Huawei S5720-HI series are advanced Gigabit Ethernet switches that provide rich agile features. The switches are developed based on Huawei Versatile Routing Platform (VRP), and use the fully programmable structure to implement software definition and serv
HUAWEI S5720-HI Series Agile Fixed Switches
Huawei S5720-HI series are advanced Gigabit Ethernet switches that provide rich agile features. The
switches are developed based on Huawei Versatile Routing Platform (VRP), and use the fully programmable
structure to implement software definition and service change on demand. With services and network
convergence as the core, the switches provide the ubiquitous service function to ensure consistent user
experience. The Super Virtual Fabric (SVF) function virtualizes the entire network into one device. In
addition, the switches support flexible Ethernet networking, comprehensive VPN tunnel solutions, various
security control methods, intelligent deployment, and simple operation & maintenance. The S5720-HI
switches are the best choices for the branches of high-quality large- and middle-sized campus networks,
the core layer of small-sized campus networks, and the access layer of data center networks.
Product Characteristics and Advantages
Enabling networks to be more agile for services
• The high-speed Ethernet Network Processor (ENP) embedded in the S5720-HI is tailored for Ethernet.
The chip's flexible packet processing and traffic control capabilities can meet current and future service
requirements, helping build a highly scalable network.
• In addition to capabilities of traditional switches, the S5720-HI series provide fully programmable open
interfaces and supports user-defined forwarding behaviors. Enterprises can use the open interfaces to
develop new protocols and functions independently or jointly with equipment vendors to build campus
networks meeting their own needs.
• The ENP has a fully programmable architecture, on which enterprises can define their own forwarding
models, forwarding behaviors, and lookup algorithms. Microcode programmability makes it possible
to provision new services within six months, without the need of replacing the hardware. In contrast,
traditional ASIC chips use a fixed forwarding architecture and follow a fixed forwarding process. For this
reason, new services cannot be provisioned until new hardware is developed to support the services 1 to 3 years later.
Delivering abundant services more agilely
• The S5720-HI series integrates the AC function with 80 Gbps of wireless throughput, so customers do not
need to buy independent AC devices or hardware components. An S5720-HI switch can manage 1K APs
and 16K users, coping with the fast growth of wireless services.
• With the unified user management function, the S5720-HI authenticates both wired and wireless users,
ensuring a consistent user experience no matter whether they are connected to the network through
wired or wireless access devices. The unified user management function supports various authentication
methods, including 802.1x, MAC address, and Portal authentication, and is capable of managing users
based on user groups, domains, and time ranges. These functions visualize user and service management
and boost the transformation from device-centered management to user-centered management.
Providing fine granular network management more agilely
• The S5720-HI series use the Packet Conservation Algorithm for Internet (iPCA) technology that changes
the traditional method of using simulated traffic for fault location. iPCA technology can monitor network
quality for any service flow anywhere and anytime, without extra costs. It can detect temporary service
interruptions in a very short time and can identify faulty ports accurately. This cutting-edge fault detection
technology turns "extensive management" to "fine granular management."
• The S5720-HI supports the Super Virtual Fabric (SVF) and functions as a parent switch. With this
virtualization technology, a physical network with the "Small-sized core/aggregation switches + Access
switches + APs" structure can be virtualized into a "super switch", offering the industry's simplest network
• With the Easy Deploy function, the S5720-HI series manage access switches in a similar way an AC
manages APs. In deployment, access switches and APs can go online with zero-touch configuration. In
the Easy Deploy solution, the Commander collects topology information about the connected clients
and stores the clients' startup information based on the topology. Clients can be replaced with zerotouch configuration. The Commander can deliver configurations and scripts to clients in batches and query the delivery results. In addition, the Commander can collect and display information about power consumption on the entire network.
Complete VPN Tunnels
• S5720-HI series switches support the MPLS function and can work as access devices for high-quality
enterprise leased lines. The S5720-HI series can connect users in different VPNs and isolate users through
Huawei Enterprise Sx700 Series Switch Product
multi-instance routing. Users in multiple VPNs connect to a PE through the same physical uplink port on
the switch, which lowers a single user’s Capital Expenditure (CAPEX) for network deployment.
Flexible Ethernet networking
• In addition to traditional Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple
Spanning Tree Protocol (MSTP), the S5720-HI supports Huawei-developed Smart Ethernet Protection (SEP)
technology and the latest Ethernet Ring Protection Switching (ERPS) standard. SEP is a ring protection
protocol specific to the Ethernet link layer, and applies to various ring network topologies, such as open
ring topology, closed ring topology, and cascading ring topology. This protocol is reliable, easy to maintain,
and implements fast protection switching. ERPS is defined in ITU-T G.8032. It implements millisecond-level
protection switching based on traditional Ethernet MAC and bridging functions.
• The S5720-HI supports Smart Link and Virtual Router Redundancy Protocol (VRRP), which implement
backup of upstream links. One S5720-HI switch can connect to multiple aggregation switches through
multiple links, significantly improving reliability of access devices.
• The S5720-HI series have large tables, coping with the fast growth of data volume in the big data
era. With the support for 128K MAC addresses, 1M FIB entries, the S5720-HI series switch meets the
requirements of educational networks and metro area networks and allows the access of a large number
of terminals. The S5720-HI is the best choice in cloud computing era.
Various security control methods
• The S5720-HI series support MAC address authentication and 802.1x authentication and implement
dynamic delivery of VLAN, QoS, and ACL policies to users. They support port-based 802.1x, MAC address,
and hybrid authentications and VLANIF interface-based portal authentication.
• The S5720-HI provides a series of mechanisms to defend against DoS attacks and user-targeted attacks.
DoS attacks are targeted at switches and include SYN flood, Land, Smurf, and ICMP flood attacks. Usertargeted attacks include bogus DHCP server attacks, IP/MAC address spoofing, DHCP request flood, and
change of the DHCP CHADDR value.
• The S5720-HI series set up and maintain the DHCP snooping binding tables, and discard the packets
that do not match the table entries. Users can specify DHCP snooping trusted ports to ensure that users
connect only to the authorized DHCP server.
• The S5720-HI supports strict ARP learning, which prevents ARP spoofing attackers from exhausting ARP
• The S5720-HI supports MAC security (MACSec) that enables hop-by-hop secure data transmission.
Therefore, the S5720-HI can be applied to scenarios that pose high requirements on data confidentiality,
such as government and finance sectors.
Mature IPv6 features
• The S5720-HI is developed based on the mature, stable VRP and supports IPv4/IPv6 dual stacks, IPv6
routing protocols (RIPng, OSPFv3, BGP4+, and IS-IS for IPv6). With these IPv6 features, the S5720-HI can
be deployed on a pure IPv4 network, a pure IPv6 network, or a shared IPv4/IPv6 network, helping realize
Intelligent stack (iStack)
• The S5720-HI supports the iStack function that combines multiple switches into a logical switch. Member
switches in a stack implement redundancy backup to improve device reliability and use inter-device link
aggregation to improve link reliability. iStack provides high network scalability. You can increase ports,
bandwidth, and processing capacity of a stack by simply adding member switches to the stack. iStack also