Comprehensive Security Policies
The RG-S2900G-E V3 Series effectively prevents and controls virus spread and hacker attacks with various inherent mechanisms such as anti-DoS attacks, hacker IP scanning, illegal ARP packets checking and multiple hardware ACL policies.
• Industry-leading CPU protection mechanism: The CPU Protect Policy (CPP) provides policies for protecting the CPU of a switch. In network environments, various attack packets spread, which may cause high CPU usages of the switches, affect protocol running and even difficulty in switch management. To this end, switch CPUs must be protected, that is, traffic control and priority-based processing must be performed for various incoming packets to ensure the processing capabilities of the switch CPUs.
o
CPP can effectively prevent malicious attacks in the network and provide a clean environment for legitimate protocol packets.
o
CPP is enabled by default. It provides protection during the entire operation of switches.
• IP/MAC binding: Implement flexible binding of a port or the system to the IP address and MAC address of users, strictly limiting user access on a port or in the entire system.
• DHCP snooping: Allow DHCP responses from trusted ports only; based on DHCP listening and by monitoring ARP dynamically and checking the user IP address, directly discard illegal packets inconsistent with binding entries to effectively prevents ARP frauds and source IP address frauds.
• Secure Shell and SNMPv3: Secure Shell (SSH) and Simple Network Management Protocol v3 (SNMPv3) cryptographic network protocol ensure the security of management information. Provides services such as multi-element binding, port security, time-based ACL and bandwidth rate limiting to block unauthorized users.
• NFPP: Network Foundation Protection Policy (NFPP) provides guards for switches. Malicious attacks are always found in the network environment. These attacks bring heavy burdens to switches, resulting in high CPU usage and operational troubles. These attacks are as follows:
o
Denial of Service (DoS) attacks may consume lots of memory, entries, or other resources of a switch, which will cause system service termination.
o
Massive attack traffic is directed to the CPU, occupying the entire bandwidth of the CPU. In this case, normal protocol traffic and management traffic cannot be processed by the CPU, causing protocol flapping or management failure. The forwarding in the data plane will also be affected and the entire network will become abnormal.
NFPP can effectively protect the system from these attacks. Facing attacks, NFPP maintains the proper running of various system services with a low CPU load, thereby ensuring the stability of the entire network.
NFPP Network Protection
Virtual Switch Unit (VSU)
The Virtual Switch Unit technology, or VSU in short, enables interconnection of several physical devices by virtualizing them into one logical device. The logical device uses one single IP address, Telnet process, command-line interface (CLI), and enables auto version inspection and configuration. From the user perspective, the benefits are multiplied work efficiency and enhanced user experience of several devices operating at the same. And they only have to manage one device. The VSU technology also offers multiple benefits below:
• Easy management: Administrators can centrally manage all the devices at the same time. It is no longer necessary to configure and manage the switches one by one.
• Simplified typology: The VSU is regarded as one switch in the network. By connection of aggregation link and peripheral network devices, MSTP protocol is unnecessary as there is no Layer 2 loop network. All protocols operate as one switch.
• Millisecond failover: The VSU and peripheral devices are connected via the aggregation link. Upon failure event of any device or link, failover to another member link requires only 50 to 200ms.
• Exceptional scalability: The network is hot swappable, any devices leaving or joining the virtualized network cause zero impact on other devices.
Simplified Network Topology Enable by VSU
High Reliability
The RG-S2900G-E V3 Series supports spanning tree protocols of 802.1d, 802.1w, and 802.1s to ensure rapid convergence, improves fault tolerance capabilities, ensures stable running of networks and load balancing of links, and provides redundant links.
• Virtual Router Redundant Protocol (VRRP): Effectively ensure network stability.
• Rapid Link Detection Protocol (RLDP): Detect the connectivity of links and whether an optical fiber link is normal from both ends, and supports the loop detection function based on the port to prevent network faults caused by loops generated by the connection of devices such as hubs to ports.
• Ethernet Ring Protection Switching (ERPS) (G.8032): Implements loop blocking and link recovery on the master device. Other devices directly report link status to the master device. Without passing through other standby devices, the failover time of loop interruption and recovery is hence faster than STP. The ERSP’s link failover rate can be completed within milliseconds under ideal conditions.
• Rapid Ethernet Uplink Protection Protocol (REUP): When Spanning Tree Protocol (STP) is disabled, the Rapid Ethernet Uplink Protection Protocol (REUP) can provide basic link redundancy through the rapid uplink protection function and provide faster subsecond-level fault recovery than STP.
Software-Defined Networking (SDN)
With the all-new hardware architecture and Ruijie’s latest RGOS11.X modular operating system, the RG-S2900G-E V3 Series fully supports OpenFlow 1.3. in collaboration with Ruijie’s SDN controller, it forms a large-scale Layer 2 networking architecture with ease. Smooth upgrade of the whole network to a SDN one is also enabled. The switch series hence greatly simplifies the network management and minimizes network deployment savings.
Energy Efficiency
The RG-S2900G-E V3 Series adopts next-gen hardware architecture with a highly energy-saving circuit design and component selection. The device achieves a marked reduction in energy consumption. In addition to maximized energy saving, the RG-S2900G-E V3 Series also significantly lowers noise pollution. All models in the series deploy variable-speed axial fans, which support intelligent speed adjustment based on the current ambient temperature. All the features enable the switches to work smoothly and reduce power consumption and noise pollution at the same time.
The RG-S2900G-E V3 Series also supports auto-power-down mode. When an interface is down for a certain period of time, the system will automatically power it down for extra energy efficiency. EEE energy-saving mode is another feature highlight. The system will automatically turn an idle port into energy-saving mode. When there is a new packet, the system will issue listening streams to the port to resume service.
Easy Network Maintenance
The RG-S2900G-E V3 Series supports abundant features such as SNMP V1/V2/V3, RMON, Syslog, and logs and configuration backup using USB for routine diagnosis and maintenance. Administrators can use a wide variety of methods for easier management and such include CLI, web management, Telnet, CWMP(TR069),etc.
The RG-S2900G-E V3 Series fully supports RG-SNC (Smart Network Commander) which is a network management system launched by Ruijie Networks especially designed for network performance management and configuration. With a friendly browser UI, the SNC provides an extensive array of features such as network topology display, device management, performance monitoring, configuration & software management, real-time alarm and log & report management.
RG-SNC Topology Management
Design For Durability
In the corrosive gas, high humidity environment, electronic products will accelerate corrosion, reliability and lifetime will be shortened, However, deployment environments of access switch are different, there may be lack of temperature and humidity regulation and close to the source of pollution or the sea. Through the design for durability, RG-S29E V3 series switches can operate stably in a variety of deployment environments.
Fanless design: If the air flow on the surface of the electronic product is too fast, it will increase the degree of gas corrosion of the equipment and shorten the service life of the equipment. For low-power products, fanless design is the most effective anti-corrosion measures. The RG-S2928G-E uses a fanless design to reduce corrosive gases and dust ingress.