Switches
PRODUCT INFORMATION
x600 Series
Intelligent Gigabit Layer 3+ Switches
The Allied Telesis x600 Series is an advanced series of
stackable switches providing high performance, flexibility
and reliability.
Scalable
The choice of 24-port and 48-port
versions, coupled with the ability to stack
up to 4 units, allows the Allied Telesis
x600 Series to connect anything from
a small workgroup right up to a large
business.
With a choice of 1 or 10 Gigabit uplink
ports, bandwidth can be tailored to suit
the network application. Hot-swappable
XFPs provide high-speed, high-capacity
fiber uplinks, with up to 40Gbps uplink
capacity from each switch to the network
core — so a 4-unit stack can provide a
massive 160Gbps of uplink bandwidth
independent from stacking bandwidth.
The flexibility of the x600 Series, coupled
with the ability to stack multiple
units, ensures a future-proof network.
Secure
Advanced security features protect
the network from the edge to the core.
Network Access Control (NAC) assures
security, allowing unprecedented
control over user access to the network
and mitigating threats to network
infrastructure. 802.1x port-based
authentication, in partnership with
standards-compliant dynamic VLAN
assignment, assesses a user’s network
security adherence and either grants
authentication or offers remediation.
Authentication options on the x600
Series also include alternatives to
802.1x port-based authentication, such
as web authentication to enable guest
access, and MAC authentication for
end points that do not have an 802.1x
supplicant. All three authentication
methods — 802.1x, MAC-based
and Web-based, — can be enabled
simultaneously on the same port. This
is called tri-authentication.
Manageable
The x600 Series runs the advanced
AlliedWare Plus™ fully featured operating
system, delivering a rich feature set
and an industry-standard CLI. The
industry-standard CLI reduces training
requirements and is consistent across
all AlliedWare Plus devices, simplifying
network management.
The built-in, web-based Graphical User
Interface is an easy-to-use and powerful
management tool. With comprehensive
monitoring facilities and the ability to
view a virtual chassis as a single entity,
the GUI is an essential part of a network
management toolkit.
New Features
ۼۼ EPSR SuperLoop Protection
ۼۼ Optical DDM
ۼۼ PIM - SSM
ۼۼ TACACS+ Accounting
ۼۼ IPv6 Features
alliedtelesis.com
NETWORK SMARTER
x600 Series | Intelligent Gigabit Layer 3+ Switches
Key Features
Network Access Control (NAC)
ۼۼ NAC allows for unprecedented control over user
access to the network, in order to mitigate threats
to network infrastructure. Furthermore, if multiple
users share a port multi-authentication is used.
Different users on the same port can be assigned
into different VL ANs, and so given dif ferent levels
of network access. Additionally, a Guest VLAN can
be configured to provide a catch-all for users who
aren’t authenticated.
Network in a Box
ۼۼ Simplifies administration by integrating
several network services into the x600
switch.
ۼۼ Radius Server checks the identity of users
to keep the network safe.
ۼۼ Storm Control ensures a robust network
by managing the amount of traffic allowed
on the network, and dealing with any
unexpected surges.
ۼۼ DHCP server automates the distribution
of network addresses to PCs.
ۼۼ A centralized Timekeeper ensures
the network is always working in full
synchronicity.
ۼۼ Loop Protection guards against accidental
wiring mistakes.
VCStack™ (Virt ual Chass is Stacki ng)
ۼۼ Create a VCStack with up to four units. VCStack
provides a highly available system where network
resources are spread out across stacked units,
reducing the impact if one of the units fails.
Aggregating switch ports on different units across
the stack provides excellent network resiliency.
EPSRing™ (Ethernet Protection
Switched Rings)
ۼۼ EPSR and 10 Gigabit Ethernet allow several x600
Series to form a high speed protected ring capable
of recovery within as little as 50ms. This feature is
perfect for high performance and high availability in
enterprise networks.
ۼۼ SuperLoop Protection enables a link between
two EPSR nodes to be in separate EPSR domains,
improving redundancy and network fault resiliency.
Industry-leading Quality of Service
(QoS)
ۼۼ Comprehensive low-latency wirespeed QoS
provides flow-based traffic management with
full classification, prioritization, traffic shaping
and min/max bandwidth profiles. Enjoy boosted
network performance and guaranteed deliver y of
business-critical ethernet services and applications.
Time-critical services such as voice and video
take precedence over non-essential services such
as file downloads, maintaining responsiveness of
Enterprise applications.
Power over Ethernet Plus (PoE+)
ۼۼ With the AT-x600-24Ts-POE and POE+, a separate
power connection to media endpoints such as IP
phones and wireless access points is not required.
PoE+ provides even greater flexibility, as it is
capable of connecting devices that require more
power (up to 30 Watts), for example tilt and zoom
security cameras. Diagram 1 shows an example of
PoE+ power provisioning.
Link Layer Discovery Protocol–Media
Endpoint Discovery (LLDP–MED)
ۼۼ LLDP-MED extends LLDP’s basic network
endpoint discovery and management functions.
LLDP-MED allows for media endpoint specific
messages, providing detailed information on power
requirements, network policy, location discovery
(for Emergency Call Ser vices) and inventory.
Voice VLAN
ۼۼ Voice VLAN automatically separates voice and data
traffic into two dif ferent VLANS. This automatic
separation places delay-sensitive traffic into a
voice dedicated VL AN, which simplifies QoS
configurations.
sFlow
ۼۼ sFlow is an industry standard technology for
monitoring high speed switched networks. It
provides complete visibility into network use,
enabling performance optimization, usage
accounting/billing, and defense against security
threats. Sampled packets sent to a collector ensure
it always has a real-time view of network traf fic.
Terminal Access Controller Access–
Control System Plus (TACACS+)
Authentication and Accounting
ۼۼ TACACS+ provides access control and accounting
for network users from a centralized server.
Authentication is carried out via communication
between the local switch and a TACACS+ server,
to check the credentials of users seeking network
access. Accounting enables user sessions and CLI
commands to be logged to create an audit trail for
user activity.
Optical DDM
ۼۼ Most modern optical SFP/SFP+/XFP transceivers
support Digital Diagnostics Monitoring ( DDM )
functions according to the specification SFF-8472.
This enables various parameters of the transceiver
to be monitored in real-time, such as optical
output power, temperature, laser bias current
and transceiver supply voltage. The x600 Series
provides easy access to this information simplifying
diagnosing problems with optical modules and fiber
connections.
Diagram 1: PoE+ provision
2 | x600 Series
SBx908
Servers
x600
1 Gigabit link
Link aggregation
x600 Series | Intelligent Gigabit Layer 3+ Switches
Key Solutions
NAC (Network Access Control)
802.1x authenticated
device
Policy
and
RADIUS
Server
Policy Decision Poin
x600-24Ts
Tri-authentication
capable switch
Web authenticated
device
Diagram 2: NAC with Tri-authentication
One of the major security issues facing enterprise
networks is prevention of internal breaches and malicious
software infiltration. Internal defense requires significant
involvement with individual network devices, which is
costly and time consuming. NAC lowers this overhead and
provides an effective solution to internal network security.
NAC automates network security policy management,
allowing easy control of network access and management
of network security. NAC uses 802.1x port-based
authentication in partnership with standards-compliant
dynamic VLAN assignment, to assess a user’s adherence
to network security policies, and then either grant
authentication or offer remediation. Allied Telesis NAC also
supports alternatives to 802.1x port-based authentication,
such as web authentication to enable guest access, and
Policy Enforcement Point
MAC authenticated
device
Access Requestor
MAC authentication for end points that do not have an
802.1x supplicant.
Tri-Authentication provides a way for the network to
successfully manage authentication of all devices.
Allied Telesis is a partner with Microsoft, supporting
Microsoft Network Access Protection (NAP) technology.
Allied Telesis is committed to providing secure networks,
and interoperability with Microsoft’s network access
control solution is an important component of an already
comprehensive security set. The Allied Telesis NAC
solution also interoperates with many other third party
NAC solutions.
NETWORK SMARTER
x600 Series | 3