Allied Telesis AlliedWare Plus 5.2.1 User Manual

Allied Telesis www.alliedtelesis.com

Datasheet | Operating System

AlliedWare Plus

TM

5.2.1

Operating System

AlliedWare Plus Advanced Features

• Industry Standard Command Line Interface

• Virtual Chassis Stacking

• Highly Modular Software Featuring

Independent Process Monitoring

• Superior Quality of Service - QoS

• Bridge Protocol Data Unit (BPDU) Protection

• 802.1x Dynamic VLANs

• Control Plane Prioritization -

CPP

Other Feature Highlights

• Access Control Lists - ACLs

• Spanning Tree

• Ethernet Protected Switching Rings - EPSR

• Virtual Router Redundancy Protocol - VRRP

• Link Aggregation Control Protocol - LACP

• Trigger Facility

• Logging Facility

• Scripting

• Web (HTTP) client

• Simple Mail Transfer Protocol -

SMTP

• Trivial File Transfer Protocol -

TFTP Client

• Dynamic Host Configuration Protocol Server

and Client - DHCP

• Simple Network Management Protocol -

SNMP

• Internet Group Management Protocol - IGMP

• IPv4 and IPv6 Static Routing

• Routing Information Protocol -

RIP

• Open Shortest Path First - OSPF

1

AlliedWare Plus software release 5.2.1 supports stacking
of 2 units. Support for more than 2 units will be available
in a future release.

AlliedWare PlusTMLayer 3 Fully
Featured Operating System

AlliedWare Plus™ is Allied Telesis' next generation
operating system. In keeping with the increasing
complexity of Allied Telesis' ever-improving and
feature-rich software, AlliedWare Plus employs a
new modular approach to software creation and
distribution. It represents a quantum shift in the
software development methodology for Allied
Telesis switches and routers - providing you with
even more features and greater robustness from
the operating system.

The AlliedWare Plus operating system combines
superior networking functionality and strong
management capabilities with the exceptional
performance that today's networks demand.
A standards-based implementation, it also assures
full interoperability with other major network
equipment, along with improved usability and
therefore a superior customer experience.

High-Performance and
High-Availability

Virtual Chassis Stacking

Virtual Chassis Stacking makes networking simple.
It allows you to connect between 2 and 8

1

switches together via high-bandwidth 15Gbps
stacking links.This aggregates the switches, which
then appear as a single switch, or 'Vir tual Chassis'.
The Virtual Chassis can be configured and
managed via a single serial console or IP address,
which provides greater ease of management in
comparison to an arrangement of individually
managed switches, and often eliminates the need
to configure protocols like VRRP and Spanning Tree .

Virtual Chassis Stacking provides a high availability
system where network resources can be spread
out across a number of stacked switches, thus
reducing the impact should any one of the stacked
switches fail. Ports on different switches across the
stack can be aggregated to provide excellent link
redundancy.

Hot-swappable XEM modules

The AlliedWare Plus operating system suppor ts
hot-swappable XEM modules, dramatically reducing
system downtime.You can remove and add XEM
modules, or swap a XEM for another of the same
sort - all without having to reboot or reconfigure
your network.

Modularity + Monitoring = Robust
Flexibility

AlliedWare Plus has a modular architecture,
providing superior reliability. It uses separate
software processes, or modules, to handle
different functions - for example management,
routing protocols, and control functions. Each of
these modules can only access its own allocated
memory, which prevents processes from
corrupting each other and causing system crashes.
Although independent of each other, modules
communicate via well-defined interfaces.

To achieve even greater reliability, independent
monitoring software has been utilized alongside
the modular architecture.This provides passive
monitoring and periodic health checks for all
important processes, and sends messages to
inform system administrators of issues and
resolutions.

Industry Standard Command Line
Interface (CLI)

The AlliedWare Plus operating system incorporates
an industry standard CLI, facilitating intuitive
manageability. Each command is associated with a
specific function, or a common function performing a
specific task.You can automate some of your
configuration tasks, as many of these commands may
also be used in scripts.Triggers can also be utilized,
providing a powerful mechanism for automatic and
timed management by automating the execution of
commands in response to specific events.

Continued on next page.

AlliedWare Plus

OPERATING SYSTEM

TM

Allied Telesis www.alliedtelesis.com

AlliedWare PlusTM| Operating System

Continued from previous page.

With three distinct modes, the CLI is very secure.
User exec mode allows users to view settings and
troubleshoot problems but does not allow any
changes to be made to the system. Privileged
execmode allows users to change system settings
and restart the device. Configuration changes are
only permitted in global configuration mode,
which reduces the risk of making accidental
configuration changes.

AlliedWare Plus Licensing Unlocks
New Features

With AlliedWare Plus, a single license password or
'key' is all that is necessary to activate a feature
bundle.This single key enables the bundled features
on all hardware of that particular product type.

License keys enable you to "unlock" additional
feature bundles that ship with the switches.

Policy-Based Quality of Service (QoS)

Comprehensive, low latency QoS features
operating at wire-speed provide flow-based traffic
management with full classification, prioritization,
traffic shaping and min/max bandwidth profiles.
The QoS features are ideal for service providers
wanting to ensure maximum availability of
premium voice, video and data services, and at the
same time manage customer service level
agreements. For enterprise customers, the QoS
features protect productivity by guaranteeing
performance of business-critical applications
(including VoIP services), and help to restore and
maintain responsiveness of enterprise applications
in the workplace.

Control Plane Prioritization

The Control Plane Prioritization (CPP) feature
allows you to allocate priorities to packet types, to
ensure minimum interruption to the flow of
control information through the network.

CPP stops the control plane from being flooded
by traffic in the event of a network storm or
Denial of Service (DoS) attack. This ensures
maximal performance and prevents network
outages. In addition, with CPP you can also limit
the amount of traffic that flows to the CPU to
ensure that performance of other services, such as
the CLI, are not affected should a network storm
or DoS attack occur.

Resiliency

Link Aggregation

Link aggregation allows a number of individual switch
ports to be combined, forming a single logical
connection of higher bandwidth.This provides a
higher performance link, and also provides
redundancy for a more reliable and robust network.

AlliedWare Plus supports IEEE standard 802.3ad link
aggregation, which can be configured manually, or
automated via the use of Link Aggregation Control
Protocol (LACP). LACP automatically detects
multiple links between two LACP enabled devices
and configures them to use their maximum possible
bandwidth by automatically combining the links.

VRRP - Virtual Router Redundancy Protocol

VRRP provides automatic backup in mission-critical
environments.This feature enables multiple routers
or switches to share a virtual IP address that serves
as the default LAN gateway. Should the master fail,
the other devices assume the virtual IP address.
LAN devices can continue to be configured with a
single default gateway address, and because VRRP is
a standards based protocol, full interoperability with
other VRRP-supported products is assured.

Ethernet Protection Switching Ring (EPSR)

EPSR allows several switches to form a protected ring
with sub 50ms failover.This feature is perfect for high
performance at the core of enterprise or provider
access networks.

MSTP - Multiple Spanning Tree Protocol

MSTP addresses the limitations in the existing
spanning tree protocols, Spanning Tree Protocol (STP)
and Rapid Spanning Tree Protocol (RSTP). MSTP is
similar to RSTP in that it provides loop resolution and
rapid convergence. However it also has the significant
extra advantage of making it possible to have different
forwarding paths for different multiple spanning tree
instances.This enables load balancing of network
traffic across redundant links.

Dual Software Images

Dual software images can be stored, providing
separate primar y and secondary operating system
files that function as backup during upgrades.

Security

802.1x, RADIUS Authentication and Dynamic
VLAN Assignment

The IEEE 802.1x standard manages port-based
network access. It provides authentication to devices
attached to a LAN port by initiating a connection or
preventing access from that port if authentication fails.
Valuable for authenticating and controlling user traffic
to a protected network, 802.1x is also effective for
dynamically varying encr yption keys. 802.1x attaches
the Extensible Authentication Protocol (EAP) to both
wired and wireless LAN media, and suppor ts multiple
authentication methods, such as token cards,
Kerberos, cer tificates, and public key authentication.

802.1x uses the RADIUS (Remote Authentication
Dial In User Service) protocol to transfer
authentication and configuration information between
the switch and a shared RADIUS authentication
Server., which manages a database of users and
provides authentication and configuration information
to the client.

Dynamic VLAN assignment allows an 802.1x
supplicant to be placed into a specific VLAN based on
information returned from the RADIUS server during
authentication.This limits the network access of a
supplicant to a specific VLAN that is tied to their
authentication, and prevents supplicants from
connecting to VLANs for which they are not
authorized. A port's VLAN assignment is determined
by the first supplicant to be authenticated on the port.

SSHv2 and SCP

The Secure Shell (SSH) version 2 protocol
provides encrypted and strongly authenticated
remote login sessions. SSHv2 provides sessions
between a host running a Secure Shell server and
a machine with a Secure Shell client.

Secure Copy Protocol (SCP) is also supported.
SCP allows for secure file transfer to and from the
switch, protecting your network from unwanted
downloads and unauthorized file copying.

Access Control Lists (ACLs)

AlliedWare Plus delivers industry-standard Access
Control functionality through access control lists
(ACLs).ACLs filter network traffic to control
whether routed packets are forwarded or blocked
at the port interface.The switch examines each
packet to determine whether to forward or drop
the packet based on the criteria that is specified
within the ACL, such as source and destination
MAC or IP address, IP protocol, or TCP/UDP port.
This provides a powerful network security
mechanism to select the types of traffic to be
analyzed, forwarded, or influenced in some way, for
example to restrict routing updates or provide
traffic flow control.

Allied Telesis www.alliedtelesis.com

AlliedWare PlusTM| Operating System

Bridge Protocol Data Unit (BPDU) Protection

BPDU Protection adds extra security to the
Spanning Tree Protocol (STP). It protects the
spanning tree configuration by preventing
malicious DoS attacks caused by spoofed BPDUs.

BPDU Protection is designed to be enabled on
ports that should not receive BPDUs. These are
edge ports connected to end user devices that do
not run spanning tree. If a spoofed BPDU packet
is received on a protected port, the BPDU
Protection feature disables the port and aler ts the
network manager.

VLAN Double Tagging

VLAN double tagging allows network service
providers to use a single VLAN to support
customers with multiple VLANs. In this way, they
can simply and cost-effectively offer IP-based
solutions in scalable implementations.

Service providers often have customers whose
VLAN range requirements overlap, and the traffic
from different customers is mixed in with the
service providers' infrastructure. With VLAN
double tagging, each customer is given a
customer-ID (CID), which is a unique identifier
within the service provider infrastructure.Traffic
from individual customers is tagged with the CID
and segregated from other customer's traffic.The
VLANs identification of the customer's network
can be preserved while the traffic is tunnelled
through the network service provider's
infrastructure.

Allied Telesis www.alliedtelesis.com

AlliedWare PlusTM| Operating System

AlliedWare Plus Operating System Features

Allied Telesis Product x900-12X x900-24X AT-SBx908

Software Release 5.2.1 5.2.1

5.2.1
Switching
Bridging (IEEE 802.1D)

D D D

VLAN

- Virtual Local Area Network

D D D

Storm Protection

D D D

Jumbo Frames

D D D

VLAN Double Tagging (Q-in-Q)

AL3 AL3 AL3
High Availability
STP

- Spanning Tree Protocol

D D D

RSTP

- Rapid Spanning Tree Protocol

D D D

MSTP (802.1s)

- Multiple Spanning Tree Protocol

D D D

EPSR

- Ethernet Protected Switched Rings

D D D

VRRP

- Virtual Router Redundancy Protocol

D D D

LACP

- Link Aggregation Control Protocol (802.3ad)

D D D

Virtual Chassis Stacking

F

D D

Security

802.1x

D D D

802.1x VLAN Assignment

D D D

Access Control Lists

D D D

SSL

- Secure Sockets Layer

D D D

SSHv2

- Secure Shell version 2

D D D

RADIUS

D D D

BPDU Protection

D D D

Intrusion Detection (Port Security)

D D D

Private VLANs

D D D

DHCP Option 82

D D

D

QoS / Performance Tuning
QoS

- Quality of Service

D D D

Policy Based QoS

D D D

Strict Priority and/or WRR Queue Servicing

- Weighted Round Robin

D D D

WRED Curves

- Weighted Random Early Discard

D D D

Priority Tagging (IEEE 802.1p)

D D D

Single-Rate Three-Color Marking

D D D

Two-Rate Three-Color Marking

D D D

Network Manageability
CLI

- Command Line Interface

D D D

RMON (1,2,3,9)

D D D

HTTP Client

D D D

TFTP Client

- Trivial File Transfer Protocol

D D D

SNMP

- Simple Network Management Protocol

D D D

Trigger Facility

D D D

Test Facility

D D D

Scripting

D D D

SCP

- Secure Copy

D D D

DHCP Client and Server

- Dynamic Host Configuration Protocol

D D D

Text Editor

D D

D

Telnet

D D D

NTP

- Network Time Protocol

D D D

Ping Polling

D D D

Syslog

D D D

DHCP Relay

D D D

DNS Relay

- Domain Name System

D D D

Routing
OSPFv2

- Open Shortest Path First

AL3 AL3 AL3
BGP-4

- Border Gateway Protocol version 4

AL3 AL3 AL3
RIPv1, RIPv2

D D D

ECMP

- Equal Cost Multipath Protocol

D D D

Route Maps

D D D

IPv6 Static Routes

IPv6 IPv6 IPv6

RIPng

IPv6 IPv6 IPv6
Multicasting
IGMP

- Internet Group Management Protocol

D D D

IGMP Proxy

D D D

PIM-SM

- Protocol Independent Multicast Sparse Mode

AL3 AL3 AL3

D = Feature is available in the Standard AlliedWare release of this product
AL3 = Feature is available with the Advanced L3 feature license for this product

F = Feature will be available in a future release

IPv6 =

Feature is available with the Advanced IPv6 feature license for this product

NNoottee::

This table does not provide a complete AlliedWare Plus

®

feature list.

For more information about individual products, see www.alliedtelesis.com.

AlliedWare PlusTM| Operating System

Feature licenses

About Allied Telesis

Allied Telesis is part of the Allied Telesis Group.
Founded in 1987, the company is a global
provider of secure Ethernet/IP access solutions
and an industry leader in the deployment of IP
Triple Play networks over copper and fiber
access infrastructure. Our POTS-to-10G iMAP
integrated Multiservice Access Platform and iMG
intelligent Multiservice Gateways, in conjunction
with advanced switching, routing and
WDM-based transport solutions, enable public
and private network operators and service
providers of all sizes to deploy scalable, carrier­grade networks for the cost-effective delivery of
packet-based voice, video and data services.Visit
us online at www.alliedtelesis.com.

Service and Support

Allied Telesis provides value-added support
services for its customers under its Net.Cover
programs. For more information on Net.Cover
support programs available in your area, contact
your Allied Telesis sales representative or visit
our website: www.alliedtelesis.com.

2

Available late 2008

Product Advanced L3:

BGP-4
OSPF
PIMv4
VLAN Double Tagging

IPv6 Pack2:
IPv6 Static Routing
IPv6 Management
RIPng

SwitchBlade®x908 AT-FL-SBX9-01 AT-FL-SBX9-01

Order number 980-000130 980-000130

x900-24XT AT-FL-X900-01 AT-FL-X900-02

Order number 980-000127 980-000128

x900-24XT-N AT-FL-X900-01 AT-FL-X900-02

Order number 980-000127 980-000128

x900-24XS AT-FL-X900-01 AT-FL-X900-02

Order number 980-000127 980-000128

x900-12XT/S AT-FL-X900-01 AT-FL-X900-02

Order number 980-000127 980-000128

USA Headquarters | 19800 North Creek Parkway | Suite 100 | Bothell |WA 98011 | USA |T: +1 800 424 4284 | F: +1 425 481 3895
European Headquarters | Via Motta 24 | 6830 Chiasso | Switzerland |T: +41 91 69769.00 | F: +41 91 69769.11
Asia-Pacific Headquarters | 11 Tai Seng Link | Singapore | 534182 |T: +65 6383 3832 | F: +65 6383 3830

www.alliedtelesis.com

© 2008 Allied Telesis Inc.All rights reser ved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners. 617-000477 Rev.D