Switches | Product Information
x220 Series
Gigabit Edge Switches
The Allied Telesis x220 Series are fully-managed high-performing Gigabit
Layer 3 switches. Integrated security features, plus 28 SFP or 48 Gigabit
copper ports, make them the ideal choice for long-distance fiber or
high-density copper connectivity at the edge of the network.
Overview
The x220-28GS features 24 x
100/1000X SFP slots and 4 x
100/1000X SFP uplinks to provided
extended reach at the network edge
in distributed environments. Secure
data transfer is ensured with Allied
Telesis Active Fiber Monitoring (AFM)
preventing data eavesdropping on all
short and long-distance fiber links.
The x220-52GP/GT have 48 x
10/100/1000T RJ-45 copper ports and
4x 100/1000X SFP uplinks. The Power
over Ethernet Plus (PoE+) model (52GP)
is an ideal solution for connecting and
remotely powering wireless access
points, IP video surveillance cameras
and IP phones.
A comprehensive feature-set provides
an excellent access solution for today’s
networks, with high performance
gigabit throughput.
Resilient
Allied Telesis Ethernet Protection
Switched Ring (EPSRing
distributed network segments to have
resilient high-speed access to online
resources and applications, and
provides continuous traffic flow even
during unscheduled outages.
TM
) enables
Powerful network management
Meeting the increased management
requirements of modern converged
networks, Allied Telesis Autonomous
Management Framework
automates many everyday tasks
including configuration management.
The entire network can be managed
as a single virtual device with
powerful centralized management
features. Growing the network can
be accomplished with plug-and-play
simplicity, and network node recovery
is fully zero-touch.
TM
(AMF)
AMF secure mode increases
network security with management
traffic encryption, authorization and
monitoring.
Secure
Network security is guaranteed, with
powerful control over all traffic types,
secure management options, and
other multi-layered security features
built right into the x220 Series.
Network Access Control (NAC) gives
unprecedented control over user
access to the network, successfully
mitigating threats to network
infrastructure.
The x220 Series use 802.1x portbased authentication, in partnership
with standards-compliant dynamic
VLAN assignment, to assess a user’s
adherence to network security policies
and either grant access or offer
remediation. Tri-authentication ensures
the network is only accessed by known
users and devices. Secure access is
also available for guests.
Security from malicious network
attacks is provided by a
comprehensive range of features such
as DHCP snooping, STP root guard,
BPDU protection and access control
lists. Each of these can be configured
to perform a variety of actions upon
detection of a suspected attack.
Network protection
Advanced storm protection features
include bandwidth limiting, policybased storm protection and packet
storm protection.
Network storms are often caused by
cabling errors that result in a network
loop. The x220 Series provides features
to detect loops as soon as they are
created. Loop detection and thrash
Key Features
ۼ Allied Telesis Autonomous
Management FrameworkTM (AMF)
ۼ Active Fiber Monitoring
ۼ AlliedWare Plus operating system
TM
and G.8032 high-speed ring
ۼ EPSR
connectivity
ۼ Management stacking
ۼ Static routing and RIP
ۼ DHCP snooping
ۼ IEEE 802.1x/MAC/Web
authentication support
ۼ PoE+ supplies up to 30W per port
ۼ PoE power budget of 740 Watts
ۼ Continuous PoE
limiting take immediate action to prevent
network storms.
Effortless management
The x220 Series runs the advanced
AlliedWare Plus
operating system, delivering a rich
feature set and an industry-standard
Command Line Interface (CLI). This
reduces training requirements and
is consistent across all AlliedWare
Plus devices, simplifying network
management.
The web-based Graphical User
Interface (GUI) is an easy-to-use and
powerful management tool, with
comprehensive monitoring facilities.
™
fully featured
617-000639 RevJ
x220 Series | Gigabit Edge Switches
ۼ
Key Features
Allied Telesis Autonomous
Management FrameworkTM (AMF)
ۼ AMF is a sophisticated suite of management tools
that provide a simplified approach to network
management. Common tasks are automated or
made so simple that the everyday running of a
network can be achieved without the need for
highly-trained, and expensive, network engineers.
Powerful features like centralized management,
auto-backup, auto-upgrade, auto-provisioning
and auto-recovery enable plug-and-play
networking and zero-touch management.
ۼ AMF secure mode encrypts all AMF traffic,
provides unit and user authorization, and
monitors network access to greatly enhance
network security.
Active Fiber Monitoring (AFM)
ۼ AFM prevents eavesdropping on fiber
communications by monitoring received optical
power. If an intrusion is detected, the link can be
automatically shut down, or an operator alert can
be sent.
Power over Ethernet Plus (PoE+)
ۼ With PoE, a separate power connection to media
endpoints such as IP phones and wireless access
points is not necessary. PoE+ reduces costs
and provides even greater flexibility, providing
the capability to connect devices requiring more
power (up to 30 Watts) such as pan, tilt and zoom
security cameras.
Continuous PoE
ۼ Continuous PoE allows the switch to be
restarted without affecting the supply of power
to connected devices. Smart lighting, security
cameras, and other PoE devices will continue to
operate during a software upgrade on the switch.
Ethernet Protection Switched Ring
(EPSRingTM)
ۼ EPSRing allows several x220 switches to form
a protected ring capable of recovery within as
little as 50ms. This feature is perfect for high
availability in enterprise networks.
G.8032 Ethernet Ring Protection
ۼ G.8032 provides standards-based high-speed
ring protection, that can be deployed standalone,
or interoperate with Allied Telesis EPSR.
ۼ Ethernet Connectivity Fault Monitoring (CFM)
proactively monitors links and VLANs, and
provides aler ts when a fault is detected.
Access Control Lists (ACLs)
ۼ The x220 Series features industry-standard
access control functionality through ACLs. ACLs
filter network traffic to control whether packets
are forwarded or blocked at the port interface.
This provides a powerful network security
mechanism to select the types of traffic to be
analyzed, forwarded, or influenced in some way.
An example of this would be to provide traffic
flow control.
VLAN ACLs
ۼ Simplif y access and traffic control across entire
segments of the network. ACLs can be applied to
a VLAN as well as a specific por t.
Easy To Manage
ۼ The AlliedWare Plus operating system
incorporates an industr y standard CLI, facilitating
intuitive manageability.
ۼ With three distinct modes, the CLI is very secure,
and the use of SSHv2 encrypted and strongly
authenticated remote login sessions ensures CLI
access is not compromised.
Storm protection
Advanced packet storm control features protect the
network from broadcast storms:
ۼ Bandwidth limiting minimizes the effects of the
storm by reducing the amount of flooding traffic.
ۼ Policy-based storm protection is more powerful
than bandwidth limiting. It restricts storm damage
to within the storming VL AN, and it provides the
flexibility to define the traffic rate that creates a
broadcast storm. The action the device should
take when it detects a storm can be configured,
such as disabling the port from the VL AN or
shutting the port down.
ۼ Packet storm protection allows limits to be set on
the broadcast reception rate, multicast frames and
destination lookup failures. In addition, separate
limits can be set to specify when the device will
discard each of the different packet type
Loop protection
ۼ Thrash limiting, also known as Rapid MAC
movement, detects and resolves network loops.
It is highly user-configurable—from the rate of
looping traf fic to the type of action the switch
should take when it detects a loop.
ۼ With thrash limiting, the switch only detects a
loop when a storm has occurred, which can
potentially cause disruption to the network. To
avoid this, loop detection works in conjunction
with thrash limiting to send special packets, called
Loop Detection Frames (LDF), that the switch
listens for. If a port receives an LDF packet, one
can choose to disable the port, disable the link, or
send an SNMP trap.
Spanning Tree Protocol (STP) Root
Guard
ۼ STP root guard designates which devices can
assume the root bridge role in an STP network.
This stops an undesirable device from taking
over this role, where it could either compromise
network performance or cause a security
weakness.
Bridge Protocol Data Unit (BPDU)
protection
ۼ BPDU protection adds extra security to STP. It
protects the spanning tree configuration by
preventing malicious DoS attacks caused by
spoofed BPDUs. If a BPDU packet is received on
a protected port, the BPDU protection feature
disables the port and alerts the network manager.
s.
Tri-authentication
ۼ Authentication options on the x220 Series
include alternatives to 802.1x port-based
authentication, such as web authentication, to
enable guest access and MAC authentication
for end points that do not have an 802.1x
supplicant. All three authentication methods—
802.1x, MAC-based and Web-based— can
be enabled simultaneously on the same port,
resulting in tri-authentication.
TACACS+ Command Authorization
ۼ Centralize control of which commands may
be issued by a specific user of an AlliedWare
Plus device. TACACS+ command authorization
complements authentication and accounting
services for a complete A A A solution.
Optical DDM
ۼ Most modern optical SFP/SFP+/XFP
transceivers support Digital Diagnostics
Monitoring (DDM) functions according to the
specification SFF-8472. This enables real
time monitoring of the various parameters of
the transceiver, such as optical output power,
temperature, laser bias current and transceiver
supply voltage. Easy access to this information
simplifies diagnosing problems with optical
modules and fiber connections.
VLAN Mirroring (RSPAN)
ۼ VLAN mirroring allows traf fic from a port on
a remote switch to be analysed locally. Traffic
being transmit ted or received on the port is
duplicated and sent across the network on a
special VLAN.
Find Me
ۼ In busy server rooms comprised of a large
number of equipment racks, it can be quite a
job finding the correct switch quickly among
many similar units. The “Find Me” feature
is a simple visual way to quickly identify the
desired physical switch for maintenance or
other purposes, by causing its LEDs to flash in
a specified pattern.
IPv6 Support
ۼ With the depletion of IPv4 address space, IPv6
is rapidly becoming a mandator y requirement for
many government and enterprise customers. To
meet this need, now and into the future, the x220
Series supports IPv6 for warding in hardware
and features MLD snooping for efficient use of
network bandwidth.
sFlow
ۼ sFlow is an industry-standard technology for
monitoring high-speed switched networks. It
provides complete visibility into network use,
enabling performance optimization, usage
accounting/billing, and defense against security
threats. Sampled packets sent to a collector
ensure it always has a real-time view of network
traffic.
2 | x220 Series
x220 Series | Gigabit Edge Switches
Key Solutions
Retail Management
Shop A
Shop B
FS980M
FS980M
x220
Shop C
x220
FS980M
Information
Kiosk
x930
x600-24
x220
Temp
Sensor
Servers
TEMP
Internet
Network
Attached
Sorage
Information
Kiosk
10 Gigabit link
1 Gigabit link
10/100 link
Link aggregation
Distributed retail network
The growth of large retail shopping complexes, and
open-air malls (as shown in the diagram above) have
increased the need for high performing networks. The
convergence of data from visitor information kiosks,
monitoring sensors, security management, and point of
sale systems requires a resilient solution.
The x220 Series supports Allied Telesis Ethernet
Protection Switched Ring (EPSRing) to ensure
distributed network segments have high-speed access
to online systems. Continuous traffic flow is enabled
with failover in a little as 50ms in the case of an
unscheduled device outage or link failure.
With 28 SFP ports, the x220-28GS extends network
reach to enable access connectivity right around
the retail precinct, or similarly an education
campus, manufacturing plant, or large distributed
business. All fiber links are kept secure with Active
Fiber Monitoring, which detects attempted data
eavesdropping and protects against intrusion.
To simplify and automate network management,
Allied Telesis Autonomous Management Framework
automatically backs-up the entire network, and
provides plug-and-play network growth and zerotouch unit replacement.
x220 Series | 3