow control functions.

* Supports re-marking of traffic matching ACL to achieve traffic regulation. The packet forwarding rate can be set based on the outbound and inbound directions of the switch port.

* Supports multiple scheduling modes (e.g., polling mode, strict priority mode, etc.) to implement traffic priority based on packets or ports. COS and DSCP priority mapping can be implemented based on switch groups.

* Supports L2 (Layer 2) ~ L4 (Layer 4) packet filtering functions, and provides illegal frame filtering functions based on source MAC address, destination MAC address, source IP address, destination IP address, TCP/UDP protocol source/destination port number, protocol, and VLAN.

* Supports automatic learning binding of IP-MAC for the first deployment. When IP+MAC does not correspond, the terminal can be added to the blacklist and the terminal traffic can be disconnected. Based on management needs, privileged IPs can be reserved, but privileged IPs must be approved by the administrator before they can be used, and IP whitelists can be exempted from approval. To facilitate configuration management, the ports of the switch host can also be divided into port groups.

* Supports custom port access terminal types and MAC blacklists and whitelists, and supports terminal MAC and switch host port change detection. When the switch host port terminal type changes, the network administrator will be notified via APP and SMS. When a security policy event occurs in the access terminal, the switch host can also add the terminal to the blacklist.

* Supports M-LAG virtualization technology. M-LAG virtualization technology separates the management and control planes of member devices, supports cross-device link bundling networking, and supports non-stop service upgrades compared to traditional virtualization technology, which can effectively reduce the risk of fault transmission.

* The switch host supports VRRP (Virtual Router Redundancy Protocol). Multiple switches form a VRRP backup group to achieve multi-level backup of upstream routes.

* Supports east-west traffic security functions. With the rapid growth and diversification of the number of terminals, non-compliant access and unsafe terminal operations cannot be effectively controlled. The traditional network architecture that only deploys security devices at the exit cannot defend against attacks launched by risky terminals in the intranet. Through a variety of east-west traffic security policies, intranet security threats are horizontally blocked to prevent risky traffic from intranet terminals from bypassing exit security devices and spreading in the intranet to other terminals.

* It supports linkage with Sangfor Security Perception Platform SIP, Firewall AF, etc. After completing the equipment docking, the switch host will mirror the traffic to the Security Perception Platform for big data security analysis. If the platform detects a compromised terminal in the intranet, it will send a blocking command to the switch host, thereby cutting off the lateral spread of risk traffic and preventing the risk traffic from spreading in the intranet.

Specifications: