Allied Telesis AlliedWare Plus 5.2.1 User Manual

Allied Telesis www.alliedtelesis.com

Datasheet | Operating System

AlliedWare Plus

TM

5.2.1

Operating System

AlliedWare Plus Advanced Features

• Industry Standard Command Line Interface

• Virtual Chassis Stacking

• Highly Modular Software Featuring

Independent Process Monitoring

• Superior Quality of Service - QoS

• Bridge Protocol Data Unit (BPDU) Protection

• 802.1x Dynamic VLANs

• Control Plane Prioritization -

CPP

Other Feature Highlights

• Access Control Lists - ACLs

• Spanning Tree

• Ethernet Protected Switching Rings - EPSR

• Virtual Router Redundancy Protocol - VRRP

• Link Aggregation Control Protocol - LACP

• Trigger Facility

• Logging Facility

• Scripting

• Web (HTTP) client

• Simple Mail Transfer Protocol -

SMTP

• Trivial File Transfer Protocol -

TFTP Client

• Dynamic Host Configuration Protocol Server

and Client - DHCP

• Simple Network Management Protocol -

SNMP

• Internet Group Management Protocol - IGMP

• IPv4 and IPv6 Static Routing

• Routing Information Protocol -

RIP

• Open Shortest Path First - OSPF

1

AlliedWare Plus software release 5.2.1 supports stacking
of 2 units. Support for more than 2 units will be available
in a future release.

AlliedWare PlusTMLayer 3 Fully
Featured Operating System

AlliedWare Plus™ is Allied Telesis' next generation
operating system. In keeping with the increasing
complexity of Allied Telesis' ever-improving and
feature-rich software, AlliedWare Plus employs a
new modular approach to software creation and
distribution. It represents a quantum shift in the
software development methodology for Allied
Telesis switches and routers - providing you with
even more features and greater robustness from
the operating system.

The AlliedWare Plus operating system combines
superior networking functionality and strong
management capabilities with the exceptional
performance that today's networks demand.
A standards-based implementation, it also assures
full interoperability with other major network
equipment, along with improved usability and
therefore a superior customer experience.

High-Performance and
High-Availability

Virtual Chassis Stacking

Virtual Chassis Stacking makes networking simple.
It allows you to connect between 2 and 8

1

switches together via high-bandwidth 15Gbps
stacking links.This aggregates the switches, which
then appear as a single switch, or 'Vir tual Chassis'.
The Virtual Chassis can be configured and
managed via a single serial console or IP address,
which provides greater ease of management in
comparison to an arrangement of individually
managed switches, and often eliminates the need
to configure protocols like VRRP and Spanning Tree .

Virtual Chassis Stacking provides a high availability
system where network resources can be spread
out across a number of stacked switches, thus
reducing the impact should any one of the stacked
switches fail. Ports on different switches across the
stack can be aggregated to provide excellent link
redundancy.

Hot-swappable XEM modules

The AlliedWare Plus operating system suppor ts
hot-swappable XEM modules, dramatically reducing
system downtime.You can remove and add XEM
modules, or swap a XEM for another of the same
sort - all without having to reboot or reconfigure
your network.

Modularity + Monitoring = Robust
Flexibility

AlliedWare Plus has a modular architecture,
providing superior reliability. It uses separate
software processes, or modules, to handle
different functions - for example management,
routing protocols, and control functions. Each of
these modules can only access its own allocated
memory, which prevents processes from
corrupting each other and causing system crashes.
Although independent of each other, modules
communicate via well-defined interfaces.

To achieve even greater reliability, independent
monitoring software has been utilized alongside
the modular architecture.This provides passive
monitoring and periodic health checks for all
important processes, and sends messages to
inform system administrators of issues and
resolutions.

Industry Standard Command Line
Interface (CLI)

The AlliedWare Plus operating system incorporates
an industry standard CLI, facilitating intuitive
manageability. Each command is associated with a
specific function, or a common function performing a
specific task.You can automate some of your
configuration tasks, as many of these commands may
also be used in scripts.Triggers can also be utilized,
providing a powerful mechanism for automatic and
timed management by automating the execution of
commands in response to specific events.

Continued on next page.

AlliedWare Plus

OPERATING SYSTEM

TM

Allied Telesis www.alliedtelesis.com

AlliedWare PlusTM| Operating System

Continued from previous page.

With three distinct modes, the CLI is very secure.
User exec mode allows users to view settings and
troubleshoot problems but does not allow any
changes to be made to the system. Privileged
execmode allows users to change system settings
and restart the device. Configuration changes are
only permitted in global configuration mode,
which reduces the risk of making accidental
configuration changes.

AlliedWare Plus Licensing Unlocks
New Features

With AlliedWare Plus, a single license password or
'key' is all that is necessary to activate a feature
bundle.This single key enables the bundled features
on all hardware of that particular product type.

License keys enable you to "unlock" additional
feature bundles that ship with the switches.

Policy-Based Quality of Service (QoS)

Comprehensive, low latency QoS features
operating at wire-speed provide flow-based traffic
management with full classification, prioritization,
traffic shaping and min/max bandwidth profiles.
The QoS features are ideal for service providers
wanting to ensure maximum availability of
premium voice, video and data services, and at the
same time manage customer service level
agreements. For enterprise customers, the QoS
features protect productivity by guaranteeing
performance of business-critical applications
(including VoIP services), and help to restore and
maintain responsiveness of enterprise applications
in the workplace.

Control Plane Prioritization

The Control Plane Prioritization (CPP) feature
allows you to allocate priorities to packet types, to
ensure minimum interruption to the flow of
control information through the network.

CPP stops the control plane from being flooded
by traffic in the event of a network storm or
Denial of Service (DoS) attack. This ensures
maximal performance and prevents network
outages. In addition, with CPP you can also limit
the amount of traffic that flows to the CPU to
ensure that performance of other services, such as
the CLI, are not affected should a network storm
or DoS attack occur.

Resiliency

Link Aggregation

Link aggregation allows a number of individual switch
ports to be combined, forming a single logical
connection of higher bandwidth.This provides a
higher performance link, and also provides
redundancy for a more reliable and robust network.

AlliedWare Plus supports IEEE standard 802.3ad link
aggregation, which can be configured manually, or
automated via the use of Link Aggregation Control
Protocol (LACP). LACP automatically detects
multiple links between two LACP enabled devices
and configures them to use their maximum possible
bandwidth by automatically combining the links.

VRRP - Virtual Router Redundancy Protocol

VRRP provides automatic backup in mission-critical
environments.This feature enables multiple routers
or switches to share a virtual IP address that serves
as the default LAN gateway. Should the master fail,
the other devices assume the virtual IP address.
LAN devices can continue to be configured with a
single default gateway address, and because VRRP is
a standards based protocol, full interoperability with
other VRRP-supported products is assured.

Ethernet Protection Switching Ring (EPSR)

EPSR allows several switches to form a protected ring
with sub 50ms failover.This feature is perfect for high
performance at the core of enterprise or provider
access networks.

MSTP - Multiple Spanning Tree Protocol

MSTP addresses the limitations in the existing
spanning tree protocols, Spanning Tree Protocol (STP)
and Rapid Spanning Tree Protocol (RSTP). MSTP is
similar to RSTP in that it provides loop resolution and
rapid convergence. However it also has the significant
extra advantage of making it possible to have different
forwarding paths for different multiple spanning tree
instances.This enables load balancing of network
traffic across redundant links.

Dual Software Images

Dual software images can be stored, providing
separate primar y and secondary operating system
files that function as backup during upgrades.

Security

802.1x, RADIUS Authentication and Dynamic
VLAN Assignment

The IEEE 802.1x standard manages port-based
network access. It provides authentication to devices
attached to a LAN port by initiating a connection or
preventing access from that port if authentication fails.
Valuable for authenticating and controlling user traffic
to a protected network, 802.1x is also effective for
dynamically varying encr yption keys. 802.1x attaches
the Extensible Authentication Protocol (EAP) to both
wired and wireless LAN media, and suppor ts multiple
authentication methods, such as token cards,
Kerberos, cer tificates, and public key authentication.

802.1x uses the RADIUS (Remote Authentication
Dial In User Service) protocol to transfer
authentication and configuration information between
the switch and a shared RADIUS authentication
Server., which manages a database of users and
provides authentication and configuration information
to the client.

Dynamic VLAN assignment allows an 802.1x
supplicant to be placed into a specific VLAN based on
information returned from the RADIUS server during
authentication.This limits the network access of a
supplicant to a specific VLAN that is tied to their
authentication, and prevents supplicants from
connecting to VLANs for which they are not
authorized. A port's VLAN assignment is determined
by the first supplicant to be authenticated on the port.

SSHv2 and SCP

The Secure Shell (SSH) version 2 protocol
provides encrypted and strongly authenticated
remote login sessions. SSHv2 provides sessions
between a host running a Secure Shell server and
a machine with a Secure Shell client.

Secure Copy Protocol (SCP) is also supported.
SCP allows for secure file transfer to and from the
switch, protecting your network from unwanted
downloads and unauthorized file copying.

Access Control Lists (ACLs)

AlliedWare Plus delivers industry-standard Access
Control functionality through access control lists
(ACLs).ACLs filter network traffic to control
whether routed packets are forwarded or blocked
at the port interface.The switch examines each
packet to determine whether to forward or drop
the packet based on the criteria that is specified
within the ACL, such as source and destination
MAC or IP address, IP protocol, or TCP/UDP port.
This provides a powerful network security
mechanism to select the types of traffic to be
analyzed, forwarded, or influenced in some way, for
example to restrict routing updates or provide
traffic flow control.