Page 1
S5700S-LI Series Gigabit Enterprise Switches
Page 2
Page 3
S5700S-LI Series Gigabit Enterprise Switches
Product Overview
The S5700S-LI series gigabit enterprise switches (S5700S-LI for short) are next-generation energy-saving
switches developed by Huawei to meet the demand for high-bandwidth access and Ethernet multi-service
aggregation. Based on the cutting-edge hardware and Huawei Versatile Routing Platform (VRP) software, the
S5700S-LI provides a large switching capacity and high-density GE ports. The S5700S-LI i
enterprise network scenarios. For example, it can function as an access or aggregation switch on a campus
network, a gigabit access switch in an Internet data center (IDC), or a desktop switch to provide 1000 Mbit/
s access for terminals. The S5700S-LI is easy to install and maintain, reducing workloads for network planning,
construction, and maintenance. The S5700S-LI uses adv
technologies, helping enterprise customers build a next generation IT network.
anced reliability, security, and energy conservation
Product Appearance
S5700S-28P-LI-AC
• 24x10/100/1000Base-T Ethernet ports, 4xGE SFP ports
• AC power supply, supporting Redundant Power Supply (RPS)
• Forwarding performance: 42Mpps
s for use in various
S5700S-52P-LI-AC
• 48x10/100/1000Base-T Ethernet ports, 4xGE SFP ports
• AC power supply, supporting RPS
• Forwarding performance: 78Mpps
Product Features and highlights
Innovative Energy Saving Design
• The S5700S-LI offer customers extensive selection of energy-saving with standard mode, basic mode
and advanced mode that accommodates most needs. By matching port link down/up, optical-module
in-place/out of place, port shut down/undo shutdown, idle/busy period to increase the proportion of
the dynamic energy-saving to reduce the power consumption. The S5700S-LI series reduces energy
consumption without compromising system performance, ensuring good user experience. The S5700-LI
adopts multiple cutting-edge energy-saving designs, including Energy Efficient Ethernet (EEE), port energy
detection, dynamic CPU frequency adjustment, and device sleeping.
Comprehensive reliability mechanisms
• Besides STP, RSTP, and MSTP, the S5700S-LI supports enhanced Ethernet reliability technologies such
as Smart Link and RRPP (Rapid Ring Protection Protocol), which implement millisecond-level protection
switchover and ensure network reliability. It also provides Smart Link multi-instance and RRPP multi-
instance to implement load balancing among links, optimizing bandwidth usage.
1
Page 4
• The S5700S-LI supports the Smart Ethernet Protection (SEP) protocol, a ring network protocol applied
to the link layer on an Ethernet network. SEP can be used on open ring networks and can be deployed
on upper-layer aggregation devices to provide fast switchover (within 50 ms), ensuring non-stop
transmission of services. SEP features simplicity, high reliability, fast switchover, easy maintenance, and
flexible topology, facilitating network planning and management.
• Complying with IEEE 802.3ah and 802.1ag, the S5700S-LI supports point-to-point Ethernet fault
management and can detect faults in the last mile of an Ethernet link to users.
Well-designed QoS policies and security mechanisms
• The S5700S-LI implements complex traffic classification based on packet information such as the 5-tuple,
IP precedence, ToS, DSCP, IP protocol type, ICMP type, TCP/UDP port number, VLAN ID, Ethernet protocol
type. ACLs can be applied to inbound or outbound direction on an interface. The S5700S-LI supports
a flow-based two-rate three-color CAR. Each port supports eight priority queues and multiple queue
scheduling algorithms such as WRR, DRR, SP, WRR+SP, and DRR+SP. All of these ensure the quality of
voice, video, and data services.
• The S5700S-LI provides multiple security measures to defend against Denial of Service (DoS) attacks,
and attacks against networks or users. DoS attack types include SYN Flood attacks, Land attacks, Smurf
attacks, and ICMP Flood attacks. Attacks to networks refer to STP BPDU/root attacks. Attacks to users
include bogus DHCP server attacks, man-in-the-middle attacks
flood attacks. DoS attacks that change the CHADDR field in DHCP packets are also attacks against users.
• The S5700S-LI supports DHCP snooping, which discards invalid packets that do not match any binding
entries, such as ARP spoofing packets and IP spoofing packets. This prevents man-in-the-middle attacks
to campus networks that hackers initiate by using ARP pack
can be configured as a trusted interface to protect the system against bogus DHCP server attacks.
, IP/MAC spoofing attacks, DHCP request
ets. The interface connected to a DHCP server
• The S5700S-LI supports strict ARP learning, which prevents ARP spoofing attacks that will exhaust ARP
entries. It also provides IP source check to prevent DoS attacks caused by MAC address spoofing, IP
address spoofing, and MAC/IP spoofing.
• The S5700S-LI sup
authentication on a per port basis, as well as Portal authentication on a per VLANIF interface basis. The
S5700S-LI also supports NAC. The S5700S-LI authenticates users based on statically or dynamically bound
user information such as the user name, IP address, MAC address, VLAN ID, access interface, and flag
indicating whether antivirus software is installed. VLANs, QoS policies, and ACLs can be applied to users
dynamically.
• The S5700S-LI can limit the number of MAC addresses learned on an interface to prevent attackers from
exhausting MAC address entries by using bogus source MAC addresses. This function minimizes packet
flooding that occurs when MAC addresses of users cannot be found in the MAC address table.
port s 802.1x authent ication , MAC address authentication, a nd combined
Easy deployment and maintenance free
• The S5700S-LI supports automatic configuration, plug-and-play, and batch remote upgrade. These
capabilities simplify device management and maintenance and reduce maintenance costs. The S5700S-
LI supports SNMP v1/v2c/v3 and provides flexible methods for managing devices. Users can manage the
S5700S-LI using the CLI and web-based NMS. The NQA function helps users with network planning and
upgrading. In addition, the S5700S-LI supports NTP, SSH v2, HWTACACS+, RMON, log hosts, and port-
based traffic statistics.
• EasyDeploy: The Commander collects information about the topology of the client connecting to the
Commander and saves client startup information based on the topology. The client can be replaced
without configuration. Configuration and scripts can be delivered t
o the client in batches. In addition, the
2
Page 5
configuration delivery result can be queried. The Commander can collect and display power consumption
on the entire network.
• The S5700S-LI supports GARP VLAN Registration Protocol(GVRP), which dynamically distributes, registers,
and propagates VLAN attributes to reduce manual configuration workloads of network administrators
and to ensure correct VLAN configuration. In a comple
configuration and reduces network communication faults caused by incorrect VLAN configuration. The
S5700S-LI also supports VLAN Central Management Protocol (VCMP) and VLAN-Based Spanning Tree
(VBST) protocol.
• The S5700S-LI supports MUX VLAN. MUX VLAN isolates Layer 2 traffic between interfaces in a VLAN.
Interfaces in a subordinate separate VLAN can communic
communicate with each other. MUX VLAN is usually used on an enterprise intranet to isolate user
interfaces from each other but allow them to communicate with server interfaces. This function prevents
communication between network devices connected to certain interfaces or interface groups but allows
the devices to communicate with the default gateway.
x network topology, GVRP simplifies VLAN
ate with ports in the principal VLAN but cannot
Fine-grained traffic management
• The S5700S-LI supports the Sampled Flow (sFlow) function, which uses a sampling mechanism to obtain
statistics about traffic forwarded on a network and sends the statistics to the Collector in real time. The
Collector analyzes traffic statistics to help customers manage network traffic efficiently.
Product Specifications
Item S5700S-28P-LI-AC S5700S-52P-LI-AC
Fixed port 24×10/100/1000Base-T, 4×1000Base-X SFP
IEEE 802.1d compliance
MAC address
table
VLAN
Reliability
IP routing Sta
IPv6 features
MAC address learning and aging
Static, dynamic, and blackhole MAC address entries
Packet filtering based on source MAC addresses
8K MAC address entries
4K VLANs
Guest VLAN and voice VLAN
VLAN assignment based on MAC addresses, protocols, IP s
QinQ, Selective QinQ
1:1 and N:1 VLAN Mapping
GVRP
MUX VLAN
RRPP ring topology and RRPP multi-instance
Smart Link tree topology and Smart Link multi-instance, providing the millisecond-level
protection switchover
Smart Ethernet Protection (SEP)
STP(IEEE 802.1d), RSTP(IEEE 802.1w), and MSTP(IEEE 802.1s)
BPDU protection, root protection, and loop protection
tic routing
IPv6 host
Static IPv6 routes
Path MTU (PMTU)
IPv6 ping, IPv6 tracert
IPv4 and IPv6 dual stack
ACLs based on the source IPv6 address, destination IPv6 address, Layer 4 ports, or
protocol type
48×10/100/1000Base-T, 4×1000Base-X
SFP
ubnets, policies, and ports
3
Page 6
Item S5700S-28P-LI-AC S5700S-52P-LI-AC
IGMP v1/v2/v3 snooping and IGMP fast leave
MLD v1/v2 snooping
Multicast
QoS/ACL
Multicast VLAN
Multicast load balancing among member ports of a trunk
Controllable multicast
Port-based multicast traffic statistics
Rate limiting on packets sent and received by an interface
Packet redirection
Port-based traffic policing and two-rate three-color CAR
Eight queues on each port
WRR,
DRR, SP, WRR+SP, DRR+SP queue scheduling algorithms
Re-marking of the 802.1p priority and DSCP priority
Packet filtering at Layer 2 to Layer 4, filtering out invalid frames based on the source MAC
address, destination MAC address, source IP address, destination IP address, TCP/UDP
port number, protocol type, and VLAN ID
Rate limiting in each queue and traffic shaping on ports
Security
Access
Security
Lightning
protection
Super Virtual
Fabric (SVF)
Management
and
maintenance
User privilege mana
DoS attack defense, ARP attack defense, and ICMP attack defense
Binding of the IP address, MAC address, interface, and VLAN
Port isolation, port security, and sticky MAC
Limit on the number of learned MAC addresses
802.1x authentication and limit on the number of users on an interface
AAA authentication, RADIUS authentication, HWTACACS authentication, and NAC
SSH v2.0
Hypert
ext Transfer Protocol Secure (HTTPS)
CPU defense
Blacklist and whitelist
DHCP relay, DHCP server, DHCP snooping, and DHCP security
Service interface: 6 kV
Working as an SVF client that is plug-and-play with zero configuration
Automatically loading the system software package and patches of clients One-click and
automatic delivery of service
Supports independent running client
MAC Forced Forwarding (MFF)
Virtual cable test
Ethernet OAM (IEEE 802.3ah and 802.1ag)
SNMP v1/v2c/v3
RMON
Web-based NMS
NTP
System logs and alarms of different levels
DLDP
802.3az EEE(Energy Efficient Ethernet)
sFlow
gement and password protection
configurations
4
Interoperability
Supports VBST (Compatible with PVST/PVST+/RPVST)
Supports LNP (Similar to DTP)
Supports VCMP (Similar to
VTP)
Page 7
Item S5700S-28P-LI-AC S5700S-52P-LI-AC
Operating
environment
Input voltage
Operating temperature: 0
Relative humidity: 5% to 95% (non-condensing)
AC:
Rated voltage range: 100 V to 240 V AC, 50/60 Hz
Maximum voltage range: 90 V to 264 V AC, 50/60 Hz
o
C to 50oC
Dimensions
(W x D x H)
Power
consumption
442 x 220 x 43.6 mm 442 x 310 x 43.6 mm
< 25 W < 52 W
Applications
1000 Mbit/s Access Rate for Terminals
S9700
S7700 S7700
Campus
S5700S-LI
Product List
Product Description
S5700S-28P-LI-AC (24xEthernet 10/100/1000 ports, 4xGig SFP, AC 110/220V)
S5700S-52P-LI-AC (48xEthernet 10/100/1000 ports, 4xGig SFP, AC 110/220V)
RPS1800 Redundant Power System
For more information, visit http:// enterprise.huawei.com or contact the Huawei local sales office.
5
Page 8
Copyright © Huawei Technologies Co., Ltd. 2014. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei
Technologies Co., Ltd.
Trademark Notice
, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd.
Other trademarks, product, service and company names mentioned are the property of their respective owners.
General Disclaimer
The information in this document may contain predictive statements including,
without limitation, statements regarding the future financial and operating results,
future product portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially from those
expressed or implied in the predictive statements. Therefore, such information is
provided for reference purpose only and constitutes neither an offer nor an
acceptance. Huawei may change the information at any time without notice.
Loading...