Cisco Superx User Manual
DATA SHEET
BROCADE
FASTIRON
SUPERX
FAMILY
ENTERPRISE
LAN SWITCHING
HIGHLIGHTS
Industry-leading, chassis-based convergence
•
solution provides a scalable, secure, lowlatency and fault-tolerant infrastructure for
cost-effective deployment of Voice over IP
(VoIP), wireless, and high-capacity data services
throughout the enterprise
The Brocade SuperX™ family features an N+1
•
power redundancy design to enhance power
operation and simplify system conguration
A rich suite of security features including IP source
•
guard, dynamic Address Resolution Protocol
(ARP) inspection, and DHCP snooping shields the
enterprise from internal and external threats
Highest Class 3 PoE capacity in the industry—The
•
FastIron SX 1600 scales to 36 10-GE and 384
POE ports of 10/100/1000 Mbps, each capable
of delivering 15.4 watts to provide customers with
a convergence-ready infrastructure that will scale
to support future growth
Combined SP/WRR queuing and cell-based
•
switch fabric ensure low latency and jitter for
voice and video trafc
Intelligent PoE and conguration management
•
with LLDP, LLDP-MED and PoE Prioritization for
IP Phones
Redundant architecture and resilient protocols
•
ensure business continuity in the event of
network or equipment failure(s)
Embedded, hardware-based sFlow™ trafc
•
monitoring enables network-wide accounting,
utilization reporting, capacity planning, intrusion
detection, and more
Advanced IronWare™ Layer 2 Ethernet switching
•
with robust suite of security capabilities
Flexibility option to upgrade the software to full
•
Layer 3, including support for IP routing protocols
such as RIPv1/v2, OSPF, BGP, and support for
multicast routing
IronShield™ 360 intrusion protection delivers
•
dynamic and real-time protection from network
and host-based attacks
High Performance, Intelligent
Switches For Total Network
Convergence
Businesses continue to strive to be
competitively superior and demand network
infrastructures be resilient, secure, and
do more with less. As requirements to
protect, optimize, and grow the enterprise
have extended from basic connectivity to
a much higher level of intelligent servicebased infrastructures, the network has
evolved to provide an even greater value to
the organizations. The Brocade® FastIron®
SuperX/SX family of PoE-ready Layer
2/Layer 3 switches provides a superior
scalable foundation for better operational
efciency and faster response to business
opportunities today and into the future.
The FastIron SuperX/SX family extends
control from the network edge to the
backbone with intelligent network services,
including superior quality of service (QoS),
predictable performance, advanced security,
comprehensive management, and integrated
resiliency. Additionally, the FastIron SuperX/
SX family offers compatibility in a common
operating system, and a shared interface
and power supply modules reduce the cost of
ownership by minimizing operational expenses
and improving return on investment (ROI).
The FastIron SuperX/SX family has an
extensive feature set, making it well suited
for real-time collaborative applications, IP
telephony, IP video, e-learning, wireless
LANs, and raising the organization’s
productivity. The FastIron SuperX/SX family
delivers wire-speed performance and ultra
low latency, which are ideal for converged
network applications such as VoIP and video
conferencing. These platforms present the
industry’s most scalable and resilient PoE
design, with a robust feature set to secure
and simplify the deployment of an edge-tocore converged network. In addition, the
FastIron SuperX/SX family supports highdensity 10 Gigabit Ethernet for enterprise
backbone deployments.
In addition, service providers will benet from
the power that IronWare operating system’s
networking intelligence offers, including
advanced Layer 2 services, the Brocade
Metro Ring Protocol (MRP) for rapid service
restoration in ring-based topologies, VLAN
stacking for tunneled VLAN services, and
rich bandwidth management for controlling
network utilization.
FUTURE-PROOFING THE NETWORK
WITH IPV6
Migration to IPv6 is inevitable, but by
starting with the deployment of IPv6-capable
hardware the transition can be more
controlled and less disruptive to the network.
Japan and Europe are aggressively deploying
IPv6, and deployment in North America is on
the rise. In fact, some government agencies
are mandating the purchase of IPv6capable switches and routers. Therefore,
it is important that enterprises and service
providers plan to deploy IPv6-capable devices
to capitalize on this inevitable change.
The Brocade IPv6-capable FastIron SuperX/
SX family combined with other Brocade
products such as BigIron® and NetIron®,
provides the industry’s most complete endto-end IPv6 solution. Customers can deploy
the FastIron SuperX/SX family switches
knowing it is IPv6-capable hardware today,
and that future separately priced software
upgrades will support IPv6 routing and
advanced IPv6 features tomorrow.
The new IPv6-capable FastIron SuperX/SX
family switches enable network managers
to future-proof the network to support
IPv6. These high performance, IPv6-ready
platforms deliver security, convergence,
and complete IPv4/IPv6 visibility using
embedded sFlow for a robust edge-to-core
IPv6 solution. Migration to IPv6 is inevitable.
By starting early with the deployment of
IPv6-capable hardware, the transition can be
more controlled and less disruptive to
the network.
CONFIGURATION ALTERNATIVES
The FastIron SuperX/SX family of switches is
optimized for exibility with upgradeability for
PoE, redundant management, switch fabric
and power, and 10 Gigabit Ethernet. Available
in three chassis models, the scalable FastIron
SuperX/SX family helps enterprises and
service providers reduce costs and gain the
operational benets of a common operating
system, a shared interface, and common
power supply modules.
The FastIron SuperX
8 Interface slots
•
Up to 192 Class 3 PoE ports
•
N+1 system power redundancy
•
N+1 PoE power redundancy
•
The FastIron SX 800
8 interface slots
•
Up to 192 Class 3 PoE ports
•
N+1 system power redundancy
•
N+1 PoE power redundancy
•
Management redundancy
•
Fabric redundancy
•
The FastIron SX 1600
Up to N+3 system power redundancy
•
Up to N+3 PoE power redundancy
•
Up to 384 Class 3 PoE ports
•
Up to 36 10GbE ports
•
Management redundancy
•
Fabric redundancy
•
PRIMARY FEATURES AND BENEFITS
Solution Designed for High-Quality
and Reliable Network Convergence
The FastIron SuperX/SX family provides
a scalable, secure, low-latency, and faulttolerant infrastructure for cost-effective
integration of VoIP, video, wireless access,
and high-performance data onto a common
network. The system architecture features
a scalable and resilient PoE design and a
low-latency, cell-based switch fabric with
intelligent trafc management to ensure
reliable and high-quality VoIP service. A
rich suite of security features, including
policy-based access control, IP source
guard, dynamic ARP inspection, and
DHCP snooping, work in unison to control
network access and shield the network
from internal and external threats. The
FastIron SuperX/SX family establishes a
new class of convergence-ready solutions,
enabling organizations to implement a
secure, reliable, scalable, and high-quality
infrastructure for total network convergence.
Resilient Power Distribution and
Consumption in Support of Green
Initiatives
The FastIron SuperX/SX family features
a unique power distribution design for
the system and PoE power. The chassis
are designed with independent systems
and PoE power subsystems. This design
achieves optimal power operation and
conguration, reducing the equipment
and ongoing costs, in comparison to
modular systems that use a common power
supply for both the systems and the PoE
equipment. In the FastIron SuperX/SX
family, the power consumption of a line
module’s PoE circuitry does not impact
the system power. Similarly, the power
consumption of the line modules, switch
modules, and management modules does
not impact the PoE power.
Power consumption for the system and PoE
are calculated, provisioned, and managed
independently of one another. As more PoE
devices are added to a switch, a simple
power budget calculation determines
whether another PoE power supply needs
to be added to the switch. The system
power distribution and the PoE power
distribution subsystems are each designed
for M+N load-sharing operation. This dual-
distribution power design simplies the
power conguration of the system while
enhancing system reliability.
The chassis can be congured for a wide
range of power environments including:
110V/220V AC power, -48V DC power and
mixed AC/DC power congurations. To scale
PoE congurations, PoE power supplies
are available in two ratings—1250W
and 2500W. When congured with four
2500W PoE supplies, the FastIron SX
1600 supports up to 384 10/100/1000
Mbps Class 3 PoE ports and still maintains
N+1 power redundancy. This resiliency is
unmatched in the industry.
Intelligent and Scalable Power Over
Ethernet (PoE)
PoE is a key enabler of applications such
as VoIP, IEEE 802.11 wireless LANs, and IP
video. The FastIron SuperX/SX is a thirdgeneration PoE-capable switch family and
incorporates the latest advances in PoE
provisioning and system design, delivering
scalable and intelligent PoE to the enterprise.
The PoE power distribution subsystem
is independent of the system power,
eliminating system disruption in the event of
PoE over-subscription or a PoE power failure.
Customers have the choice of purchasing
PoE-ready line modules or upgrading
10/100/1000 Mbps line modules when
needed with eld-installable PoE daughter
modules. PoE power per port can be
manually or dynamically congured. Dynamic
conguration is supported using standards-
based autodiscovery or legacy Layer 2
discovery protocols. Port priorities are also
congurable and are used to prioritize PoE
power in over-subscribed congurations.
Advanced QoS and Low Latency for
Enterprise Convergence
The FastIron SuperX/SX family offers
superior quality of service (QoS) features
that enable network administrators to
prioritize high-priority and delay-sensitive
services throughout the network. FastIron
SuperX/SX switches can classify, re-classify,
police, mark, and re-mark an Ethernet
frame or an IP packet prior to delivery.
This exibility lets network administrators
discriminate among various trafc ows and
enforce packet-scheduling policies based on
Layer 2 and Layer 3 QoS elds.
Once classied, the trafc is queued and
scheduled for delivery. Three congurable
queuing options provide the network
administrator with exible control over how
the system services the queues. Weighted
Round Robin (WRR) queuing applies user-
congured weighting for servicing multiple
queues, ensuring that even low priority
queues are not starved for bandwidth. With
Strict Priority (SP) queuing, queues are
serviced in priority order ensuring that the
highest-priority trafc is serviced ahead of
lower priority queues. Combined SP and
WRR queuing ensures that packets in the
SP queue are serviced ahead of the WRR
queues. Combined queuing is often used
in VoIP networks where the VoIP trafc is
assigned to the SP queue and data trafc
is assigned to the WRR queues.
In addition, the switch management modules
are available with integrated Gigabit Ethernet
or 10-Gigabit Ethernet ports. These modules
provide cost-effective system congurations
supporting high-capacity connections to
upstream switches. The management
modules utilize high-performance system
processors with high-capacity memory for
scalable networking up to a routing capacity
of 1 million BGP routes and 20 BGP peers.
The FastIron SuperX/SX switches utilize an
advanced cell-based switch fabric with internal
ow-control, ensuring very low latency and jitter
performance for converged applications.
Ease of Use: Plug and Play
The FastIron SuperX/SX family supports
the IEEE 802.1AB LLDP and ANSI TIA 1057
LLDP-MED standards, enabling organizations
to build open convergence, advanced multi-
vendor networks. LLDP greatly simplies
and enhances network management, asset
management, and network troubleshooting.
For example, it enables discovery of accurate
physical network topologies, including those
that have multiple VLANs where all subnets
may not be known. LLDP-MED addresses the
unique needs that voice and video demand
in a converged network by advertising media
and IP telephony specic messages that
can be exchanged between the network and
the endpoint devices. LLDP-MED provides
exceptional interoperability, IP telephony
troubleshooting, and automatic deployment
of policies, inventory management, advanced
PoE power negotiation, and E911 location/
emergency call service. These sophisticated
features make converged network services
easier to install, manage, and upgrade and
signicantly reduce operations costs.
Flexible Bandwidth Management
The FastIron SuperX/SX switches support a
rich set of bandwidth management features,
allowing granular control of bandwidth
utilization. On ingress, extended ACLs can be
used in combination with trafc policies to
control bandwidth by user, by application, and
by VLAN. On egress, outbound rate limiting
can control bandwidth per port and per priority
queue. These features allow the network
operator ne-grained control of bandwidth
utilization based on a wide range of application
and user criteria.
Complete Solution for Multicast
and Broadcast Video
The use of video applications in the
workplace requires support for scalable
multicast services from the edge to the
core. IGMP and PIM snooping improves
bandwidth utilization in Layer 2 networks
by restricting multicast ows to only those
switch ports that have multicast receivers.
In Layer 3 networks, support for IGMP (v1,
v2, and v3), IGMP Proxy, PIM-SM, PIM-SSM,
and PIM-DM multicast routing optimizes
trafc routing and network utilization for
multicast applications.
Advanced Full Layer 2/Layer 3 WireSpeed IP Routing Solution
Advanced IronWare supports a full
complement of unicast and multicast
routing protocols, enabling users to build
fully featured Layer 2/Layer 3 networks.
Supported routing protocols include
RIPv1/v2, OSPF, PIM-SM/DM, BGP, and
Equal Cost Multi-path (ECMP) for improved
network performance. M2, M3, and
M4 management modules can support
routing table capacity of up to 1,000,000
BGP routes and 20 BGP peers. FastIron
SuperX/SX switches can be upgraded with
Advanced IronWare routing software (a
Layer 3 upgrade).
To achieve wire-speed Layer 3 performance,
the FastIron SuperX/SX switches support
Brocade Direct Routing (BDR), in which
the forwarding information base (FIB) is
maintained in local memory on the line
modules. The hardware forwarding tables are
dynamically populated by system management
with as many as 256,000 routes.
Comprehensive Security Suite
Security is a concern for today’s network
managers, and the FastIron SuperX/SX
switches support a powerful set of network
management solutions to help protect the
switch. Multilevel access security on the
console and a secure Web management
interface prevent unauthorized users
from accessing or changing the switch
conguration. Using Terminal Access
Controller Access Control Systems (TACACS/
TACACS+) and RADIUS authentication,
network managers can enable considerable
centralized control and restrict unauthorized
users from altering network congurations.
The FastIron SuperX/SX family includes
Secure Shell (SSHv2), Secure Copy,
and SNMPv3 to restrict and encrypt
communications to the management
interface and system, thereby ensuring
highly secure network management access.
For an added level of protection, network
managers can use ACLs to control which
ports and interfaces have TELNET, Web,
and/or SNMP access.
Controlling network access is a top priority
for network operators. FastIron SuperX/SX
switches support a exible suite of access
control capabilities in the IronShield product.
IronShield’s network access control features
include multi-host IEEE 802.1x and MAC
authentication schemes. Upon successful
user or device authentication, the FastIron
SuperX/SX switch will apply the appropriate
access policy for the user. The access policy
may dene the assigned VLAN, QoS, and
ACL to be applied to the user’s trafc. The
network administrator can also specify
an action in case the MAC or 802.1x
authentication times out. Because of its
standards-based design, this solution can
be augmented with access control software
and external appliances for enhanced access
control operation. For example, an external
NAC appliance and/or software can be used
in combination with the FastIron SuperX/
SX, providing host posture verication and
remediation. This design allows customers
the exibility to build best-of-breed solutions
for their access control infrastructure and not
be locked into a single offering.
Once the user is permitted access to the
network, protecting the user’s identity
and controlling where the user connects
becomes a priority. To prevent “user identity
theft” (spoong), the FastIron SuperX/SX
switches support DHCP snooping, Dynamic
ARP inspection, and IP source guard.
These three features work together to deny
spoong attempts and to defeat man-in-
the-middle attacks. To control where users
connect, the FastIron SuperX/SX switches
support private VLANs, quarantine VLANs,
policy-based routing, and extended ACLs,
all of which can be used to control a user’s
access to the network.
In addition, FastIron SuperX/SX switches
feature embedded sFlow packet sampling,
which provides system-wide trafc
monitoring for accounting, troubleshooting,
and intrusion detection. Using the Brocade
IronView® Network Management (INM)
Loading...