Extreme Networks 15101 User Manual

Extreme Networks Data SheetExtreme Networks Data Sheet

Summit X250e Series

Summit® X250e series 24- or 48-port Fast Ethernet stackable

switches provide compelling high-performance edge solutions with

the revolutionary modular operating system, ExtremeXOS

®

.

Voice-Class Availability

• Modular ExtremeXOS operating system

• Ethernet Automatic Protection Switching (EAPS)
resiliency protocol

™

• SummitStack

—highly available, high-speed stacking support

Designed for Converged
Network Applications

• Quality of Service (QoS) with advanced traffic management
capabilities for converged applications

• Convergence-ready connectivity with Voice-over-IP (VoIP)
automatic provisioning with Universal Port capability

• Comprehensive network management

Comprehensive Security

• User policy, host integrity enforcement and
Identity Management

• Extensive MAC and IP security functionality to help prevent
man-in-the-middle attacks

• Universal Port dynamic security profile to provide fine granular
security policy in the network

Summit X250e series switches are based on
Extreme Networks
core-class operating system. ExtremeXOS is a
highly resilient, modular operating system that
helps provide continuous uptime, manageability
and operational efficiency at an affordable price.

Summit X250e provides high availability and
performance with its advanced traffic management
capabilities. Summit X250e supports the large­scale rollout of a converged network with devices
such as IP telephones, wireless access points
and other devices that require power from a LAN
connection. Summit X250e-24x supports Carrier
Ethernet edge deployment with its flexible fiber
connectivity options. Summit X250e-24x can
support 100BASE-FX, 100BASE-LX10 and
100BASE-BX on its SFP ports depending upon
deployment requirements.

Summit X250e supports hardware-based routing
for both IPv4 and IPv6 to help provide investment
protection by allowing the rollout of IPv6 in your
network now or in the future.

The highly flexible Summit X250e switch provides
high-density Fast Ethernet ports plus dedicated
40 Gbps high-speed stacking ports in a compact
1RU format, supporting a full range of Layer 2 to
Layer 4 functionality on every port for high
productivity. Optional redundant power supplies
are available with each switch to help secure
against power anomalies.

®

revolutionary ExtremeXOS

Target Applications

• Edge Power over Ethernet (PoE) and
non-PoE switch providing intelligent
10/100BASE-T connectivity to the desktop in
a network running ExtremeXOS from the
core to the edge

• Carrier Ethernet edge switching with
100BASE-X provides advanced fiber
connectivity to the customer for both AC and
DC powered environments

The Summit X250e series switch is an advanced Fast Ethernet
converged edge switch with ExtremeXOS modular operating
system at an affordable price.

Extreme Networks Data Sheet

Extreme Networks Data Sheet

Voice-Class Availability

Powered by the ExtremeXOS operating system, the Summit X250e switch supports process recovery and application
upgrades without the need for a system reboot. Summit X250e offers the high network availability required for
converged applications.

Modular Operating System
for High Availability Operation

True Preemptive Multitasking
and Protected Memory

Summit X250e switches allow each of
the many applications—such as Open
Shortest Path First (OSPF) and
Spanning Tree Protocol (STP)—to run
as separate Operating System (OS)
processes that are protected from each
other. This drives increased system
integrity and helps protect against
Denial of Service (DoS) attacks.

Process Monitoring and Restart

ExtremeXOS improves network
availability using process monitoring and
restart. Each independent OS process is
monitored in real time. If a process
becomes unresponsive or stops running,
it can be automatically restarted.

Loadable Software Modules

The modular design of the ExtremeXOS
OS allows the upgrading of individual
software modules, should this be
necessary, leading to higher availability
in the network (see Figure 1).

High Availability
Network Protocols

Ethernet Automatic Protection
Switching (EAPS)

EAPS allows the IP network to provide
the level of resiliency and uptime that
users expect from their traditional voice
network. EAPS differs from Spanning
Tree or Rapid Spanning Tree protocols
and offers sub-second (less than 50

milliseconds) recovery that helps deliver
consistent failover regardless of the number
of VLANs, network nodes or network
topology. Since EAPS allows the network
to recover almost transparently, VoIP calls
do not drop and digital video feeds do not
freeze or pixelize in most situations.

Spanning Tree/Rapid Spanning
Tree Protocols

Summit X250e switches support Spanning
Tree (802.1D), Per VLAN Spanning Tree
(PVST+), Rapid Spanning Tree (802.1w)
and Multiple Instances of Spanning Tree
(802.1s) protocols for Layer 2 resiliency.

Software-Enhanced Availability

Software-enhanced availability allows users
to remain connected to the network even
if part of the network infrastructure is down.
Summit X250e switches continuously check
for problems in the uplink connections
using advanced Layer 3 protocols such as
OSPF, VRRP and ESRP (ESRP supported
in Layer 2 or Layer 3), and dynamically
route traffic around the problem.

Equal Cost Multipath Routing

Equal Cost Multipath (ECMP) routing allows
uplinks to be load balanced for performance
and cost savings while also supporting
redundant failover. If an uplink fails, traffic is
automatically routed to the remaining
uplinks and connectivity is maintained.

Link Aggregation (802.3ad)

Link aggregation allows trunking of up to
eight links on a single logical connection, for
up to 2 Gigabits per Second (Gbps) of
redundant bandwidth per logical connection.

Voice-Grade Stacking
with SummitStack

Summit X250e offers dual stacking interfaces
to provide high-speed 40 Gbps stacking
bandwidth. SummitStack architecture is
designed to support converged services by
its highly available, rapid failover capability
with n-1 master redundancy, distributed
Layer 2 and Layer 3 switching, link aggregation
across the stack and distributed uplinks.
SummitStack supports up to eight units in a
stack (the mixture of the units can be
Summit X250e, Summit X450e, Summit X450a,
Summit X480 and Summit X650 switches) and
provides sub-second failover for path failure
and hitless master/backup failover along
with hitless protocol support such as OSPF
graceful restart, PoE configuration and
Network Login user authentication.

Summit X250e provides chassis-like
management and availability with its
SummitStack stacking technology
(see Figure 2).

Figure 2: SummitStack Stacking

Architecture

1 2

Updated application
modules can be
upgraded during runtime

Application
Modules

Kernel and
Kernel Loadable

ExtremeXOS

Modules

PIM-SM

V4.6

PIM-SM

V4.5

ExtremeXOS

Kernel

PIM-DM

V4.4

PIM-DM

V4.5

SSG-2 +

Kernel Loadable

Module

New Extreme Networks or
external application modules
can be added during runtime

SCP

Third
Party

Application

5154-01

Figure 1: ExtremeXOS Modular Design

© 2010 Extreme Networks, Inc. All rights reser ved. Summit X250e Series—Page 2

Summit X250e Series—Page 2

Extreme Networks Data Sheet

Designed for High-Performance Network Applications

Summit X250e switches provide non-blocking architecture with copper and fiber Fast Ethernet ports for demanding edge
applications. Combining exceptional QoS and advanced traffic management with resiliency, comprehensive security features
and non-blocking performance, Summit X250e switches are designed to be the cornerstone of an advanced intelligent
converged network.

Exceptional Policy-based QoS
with Advanced Traffic
Management for Converged
Applications

Summit X250e provides eight hardware
queues per port to support granular traffic
classification with bandwidth allocation.
1,024 centralized classifiers per 24-port
block can use information from Layers 1
through 4 to prioritize and meter incoming
packets at line-rate. When metering traffic,
the switches can drop out-of-spec traffic or
flag it for later action. To expedite upstream
traffic handling, a packet’s classification
can be carried forward with Layer 2 (802.1p)
and Layer 3 (Diffserv) markings.
Summit X250e provides advanced traffic
management features that support the
high-quality triple play of voice, video and
data services.

Efficient Management to
Handle Convergence-Driven
Network Changes

Universal Port—VoIP
Auto-Provisioning

Summit X250e sets the stage for conver­gence applications by allowing enterprises
to add new access devices in a non-disrup­tive plug-and-play fashion. Voice and
wireless services can be easily implement­ed without major network upgrades.
Summit X250e supports the automated
provisioning of VoIP using Link Layer
Discovery Protocol (LLDP) and the
event-based command scripting capability.
It allows dynamic configuration of voice
VLANs and QoS. This auto-configuration
capability allows you to configure VoIP
phone settings such as voice VLAN settings,
call server IP address configuration, etc.
(see Figure 3). This level of simplicity in
managing network changes can reduce
operating expenses.

with its support of the IEEE 802.3af
standard and full Class 3 power availability
on all ports, backed up 100% by the
EPS-500 redundant power supply
(Summit X250e-24p). Summit X250e-48p
can provide up to 370W of PoE power and
can be increased up to 740W of PoE power
to provide full 15.4W Class 3 devices on all
48 ports by adding an External Power
System (EPS-C and EPS-600LS).

Voice-Grade Connections

Granular QoS, low latency and low jitter
enable voice-quality connections.
Summit X250e supports a range of QoS
technologies that can prioritize and
predictably handle high-priority traffic
policing or rate limiting on ingress, 802.1Q
tagging and Diffserv marking, and shaping
on egress with eight queues per port. The
Extreme Networks tradition of building
products with low latency and jitter
continues with the Summit X250e series.

Comprehensive Network
Management

As the network becomes a foundation of
the enterprise application, network
management becomes an important piece
of the solution. Summit X250e supports
comprehensive network management
through Command Line Interface (CLI),
SNMP v1, v2c, v3 and an embedded
XML-based Web User Interface,
ExtremeXOS

ScreenPlay™. With a variety

NE TWO RK

1

LLDP / LLDP-MED

2

of management options and consistency
across other Extreme Networks modular
and stackable switches, Summit X250e series
switches can provide ease of management
for demanding converged applications.

Extreme Networks has developed tools
that help save you time and resources in
managing your network. EPICenter
management suite provides fault, configuration,
accounting, performance and security
functions, allowing more effective
management of Extreme Networks multi­layer switching equipment in a converged
network.

Advanced Routing Capabilities
for the Edge

Summit X250e supports advanced protocols
for an efficient and productive network.
Summit X250e switches provide static and
RIP routing for simple IPv4 and IPv6 Layer 3
deployment. An optional ExtremeXOS
Advanced Edge license extends the feature
set to include other important edge
functions such as:

• Edge OSPF for much greater extensi­bility than RIP can provide

• Edge PIM sparse modes for routing of
multicast streams

• Policy-based routing

• sFlow

CO RE

®

hardware sampling

4

5

3

®

Power over Ethernet

Deployments of IP Telephony depend on
reliable, consistent power from the
Ethernet jack. Summit X250e-24p and
Summit X250e-48p are the basis for a
reliable LAN telephony infrastructure
with fully redundant resiliency to match
the failover requirements for latency-sen­sitive services like VoIP phones. With
Summit X250e-24p or 48p, deployment of
powered LAN devices is quick and easy

© 2010 Extreme Networks, Inc. All rights reser ved. Summit X250e Series—Page 3

1

Administrator defines Universal Port policy for IP phones.

Phone is connected.

2

Phone sends vendor, model, detailed power requirements, etc.

3

to switch.

Switch automatically configures VLAN, QoS, and PoE on the port.

4

Switch pushes VLAN, QoS, call server details, etc. to the phone.

5

Figure 3: Universal Port Voice-over-IP Provisioning

IP Phone

5044-01

Extreme Networks Data Sheet

Comprehensive Security

Implementing a secure network means providing protection at the network perimeter as well as the core. Working together with
the Sentriant® family of products from Extreme Networks, Summit X250e series uses advanced security functions to help
protect your network from known or potential threats. Security offerings from Extreme Networks encompass three key areas:
user and host integrity, threat detection and response, and hardened network infrastructure.

User Authentication and Host
Integrity Checking

Network Login and
Dynamic Security Profile

Network Login capability enforces user
admission and usage policies. Summit X250e
series switches support a comprehensive
range of Network Login options by providing
an 802.1x agent-based approach, a Web­based (agent-less) login capability for guests,
and a MAC-based authentication model for
devices. With these modes of Network Login,
only authorized users and devices are
permitted to connect to the network and be
assigned to the appropriate VLAN. The
Universal Port scripting framework lets you
implement Dynamic Security Profiles which
in sync with Network Login allows you to
implement fine-grained and robust security
policies. Upon authentication, the switch can
load dynamic ACL/QoS for a user or group
of users, to deny/allow the access to the
application servers or segments within
the network.

Multiple Supplicant Support

Shared ports represent a potential vulner­ability in a network. Multiple supplicant
capability on a switch allows it to uniquely
authenticate and apply the appropriate
policies and VLANs for each user or device
on a shared port.

Multiple supplicant support helps secure IP
Telephony and wireless access. Converged
network designs often involve the use of
shared ports (see Figure 4).

MAC Security

MAC security allows the lockdown of a port
to a given MAC address and limiting the
number of MAC addresses on a port. This

Summit X250e offers multiple supplicant which helps provide per-MAC

based authentication with dynamic VLAN allocation

can be used to dedicate ports to specific
hosts or devices such as VoIP phones or
printers and avoid abuse of the port—an
interesting capability specifically in environ­ments such as hotels. In addition, an aging
timer can be configured for the MAC
lockdown, protecting the network from the
effects of attacks using (often rapidly)
changing MAC addresses.

IP Security

ExtremeXOS IP security framework helps
protect the network infrastructure, network
services such as DHCP and DNS, and host
computers from spoofing and man-in-the­middle attacks. It also helps protect the
network from statically configured and/or
spoofed IP addresses and builds an external
trusted database of MAC/IP/port bindings so
you know where the traffic from a specific
address comes from for immediate defense.

Identity Management

Identity Management allows customers to
track users who access their network. User
identity is captured based on NetLogin
authentication, LLDP discovery and Kerberos
snooping. ExtremeXOS uses the information
to then report on the MAC, VLAN, computer
hostname, and port location of the user.

Host Integrity Checking

Host integrity checking helps keep infected
or non-compliant machines off the network.
Summit X250e series switches support a host
integrity or endpoint integrity solution that is
based on the model from the Trusted
Computing Group. Summit X250e interfaces
with Sentriant AG200 endpoint security
appliance from Extreme Networks to verify
that each endpoint meets the security
policies that have been set and quarantines
those that are not in compliance.

Network Intrusion Detection
and Response

Hardware-Based sFlow Sampling

sFlow is a sampling technology that provides
the ability to continuously monitor applica­tion-level traffic flows on all interfaces
simultaneously. The sFlow agent is a
software process that runs on Summit X250e
and packages data into sFlow datagrams that
are sent over the network to an sFlow
collector. The collector gives an up-to-the­minute view of traffic across the entire
network, providing the ability to trouble­shoot network problems, control congestion
and detect network security threats.

Port Mirroring

For threat detection and prevention,
Summit X250e supports many-to-one and
one-to-many port mirroring. This allows
the mirroring of traffic to an external
network appliance such as an intrusion
detection device for trend analysis or for
utilization by a network administrator for
diagnostic purposes. Port Mirroring can
also be enabled across switches in a stack.

Line-Rate ACLs

ACLs are one of the most powerful
components used in controlling network
resource utilization as well as protecting
the network. Summit X250e supports
1,024 centralized ACLs per 24-port block
based on Layer 2, 3 or 4-header information
such as the MAC, IPv4 and IPv6 address or
TCP/UDP port.

Denial of Service Protection

Summit X250e can effectively handle DoS
attacks. If the switch detects an unusually
large number of packets in the CPU input
queue, it will assemble ACLs that automat­ically stop these packets from reaching the
CPU. After a period of time, these ACLs
are removed, and reinstalled if the attack
continues. ASIC-based LPM routing
eliminates the need for control plane
software to learn new flows, allowing more
network resilience against DoS attacks.

Secure Management

To prevent management data from being

`` ` ```

VLAN Green VLAN Orange VLAN Purple Rogue Clients

```

Figure 4: Multiple Supplicant Support

© 2010 Extreme Networks, Inc. All rights reser ved. Summit X250e Series—Page 4

intercepted or altered by unauthorized
access, Summit X250e supports SSH2, SCP
and SNMPv3 protocols. The MD5 hash
algorithm used in authentication prevents
attackers from tampering with valid data
during routing sessions.

Target Applications

Edge Connectivity for Advanced
Enterprise Applications

Edge PoE and non-PoE switches provide intelligent
10/100BASE-T connectivity to the desktop in a
network running ExtremeXOS from the edge to
the core.

Summit X250e is deployed as intelligent Fast
Ethernet edge switch, extending the benefits of
the ExtremeXOS operating system to the
network edge in the enterprise network. This
uniformity allows consistent quality and perfor­mance throughout your converged network while
minimizing operational inefficiencies. With
line-rate performance and low latency, the
Summit X250e edge switch connects wireless
devices, LAN telephony, PDAs and other
equipment without compromising security,
scalability, availability, mobility or management.

Extreme Networks Data Sheet

NETWORK

CORE

Summit X250e Summit X250e

`

`

DEF

3

ABC

2

@

­6

1

MNO
ABC

5

GHI

9

4

WXYZ
TUV

8

PQRS

+|

7

#

+|

0

U

*

DEF

3

ABC

2

@

­6

1

MNO

ABC

5

GHI

9

4

WXYZ

TUV

8

PQRS

+|

7

#

+|

0

U

*

Edge Connectivity for Advanced Carrier
Ethernet Applications

Carrier Ethernet edge switching with
100BASE-X provides advanced fiber connectivity
to the customer.

Summit X250e is deployed as an intelligent
Fast Ethernet edge switch, extending the
benefits of the ExtremeXOS operating system
to the network edge in the Carrier Ethernet
network. This uniformity allows consistent
quality and performance throughout a
converged network while minimizing operational
inefficiencies. With line-rate performance and low
latency, the Summit X250e edge switch provides
copper 10/100BASE-T connectivity as well as
100BASE-X connectivity including 100BASE-FX,
100BASE-LX10 and 100BASE-BX. A flexible
connectivity option is offered without compromising
security, scalability, availability, mobility or
management. Summit X250e has both AC and
DC powered models for flexible deployments.

Single Family Homes Central Office Point of Presence

Summit X250e

BlackDiamond

20808

Service Router

© 2010 Extreme Networks, Inc. All rights reser ved. Summit X250e Series—Page 5