- Call us now: 86
- Email: xzh@combasst.com
Huawei S6720-SI series next-generation multi-gigabit fixed switches are ideal for high-speed wireless device access, 10 GE data center server access, and campus network access/aggregation.
1.Product Overview
Huawei S6720-SI series switches are Huawei-developed next-generation multigigabit 10GE fixed switches. The S6720-SI can provide high-speed wireless access, and access for 10GE servers in data centers or function as access/aggregation switches on a campus network.
The S6720-SI is one of the multigigabit fixed switches in the industry, providing line-rate multigigabit 100M/1G/2.5G/5G/10G access ports and 40GE uplink ports. It can be used to provide high-speed access for APs and 10 Gbit/s access to high-density servers or function as a core/aggregation switch on a campus network to provide 40 Gbit/s rate. In addition, S6720-SI provides a wide variety of services, comprehensive security policies, and various QoS features to help customers build scalable,manageable, reliable, and secure campus and data center networks.
Product Appearance |
Description |
S6720-26Q-SI-24S-AC |
l 24 × 10GE SFP+, 2 × 40GE QSFP+ l Double pluggable power supplies, AC power supply l USB l Forwarding performance: 240Mpps l Switching capacity: 2.56 Tbit/s |
S6720S-26Q-SI-24S-AC |
l 24 × 10GE SFP+, 2 × 40GE QSFP+ l Double pluggable power supplies, AC power supply l USB l Forwarding performance: 240Mpps l Switching capacity: 2.56 Tbit/s |
S6720-32C-SI-AC |
l 24 × 100M/1G/2.5G/5G/10G Base-T Ethernet ports, 4 × 10GE SFP+ l One extended slot l Double pluggable power supplies, AC power supply l USB l Forwarding performance: 240 Mpps l Switching capacity: 2.56 Tbit/s |
Product Appearance |
Description |
S6720-32C-SI-DC |
l 24 × 100M/1G/2.5G/5G/10G Base-T Ethernet ports, 4 × 10GE SFP+ l One extended slot l Double pluggable power supplies, DC power supply l USB l Forwarding performance: 240 Mpps l Switching capacity: 2.56 Tbit/s |
S6720-32C-PWH-SI |
l 24 × 100M/1G/2.5G/5G/10G Base-T Ethernet ports, 4 × 10GE SFP+ l One extended slot l Double pluggable power supplies, AC/DC power supply l Long distance PoE++ l USB l Forwarding performance: 240 Mpps l Switching capacity: 2.56 Tbit/s |
S6720-56C-PWH-SI |
l 32 × 10/100/1000Base-T Ethernet ports, 16 × 100M/1G/2.5G/5G/10GBase-T Ethernet ports, 4 × 10GE SFP+ l One extended slot l Double pluggable power supplies, AC/DC power supply l PoE++ l USB l Forwarding performance: 240 Mpps l Switching capacity: 2.56 Tbit/s |
S6720-52X-PWH-SI |
l 48 × 100M/1G/2.5G/5G/10GBase-T Ethernet ports, 4 × 10GE SFP+ l Double pluggable power supplies, AC/DC power supply l PoE++ l USB l Forwarding performance: 480 Mpps l Switching capacity: 2.56 Tbit/s |
3.Features and Highlights
l As the 802.11ac standard and related products are released, the wireless access rate has reached 2.5 Gbit/s. The S6720- SI multigigabit fixed switches match perfectly with high-speed APs, and provide the long distance PoE++ function and 60 W PoE on a port. The S6720-SI can provide Ethernet power supply for APs and surveillance cameras.
l S6720-SI provides up to 48×100M/1G/2.5G/5G/10G Base-T ports. Ports of the S6720-SI support 100M/1G/2.5G/5G/10G Base-T access and auto-sensing, maximizing the return on investment (ROI) and allowing users to flexibly deploy services.
l The S6720-SI provides multiple security measures to defend against Denial of Service (DoS) attacks and other attacks to networks or users. DoS attacks include SYN flood, Land, Smurf, and ICMP flood attacks. Attacks to networks refer to STP BPDU/root attacks. Attacks to users include bogus DHCP server attacks, man-in-the-middle attacks, IP/MAC spoofing attacks, DHCP request flood attacks, and DoS attacks by changing the CHADDR field of packets.
l The S6720-SI supports DHCP snooping, which generates user binding entries. DHCP snooping discards invalid packets that do not match any binding entries, such as ARP spoofing packets and IP spoofing packets. This prevents hackers from using
ARP packets to initiate man-in-the-middle attacks on campus networks. DHCP snooping trusted and untrusted ports can be specified to ensure that users connect only to the authorized DHCP server.
l The S6720-SI supports strict ARP learning. This feature prevents ARP spoofing attackers from exhausting ARP entries so that users can connect to the Internet normally. It also provides IP source check to prevent DoS attacks caused by MAC address spoofing, IP address spoofing, and MAC/IP spoofing. URPF provided by the S6720-SI reversely checks packet transmission path to authenticate packets, which can protect the network against source address spoofing attacks.
l The S6720-SI supports centralized MAC address authentication and 802.1X authentication. It authenticates users based on statically or dynamically bound user information such as the user name, IP address, MAC address, VLAN ID, port number,
and flag indicating whether antivirus software is installed. VLANs, QoS policies, and ACLs can be delivered to users dynamically.
l The S6720-SI can limit the number of MAC addresses learned on a port to prevent MAC address entries from being exhausted by source MAC address spoofing packets. This function minimizes packet flooding that occurs when MAC addresses of users cannot be found in the MAC address table.
l This series of switches supports MACsec, a secure LAN communication method based on 802.1AE and 802.1X. The switches provide identity authentication, data encryption, integrity check, and replay protection to protect Ethernet frames and prevent attack packets.
l The S6720-SI supports redundant power supplies. Users can choose a single power supply or use two power supplies to ensure device reliability. With two pluggable fan modules, the S6720-SI has a longer MTBF time than counterpart switches.
l The S6720-SI supports MSTP multi-process that enhances the existing STP, RSTP, and MSTP implementation. This function increases the number of MSTIs supported on a network. It also supports enhanced Ethernet reliability technologies such as Smart Link and RRPP, which implement millisecond-level link protection switchover and ensure network reliability. Smart Link and RRPP both support multi-instance to implement load balancing among links, further improving bandwidth usage.
l The S6720-SI supports enhanced trunk (E-trunk). A CE can be dual-homed to two PEs through Eth-Trunk links. This implements inter-device link aggregation and link load balancing, and greatly improves reliability of access devices.
l The S6720-SI supports the Smart Ethernet Protection (SEP) protocol, a ring network protocol applied to the link layer of an Ethernet network. SEP can be used on open ring networks and provides millisecond-level switchover to ensure uninterrupted services. This protocol is simple, reliable, easy to maintain, and supports fast switchover and flexible topology, enabling users to manage and plan networks conveniently.
l The S6720-SI supports G.8032, also called Ethernet Ring Protection Switching (ERPS). ERPS is based on traditional Ethernet MAC and bridging functions. It uses the mature Ethernet OAM and Ring Automatic Protection Switching (Ring APS or R-APS) technologies to implement millisecond-level protection switching on Ethernet. ERPS supports multiple services and provides flexible networking, reducing the OPEX and CAPEX.
l The S6720-SI supports VRRP. Two S6720-SI switches can form a VRRP group to ensure nonstop and reliable communication. Multiple equal-cost routes to an upstream device can be configured on the S6720-SI to provide route redundancy. When an active route is unreachable, traffic is switched to a backup route.
l The S6720-SI implements complex traffic classification based on packet information such as the 5-tuple, IP precedence, ToS, DSCP, IP protocol type, ICMP type, TCP source port, VLAN ID, Ethernet protocol type, and CoS. ACLs can be applied to inbound or outbound direction to filter packets. The S6720-SI supports the flow-based two-rate and three-color CAR. Each port supports eight priority queues and multiple queue scheduling algorithms such as WRR, DRR, PQ, WRR+PQ, and DRR+PQ, which ensures the quality of network services such as voice, video and data services.
l The S6720-SI supports iStack and virtualizes multiple switches into one logical switch. A port of the S6720-SI can be configured as a stack port using a command for flexible stack deployment. The distance between stacked switches is further increased when the switches are connected with optical fibers. Compared with a single device, iStack features powerful scalability, reliability, performance, and architecture. New member switches can join a stack to increase the system capacity or replace a faulty member switch without interrupting services. Compared with stacking of modular switches, the iStack function can increase system capacity and port density with no restriction of the hardware structure. Multiple devices in a stack can be considered as one logical device. These switches can be managed using a single IP address, which greatly reduces costs for system expansion and O&M.
l The S6720-SI supports automatic configuration, plug-and-play, deployment using a USB flash drive, and batch remote upgrade. These capabilities facilitate deployment, upgrade, and service provisioning, and simplify device management and maintenance. The maintenance costs are greatly reduced.
l The S6720-SI supports SNMPv1/v2/v3 and provides flexible methods for managing devices. Users can manage the S6720-SI using the CLI and Web NMS. The NQA function helps users with network planning and upgrades. In addition, the S6720-SI supports NTP, SSH v2, HWTACACS, RMON, log hosts, and port-based traffic statistics.
l The S6720-SI supports GVRP, which dynamically distributes, registers, and propagates VLAN attributes to reduce the manual configuration workloads of network administrators and ensure correct VLAN configuration.
l The S6720-SI supports MUX VLAN, a mechanism that isolates Layer 2 traffic between ports in a VLAN. MUX VLAN defines principal VLANs and subordinate VLANs. Subordinate VLANs can communicate with the MUX VLAN but cannot communicate with each other. This function prevents communication between network devices connected to certain ports or port groups but allows the devices to communicate with the default gateway. MUX VLAN is usually used on an enterprise intranet to isolate user ports from each other but allow them to communicate with server ports.
l The S6720-SI supports BFD, which provides millisecond-level fault detection for protocols such as OSPF, IS-IS, VRRP, and PIM to improve network reliability. The S6720-SI supports IEEE 802.1ag and IEEE 802.3ah. 802.1ag allows for point-to- point Ethernet fault management, and IEEE 802.3ah can detect faults in the last mile of an Ethernet link. Ethernet OAM improves the Ethernet network management and maintenance capabilities and ensures a stable network.
l The S6720-SI supports IPv4/IPv6 dual stack and can migrate from an IPv4 network to an IPv6 network. The S6720-SI hardware supports IPv4/IPv6 dual stack and IPv6 over IPv4 tunnels (including manual tunnels, 6to4 tunnels, and ISATAP tunnels). The S6720-SI can be deployed on IPv4 networks, IPv6 networks, or networks that run both IPv4 and IPv6. This makes networking flexible and enables a network to migrate from IPv4 to IPv6.
l The S6720-SI supports various IPv6 routing protocols including RIPng and OSPFv3. The S6720-SI supports the Neighbor Discovery Protocol (NDP) of IPv6, and manages packets exchanged between neighbors. It also provides the Path MTU Discovery (PMTU) mechanism to select a proper MTU on the path from the source to the destination, optimizing network resources and obtaining the maximum throughput.
l The Huawei cloud management platform allows users to configure, monitor, and inspect switches on the cloud, reducing on-site deployment and O&M manpower costs and decreasing network OPEX. Huawei switches support both cloud management and on-premise management modes. These two management modes can be flexibly switched as required to achieve smooth evolution while maximizing return on investment (ROI).
l Open Programmability System (OPS) is an open programmable system based on the Python language. IT administrators can program the O&M functions of a switch through Python scripts to quickly innovate functions and implement intelligent O&M.
l When some PoE++ ports on Huawei S6720-32C-PWH-SI work at 2.5 Gbit/s and Category 5E shielded network cables are used, these switches can provide 200-meter PoE power supply to Huawei specific APs, such as AP7052DN, AP7152DN, AP6052DN, AP8082DN, AP8182DN, AP7052DE, and AP7060DN.
l When a PoE switch is abnormal Power-off or the software version is upgraded, the power supply to PDs is not interrupted. This capability ensures that PDs are not powered off during the switch reboot.
l PoE switches can supply power to PDs within 10s after they are powered on. This is different from common switches that generally take 1 to 3 minutes to start to supply power to PDs. When a PoE switch reboots due to a power failure, the PoE switch continues to supply power to the PDs immediately after being powered on without waiting until it finishes reboot. This greatly shortens the power failure time of PDs.
l The S6720-SI provides telemetry technology to collect device data in real time and send the data to Huawei campus network analyzer CampusInsight. The CampusInsight analyzes network data based on the intelligent fault identification algorithm, accurately displays the real-time network status, effectively demarcates and locates faults in a timely manner, and identifies network problems that affect user experience, accurately guaranteeing user experience.
l The S6720-SI supports a variety of intelligent O&M features for audio and video services, including the enhanced Media Delivery Index (eMDI). With this eDMI function, the S6720-SI can function as a monitored node to periodically conduct statistics and report audio and video service indicators to the CampusInsight platform. In this way, the CampusInsight platform can quickly demarcate audio and video service quality faults based on the results of multiple monitored nodes.
l Switches support the intelligent upgrade feature. Specifically, switches obtain the version upgrade path and download the newest version for upgrade from the Huawei Online Upgrade Platform (HOUP). The entire upgrade process is highly automated and achieves one-click upgrade. In addition, preloading the version is supported, which greatly shortens the upgrade time and service interruption time.
l The intelligent upgrade feature greatly simplifies device upgrade operations and makes it possible for the customer to upgrade the version independently. This greatly reduces the customer's maintenance costs. In addition, the upgrade policies on the HOUP platform standardize the upgrade operations, which greatly reduces the risk of upgrade failures.
Item | S6720-26Q-SI-24S-AC S6720S-26Q-SI-24S-AC |
S6720-32X-SI-32S-AC | S6720-32C-SI-AC S6720-32C-SI-DC |
S6720-32C-PWH-SI-AC S6720-32C-PWH-SI |
S6720-56C-PWH-SI-AC S6720-56C-PWH-SI |
S6720-52X-PWH-SI |
Switching Capacity | 2.56 Tbit/s | 2.56 Tbit/s | 2.56 Tbit/s | 2.56 Tbit/s | 2.56 Tbit/s | 2.56 Tbit/s |
Forwarding Performance | 240 Mpps | 240 Mpps | 240 Mpps | 240 Mpps | 240 Mpps | 480 Mpps |
Fixed Ports | 24 x 10 GE SFP+ 2 x 40 GE QSFP+ |
32 x 10 GE SFP+ | 24 x 100M/1G/ 2.5G/5G/10G Base-T Ethernet ports 4 x 10 GE SFP+ |
24 x 100M/1G/ 2.5G/5G/10G Base-T Ethernet ports 4 x 10 GE SFP+ |
32 x 10/100/1,000 Base-T Ethernet ports 16 x 100M/1G/ 2.5G/5G/10G Base-T Ethernet ports 4 x 10 GE SFP+ |
48 x 100M/1G/ 2.5G/5G/10G Base-T Ethernet ports 4 x 10 GE SFP+ |
Extended Slots | Not supported | Not supported | One extended slot | One extended slot | One extended slot | Not supported |
MAC Address Table | 32K MAC address learning and aging Static, dynamic, and blackhole MAC address entries Packet filtering based on source MAC addresses |
|||||
VLAN Features | 4,094 VLANs Guest VLAN and voice VLAN VLAN assignment based on MAC addresses, protocols, IP subnets, policies, and ports VLAN mapping Super VLAN Basic QinQ and selective QinQ |
|||||
IP Routing | Static routing, RIPv1, RIPv2, ECMP, URPF, OSPF, IS-IS, and BGP VRRP Policy-based routing Routing policies RIPng OSPFv3 BGP4+ ISISv6 |
|||||
Interoperability | VLAN-based Spanning Tree (VBST) (interoperating with PVST, PVST+, and RPVST) Link-type Negotiation Protocol (LNP) (similar to DTP) VLAN Central Management Protocol (VCMP) (similar to VTP) |