Sei sulla pagina 1di 265

Extreme Networks

Solutions Handbook
A comprehensive guide to the complete portfolio

v1.1 March 2011

Westcon Group is the worlds leading speciality distributor of advanced


network technology solutions and is a significant global partner for Extreme
Networks, Avaya, Siemens, Cisco and close to 100 other industry-leading
vendors.
Westcon Convergence is the leading value-added distributor of converged
solutions providing the highest levels of services, support programmes,
training and tools needed to make our resellers more profitable and more
competitive in their chosen market.
The Extreme Networks team at Westcon Convergence provides support
through every aspect of the sales cycle, offering dedicated account
management, marketing and a wide range of pre and post sales training and
support. With a consultative approach the team is dedicated to helping you
develop compelling solutions and grow your business.
Our ConvergencePoint programme provides a wealth of online sales,
marketing and support resources to help our resellers evaluate and maximise
their market opportunities and deliver truly converged solutions to their
customers.
This guide is designed to help you understand Extreme Networks solutions
and the benefits they bring to your customer.

This handbook is updated on a regular basis for the latest update please view our website (see back page)

Contents
Tell Me About... Extreme Networks Solutions
How Westcon Convergence supports its partners
Why Extreme Networks?
Scalability, Agility and Simplicity

8
10
11

Extreme Networks Core Technology Features


The ExtremeXOS Operating System
Data Centre

14
18

Enterprise Chassis Switch Solutions


Ethernet switching products from Extreme Networks
Chassis based Solutions at a glance
BlackDiamond 8800 Series
BlackDiamond 20808 Series

26
30
34
36

Enterprise Stackable Switch Solutions


Fixed Configuration and Stackable Switches
ReachNXT100-8t
Summit X150 Series
Summit X250e Series
Summit X350 Series
Summit X450a and Summit X450e Series
Summit X460 Series
Summit X460 VIM & Summit X480 VIM2 Module Guide
Summit X480 Series
Summit X650 Series
Summit X650 VIM1 Module Guide

40
46
48
50
52
54
56
58
59
61
64

Wireless Solutions
Wireless Solutions
Summit WM 3000 Series
Altitude Access Points
Altitude 3510 & 3500 Series Access Points
Altitude 4600 Series Access Points
Summit WM3000 Series WLAN Controllers
Wireless Management Suite

68
69
70
71
73
75
78

Security Solutions
Extreme Networks Security Series
Sentriant NG200
Sentriant NG300

82
87
89

Network Management
EPICenter Network management
Ridgeline Service Advisor

94
96

Snapshot Guides
5 Minute Green Guide
Summit Switching Series
Summit X150 and X250e Series Switches
Summit X450 Series Switches
Summit X650 Series Switches

100
104
106
109
112

Vertical Solutions
Healthcare Solution Overview
Higher Education Solution Overview
Data Center Network Overview

116
125
131

White Papers
Is Your Data Centre Extreme?
10 Gigabit Ethernet Adoption
Carrier Traffic Management
CLEAR-Flow
A Two-Tier Architecture for Converged Networks
Deploying IP Telephony
Ethernet Automatic Protection Switching
Simplifying Network Management with EPICenter
Quality of Service for Voice-over-IP Networks
Making the Network Visible With sFlow

144
158
164
171
179
186
201
206
230
236

Product Part Codes


Product Part Codes

242

Tell Me About...
Extreme Networks
Solutions

How Westcon Convergence supports its partners


We have built a business that is dedicated to supporting yours. With over 16 years experience in
supporting a reseller channel we know the importance of investing heavily in skilled staff. We aim to
make working with us an enjoyable and profitable experience.

Account Management

Pre-Sales Support

A dedicated account manager ensures that


our resellers have access to the full range of
support and development resources that the
Westcon Avaya partnership offers:
Experience and knowledge to help grow your
business
Complete commercial ownership
Regular product, pricing and promotion
updates
Business development support

Training and Knowledge

Our highly experienced pre-sales team offer


a wealth of knowledge and expertise in the
following areas:
Advice and consultancy
Full support during the bidding process
System design validation
Support and advice for complex and multivendor solutions
Full system configuration and pricing
Customer presentations and solution
demonstrations

Professional Services
The Westcon Convergence Professional
Services team have extensive experience in
implementing and supporting the entire Avaya
portfolio. Our services include:
Solution pre-staging
System installation and commissioning
Technical Support
Maintenance
VoIP network readiness testing
Project management

Development
Westcon Academy offers a comprehensive
training portfolio with a range of Avaya sales,
pre and post sales training courses.
Exclusive solution sales training delivered by
leading industry experts
Comprehensive, hands-on technical training
Book online at the Westcon Academy site
Bespoke training courses and workshops

Customer Operations
With a strong focus on customer service,
Westcon provides comprehensive operational
support. Our customer operations team offers
the following:
Efficient logistics
Order processing and fulfilment
E-Commerce
Query resolution

Tell Me About... Extreme Networks Solutions

Marketing
Our compelling market leading programmes
are designed to help you develop your own
skills and expertise and to develop your
convergence business:
Dedicated Avaya product management
Channel marketing support
Comprehensive demand generation initiatives
Marketing customisation service
Regular product forums & road shows

Online support ConvergencePoint


Our exclusive web portal, ConvergencePoint,
provides access to innovative convergence solutions
and advanced reseller support services, helping
to develop competitive advantage, profitable
business and truly converged solutions. Features of
ConvergencePoint include:

Multi-vendor resources and services


Extensive Avaya collateral
Sales and marketing tools
Promotions and incentives

Access to Westcon Convergence events


www.westcon.com

Tell Me About... Extreme Networks Solutions

Why Extreme Networks?


Organisations face a number of challenges when deploying or expanding a new or existing Local Area
Network (LAN) infrastructure. It is vital that any investment made is protected for future expansion and
deployment of applications as well as it being optimised for maximum efficiency. It is critical that the
underlying infrastructure can support all business applications whether they are voice, video or data,
from both a quality of service perspective but also from a resilience aspect application downtime isnt
an option.

Investment Optimisation
Extreme Networks offers a significantly reduced Total Cost of Ownership (TCO) of the network infrastructure. A
single hardened modular operating system (ExtremeXOS) that is consistent across the product range increases
network uptime whilst reducing management complexity. A highly secure and robust scalable architecture allows
for on demand growth in both performance and port density supporting the increasing number of media rich
applications. With the ability to intelligently deliver power for devices consuming Power over Ethernet (PoE), the
operating cost of the infrastructure can be reduced by as much as 75% on just PoE alone. The combination of all
of these features allows customers deploying Extreme Networks products to maximise their capital expenditure,
reduce their operating expenditure and benefit from an overall reduced total cost of ownership.

Switching

High Speed 10Gbs Switching


Fixed Conguration and Chassis form factors
Scalable Architecture 2-tier design

ExtremeXOS

Hardened Modular Operating System


Enhanced resilience maximising uptime
Hitless Failover

Wireless

Voice over Wireless LAN (VoWLAN)


Flexible Mobility
High Performance - 802.11n read

Security

Network Access Control


Proactive trafc monitoring
Intrusion Detection and Prevention

Network
Management

Monitor network changes real time


Simplify Moves, Adds and Changes
Task automation with scripts

Total Cost of
Ownership TCO

Reduce Power Consumption


Simplified Operations
Green

Tell Me About... Extreme Networks Solutions

Scalability, Agility and Simplicity


Scalability
With virtualisation of the data centre and real time application deployment becoming
even more prevalent and popular as well as increasing efficiency and reducing operating
costs, it is essential that capacity and throughput can be supported effectively. Increasingly
organisations are deploying time sensitive mission critical applications such as IP Telephony
(IPT) and Video on Demand (VoD). With this in mind the infrastructure must be able to
support this from both a performance and capacity aspect but also resilience. Extreme
Networks have multiple switching options that range from fixed configuration to chassis
based solutions without any compromise in performance retaining a consistent architecture
throughout. With support for a high performance 10Gbps switching core in form factors as small as 1RU high
port density is easily achieved. At the same time spearheading the 40G and 100G future switching technologies,
Extreme Networks are well positioned in delivering scalable, robust future proof solutions.

Agility
Retaining high availability and uptime of the network is critical to any organisation.
Network failure can result in not just the loss of internet services or email but applications
where network dependency can determine life or death. Market statistics from Gartner
have stated that 40% of downtime in a network is attributed to software failure. It is
critical therefore that the network does not become a part of this statistic. With support
for sub 50 milli second network failover, solutions from Extreme Networks ensure that
maximum system uptime is maintained. With a hardened modular operating system in
the switching products, service levels remain consistently high ensuring availability of
applications. The ability to upgrade the operating system without resulting in network
outage offers organisations increased flexibility for network maintenance. Security is an integral element to
the Extreme Networks product range in not only the switching hardware and software but also in the form of
dedicated security appliances. Real time monitoring of network traffic and analysis of traffic flows enables the
network to intelligently defend against potential threats and attacks.

Simplicity
Limited resources within the organisation mean that simplified management of the
network is essential. The modular operating system, ExtremeXOS, is consistent throughout
the entire product range eliminating the need for multiple skills on different products
and levels of software. The Universal Port architecture and Widget technology allows for
automation of repetitive tasks freeing up valuable time of the IT support team. For example,
the rollout of a new IPT solution can be deployed far quicker with the automated process
of handset discovery and association to the correct VLAN and priority. This removes not
only manual intervention for handset deployment, but also the complexity of ensuring
that the handset is correctly configured and available for the first operational day. Risk
management of the data network is critical ensuring that security and data integrity is maintained.
With the introduction of Sarbanes Oxley, organisations are committed to ensuring that preventative measures
are taken in order to comply. The Extreme Networks security appliances provide network security through
monitoring the network for the introduction high risk software such as malware or access to it by foreign
devices that are not authorised to access the network. On detection of threats, dynamic policies can be
initiated, supporting a proactive approach to data protection of sensitive data held on the network.

Tell Me About... Extreme Networks Solutions

Extreme Networks
Core Technology
Features

The ExtremeXOS Operating System


Whilst
traditional
switches
incorporate processes that are tightly
coupled, those switches can falter
during any single process outage.
Convergence requires a modular
open standards based approach to
the network operating system so
new functionality can be added in a
rapid fashion or processes restarted
without
impeding
network
operations.
What is it? ExtremeXOS is a hardened
modular operating system that provides a
common set of features and applications
on single software release and command
line interface across all Extreme Networks
switches
How does this benefit the IT Manager?
It greatly simplifies network complexity
from a support and management
perspective and enables carrier grade
reliability in enterprise networks. For
example new services or applications can
be added or removed without taking the
switch offline.

Benefits of ExtremeXOS?
Its a High Availability Architecture: The high availability of ExtremeXOS creates a resilient infrastructure
capable of maximum network integrity for mission-critical applications. Different from the traditional
Monolithic Operating Systems, ExtremeXOS solves the last single point of failure, i.e. the Operating System.
If a management process fails in ExtremeXOS, this process can be stopped, re-started or replaced while the
switch is still in operation. Whereas Monolithic OSs require a reboot resulting in a typical outage of 3-5
minutes.
Its an easy to manage architecture: Universal Port dramatically simplifies rollout of VoIP via auto-configuration
of edge ports and phones.
Its an open architecture: There are endless possibilities for further expanding the capabilities of the network,
by integrating third-party applications. An example of this is the VoIP application layer monitoring agent
developed by Avaya to simulate and closely monitor the behaviour of VoIP connections in a network
Its a secure architecture: Security of the entire network infrastructure is protected with ExtremeXOS. For
Example management traffic is secured through authentication and encryption. In addition access control
works with or without dedicated authentication support on client devices, such as VoIP phones.

Extreme Networks Core Technology Features

Traditional Monolithic vs Modular operating system quick comparison


Monolithic

Modular

Single memory address for all modules

Yes

No

Start and stop processes with switch running

No

Yes

Dynamically load and unload modules without rebooting the switch

No

Yes

Continues to run with crashed modules

No

Yes

ExtremeXOS feature matrix

Please refer to the individual products for the XOS upgrade part
codes

What is the Extreme Networks


solution to high availability?

Why do converged networks need an


easy to manage architecture?

Ethernet Automatic Protection Switching (EAPS) is


Extreme Networks solution for fault-tolerant network
topologies. EAPS is a feature of ExtremeXOS and is
responsible for sub 50 milli-second network recovery.
This revolutionary technology provides end users with
a seamless experience when network failure does occur
and does so with radical simplicity.

In order to realise many of the benefits of a converged


network, IT managers have been looking for ways to
simplify and in some cases automate the deployment of
VoIP endpoints such as laptops with soft phones, WiFi
base stations and IP Handsets.
What was needed was the ability for the port on a data
switch to understand the nature of the device connecting
to it, for example what is its power requirement and
does it require connecting to a specific Virtual Local Area
Network (VLAN) for voice?

Extreme Networks Core Technology Features

Failover time comparison table


EAPS

STP

Port Fast

SMLT

RSTP

Open Standard

Open Standard

Proprietary

Proprietary

Open Standard

<50ms

<30s

<2s

<50ms

<500ms

Extreme Networks Core Technology Features

What is Extreme Networks solution?


Universal port manager simplifies rollouts via autoconfiguration of edge ports and phones. Deploying
VoIP endpoints is as easy as opening the package,
programming the extension and plugging into the
network.

Preparation

Operation
3

After 802.1x
authentication, phone
sends LLDP messages
with model, PoE, serial
number, etc.

Administrator

Administrator
configures VoIP
policies (VoIP VLAN,
Dot1p priority, etc)

Administrator pushes
policies to switch

Switch configures
VLAN, Dot1p priority,
AC_s and PoE on the
port

Switch VLAN, Call


Server, E911 Location,
QoS, etc to the phone

Why do converged networks require High Availability?


As the trend to consolidate business critical application onto IP Networks continues, it has been realised that the
network infrastructure as a whole has to continue running even if individual connections are lost. Traditional
technologies such as spanning tree protocol (STP) were developed to establish redundant network paths so that
data could be automatically redirected to alternate routes. However, with delay sensitive applications such as
Video or VoIP, the time it takes for the network path to re-converge using STP can result in connections timing
out and in some cases dropped. The impact of this is frustration for users in dropped calls or video sessions,
and it increases the strain on the network as applications attempt to re-establish sessions. Extreme Networks
address these issues with their Ethernet Automatic Protection Switching (EAPS) protocol delivering high speed
sub 50 milli-second network recovery

Extreme Networks Core Technology Features

Data Centre
From Physical to Virtual to Cloud
To solve the challenges of the evolving data center landscape, Extreme Networks developed a scalable network
infrastructure solution that enables users to migrate from a traditional or physical network to a virtualised network,
to a location-independent cloud network, without forcing a certain technology, or operating methodology on the
user.
Extreme Networks accomplishes this with solutions that leverage applied performance through a flexible network
architecture built on a family of fixed and modular switching platforms that enables a flattening of network tiers
while providing the network scale to meet the needs of the future. Extreme solutions also provide network-level
awareness that enables a network to be highly automated, virtual machine (VM) aware, cloud-ready and easily
integrated into the world around it.
This approach that Extreme Networks calls the Four Pillars applies to Enterprises and hosting centers of any
scale.

The Four Pillar Strategy For Next Generation Data Centers


The Extreme Networks solution for migrating from physical to virtual to cloud is divided into four pillars. The four pillars
can be thought of as phases of implementation for the migrating data center. In steps, a user can move from pillar to
pillar, or immediately implement the complete solution, based on their business needs.

Extreme Networks Four Pillars Solution: Foundation for


Achieving Value in the Data Centre

Physical

This represents the physical network that most data centers are using today. The physical network
is the foundation for all virtualisation, so it is important that this infrastructure be robust, easy to
manage and scalable.
> Data Center Switching Products

Efficient

This is where the efficiencies of virtualisation are realised efficiently managing a highly virtualised
network environment with tight integration between the virtualised server environment and the
network.
> XNV (ExtremeXOS Network Virtualisation)

Scalable

This provides support for dramatic scaling of switches and virtual machines. It also includes the
highly scalable Extreme Networks Direct Attach architecture that supports switching of the virtual
machines in the network, rather than on the server.
> Direct Attach
> 40 and 100 GbE

Automated
Cutomised

This provides a model for data center managers to customise their environments and automate
routine tasks which could otherwise be very time-consuming and prone to errors at scale.
> XNV (ExtremeXOS Network Virtualisation)

Extreme Networks Core Technology Features

Network
Topology

Reduce
Network Tiers

Integration with
VM Platforms

Provision 1,000s
of Switches
across Multiple
Sites

Automated
Configuration

User Generated
Scripts

Network Profiles
for VMs
Direct Attach

Bandwidth and
Performance

Fixed and
Modular
Platforms

Robust and
Flexible
Stacking

Physical

Heterogeneous
(Best of breed)
Support for
Virtual Machines

EIPCenter Single
Plane of Glass

Efficient

XML Enabled
Infrastructure

1G 10G
40G 100G

Application
and Awareness
Support

Scalable

Open APIs

Program and
Application
Integration

Automated
Cutomised

Extreme Networks Core Technology Features

Virtualisation and Direct


Attach
Data center networks today are very
inefficient in dealing with server
virtualisation. From the time a Virtual
Machine (VM) is created to the time it
is activated, moved, or deactivated, the
network has no visibility into the virtual
machine lifecycle. Network administrators
have had few tools if any, when it comes
to troubleshooting and managing VMs
in the network. Additionally, due to
the ability of VMs to dynamically move
from server to server, provisioning the
network for VM security and application
performance has proven to be a
networking challenge.

XNV (ExtremeXOS Network


Virtualisation)
XNV is a set of licensable software
modules for both the ExtremeXOS based
switching product portfolio, as well as for Extreme Networks EPICenter, a network provisioning and management
application. XNV brings insight, control and automation for highly virtualised data centers to the network.

XNV enables the following capabilities:


XNV provides centralised network-based virtual machine (VM) inventory, VM location history and VM
provisioning. XNV achieves this through EPICenter, which interfaces through standard application
programming interfaces (APIs) to virtual machine management platforms such as VMware vCenter, Citrix
and others.
XNV allows centralised network-based configuration and distributed network-based enforcement of networklevel capabilities down to the individual virtual machine level. XNV does this through a virtual port profile (VPP)
which can be associated with individual virtual machines in a centralised manner through EPICenter. VPPs
allow configuration of access control lists (ACLs), Quality of service (QoS), rate limiting, and other capabilities
to individual virtual machines. VPPs are enforced through the ExtremeXOS enabled network switches running
XNV.
XNV provides automated VM lifecycle tracking of virtual machines in the network as VMs migrate from server
to server, as well as the ability to automatically move the VMs VPP to the appropriate network switch and
enforce the VPP-based parameters and policies in real time.
View the following videos for an overview of what Extreme Networks Virtualisation is and how it introduces efficiency
into data centres.

Extreme Networks Core Technology Features

Key Benefits

Bringing network-level insight and visibility into the virtual machine lifecycle
Making network and port-level capabilities configurable at the individual VM level
Dynamically tracking and enforcing VM attributes in the network in an automated manner
Hypervisor-Agnostic Operation
Investment Protection

Extreme Networks Core Technology Features

Direct Attach: Reducing Network Tiers


The emergence of virtualisation technology has transformed the modern data center by improving server utilisation,
reducing power requirements and increasing both availability and scalability. At the same time, the requirement for
server density has led to the growth in blade servers. These trends have had an impact on data center networking. A
typical non-virtualised data center has three network layers:
Top-of-Rack Switch: interconnects the servers in a rack
End-of-Row Switch: interconnects the racks
Core Switch: Interconnects all rows and other devices
Todays hypervisors utilise an internal virtual switch which facilitates communications between virtual machines
(VMs) within a server and between those VMs and the rest of the network. This virtual switch adds a fourth tier to
the network infrastructure. Many blade servers today utilise an internal blade switch to aggregate traffic for each
of the physical servers within the blade server chassis. These switches add a fifth tier to the network. The combination
of virtual switches and blade switches raises the number of tiers from 3 to 5 significantly increasing latency and
increasing the number of network elements within the data center. This increases the complexity of data center
management.
Extreme Networks Direct Attach eliminates the virtual switch layer, simplifying the network and improving performance.
Extreme Networks high-performance BlackDiamond 8800 series switches with 8900-series high-density modules
enable data center simplification by reducing network tiers to 3 or 2 tiers, depending on the size of the data center.
Direct Attach moves switching functionality back to the network, reducing management complexity by eliminating the
virtual switch (vSwitch), and increasing performance and security.

How Direct Attach Works


The Direct Attach software package is an ExtremeXOS loadable module that is installed on ExtremeXOS-based Extreme
Networks data center switches (including the Summit X450, Summit X480, and Summit X650) or BlackDiamond 8800
series switches with 8900-series modules.
Extreme Networks Direct Attach software and high fan-out switch blades can be used independently or together. By
combining them together you can eliminate the virtual switch as well as the blade switch, thus reducing the number
of network tiers from 5 to 3 or 2 tiers (depending on the data center size), and creating a simpler network architecture
that scales better, is easier to manage and reduces cost.

Key Benefits of XNV

More Predictable, Higher Performance


More Comprehensive Network Capabilities
Fewer Network Elements to Manage
Improved Security
Simpler Management across Hypervisors

Extreme Networks Core Technology Features

Extreme Networks Direct Attach Architecture


3 Tiers or 2 Tiers of Switches

5-Tiers of Switches

Extreme Networks 2-tier data center design to


connect 576 Blade Servers

Typical 5-tier data center design to


connect 576 Blade Servers

BlackDiamond
8810s

Core
(Tier 1)

Core
(Tier 1)

Aggregation
(Tier 2)

42U 19
Rack

Top-of-Rack
(Tier 3)

Access (Tier 2)
End-of-Row
Chassis

BlackDiamond
8810s

Blade Servers

MRJ21

Blade
Switches
(Tier 4)

42U 19
Rack
Blade Servers

Virtual
Switch
(Tier 5)
12
racks

12
racks

3 Blade Enclosures per rack


with 14-16 Blade Servers each

3 Blade Enclosures per rack


with 14-16 Blade Servers each

Extreme Networks Core Technology Features

Enterprise Chassis
Switch Solutions

Ethernet switching products from Extreme Networks


Over the past 10 years, Ethernet has become the foundation for global communications and innovative
Ethernet switching products from Extreme Networks have re-defined networking.
Now, new expectations for rich infrastructure capabilities, high security, and flawless operations are
testing network professionals like never before. By delivering meaningful insight and unprecedented
control Extreme Networks are responding with solutions that help deliver secure, robust connectivity for
voice, video, and data to a discerning and highly mobile user community.

Choosing the best solution, modular chassis or stackable/fixed configuration?


Ethernet switches come in two distinct form factors. Both types of switches are sold for two main uses in business
enterprises, the wiring closet and the core (or backbone) network. The wiring closet is the central point in a
department or section of the building where the wiring from all of the client devices (mostly PCs, IP Telephones and
Printers) converge. The needs in wiring closets are increasing all the time, for example more ports, better security,
more quality of service features for VoIP, and Power over Ethernet for IP Telephones and WiFi access points are all
considerations.
Both modular switches and fixed configuration switches can have their place in the wiring closet and the network core.
The wiring closet generally does not need to have much port media flexibility, for example UTP connected fast or
gigabit Ethernet only, also cost may be a consideration so stackable switches are a good option here.
Some companies prefer to use chassis based switches for wiring closet situations for a pay as you grow philosophy
despite the higher costs of modular switches. Modular switches also offer a higher level of availability than fixed
configuration switches with redundant management modules, hot-swappable power supplies, hot-swappable switch
modules, and hot-swappable fan trays.

The decision is based largely on:


Size of the installation
Future expansion needs
Overall budget

Enterprise Chassis Switch Solutions

Choosing the best solution, modular chassis or stackable/fixed configuration:

Data Centre and High Performance Cluster Computing (HPCC)


Module Type
BlackDiamond 8900-series modules
BlackDiamond 8800 c-series modules

Recommended

BlackDiamond 8500-series modules

Enterprise Chassis Switch Solutions

High Performance Enterprise Core


Module Type
BlackDiamond 8900-series modules
BlackDiamond 8800 c-series modules
BlackDiamond 8500-series modules

Enterprise Chassis Switch Solutions

Recommended

High-Density PoE Edge Switch for Integrated Wired, Wireless and IP Telephony
Module Type

Recommended

BlackDiamond 8900-series modules


BlackDiamond 8800 c-series modules

BlackDiamond 8500-series modules

Enterprise Chassis Switch Solutions

Chassis based Solutions at a glance

The increasing demands of IP Telephony deployments, enterprise aggregation, corporate data centres,
network backbones and metro Ethernet provider Points of Presence require solutions that combine
consistent performance, carrier-class availability, enhanced security and simplified management.
BlackDiamond core switching products from Extreme Networks are designed and built to deliver these critical
requirements. These switches minimise latency and jitter, which degrade the quality of voice and video applications.
Theyre also highly resilient, a key aspect of voice-class availability using technologies such as Ethernet Automatic
Protection Switching (EAPS) link resiliency standard to provide sub 50 millisecond link failover recovery time. This multilayered approach to security helps safeguard your network and leverages best-of-breed appliances and partners, so
you can implement the security architecture thats best for you.
Particularly in the large enterprise network and in service-provider environments, there is the middle layer between
core and edge which is called the aggregation layer. In the aggregation layer, aggregation switches play an important
role of aggregating traffic from a large number of edge switches to be forwarded to the core switches as well as
receiving traffic from the core applications to distribute towards edge switches.

Key Benefits
The BlackDiamond 8806 six slot chassis fits well at the edge of the most demanding enterprises, switching
Voice-over-IP (VoIP), video, wireless and data traffic.
The BlackDiamond 8810 switches can support a high density of non-blocking ports delivering high speed
server connectivity for High Performance Cluster Computing (HPCC).

Enterprise Chassis Switch Solutions

BlackDiamond 8800 Series


BlackDiamond 8800 series switches deliver toll quality
voice and carrier class availability to the enterprise.
Network managers can deploy high-density Power
over Ethernet (PoE), Gigabit Ethernet, and 10 Gigabit
Ethernet wherever its needed.
With their comprehensive security features, both
BlackDiamond 8800 series switches are the single
modular switch solution for mid-sized enterprises.
BlackDiamond 8800 series next generation
architecture eliminates bottlenecks at the edge and
core

Key features
Interconnect switch providing low-latency connections at low power for data
centres and High Performance Cluster Computing (HPCC)
Traditional Gigabit or 10 Gigabit Ethernet aggregation switch
High-density PoE edge switch for integrated wired, wireless and IP Telephony
Single switch network solution for small to medium-sized networks
Low power consumption for reduced power and cooling

BlackDiamond 8800 Comparison


Ports

BlackDiamond 8810

BlackDiamond 8806

Max auto-negotiating 10/100/1000BASE-T ports

864

480

Max auto-negotiating 10/100/1000BASE-T PoE ports

864

480

Max 1 Gigabit Ethernet ports (SFP)

440

248

Max 10 Gigabit Ethernet ports (SFP+)

216

120

Enterprise Chassis Switch Solutions

BD20K
BlackDiamond 20808 switches allow a single
Carrier Ethernet network to deliver residential
services, business services and wireless backhaul
services. Residential services can include triple- and
quad-play telephony services, IPTV, tiered Internet
access, and more.
Business subscribers are deploying increasingly
complex applications to maximise business
productivity. On the residential side, the demand
for triple- and quad-play services as well as the
growth of telecommuting and home-based
businesses spur the need for ever more bandwidth.
Wireless providers must accommodate growing
subscriber bases as well as a surge in voice and
data service usage.
The BlackDiamond 20808 switch provides a futureproof design, with 120 Gbps per slot capacity that
enables future 40 Gigabit Ethernet and 100 Gigabit
Ethernet modules, to support todays bandwidth
and service demands as well as future needs.

Key features
High-bandwidth wireless backhaul with
the scale to support bandwidth and
roaming for thousands of simultaneous
customer connections
Simplified deployment and management
reduce ongoing operational costs
Long service life with future fabric
upgrade from 2 Tbps to 5 Tbps

Customer Edge

Provider Edge

Provider Aggregation

Metro Core

Summit X450a
or Summit X250e

BlackDiamond 12802R
or Summit X450a

BlackDiamond 12804R

BlackDiamond 20808

Enterprise Chassis Switch Solutions

Sentriant Automated Attack Mitigation


Automated Attack Mitigation :
1. An infected source enters the network.
2. ExtremeXOS static ACLs and CLEAR-Flow rules
filter out DoS attacks, determine traffic class as
suspicious.
3. Selectively port-mirror traffic to Sentriant for
further analysis.
4. Sentriant continues to watch suspicious traffic
and uses its internal rules to escalate traffic-class
from suspicious to high level alert.
5. Sentriant initiates a dynamic ACL on the
ExtremeXOS switch. The Switch applies the
dynamic ACL in real-time and continues to port
mirror suspicious traffic. Sentriant also sends the
mitigation action to Extreme Networks EPICenter
network management software.

1
2
BlackDiamond

EPICenter works with core and edge switches to


enforce the security policy (mitigation action).

Sentriant

Enterprise Chassis Switch Solutions


BlackDiamond
Series
BlackDiamond 8800
8800
series switches simplify the

Enterprise network.

The BlackDiamond 8800 series of switches provides unparalleled investment


protection with backward and forward compatibility.

Features

Enterprise IT managers have limited time and resources to deal


with overly complex, specialised network infrastructure solutions.
BlackDiamond 8800 series switches from Extreme Networks
simplify the architecture.
Purpose-built
core,
aggregation, edge and data
center modules can meet
your chassis needs across
the network. Traditional
three-tier architectures can
be
replaced
with
a
streamlined
two-tier
network
that
reduces
management
overhead,
operational complexity and
capital expenditures.

High-density gigabit and 10 Gigabit Ethernet switch


High availability to maximize network uptime

High performance connectivity for converged networks


Comprehensive security to maximize protection

Ease of management to reduce the complexity of


network operation

Target
Features Applications
BlackDiamond 8800 series switches deliver voiceHigh-density gigabit & 10 Gigabit Ethernet switch
High-performance
core
switch for
medium
to large
class
availability, high-density
Power over Ethernet
High availability to maximise network
uptime
(PoE), Gigabit Ethernet, and 10 Gigabit Ethernet
High performance connectivity
Enterprise
networks
wherever it is needed. It serves well as a high Comprehensive security to maximise protection
Ease of management to reduce the complexity of

performance Enterprise core and data center switch.

connections at low power for data centers and


High Performance Cluster Computing (HPCC)

and core. BlackDiamond 8800 series fits well at the


edge of the most demanding enterprises switching
Voice-over-IP (VoIP), video, wireless and data traffic.

The non-blocking ports interconnect thousands of


network operation
High-density
switch providing low-latency
connections
at
servers for High Performance
Cluster Computing
Target Applications
(HPCC).
A
full
range
of
Layers
2
4
features
low
High-performance
switch
for
small
to
large
power for data centers and High
Performance Cluster for
IPv4 and IPv6 allow the aggregation of high-speed
Enterprise networks
connections, minimising bottlenecks between edge
Computing
Interconnect switch(HPCC)
providing low-latency

Cost-effective edge switch for wiring closet

Performance

Recommended Module Deployment

8900-series
modules
8500-series
modules

Small

8800 c-series
modules

Network Size

Enterprise Chassis Switch Solutions

Large
5255_01

High Availability
BlackDiamond 8800 series switches achieve voiceclass availability by combining highly resilient software
and redundant hardware. ExtremeXOS dramatically
increases network availability by monitoring in real
time independent operating system processes. If any of
these processes become unresponsive, or stop running,
they are automatically restarted. The modular design of
ExtremeXOS allows the extension of switch functionality.
New functionality can easily be added to the switch.
BlackDiamond 8800 series switches run a contingent of
high availability protocols, including Ethernet Automatic
Protection Switching (EAPS), allowing the IP network
to provide the level of resiliency and uptime that users
expect from their traditional voice networks. In most
situations, VoIP calls dont drop and digital video feeds
dont freeze or pixelise because EAPS allows the network
to recover almost transparently from link failure (in less
than 50 milliseconds). Fast failover aids HPCC by keeping
calculations and processes moving along unimpeded.
BlackDiamond 8800 series switches include a passive
backplane complemented by high availability design
elements such as isolated control and data planes,
redundant controller boards for power distribution, and
fan control and environmental monitoring to identify
anomalies before they affect network availability.

High Performance Connectivity


BlackDiamond 8800 series switches support up to 1,968
non-blocking gigabit ports or up to 582 10 Gigabit
Ethernet ports in a single seven foot rack, allowing these
switches to deliver very cost-effective connectivity for a
range of aggregation, core and data center needs.
Extreme Networks tradition of building products with
low latency and jitter continues with BlackDiamond 8800
series switches, providing voice-quality connections.
BlackDiamond 8800 switches feature PoE on every
port. Their extensibility supports large IP Telephony
deployments and scales seamlessly as non-computing
devices, such as surveillance cameras and Personal Digital
Assistants (PDAs), are accommodated at the edge.

defense-in-depth strategy in safeguarding your network


on multiple levels.
User authentication and host integrity checking enforce
admission and usage policies on dedicated and shared
ports at the edge of the network. The powerful sFlow
technology provides threat detection and response by
offering continuous and simultaneous monitoring of
application-level traffic flows on all interfaces. In the
event of an attack, network managers can dynamically
reconfigure the switches to close vulnerabilities,
hardening the network without shutting down network
operation.
BlackDiamond 8800 switches policy-based routing
provides a flexible mechanism for network administrators
to customise the flow of traffic. Access Control Lists
(ACLs) configured on the switch can redirect packets
away from their normal path to another physical switch
port. Packets are selected according to their ACL match
conditions such as class of service, VLAN, IP addresses,
protocol, port number or other criteria.
BlackDiamond 8800 switches complement perimeter
firewalls by protecting the soft interior of the network
that is currently unprotected. Utilising the industrys
most advanced CLEAR-Flow Security Rules Engine,
BlackDiamond 8800 switches can be programmed to
automatically detect and mitigate security threats in
seconds.

Ease of Management
Extreme Networks has developed tools that save you time
and resources in managing your network. The Universal
Port capability allows auto-configuration of VoIP phones,
providing simplicity in managing network changes.
EPICenter provides all fault configuration, accounting,
performance and security functions, allowing effective
management of Extreme Networks multi-layer switching
equipment in a converged network

BlackDiamond 8800 series switches incorporate


Link Layer Discovery Protocol (LLDP) to simplify
troubleshooting of Enterprise networks and enhance the
ability of management tools to discover and maintain
accurate network topologies. By reducing the complexity
and expense that arise from convergence-driven network
changes, BlackDiamond 8800 switches allow enterprises
to add new access devices in a non-disruptive, plug-andplay fashion.

Comprehensive Security Providing


Defense-in-Depth
BlackDiamond 8800 switches, when combined with
Extreme Networks Sentriant security solutions and
EPICenter management tool, allow you to adopt a

Enterprise Chassis Switch Solutions

BlackDiamond 20808 Series


Benefits
Get ahead of your customers ever-growing bandwidth
demands
Increase revenue with scalable switch resources that
maximise service capacity
Drive profitability with unmatched price/performance
Target Applications
Aggregating residential triple-play services, business
services and wireless backhaul services on a common
platform
Prioritised VPN, Internet access, Voice over IP (VoIP)
and other applications over E-Line or multi-point
E-LAN connections to business subscribers
High-bandwidth wireless backhaul with the scale to
support bandwidth and roaming for thousands of
simultaneous customer connections

The BlackDiamond 20808 switch is purpose-built to enable service providers to


deliver new residential and business service offerings and wireless backhaul
services.
As the disparity between carriers revenue streams and the amount of bandwidth consumed by each
new service continues to grow, service providers are seeking a more cost-effective option through a
Carrier Ethernet transport infrastructure. Designed from the ground up for the new carrier landscape,
the Extreme Networks BlackDiamond 20808 switch gives service providers the tools they need to
compete effectively while satisfying their customers needs and expectations.
Business subscribers are deploying increasingly complex
and bandwidth-intensive applications to maximise
business productivity. In the residential market, the
demand for triple- and quad-play services as well as
growth in telecommuting and home-based businesses
spurs the need for ever more bandwidth. And wireless
providers must accommodate growing subscriber bases
as well as a surge in voice and data service usage.
BlackDiamond 20808 switches allow a single Carrier
Ethernet network to deliver residential services, business
services and wireless backhaul services.
BlackDiamond 20808 switches meet the stringent
demands of a service providers core metro Ethernet
environment through a combination of superior
bandwidth capacity, scalable switch resources, and
unmatched price/performance ratio.

Industrys Highest System Capacity


With 64 line-rate 10 GbE ports available in a single
chassis, BlackDiamond 20808 switches offer the
highest system capacity in the market both in terms of
performance and port count. With the BlackDiamond
20808, service providers can easily scale to support
additional subscribers and service instances while
reducing the number of network elements to install and
maintain as they expand their networks.
BlackDiamond 20808 switches provide a future-proof
design, with 120 Gbps per slot capacity that enables
future upgrades to 40 GbE and 100 GbE I/O modules, to
support todays bandwidth and service demands as well
as future needs.
The BlackDiamond 20808 switch has been designed to
ensure a straightforward path to upgrade the switch
fabric from 2 Tbps to a future 5 Tbps fabric to support
continuous growth of revenue-generating services. In
addition, the BlackDiamond 20808 design includes
backward compatibility of existing modules to further
assure investment protection for carriers.

Enterprise Chassis Switch Solutions

End-to-end QoS provisioning is


important in providing quality services
to business enterprise customers
whose
workgroups
located
Switch
Resourcesare
That
Scale across
multiple
carrier
boundaries.
Network-toWith scalable, rich resources, service
providers can
achieve revenue
growth
by delivering
compelling new
Network
Interfaces
(NNIs)
and Ethernet
services such as streaming video, business E-LAN and
cross-connect
capabilities
combined
with
E-Line, and mobile
backhaul services
to both consumers
and businessQoS
subscribers
across a large geographical
Hierarchical
on BlackDiamond
20808
base, all on a single platform.
switches allow provider and application
BlackDiamond 20808 switches deliver outstanding
peering,
service providers
canpriority
extend
multicastso
performance
with dedicated
queues
to Service
support tens
thousands of multicast
their
LevelofAgreements
outsidestreams
simultaneously. Multicast traffic is replicated using
their
geographic
footprint.
multiple
references to
a packets memory, which avoids
multiple packet copies to provide financial data or video
streams, for example.

Unmatched
Price Performance
The extraordinary performance and bandwidth capacity

of the BlackDiamond 20808 switch is also backed by

Thea BlackDiamond
20808 Hierarchical
switch packs
powerful hardware-based
Quality of
Service (H-QoS)
engine. Thesimplicity,
H-QoS engineand
allowsscale
service
economy,
operational
providers to run hundreds of thousands of applications
to allow
service
providers
toonoffer
more
with varying
service
requirements
the same
system.
Bandwidth is controlled on a per-service, per-subscriber,
services
while
significantly
lowering
both
and per-port basis.
CAPEX and OPEX.

End-to-end QoS provisioning is important in providing


quality services to business enterprise customers
whose
are located
across
With
theworkgroups
highest port
density
in multiple
the carrier
boundaries. Network-to-Network Interfaces (NNIs)
industry,
BlackDiamond
20808 switches
and Ethernet
cross-connect capabilities
combined with
Hierarchical QoS on BlackDiamond 20808 switches allow
support
the
largest
subscriber
count
provider and application peering, so service providers
can extend their Service Level Agreements outside their
geographic footprint.

providers can easily scale their networks


to support a high density of subscribers
without the need to operate and
maintain complex Layer 3 equipment.
Ethernet Price
Automatic
Protection
Unmatched
Performance
Switching
(EAPS)
provides
theeconomy,
The BlackDiamond 20808 switch packs
operational
simplicity,
and scalefor
to allow
service providers
resiliency
required
latency-sensitive
to offer more services while significantly lowering both
voice
and video services.
CAPEX
and OPEX.
With the highest port density in the industry,
BlackDiamond
20808 switches
support
the largest
ExtremeXOS
modular
operating
subscriber count per system and offers a great perin 20808
Extreme
Networks
portsystem,
cost. Withavailable
BlackDiamond
switches,
service
providers
can from
increasethe
profitability
products
edge tobytheminimising
core,
incremental hardware costs associated with subscriber
allows carriers to reduce costs and
additions.

simplify
maintenance,
operations
By utilising
vMAN
technologies, service
providers and
can
easilyupgrades.
scale their networks
to support
a high density
of
With hitless
upgrades,
new
subscribers without the need to operate and maintain
software
can Ethernet
be added
without
complex
Layer features
3 equipment.
Automatic
Protection
Switching
(EAPS) provides
the resiliency
disruption
to existing
services,
which
required for latency-sensitive voice and video services.
is crucial in enhancing subscriber

ExtremeXOS modular operating system, available in


satisfaction,
retaining
customer
Extreme
Networks products
from the
edge to theloyalty
core,
allows
carriers
to
reduce
costs
and
simplify
maintenance,
and reducing churn.
operations and upgrades.

Services

Required Switch Resources

Triple/Quad Play

Hardware-Based QoS

Streaming Video

Multicast Streams

Business E-Line

EAPS

Business E-LAN

VPLS

Mobile Backhaul

E-NNI & Cross Connect

Service and revenue growth requires switch resources


that scale to match the available bandwidth.

Enterprise Chassis Switch Solutions

Enterprise
Stackable Switch
Solutions

Fixed Configuration and Stackable Switches


What is SummitStack?

What is Stacking?

SummitStack is a high availability stacking architecture and


is designed to support converged services such as video
and VoIP by its highly available and rapid failover capability.
With redundancy, distributed Layer 2 and Layer 3 switching, link
aggregation across the stack and distributed uplinks it provides sub
seconds failover for path failure and hitless master/backup failover.
SummitStack supports up to eight units in a stack, with a
combination of Summit X250e, Summit X450e, Summit X450a
and Summit X650 switches.

Stacking is a technology that refers to


the dedicated high speed connection
of multiple individual switches to
form a single virtual device.
Additionally if a loop is formed with a
return cable, individual switches can
be hot swapped without losing the
whole stack.

Universal Port VoIP Auto Provisioning


The Universal Port feature allows enterprises to add new IP Phones in a non-disruptive plug-and-play fashion. It
allows dynamic configuration of voice VLANs and QoS. This level of simplicity in managing network changes can
reduce operating expenses as well as total cost of ownership.

VIM1-SummitStack

VIM1-SummitStack

Key features

Consistent modular operating system - ExtremeXOS


High bandwidth, non-blocking architecture for demanding edge applications
Exceptional Quality of Service (QoS) with advanced traffic management capabilities for converged applications
Automated provisioning to meet growing demand of converged network applications
Efficient management to handle convergence-driven network changes with Power over Gigabit Ethernet
Universal Port dynamic security profile to provide fine granular security policy in the network

Enterprise Stackable Switch Solutions

Summit at a glance
The Summit family of ExtremeXOS based switches offers the benefits of highly available, scaleable and
secure convergence grade data infrastructure in a cost effective compact modular form factor.

X150
Powered by ExtremeXOS, the Summit
X150 switch supports process recovery and
application upgrades without the need for
a system reboot. Summit X150 switches
provide the high network availability
required for converged applications. A
Summit X150 switch provides a simple
streamlined operating system across the
entire enterprise network to support
ease of deployment and maintenance.
Cost effective 10/100 Base-T edge switch

ExtremeXOS modular operating system


Scripting capability to automate network configuration
Quality of Service (QoS) with minimised latency
Ethernet Automatic Protection Switching (EAPS) resiliency protocol
Non-Blocking Forwarding
Threat detection and response instrumentation to react to network intrusion
Hardened network infrastructure

X250
Powered by ExtremeXOS, the Summit
X250e switch supports process recovery
and application upgrades without the
need for a system reboot. Summit X250e
provides the high network availability
required for converged applications.
Summit X250e offers dual stacking
interfaces to provide high-speed 40 Gbps
stacking bandwidth. Summit X250e
provides chassis-like management and
availability with its SummitStack stacking
technology.
Advanced 10/100 Base-T Intelligent
Edge Switch
ExtremeXOS modular operating system
Scripting capability to automate network operations
Quality of Service (QoS) with minimised latency
Ethernet Automatic Protection Switching (EAPS) resiliency protocol
Non-Blocking Forwarding
Threat detection and response instrumentation to react to network intrusion
Hardened network infrastructure

Enterprise Stackable Switch Solutions

X350
Extreme Networks Summit X350 series
switches are based on ExtremeXOS,
the revolutionary core-class operating
system. When deployed at the network
edge, Summit X350 switches benefit
from the highly robust and modular
architecture of ExtremeXOS and provide
high levels of availability, resilience and
simplified management of the entire
network at an affordable price. Summit X350 enables the rollout of applications such as gigabit to the desktop to
support high bandwidth-demanding users.
The highly flexible Summit X350 switch provides high-density Gigabit Ethernet ports plus optional two 10 Gigabit
Ethernet ports in a compact 1RU format, supporting intelligent Layer 2 switching with Layer 2 Layer 4 traffic
classification and Quality of Service (QoS) on every port for high productivity. Optional redundant power supplies are
provided with each switch to help secure against power anomalies.

Single streamlined operating system across the entire enterprise network


ExtremeXOS provides scripting capability to automate network configuration
Ethernet Automatic Protection Switching (EAPS) resiliency protocol
Multiple network edge authentication support with multiple endpoints per port
Ease of management

X450
Powered by ExtremeXOS, the
Summit X450e switch supports
process recovery and application
upgrades without the need
for a system reboot. Summit
X450e can provide the high
network availability required for
converged applications as either
an aggregation or core network
device Summit X450e provides a
high bandwidth, non-blocking architecture with tri-speed copper Gigabit Ethernet ports with PoE for demanding
edge applications. Combining exceptional Quality of Service (QoS) and advanced traffic management with resiliency,
comprehensive security and non-blocking performance, the Summit X450e switch is designed to be the cornerstone
of a high-performance converged network.
Advanced 10/100/1000 Base-T and 1000 Base-X Intelligent Edge Switch (Summit X450e) or aggregation/core
switch (Summit X450e)
Scripting capability to automate network operations
ExtremeXOS modular operating system
QoS with minimised latency
Ethernet Automatic Protection Switching (EAPS) resiliency protocol
Minimised Latency
Non-Blocking Forwarding
Threat detection and response instrumentation to react to network intrusion
Hardened network infrastructure

Enterprise Stackable Switch Solutions

X460

The Summit X460 series is based on Extreme Networks revolutionary ExtremeXOS, a highly resilient OS that provides
continuous uptime, manageability and operational efficiency. Each switch offers the same high-performance, nonblocking hardware technology, in the Extreme Networks tradition of simplifying network deployments through the
use of common hardware and software throughout the network. The Summit X460 switches are ideal campus edge
switches with IEEE 802.3at PoE-plus and ideal aggregation switches for traditional enterprise networks.
The Summit X460 is also purpose-built as a top-of-rack switch for many data centre environments with features such
as high-density Gigabit Ethernet for concentrated data centre environments; XNV (ExtremeXOS Network Virtualisation)
for centralised network-based Virtual Machine (VM) inventory, VM location history and VM provisioning; Direct Attach
to offload VM switching from servers, thereby improving performance; high-capacity Layer 2/Layer 3 scalability for
highly virtualised data centres; and intra-rack and cross-rack stacking with industry leading flexibility.

Network
Core
Summit X460

Summit X460

Summit X460

Summit X460

Summit X460

Summit X460

Enterprise Stackable Switch Solutions

X480

The Summit X480 series switch is a versatile, high-end


Ethernet switch for data centre, enterprise aggregation,
and Carrier Ethernet deployments. Summit X480 helps
optimise application performance for a variety of
network deployments with its rich features and high
scalability.

Summit X450a

Summit X480 provides high density for Gigabit


Ethernet in a very small 1RU form factor for up to 48
ports in one system and 384 ports in a stacked system
using backward compatible SummitStack or highspeed SummitStack128 running at 128 gigabit per
second. Summit X480 also offers 10 Gigabit Ethernet
connectivity for up to six ports in one system and 16
ports in a stacked system with the industry standard
XFP interface.
10Gbps high performance network core.
High density 1Gbps switch connectivity in a
1RU form factor.
Optional 10G interface modules for flexible
uplinks forming a high speed network core.
High availability with redundant PSU option.
Stacking capability of up to 8 switches.
ExtremeXOS operating system for robust
resilient network maximising network uptime.
Advanced traffic management and security
framework for carrier grade Ethernet
networks.

Enterprise Stackable Switch Solutions

Summit X480

Summit X480

Summit X450a

Summit X650

The Summit X650 series switch is a purpose built Top of Rack switch designed for emerging 10 Gigabit Ethernet
enabled servers, deployed in Enterprise data centres. Summit X650 optimises the new server deployment while
providing an excellent migration path from the existing Gigabit Ethernet based servers to the 10 Gigabit Ethernet
based high performance servers, to seamlessly start the transition to the new virtualised environment.
Summit X650 provides remarkable high-density for 10 Gigabit Ethernet in a very small 1RU form factor for up to
32-ports in one system and 192-ports in a stacked system. Summit X650 offers two of the most advanced 10 Gigabit
Ethernet technologies: 10GBASE-T and SFP+ to accommodate the needs both for copper twisted pair cable and
optical fibre based 10 Gigabit Ethernet.
24-port 10 Gigabit Ethernet non-blocking switching
with 363 million packet per second forwarding rate in
1 Rack Unit (RU) form factor
256 Gbps ultra high-speed stacking for up to 8 units
in a stack to provide up to 192 10 Gigabit Ethernet
ports in one logically integrated unit
Optional 512 Gbps stacking for connecting two
Summit X650 switches to provide non-blocking 48 10
Gigabit Ethernet ports
From high-performance server switching to enterprise
network aggregation and core deployment
Scripting capability to automate network operations
ExtremeXOS modular operating system

QoS with minimised latency


Ethernet Automatic Protection Switching (EAPS)
resiliency protocol
10 Gigabit Ethernet over UTP cable and optical fibre
with SFP+ transceivers for single-mode and multimode
fibre installation

Enterprise Stackable Switch Solutions

ReachNXT100-8t

ReachNXT 100-8t: extending the revolutionary modular operating system


ExtremeXOS to the access network.
The ReachNXT 100-8t device extends the revolutionary ExtremeXOS core-class operating system from
Extreme Networks. ExtremeXOS is a highly resilient, modular operating system that helps provide
continuous uptime, manageability and operational efficiency.
ReachNXT 100-8t provides users with a consistent ExtremeXOS experience at an affordable price. It is best suited for
network access applications where easy network deployment is required.
The compact and quiet ReachNXT 100-8t enterprise port extender provides 8 Fast Ethernet ports plus 1 Gigabit
Ethernet combo copper/PoE and SFP fiber port. An optional power adapter provides the ReachNXT 100-8t with power
when the SFP fiber port is used.
ReachNXT 100-8t is deployed as a Fast Ethernet access device, extending the benefits of the ExtremeXOS operating
system. This uniformity allows consistent quality and performance throughout your converged network while
minimising operational inefficiencies.

Features

Target Applications

Ease of management supporting rapid network


deployment with ReachNXT 100-8t plug-andplay attributes.
As a port extender for ExtremeXOS, ReachNXT
100-8t can provide the same level of user
security over the network as the upstream
ExtremeXOS based switch.
Theft deterrents such as dependence on an
ExtremeXOS environment in order to operate,
and built-in Kensington lock slot.
Ease of management and operations lower
network costs.
Fanless design for low-noise environments.

Access device providing intelligent


10/100BASE-T connectivity to the
desktop in a network running
ExtremeXOS from the core to access
10/100BASE-T port extender to
aggregate a small department,
multiple stand-alone devices, or similar
applications

Ease of Management Supporting


Rapid Network Deployment
Link Layer Discovery Protocol (LLDP) provides device
management.
Comprehensive network management through
Extreme Networks EPICenter.
ReachNXT 100-8t built-in firmware management.

Enterprise Stackable Switch Solutions

Network Security
By extending ExtremeXOS, ReachNXT 100-8t can
provide the same level of user security over the
network as an upstream ExtremeXOS switch such as a
member of the Summit family.
Implementing VLANs with the ReachNXT 100-8t using
NetLogin.

NetLogin and multiple supplicants can be supported


over the same port on the upstream ExtremeXOS
switch.
Automated network login and authentication reduces
operator efforts and errors.
When NetLogin client fails authentication, the client is
moved to an authentication failure VLAN (for guests).

Theft Deterrents
ReachNXT 100-8t will stop working once it is
disconnected from the upstream ExtremeXOS switch.
Upstream ExtremeXOS switch checks that ReachNXT
100-8t is connected.
When drawing power from upstream ExtremeXOS
switch EPICenter can alert the network operator when
the ReachNXT 100-8t is no longer on the network.
Built-in Kensington lock slot .

Ease of Management and


Operations Lower Network Costs

its 10/100BASE-T ports.

General Specifications

Height: 1.34 inches/34 mm


Depth: 5.9 inches/150 mm
Width: 8.7 inches/220 mm
Weight: 1.1 lbs/0.5 kg
Kensington lock slot

Performance
5.6 Gbps switch fabric bandwidth
4.1 Mpps frame forwarding rate (based on 64 byte
packet)
2,048 Byte maximum packet size

Optional AC Power Adapter


Input: 100240V, 50/60 Hz, Max 0.5A
Output: 12V, 1.25A

The plug-and-play simplicity of ReachNXT 100-8t


reduces network operations cost as no configuration
is required.
EPICenter visibility allows the network operator to
manage the network from core to access.
ReachNXT 100-8t provides fiber-to-copper media
conversion from its 1000BASE-X SFP port to eight of

Wiring Closet
Summit X450e
Summit X250e

Gig PoE power ed


8 x 10/100BT por ts +
100/1000M PoE por t +
1000M SFP slot
LLDP
100M/1000M PoE

Enterprise Stackable Switch Solutions

Summit X150 Series

Summit X150 Series Switches - Fast Ethernet value edge stand-alone switches
with ExtremeXOS modular operating system.
Extreme Networks Summit X150 series switches are based on ExtremeXOS, the revolutionary coreclass operating system. When deployed at the network edge, Summit X150 switches benefit from
the highly robust and modular architecture of ExtremeXOS and provide high levels of availability,
resilience and simplified management of your entire network at an affordable price.
Summit X150 provides high availability and performance with its advanced traffic management capabilities. Summit
X150 supports the rollout of a converged network with devices such as IP telephones, wireless Access Points (APs)
and other devices that require power from a LAN connection, as well as regular computing devices such as desktop
and laptop computers. Summit X150-24p supports the 802.3af standards-based Power over Ethernet (PoE) on every
port of its PoE models.
The highly flexible Summit X150 switch provides high-density Fast Ethernet ports plus dual personality gigabit Ethernet
ports in a compact 1RU format, supporting intelligent Layer 2 switching with Layer 2 Layer 4 traffic classification and
Quality of Service (QoS) on every port for high productivity. Optional redundant power supplies are provided with each
switch to help secure against power anomalies.

Features

Target Applications

Single streamlined operating system


across the entire enterprise network
ExtremeXOS provides scripting capability
to automate network configuration
Ethernet Automatic Protection Switching
(EAPS) resiliency protocol
Multiple network edge authentication
support with multiple endpoints per port
Ease of management

Edge PoE and non-PoE switch providing


basic 10/100BASE-T connectivity to
the desktop in a network running
ExtremeXOS from the core to the edge

Single Streamlined Operating System in


the Entire Enterprise Network
Extreme Networks provides an ExtremeXOS-based
Ethernet switching platform from edge, aggregation, to
core of the enterprise network. Having one operating
system significantly simplifies network deployment and
operation, as well as ongoing maintenance, to reduce
the total cost of ownership. Summit X150 running
ExtremeXOS and provides a consistent experience
amongst other switches such as the BlackDiamond
modular chassis and provides an excellent user experience
from edge to core of the network.

Enterprise Stackable Switch Solutions

Network Configuration Automation


ExtremeXOS provides extensible scripting capability that
allows users to create a customised series of commands
and executables. Scripting can be used to add incremental
configuration to the network infrastructure, such as a
list of VLANs to be configured. This capability eases the
roll-out of networks and reduces configuration errors.
For example, using the scripting capabilities of system
and user-defined environment variables and constructs,
such as if/then and loops, allow automating regular
management tasks and deployment configurations of
QoS rate limiting and ACLs to multiple ports/switches.

Ethernet Automatic
Protection Switching (EAPS)
EAPS allows the IP network to provide the level of
resiliency and uptime that users expect from their
traditional voice network. EAPS differs from Spanning
Tree and Rapid Spanning Tree protocols offering subsecond (less than 50 milliseconds) recovery that helps
deliver consistent failover regardless of the number of
VLANs, network nodes or network topology. Since EAPS
allows the network to recover almost transparently, VoIP
calls do not drop and digital video feeds do not freeze or
pixelise in most situations.

Multiple Network Edge Authentication


Support with Multiple Endpoint per Port
Network Login capability enforces user admission and
usage policies. Summit X150 series switches support
a comprehensive range of Network Login options by
providing an 802.1x agent-based approach, a web-based
(agent-less) login capability for guests, and a MAC-based
authentication model for devices. With these modes of
Network Login, only authorised users and devices are
permitted to connect to the network and be assigned to
the appropriate VLAN.

Ease of Management
As the network becomes a foundation of the enterprise
application, network management becomes an important
piece of the solution. Summit X150 switches offer
comprehensive network management support through
Command Line Interface (CLI), SNMP v1, v2c, v3, and
embedded XML-based Web User Interface, ExtremeXOS
ScreenPlay. With a variety of management options and its
consistency across other Extreme Networks modular and
stackable switches, Summit X150 series provides easeof-management for demanding converged applications.
Extreme Networks has developed tools that can save you
time and resources in managing your network. EPICenter
provides fault configuration, accounting, performance
and security functions, allowing effective management of
multi-layer switching equipment from Extreme Networks
in a converged network.
Efficient Management to Handle Convergence-Driven
Network Changes

Shared ports represent a potential vulnerability in a


network. Multiple supplicant capability on a switch allows
it to uniquely authenticate and apply the appropriate
policies and VLANs for each user or device on a shared
port. Multiple supplicant support secures IP Telephony
and wireless access. Converged network designs often
involve the use of shared ports.

Enterprise Stackable Switch Solutions

Summit X250e Series

Summit X250e Series Switches - Advanced Fast Ethernet converged edge


stackable switches with ExtremeXOS modular operating system.

Summit X250e Series SwitchesAdvanced Fast Ethernet

Extreme Networks Summit X250e series switches are based on ExtremeXOS, the revolutionary
converged edge stackable switches with ExtremeXOS coreclass operating system. When deployed at the network edge, Summit X250e switches benefit from the
highly robust and modular architecture
of ExtremeXOS
and provides
high levels of availability, resilience
modular
operating
system.
and simplified management of your entire network at an affordable price.
As an edge switch offering optimum support for converged applications for enterprise and Carrier Ethernet networks,
Summit X250e provides low latency line-rate performance and offers flexible connectivity options including the
802.3af standards-based Power over Ethernet (PoE) and 100BASE-X SFP fiber optical interfaces.

Features

Extreme Networks continues its tradition in simplifying network deployment through consistent use of common
hardware and software. Summit X250e switch utilises the compatible non-blocking hardware technology found
in Extreme Networks Summit X450 series switches, delivering line-rate IPv6 capabilities for Fast Ethernet LAN
deployments.

High availability to help prevent network outages

Automated provisioning to meet growing demand of


converged network applications

The Summit X250e series supports a full range of Layer 2 4 features on each port. Each switch offers 40 Gigabits per
Second (Gbps) stacking interfaces in 1RU format. Optional redundant power supplies are provided with each switch
to help secure against power anomalies, allowing a continuous operational network that is crucial in meeting your
business needs.

Policy-based routing and switching to customized


Target Applications
flow

Features
traffic

High availability to help prevent network


outages
Automated provisioning to meet
growing demand of converged network
applications
Policy-based routing and switching to
customised traffic flow
Comprehensive security using defensein-depth
Ease of management

Edge

PoE

and

non-PoE

switch

providing high-density 10/100BASE-T


Comprehensive security using defense-in-depth

Ease of management

Target Applications

to the desktop in a network running


ExtremeXOS from the core to the edge
Carrier Ethernet edge switching with
100BASE-X provides advanced fiber
connectivity to the customer for both
AC and DC powered environment

Edge PoE and non-PoE switch providing high-density


10/100BASE-T to the desktop
network
Layer 2 in
andaLayer
3 resiliencyrunning
protocols such as Open
High Availability
Shortest Path First (OSPF), Extreme Standby Router
ExtremeXOS
from
the
core
to
the
edge
Summit X250e series switches provide high availability
Protocol (ESRP) and Virtual Router Redundancy Protocol
by employing a modular operating system, incorporating
resilient software features and supplying hardware
redundancies.

(VRRP) add to enhanced availability.

Summit X250e switches offer dual stacking interfaces

to provide with
high-speed
40 Gbps stacking
bandwidth.
Carrier Ethernet edge switching
100BASE-X
provides
High availability protocols such as the Ethernet Automatic
SummitStack is designed to support converged services
Protection Switching
(EAPS) thatfiber
failover in
less than 50
advanced
connectivity
customer
forvideo
both
suchto
as the
Voice-over-IP
(VoIP) and
by itsAC
highly
milliseconds provide toll-quality voice and picture-perfect
available architecture providing rapid failover capability.
and DC powered environment
video.
SummitStack supports up to eight units in a stack,

Enterprise Stackable Switch Solutions

mixture of the units with Summit X250e, Summit X450e,


Summit X450a and Summit X450 switches.
Redundancies in power supplies, uplink ports, operating
system and configuration images further contribute to
continuous availability.

Automated Provisioning for


Converged Networks
Summit X250e switches provide advanced traffic
management capabilities and allow the large scale
rollout of equipment such as IP telephones, wireless
APs and other devices that require power from the LAN
connection. With line-rate IPv6 support at the network
edge, Summit X250e prepares for IPv6-capable edge
devices as they become available.

Comprehensive Security Using


Defense-in-Depth
Summit X250e switches, when combined with Extreme
Networks Sentriant security solutions, allow you to adopt
a defense-in-depth strategy in securing your network on
multiple levels.
User authentication and host integrity checking enforces
admission and usage policies on dedicated and shared
ports at the edge of the network. The powerful
technology, sFlow, offers threat detection and response
by providing continuous and simultaneous monitoring
of application-level traffic flows on all interfaces. In the
event of an attack, network managers can dynamically
reconfigure the switches to close vulnerabilities,
hardening the network without shutting down network
operation.

Summit X250e series switches set the stage for


convergence applications by allowing enterprises to
add new access devices in a non-disruptive plug-andplay fashion. Voice and wireless services can be easily
implemented without major network upgrades. Summit
X250e supports automated provisioning of VoIP using
LLDP and event based command scripting capability. It
allows dynamic configuration of voice VLANs and Quality
of Service (QoS). This auto configuration capability allows
you to configure VoIP phone settings such as voice VLAN
settings, call server IP address configuration, etc. This
level of simplicity in managing network changes can help
reduce operating expenses.

The Universal Port scripting framework available in


Summit X250e lets you implement Dynamic Security
Profiles which in conjunction with Network Login allows
you to implement fine grained and robust security
policies. Upon authentication, the switch can load
dynamic ACL/QoS for a user or group of users, to deny/
allow the access to the application servers or segments
within the network.

Policy-based Routing and Switching

As the network becomes a foundation of the enterprise


application, network management becomes an important
piece of the solution. Summit X250e switches offer
comprehensive network management support through
Command Line Interface (CLI), SNMP v1, v2c, v3, and an
embedded XML-based web user interface, ExtremeXOS
ScreenPlay. With a variety

Policy-based routing and switching on a Summit X250e


switch provides a flexible mechanism for network
administrators to customise the flow of traffic. Access
Control Lists (ACLs) configured on the switch can redirect
packets away from their normal path to another physical
switch port. Packets are selected according to their
ACL match conditions such as class of service, VLAN, IP
addresses, protocol, port number or other criteria.

This layered approach of providing security significantly


enhances network protection.

Ease of Management

of management options and its consistency across other


Extreme Networks modular and stackable switches,
Summit X250e series provides ease of management for
demanding converged applications.
Extreme Networks has developed tools that save you
time and resources in managing your network. EPICenter
provides fault configuration, accounting, performance
and security functions, allowing effective management of
multi-layer switching equipment from Extreme Networks
in a converged network.

Enterprise Stackable Switch Solutions

Summit X350 Series

Summit X350 series switches - Gigabit Ethernet value edge stand-alone switches
ummit
X350 series switchesGigabit Ethernet value edge
with ExtremeXOS modular operating system.

stand-alone
switches
withareExtremeXOS
modular
Extreme Networks Summit
X350 series switches
based on ExtremeXOS, the revolutionary
core-class
operating system. When deployed at the network edge, Summit X350 switches benefit from the highly
operating
system.
robust and modular architecture
of ExtremeXOS and
provide high levels of availability, resilience and
simplified management of your entire network at an affordable price.

Summit X350 enables the rollout of applications such as gigabit to the desktop to support high bandwidth-demanding
users.

Features

The highly flexible Summit X350 switch provides high-density Gigabit Ethernet ports plus optional two 10 Gigabit
Ethernet ports in a compact 1RU format, supporting intelligent Layer 2 switching with Layer 2 Layer 4 traffic
classification and Quality of Service (QoS) on every port for high productivity. Optional redundant power supplies are
provided with each switch to help secure against power anomalies.

Single streamlined operating system across the entire


enterprise network
Features

Target Applications

Single streamlined
operating system
switch
providing
basic
ExtremeXOS
provides
scripting Edge
capability
to automate
across the entire enterprise network.
10/100/1000BASE-T connectivity to
ExtremeXOS
provides scripting capability
the desktop in a network running
network
configuration
to automate network configuration.
ExtremeXOS from the core to the
Ethernet
Automatic
Protection
Switching (EAPS) resiliency protocol.
Multiple network edge authentication
support with multiple endpoints per
port
Ease of management

edge.

Ethernet Automatic Protection Switching (EAPS)


resiliency protocol
Multiple network edge authentication support with
multiple endpoints per port
Ease of management

Target Application
Edge switch providing basic 10/100/1000BASE-T connectivity
Enterprise
Stackable Switch
to
the desktop
in aSolutions
network running ExtremeXOS from the

Single Streamlined Operating System in


the Entire Enterprise Network

Multiple Network Edge Authentication


Support with Multiple Endpoint per Port

Extreme Networks offers an ExtremeXOS-based Ethernet


switching platform from edge, to aggregation, to core
of the enterprise network. Having one operating system
significantly simplifies network deployment and operation,
as well as ongoing maintenance, to help reduce the total
cost of ownership. Summit X350 running ExtremeXOS
provides a consistent experience amongst other switches
such as the BlackDiamond modular chassis and provides
an excellent user experience from the edge to the core
of the network.

Network Login capability enforces user admission and


usage policies. Summit X350 series switches support
a comprehensive range of Network Login options by
providing an 802.1x agent-based approach, a web-based
(agent-less) login capability for guests, and a MAC-based
authentication model for devices. With these modes of
Network Login, only authorised users and devices are
permitted to connect to the network and be assigned to
the appropriate VLAN.

Network Configuration Automation


ExtremeXOS provides extensible scripting capability that
allows users to create a customised series of commands
and executables. Scripting can be used to add incremental
configuration to the network infrastructure, such as a
list of VLANs to be configured. This capability eases the
roll-out of networks and reduces configuration errors.
For example, using the scripting capabilities of system
and user-defined environment variables and constructs,
such as if/then and loops, allows for automating regular
management tasks and deployment configurations of
QoS rate limiting and ACLs to multiple ports or multiple
switches.

Ethernet Automatic Protection


Switching (EAPS)
EAPS allows the IP network to provide the level of
resiliency and uptime that users expect from their
traditional voice network. EAPS differs from Spanning
Tree and Rapid Spanning Tree protocols in offering subsecond (less than 50 milliseconds) recovery that helps
deliver consistent failover regardless of the number of
VLANs, network nodes or network topology. Since EAPS
allows the network to recover almost transparently, VoIP
calls do not drop and digital video feeds do not freeze or
pixelise in most situations.

Shared ports represent a potential vulnerability in a


network. Multiple supplicant capability on a switch allows
it to uniquely authenticate and apply the appropriate
policies and VLANs for each user or device on a shared
port. Multiple supplicant support secures IP Telephony
and wireless access. Converged network designs often
involve the use of shared ports.

Ease of Management
As the network becomes a foundation of the enterprise
application, network management becomes an important
piece of the solution. Summit X350 switches offer
comprehensive network management support through
Command Line Interface (CLI), SNMP v1, v2c, v3, and
embedded XML-based Web User Interface, ExtremeXOS
ScreenPlay. With a variety of management options and
consistency across other Extreme Networks modular and
stackable switches, Summit X350 series provides easeof-management for demanding converged applications.
Extreme Networks has developed tools that can save you
time and resources in managing your network. EPICenter
provides fault configuration, accounting, performance
and security functions, allowing effective management of
multi-layer switching equipment from Extreme Networks
in a converged network.

Enterprise Stackable Switch Solutions


Summit
X450a a
Summit X450a and Summit X450e Series

Summit X450a and


Summit X450e Providing high
availability, control
and simplified
management of
your entire network
with ExtremeXOS

Extreme Networks Summit X450a and Summit X450e series is based on ExtremeXOS, the revolutionary
core-class operating system. Whether
deployed
at the and
network
core, edge X450eProviding
or as an aggregation device, high
Summit
X450a
Summit
the Summit X450 series benefits from the highly robust and modular architecture of ExtremeXOS and
availability,
control
simplified
management
of your
provides high levels of availability,
resilience and
simplifiedand
management
of your entire
network.

entire network with ExtremeXOS.

As an edge switch offering optimum support for converged applications, Summit X450e provides low latency line-rate
performance and supports the 802.3af standards-based PoE on every port.
Summit X450a is highly flexible and scalable, making it an ideal aggregation switch for traditional small core enterprise
networks and a first level aggregation device for DSLAMs at a local central office before traffic is passed on to Extreme
Networks BlackDiamond 12804R core switch at the Point of Presence (POP).

Features

Extreme Networks continues its tradition in simplifying network deployment through consistent use of common
hardware and software. Summit X450a and Summit X450e switches utilise the same proven non-blocking hardware
technology found in Extreme Networks BlackDiamond 8800 series switches, delivering line-rate IPv6 capabilities for
Gigabit Ethernet LAN deployments.

High availability to prevent network outages

SummitStack 40 Gbps high-speed stacking


Target Application

Features

Flexible Power over Ethernet (PoE) to meet growing


Core switch
for a small applications
network.
demand
network
High availability to prevent network
outages. of converged

SummitStack 40 Gbps high-speed stacking.


Flexible Power over Ethernet (PoE) to meet
growing demand of converged network
applications.
Metro Ethernet service delivery.
Policy-based routing to customised traffic
flow.
Comprehensive security using defense-indepth.
Ease of management.

Aggregation switch in a traditional three-tiered


network that requires high availability and
ExtremeXOS advanced features.
Customer Edge (CE) or Provider Edge (PE) device
in a Metro Ethernet network, compliant with UNI
1.0 Metro Ethernet Forum (MEF) specification,
supporting all service parameters of MEF 6, the
traffic management specification.
Interconnect switch providing low latency
connections for High Performance Cluster
Computing (HPCC)
Edge PoE switch providing high-density gigabit
PoE to the desktop in a network running
ExtremeXOS from the core to the edge.

Metro Ethernet service delivery

Policy-based routing to customized traffic flow


Comprehensive security using defense-in-depth
Ease of management

Target Applications

Streamlined
Core switch forSingle
a small
networkOperating System

The versatile Summit X450a and Summit X450e series


supports a full range of Layer 2 4 features on each
port. Each switch offers 40 Gigabits per Second (Gbps)
stacking interfaces and optional 10 Gigabit Ethernet in a
compact 1RU format. Optional redundant power supplies
are provided with each switch to secure against power
anomalies, allowing a continuous operational network
that is crucial in meeting your business needs.

in the Entire Enterprise Network

Aggregation switch
in a traditional
three-tiered
Extreme Networks
offers an ExtremeXOS-based
Ethernetnetwork
switching
platform from edge,
toExtremeXOS
aggregation, to core advanced
that requires high
availability
and
of the enterprise network. Having one operating system
features
significantly simplifies network deployment and operation,
as well as ongoing maintenance, to help reduce the total

Customer Edge (CE) or Provider Edge (PE) device in a


network, compliant with UNI 1.0 Metro
Ethernet Forum (MEF) specification, supporting all serv

Metro
Ethernet
Enterprise Stackable Switch
Solutions

cost of ownership. Summit X350 running ExtremeXOS


provides a consistent experience amongst other switches
such as the BlackDiamond modular chassis and provides
an excellent user experience from the edge to the core
of the network.

Network Configuration Automation


ExtremeXOS provides extensible scripting capability that
allows users to create a customised series of commands
and executables. Scripting can be used to add incremental
configuration to the network infrastructure, such as a
list of VLANs to be configured. This capability eases the
roll-out of networks and reduces configuration errors.
For example, using the scripting capabilities of system
and user-defined environment variables and constructs,
such as if/then and loops, allows for automating regular
management tasks and deployment configurations of
QoS rate limiting and ACLs to multiple ports or multiple
switches.

Ethernet Automatic Protection


Switching (EAPS)
EAPS allows the IP network to provide the level of
resiliency and uptime that users expect from their
traditional voice network. EAPS differs from Spanning
Tree and Rapid Spanning Tree protocols in offering subsecond (less than 50 milliseconds) recovery that helps
deliver consistent failover regardless of the number of
VLANs, network nodes or network topology. Since EAPS
allows the network to recover almost transparently, VoIP
calls do not drop and digital video feeds do not freeze or
pixelise in most situations.

Multiple Network Edge Authentication


Support with Multiple Endpoint per Port
Network Login capability enforces user admission and
usage policies. Summit X350 series switches support
a comprehensive range of Network Login options by
providing an 802.1x agent-based approach, a web-based
(agent-less) login capability for guests, and a MAC-based
authentication model for devices. With these modes of
Network Login, only authorised users and devices are
permitted to connect to the network and be assigned to
the appropriate VLAN.
Shared ports represent a potential vulnerability in a
network. Multiple supplicant capability on a switch allows
it to uniquely authenticate and apply the appropriate
policies and VLANs for each user or device on a shared
port. Multiple supplicant support secures IP Telephony
and wireless access. Converged network designs often
involve the use of shared ports.

Ease of Management
As the network becomes a foundation of the enterprise
application, network management becomes an important
piece of the solution. Summit X350 switches offer
comprehensive network management support through
Command Line Interface (CLI), SNMP v1, v2c, v3, and
embedded XML-based Web User Interface, ExtremeXOS
ScreenPlay. With a variety of management options and
consistency across other Extreme Networks modular and
stackable switches, Summit X350 series provides easeof-management for demanding converged applications.
Extreme Networks has developed tools that can save you
time and resources in managing your network. EPICenter
provides fault configuration, accounting, performance
and security functions, allowing effective management of
multi-layer switching equipment from Extreme Networks
in a converged network.

Enterprise Stackable Switch Solutions

Summit X460 Series


Summit X460 series
the scalable advanced
aggregation and
edge switch with the
revolutionary modular
operating system,
ExtremeXOS.

The Summit X460 series is based on Extreme Networks revolutionary ExtremeXOS, a highly resilient OS
that provides continuous uptime, manageability and operational efficiency. Each switch offers the same
high-performance, non-blocking hardware technology, in the Extreme Networks tradition of simplifying
network deployments through the use of common hardware and software throughout the network.
The Summit X460 switches are ideal campus edge switches with IEEE 802.3at PoE-plus and ideal aggregation switches
for traditional enterprise networks. The Summit X460 series is a great option for DSLAM or CMTS aggregation, or for
active Ethernet access.
The Summit X460 is also purpose-built as a top-of-rack switch for many data center environments with features
such as high-density Gigabit Ethernet for concentrated data center environments; XNV (ExtremeXOS Network
Virtualisation) for centralised network-based Virtual Machine (VM) inventory, VM location history and VM provisioning;
Direct Attach to offload VM switching from servers, thereby improving performance; high-capacity Layer 2/Layer 3
scalability for highly virtualised data centers; and intra-rack and cross-rack stacking with industry-leading flexibility.

Key features

Target Applications

52-port, 48-port or 28-port Gigabit Ethernet


(GbE) connectivity in a 1RU form factor
Optional two-port 10 GbE to provide 20 Gbps
uplinks
Voice-grade SummitStack 40 Gbps and
SummitStack-V80 - 80 Gbps high-speed
stacking plus SummitStack-V low-cost, longer
distance stacking
Flexible IEEE 802.3at Power over Ethernet Plus
(PoE-plus 30w) to meet the growing demand
of converged network applications
Advanced Layer 2/Layer 3 switching and MPLS/
H-VPLS support
Direct Attach and VEPA support for high
performance data centre applications
Top-of-rack switch for data centres with
optional high-speed 80 Gbps cross-rack
stacking at up to 100 meters

Advanced campus networks or core switch


for small networks
Aggregation switch in a traditional threetiered network
Top-of-rack switch for data centers with
optional high-speed 80 Gbps cross-rack
stacking at up to 100 meters
Interconnect switch providing low latency
connections for High Performance Cluster
Computing (HPCC)
DSLAM aggregation, active Ethernet access
or access aggregation device in a Carrier
Ethernet network
Access or access aggregation switch in a
business E-Line or E-LAN over VPLS network

Enterprise Stackable Switch Solutions

High-Performance and Scalable


Switching and Routing
Summit X460 offers sophisticated intelligent switching
and routing with exceptional port density, scalability and
virtualisation support plus high-performance stacking
technology powered by the ExtremeXOS modular OS.
Summit X460 helps enhance the data center, Carrier
Ethernet and enterprise campus edge and aggregation
network.

High-Performance Switching & Routing


Summit X460 is available in six different port
configuration options: 28-port Gigabit Ethernet (Summit
X460-24t/24p/24x), 48-port fiber Gigabit Ethernet
(Summit X460-48x), or 52-port Gigabit Ethernet (Summit
X460-48t/48p). All ports run at non-blocking, wire-speed
performance and can carry wire-rate traffic to the option
slots, which allow flexible configuration. Option slot A
supports a two-port 10 GbE module (XGM3-2sf). For
SummitStack stacking ports, a two-port SummitStack
module or two-port SummitStack-V80 module can be
installed in option slot B (See Figure 1: Port configuration
options for Summit X460 switches).

Flexible Port Configuration


Summit X460 offers flexible port configurations. For
Summit X460-24t/24p, with four dedicated Gigabit
Ethernet fiber ports and four shared Gigabit Ethernet
fiber ports, the switch can have up to 8 fiber GbE ports,
while still providing 20 Gigabit Ethernet copper ports
(PoE-plus or non-PoE). If higher density copper ports
are required, the switch can provide up to 24 Gigabit
Ethernet copper ports while providing 4 Gigabit Ethernet
fiber ports. Through the two option slots, Summit X460
switches can be equipped with an additional two 10
Gigabit Ethernet and/or SummitStack stacking ports.
For stacking, depending upon the needs for bandwidth
across the units in a stack, Summit X460 supports 40
Gbps SummitStack or 80 Gbps SummitStack-V80
stacking option modules (see Figure 2: Summit X460-24t
flexible port configuration).

SummitStack and SummitStack-V80


High-Performance Stacking

SummitStack-V80 also breaks the distance limitation


for stacking technology by using QSFP+ technology.
SummitStack-V80 can support passive copper cable (up
to 5m), active multi-mode fiber cable (up to 100m), and
QSFP+ optical transceivers which will be the standard
technology for 40 GbE. With SummitStack-V80, the
Summit X460 provides a flexible stacking solution inside
the data center or central office to create a virtualised
switching infrastructure across rows of racks. (See Figure
3: SummitStack-V80 across Rows of Racks and Figure 4:
40 GbE Cabling for SummitStack-V80)

SummitStack-V Flexible Stacking Over


10 Gigabit Ethernet
ExtremeXOS supports the new SummitStack-V capability
to utilise 10 GbE ports as stacking ports, enabling
the use of standard cabling and optics technologies
used for 10 GbE such as XFP, SFP+, 10GBASE-T and
XENPAK.
SummitStack-V provides long-distance
stacking connectivity of up to 40 km while reducing the
cable complexity of implementing a stacking solution.
SummitStack-V is compatible with Summit X450e,
X450a, X460, X480 and X650 switches running the
same version of ExtremeXOS (version 12.5 or greater)..
SummitStack-V enabled 10 GbE ports must be physically
direct-connected.

Intelligent Switching and MPLS/H-VPLS


Support
Summit X460 supports sophisticated and intelligent
Layer 2 switching, as well as Layer 3 IPv4/IPv6 routing
including policy-based switching/routing, Provider
Bridges, bidirectional ingress and egress Access Control
Lists, and bandwidth control by 8 Kbps granularity both
for ingress and egress. To provide scalable network
architectures used mainly for Carrier Ethernet network
deployment, Summit X460 supports MPLS LSP-based
Layer 3 forwarding and Hierarchical VPLS (H-VPLS) for
transparent LAN services. With H-VPLS, transparent
Layer 3 networks can be extended throughout the
Layer 3 network cloud by using a VPLS tunnel between
the regional transparent LAN services typically built by
Provider Bridges (IEEE 802.1ad) technology (See Figure 5:
Summit X460 in a Carrier Ethernet application).

Summit
X460
supports
SummitStack,
which
provides 40 Gbps (SummitStack module) or 80 Gbps
(SummitStack-V80 module) of stacking bandwidth.
The SummitStack module offers high-speed 40 Gbps
stacking performance, and provides compatibility with
the Summit X250e, X450a/e, X480 and X650 stackable
switches running the same version of ExtremeXOS.
Alternatively, you may choose high-speed 80 Gbps
stacking, which is ideal for demanding applications
where a high volume of traffic traverses through the
stacking links, yet bandwidth is not compromised
through stacking.

Enterprise Stackable Switch Solutions

Summit X460 VIM & Summit X480 VIM2 Module Guide


Summit X460 VIM Module Guide
10 Gigabit
Ethernet Module

Removable Fan
(Hot-Swappable with Summit X460)

VIM-XGM3-2SF

VIM-SummitStack Module

This 2-port 10 Gigabit


Ethernet module for the
Summit X460 provides two
SFP+ ports. These two SFP+
ports can support both
10 Gigabit Ethernet SFP+
transceivers and Gigabit
Ethernet transceivers.

This SummitStack module for the


Summit X460 has two SummitStack
stacking ports, and provides a 40
Gigabit stacking solution. This stacking
module offers compatibility with other
Extreme Networks stackable switches,
which are Summit X250e, Summit
X450e, Summit X480 with VIM2SummitStack, and Summit X650 with
VIM1-SummitStack or VIM1-10G8X.

Redundant HotSwappable
AC/DC PSU

VIM-SummitStack-V80
Module
The
SummitStack-V80
module
for the Summit X460 has two
SummitStack-V80 stacking ports,
and provides an 80 Gigabit stacking
solution. SummitStack-V80 offers a
variety of stacking cable solutions:
QSFP+ passive copper cable for short
distance, and QSFP+ active fiber cable
for long distance up to 100 meters.

Summit X480 VIM2 Module Guide


Removable Fan
(Hot-Swappable with Summit X480)
Redundant HotSwappable
AC/DC PSU

VIM2 Slot

4-port 10G XFP

SummitStack128G

Enterprise Stackable Switch Solutions

SummitStack 40G

Summit X480 Series

The Summit X480 series switch is a versatile, highend Ethernet switch for data center, enterprise
aggregation, and Carrier Ethernet deployments.
Summit X480 helps optimise application
performance for a variety of network deployments
with its rich features and high scalability.
Summit X480 provides high density for Gigabit Ethernet
in a very small 1RU form factor for up to 48 ports in
one system and 384 ports in a stacked system using
backward compatible SummitStack or high-speed
SummitStack128 running at 128 gigabit per second.
Summit X480 also offers ten Gigabit Ethernet connectivity
for up to six ports in one system and 16 ports in a stacked
system with the industry standard XFP interface.

Target Applications
Top-of-rack switch for servers in
enterprise data centers
High-performance core switch for a
small network
High-performance gigabit
aggregation switch in a traditional
three - tiered network
Carrier Ethernet network switch that
can aggregate connectivity for first
mile access concentrators such as
DSLAM and CMTS

For emerging demands from data, storage, voice, and


data convergence, Summit X480 provides highly scalable
Layer 2/3 switching and MPLS/H-VPLS by supporting up
to 512k Layer 2 MAC addresses or 512k IPv4 Longest
Prefix Match routing tables. Summit X480 enables data
center, enterprise and Carrier Ethernet aggregation and
core backbone deployment in AC-powered and DCpowered environments.
Summit X480 simplifies network operation with
ExtremeXOS modular OS, available across Extreme
Networks Ethernet switches. The ExtremeXOS operating
system provides high availability and simplicity with one
OS everywhere in the network.

Enterprise Stackable Switch Solutions

High-Performance Switching & Routing

High Scalability in 1RU Compact Switch

48-port Gigabit Ethernet or 24-port gigabit and


2-port
10 Gigabit Ethernet connectivity in 1RU form factor
Optional 4-port 10 Gigabit Ethernet to provide
40 Gbps uplinks
Optional 40 Gbps stacking for up to eight switches
in a stack to provide up to 384 Gigabit Ethernet in
one logically integrated unit
Optional 128 Gbps stacking for up to eight switches
in a stack to provide high-speed stacking
Supports Layer 2 and Layer 3 switching, as well as
MPLS/VPLS

Stacking capability of up to 8 switches.


ExtremeXOS operating system for robust resilient
network maximising network uptime.
Advanced trafc management and security
framework for carrier grade Ethernet networks.
Up to 512k MAC address support for highly scalable
Layer 2 networks
Up to 512k IPv4 routes for highly scalable Layer 3
networks
Up to 60k Access Control Lists (ACLs) for highly
secure networks

High Availability
Carrier-grade redundant networking protocol
including Ethernet Automatic Protection Switching
(EAPS), internal redundant AC/DC power supply and
eld replaceable/hot swappable fan tray
ExtremeXOS modular OS for a highly available
network operation

VIM
Options

None
(default option)

VIM210G4X

VIM2SummitStack

VIM2SummitStack128

Summit X48024x

24 x 100/1000BASE-X
(SFP)
12 x 10/100/1000BASE-T
(shared with the last 12
SFP ports)
2 x 10GBASE-X (XFP)

24 x 100/1000BASE-X
(SFP)
12 x 10/100/1000BASE-T
(shared with the last 12
SFP ports)
6 x 10GBASE-X (XFP)

24 x 100/1000BASE-X
(SFP)
12 x 10/100/1000BASE-T
(shared with the last 12
SFP ports)
2 x SummitStack

24 x 100/1000BASE-X
(SFP)
12 x 10/100/1000BASE-T
(shared with the last 12
SFP ports)
2 x SummitStack128

Summit X48048t

48 x 10/100/1000BASE-T
4 x 100/1000BASE-X
SFP (shared with the last
4 10/100/1000BASE-T
ports)

48 x 10/100/1000BASE-T
4 x 100/1000BASE-X
SFP (shared with the last
4 10/100/1000BASE-T
ports)
4 x 10GBASE-X (XFP)

48 x 10/100/1000BASE-T
4 x 100/1000BASE-X
SFP (shared with the last
4 10/100/1000BASE-T
ports)
2 x SummitStack

48 x 10/100/1000BASE-T
4 x 100/1000BASE-X
SFP (shared with the last
4 10/100/1000BASE-T
ports)
2 x SummitStack128

Summit X48048x

48 x 100/1000BASE-X SFP

48 x 100/1000BASE-X SFP
4 x 10GBASE-X (XFP)

48 x 100/1000BASE-X SFP
2 x SummitStack

48 x 100/1000BASE-X SFP
2 x SummitStack128

Enterprise Stackable Switch Solutions

Summit X650 Series

The Summit X650 series switch is a purpose-built Top of Rack switch designed for emerging 10 Gigabit
Ethernet-enabled
servers, deployed
in enterprise data ultimate
centers. Summit
X650
Summit
X650 SeriesThe
Top
of optimise
Rack new server
deployments while providing a seamless migration path from existing Gigabit Ethernet-based servers to
10 Gigabit Ethernet
switch.
10 Gigabit Ethernet-based high-performance
servers to start
the transition to a new virtualised
environment.
Summit X650 provides remarkable high-density for 10 Gigabit Ethernet in a very small 1RU form factor for up to 32
ports in one system and 192 ports in a stacked system. Summit X650 offers two of the most advanced 10 Gigabit
Ethernet technologies, 10GBASE-T and SFP+, to accommodate the needs for both copper twisted pair cable and
optical fiber-based 10 Gigabit Ethernet.

High-Performance Switching and Routing

24-port 10 Gigabit Ethernet non-blocking switching with 363


million packet per second forwarding rate in 1 Rack Unit (RU)
Summit X650
simplifies network operation with an ExtremeXOS modular operating system amongst all Extreme
form factor
The versatile Summit X650 switch provides exceptional high-density Layer 2/3 switching. With ultra low latency and
highly scalable IPv4 and IPv6 unicast and multicast routing, enterprise aggregation and core backbone deployment can
be enabled in AC-powered and DC-powered environments.
Networks Ethernet switches. The ExtremeXOS operating system provides high availability and simplicity with one
operating system everywhere in the network.

256 Gbps ultra high-speed stacking for up to eight units in a


stack to provide up to 192 10 Gigabit Ethernet ports in one
Target Applications
logically integrated unit

Top of Rack switch for servers in enterprise data centers


High-performance 10 gigabit core switch for a small network
High-performance 10 gigabit aggregation switch in a traditional three-tiered network
Interconnect switch providing low latency connections for High Performance Cluster Computing (HPCC)

Versatile Architecture

From high-performance server switching to enterprise

High-Performance
High Availability
network aggregation and core deployment
Switching
and Routing
ExtremeXOS modular operating
24-port 10 Gigabit Ethernet non-blocking switching
with 363 million packet per second forwarding rate in
1 Rack Unit (RU) form factor
256 Gbps ultra high-speed stacking for up to eight
units in a stack to provide up to 192 10 Gigabit
Ethernet ports in one logically integrated unit

system for highly


available network operation

Carrier-grade redundant networking protocol


including Ethernet Automatic Protection Switching
(EAPS)
Internal redundant AC/DC power supply and field
replaceable fan tray

One network operating system for Extreme Networks


Ethernet switches everywhere in the network

10 Gigabit Ethernet over UTP cable and optical fiber with

Future-Proof
VersatileSFP+ transceivers for single-mode and multimode fiber
Architecture

installation

From high-performance server switching to enterprise


network aggregation and core deployment
One network operating system for Extreme Networks
Ethernet switches everywhere in the network
10 Gigabit Ethernet over UTP cable and optical fiber
with SFP+ transceivers for single-mode and multimode
fiber installation

High Availability

48-port 10 Gigabit Ethernet non-blocking switching


with 512 Gbps SummitStack512 technology
Future support for 40 Gigabit Ethernet and 100
Gigabit Ethernet through Versatile Interface Module
(VIM) slot

ExtremeXOS modular operating system for highly available


network operation
Enterprise Stackable Switch Solutions

High Performance Switching & Routing


24-port 10 Gigabit Ethernet non-blocking switching
at 363 million packets per second forwarding rate in
1RU form factor
48-port 10 Gigabit Ethernet non-blocking switching
at 714 million packets per second with optional 512
Gbps stacking module
256 Gbps ultra high-speed stacking for up to eight
units in a stack to provide up to 192 10 Gigabit
Ethernet ports in one logically integrated unit
32-port 10 Gigabit Ethernet per 1RU height with
optional eight-port 10 Gigabit Ethernet SFP+ interface
module
Low latency switching for HPCC

Flexible
SummitStack
virtualised
switching
gigabit,
gigabit
and

architecture
provides
system
for
10
Fast
Ethernet
ports

High Availability
ExtremeXOS modular operating system for highlyavailable network operation
Carrier-grade redundant networking protocol
including EAPS
Hot-swappable redundant AC/DC power supply and
field-replaceable fan tray with front to back cooling

Versatile Architecture
From high-performance server switching to enterprise
network aggregation and core deployment by
supporting highly-scalable Layer 2 and IPv4/v6 unicast
and multicast routing
One network operating system for the Extreme
Networks Ethernet switches everywhere in the
network
10GBASE-T for up to 100 meters over UTP, and SFP+
for fiber and direct attach passive copper installation

Star Topology
BlackDiamonds

4 x 10G

Summit X650

Summit X650

Summit X650

1RU Servers

Enterprise Stackable Switch Solutions

Summit X650

Top of Rack Architecture


Summit
X650

Summit
X650

Server
Rack

Server
Rack

Summit
X650

Server
Rack

Core
BlackDiamond

Enterprise Stackable Switch Solutions

Summit X650 VIM1 Module Guide


VIM1-SummitStack
Default option for Summit X650 switches. VIM1SummitStack provides two SummitStack ports and
four Gigabit Ethernet SFP ports. SummitStack ports
are shared with the last two 10 Gigabit Ethernet
ports in the front panel.

VIM1-10G8X
Option module for high-speed backbone
connectivity. VIM1-10G8X provides eight ports of 10
Gigabit Ethernet SFP+ and SummitStack ports. With
this option, SummitStack ports are dedicated and
not shared with any other port in the switch.

VIM1-SummitStack256
Option module for high-speed stacking. VIM1SummitStack256 provides SummitStack256 ports.
SummitStack256 provides up to 256 Gbps of
stacking bandwidth for up to eight Summit X650
switches in a stack.

VIM1-SummitStack512
Option module for high-speed stacking. VIM1SummitStack512 provides SummitStack512 ports.
SummitStack512 provides up to 512 Gbps of
stacking bandwidth for up to two Summit X650
switches in a stack and supports 48-port 10 Gigabit
Ethernet non-blocking switching.

Enterprise Stackable Switch Solutions

EPS-160 and EPS-T

EPS-160 is the redundant AC Power Supply for lower power consuming AC PSU-based Summit switches. The EPS-T
power tray is required to rack-mount this external power supply. EPS-T power tray can take up to two EPS-160 power
modules, and each EPS-160 works individually. EPS-160 comes with a DC output cable to connect between the
Summit switch and EPS-160.

EPS-500

EPS-500EPS-500 is the redundant AC Power Supply for higher power consuming AC PSU based switches including
Power-over-Ethernet enabled switches. EPS-500 is 1RU height and works as a standalone. EPS-500 can be rack
mounted in a regular 19 inch rack system. EPS-500 comes with a DC output cable to connect between the Summit
switch and EPS-500.

EPS-600LS and EPS-C


EPS-600LS is a power module that works
with the EPS-C External Power System
Chassis. EPS-C has three slots for EPS600LS and one DC output to connect
to high-density PoE Summit switches.
Depending upon the number of EPS600LS installed in EPS-C, it can provide:
1) Redundant configuration for up to 370
watts of PoE power with one EPS-600LS
installed; 2) Non-Redundant configuration
for up to 740 watts of PoE power with
two EPS-600LS installed; and 3) Redundant
configuration for up to 740 watts of PoE power with three EPS-600LS installed. EPS-C comes with a DC output cable
to connect between the Summit switch and EPS-C with EPS-600LS installed.
Summit Switch Redundant Power Compatibility Matrix
X150
24T/48T
EPS-T (10906)+
EPS160 Modules
(10907) - Max 2x
EPS 500 (10911)
EPS-C (10912) + EPSLS Modules (10913)
- Max 3x Modules

X150
24P

X250
24T/48T/
24X

X250
24P

X250
48P

X350
24T/48T

X450
24/48T/
24X

X450
24P

X450
48P

Enterprise Stackable Switch Solutions

Wireless Solutions

Wireless Solutions

One of the key characteristics of a converged network is the ability to provide business grade mobility
to users. That means securely extending access to company resources such as customer information or
VoIP from different locations within the company network.

Why wireless networking from Extreme Networks?


Summit WM3000 series WLAN controllers enable
enterprise customers to deploy a highly secure, robust
and scalable wireless LAN solution.
Easy to deploy and manage, the Summit WM3000
series controllers provide a converged platform to deliver
multimedia applications (data, voice, and video), wireless
networking, and value-added mobility services such as
secure guest access and location service for multi-RF
networks.

The Summit WM3000 series controllers offer rich,


enterprise-class functionality that includes seamless
roaming across Layer 2/Layer 3 deployments, resilient
failover capabilities, comprehensive security, toll-quality
voice and other value-added services, such as location.
The controller helps protect the wired and wireless
network against attacks and unauthorised access at Layer
2 and Layer 3 with Stateful Inspection; ability to create
identity and location-based policies provides granular
control of network access.

Key Benefits at a Glance


Resilience and Redundancy: With multi-controller clustering, the Summit WM3000 series controllers
support multiple levels of redundancy and failover capabilities to ensure highly available networks.
Cost Effective: Multi Platform licence sharing enables deployment of wireless networks at a cost effective
price point.
Toll Quality IP Telephony: Quality of Service (QoS) ensures superior performance for voice and video
services. WMM Admission Control, including TSPEC and SIP Call Admission Control, ensure dedicated
bandwidth for voice calls as well as better control.
Security: Range of privacy options include: Open, WEP, WPA-PSK, WPA2 with hardware-accelerated AES
encryption, with policy-based access control and VPN capabilities.
Fixed Mobile Convergence: Layer 3 hyper-fast secure roaming combines with readiness for external
fixed mobile convergence (FMC) solutions, enabling seamless voice services with true mobility across the
enterprise.

Wireless Solutions

Summit WM 3000 Series


Altitude Access Point Selection Guide
Altitude 3510 Indoor 802.11a/b/g

Altitude 3550 Outdoor


802.11a/b/g

Altitude 4610/4620 Indoor


802.11a/b/g/n

Antenna
Setup

External antennas, included

Require external antennas based


on application

Altitude 4610: Internal Antennas


Altitude 4620: External Antennas

Radios

Dual concurrent 802.11a/; 802.11b/g/


Dual band

Dual
concurrent
802.11b/g/Dual band

Dual concurrent 802.11a/n; 802.11b/g/n/


Dual band

Ports

1x 10/100/BASE-T Data/PoE

1x 10/100BASE-T Data/PoE

1x 10/100/1000BaseT Data/PoE

Number of
SSIDs

16 per radio

16 per radio

16 per radio

802.11a;

Summit WM3000 Series Wireless LAN Controllers


Summit WM3000 series WLAN controllers enable enterprise customers to deploy a highly secure, robust
and scalable wireless LAN solution. Easy to deploy and manage, the Summit WM3000 series controllers
provide a converged platform to deliver multimedia applications (data, voice, and video), wireless
networking, and value-added mobility services such as secure guest access and location service for
multi-RF networks.
The Summit WM3000 series controllers offer rich, enterprise-class functionality that includes seamless roaming across
Layer 2 / Layer 3 deployments, resilient failover capabilities, comprehensive security and toll-quality voice.

WM 3700
Summit WM3700 is designed for large campus and multi-site deployments to manage up to 1,024
access points. Summit WM3400 is ideal for small site and remote office deployments. With built-in
PoE+ ports it is an all-in-one branch office solution.

WM 3600
Summit WM3600 is suitable for mid to large-size enterprises to manage up to 256 Access Points (APs).
It is equipped with PoE+ ports for directly attaching some access points. It can also support 3G back haul
for site survivability.

WM 3400
Summit WM3400 is a versatile small site controller ideal for SME deployment and for branch offices of large
Enterprises. It is shipped with a six AP license for Adaptive AP and Thin AP deployment.

Wireless Solutions

Altitude Access Points


Altitude 3500 series access points are designed for enterprise-grade wireless LAN service. The Altitude
3510 and 3550 have dual concurrent radios that supports simultaneous operation of 802.11a and
802.11g/b wireless networks. Used with the Summit WM3000 series controllers for management and
control, they are ideal for large-scale wireless deployments.
The access points enable high-performance voice services. They can also be deployed in remote
sites across a WAN link with remote site survivability. With built-in wireless encryption capability and
wireless QoS priority mechanisms, it enables the deployment of enterprise-class wireless service in
conjunction with Summit WM3000 series controllers and Extreme Networks Wireless Management Suite.

Altitude 3510 Access Points


Altitude 3510 is Plenum rated for indoor use. It comes with four external
antennas for wall or ceiling mount. It can be powered from a standard
802.3af PoE switch or from an optional 48VDC power supply.

Altitude 3550 Access Points


Altitude 3550 delivers enterprise-class wireless networking in harsh
environments. In addition to a NEMA 4X-modified housing, severeweather features include integrated lightning arrestors, surge protectors,
extreme temperature range operation and an array of antenna
accessories. Using its mesh capability, the dual-radio Altitude 3550 can
connect to other access points for data back haul on one radio, while
providing wireless service on another radio. This enables extension of
the wireless capabilities from simple point-to-point bridges connecting to
wired networks to complex multi-node, multi-link networks.

Altitude 4610/4620 Access Points


Altitude 4600 series Access Points (APs) offers high-performance wireless
service using 802.11n technology. Customers will experience much
more resilient wireless coverage along with higher bandwidth wireless
access per user. Enterprises can deploy mission critical applications across
wireless, enabling greater mobility and productivity of the workforce.
Altitude 4600 series APs include concurrent dual radios. Altitude 4610
comes with internal integrated antennas. Altitude 4620 comes with
detachable external antennas.

Wireless Solutions

Altitude 3510 & 3500 Series Access Points

Altitude 3510 and 3550 multiservice dual-radio access points


help enable the deployment of resilient, secure and cost effective
enterprise wireless LAN services indoors and outdoors.
Comprehensive Security Features
Wireless security with advanced IEEE 802.11i
standards-based
WPA2 mechanisms
IPSec VPN client Secure connectivity to
corporate network
Wired 802.1X authentication
Rogue AP detection with dual-band WIPS sensor
mode
Tamper-proof housing

Campus-Wide Mobility
Fast, secure roaming
Outdoor deployment in harsh environments
Mesh and bridging capabilities to extend
wireless coverage
16 SSIDs per radio to enable multiple virtual
wireless networks

Enterprise-Grade Wireless Services


Wi-Fi Multimedia (WMM) QoS for voice
prioritisation
WMM Power Save mode to extend client battery
life
Remote site survivability maintains service during
infrastructure outage

Altitude 3500 series are dual-radio access points


that support simultaneous operation of 802.11a and
802.11b/g wireless networks. Each radio is dual band
which can be configured for 802.11a or 802.11 b/g
operation. Altitude 3500 series Access Points (APs),
in conjunction with Summit WM3000 series WLAN
controllers enable enterprise-grade wireless service
with enhanced mobility and security. This easy-todeploy
solution offers the flexibility to connect securely to
remote corporate private networks, the Internet and
local network resources with high speed and reliability.
The all-in-one Altitude 3500 APs offer a new level of
costefficiency and networking simplicity for employees in
branch offices or telecommuters working at home.
Altitude 3510 AP is for indoor deployment. It comes
with four (4) external omni-directional detachable
antennas. It is suitable for wall, ceiling or out-of-sight
plenum installation. Altitude 3550 AP is specifically
designed for outdoor use, and offers enterprise-class
wireless service in harsh environments. In addition to a
NEMA 4X-weatherised housing, severe-weather features
include integrated lightning arrestors, surge protectors,
extreme temperature range operation. Customers can
select from an array of external antennas that fit the
need for a wireless application.

Target Applications
Campus-wide multiservice wireless LAN
Remote site wireless service with survivability
Secure wired and wireless connectivity with
guest access

Wireless Solutions

Comprehensive Security

Campus-Wide Mobility

Altitude 3500 series APs offer a high level of security


features for wired and wireless connectivity. The access
point supports standards-based, over-the-air encryption
schemes to protect the integrity of user data. The AP
participates in wireless client authentication using
802.11i standards-based WPA or WPA2 mechanisms.
The AP also participates in its own authentication with
the wired switch port using 802.1X.

Altitude 3550 AP is designed for outdoor deployment in


harsh environments, enabling seamless roaming across a
campus environment. It comes standard with integrated
lightning arrestors and surge protection. The optional
heavy weather mounting kit is designed to protect the
AP from windblown debris while the surge-protected
outdoor power supply can be powered from the light
pole power.

Altitude 3500 series operates as an IPSec VPN client to


enable secure connection between the AP and the Summit
WM3000 series controller across the wired network. This
offers an added level of security. The AP is out of the
box PCI compliant. Along with Summit WM3000 series
of controllers, the AP participates in Wireless Intrusion
Detection. The AP radio operates as a monitor and
detects rogue AP threats that are communicated to the
controller for display and mitigation.

Using its mesh capability, the dual-radio Altitude 3500


series APs can connect to other access points for data
backhaul while providing network access to local users.
Enabling an array of applications, from simple point-topoint bridges connecting two wired networks to complex
multi-node, multi-link networks, this feature offers a
simple way to extend the network to outdoor or remote
locations. Altitude 3500 AP supports up to 16 SSIDs per
radio. This enables a customer to deploy highly granular
virtual AP services that can be mapped to VLANs in the
enterprise wired network.

A customer can deploy a single Altitude 3500 AP as both a


traditional infrastructure access point and a WIPS sensor.
Sensor conversion on the AP provides infrastructure
support on one radio while scanning on the other radio
and using the frames received by the sensor to provide
WIPS algorithms. The WIPS sensor on one radio and AP
service on another radio can run simultaneously.
The dedicated sensor in conjunction with AirDefense
WIPS solution enables 24x7 compliance monitoring,
rogue detection and mitigation, and troubleshooting.
Dedicating a radio for AirDefense sensor functionality
gives the highest level of security as compared to
other IPS solutions that share the same radio for WLAN
coverage and IPS on a time sliced basis. The integrated
AirDefense sensor also eliminates the need for dedicated
sensor hardware and associated cabling thereby reducing
the overall deployment cost.
With a tamper-proof design, the AP can be securely
deployed in remote locations. If the AP is stolen, it
does not compromise data integrity since the sensitive
configuration data is lost on power interruption.

Wireless Solutions

Enterprise-Grade Wireless Services


Altitude 3500 series AP supports over-the-air QoS protocol
based on 802.11e/ WMM specifications. The series
also supports standards-based (802.11e) Unscheduled
Automatic Power Save Delivery (UAPSD) / WMM Power
Save that extends the battery life of handheld client
devices like VoWLAN handsets. It enables fast roaming
using several mechanisms including pre-authentication
and WPA2 based PMK caching.
In addition, the Altitude 3500 AP supports deployments
at remote branch offices. This enables customers to
deploy access points at remote sites and centrally manage
them from Summit WM3000 controllers located at the
headquarters site. The remote site survivability feature
allows the AP to continue uninterrupted wireless service
even when the connection to the WLAN controller is
lost.

Altitude
4600 Series
Access
Points
Altitude
4600
Series

Ac

The Altitude 4600 series


versatility can support a wide
Altitude 4610 and 4620
variety of wireless
needs including video Access Points (APs) w
streaming,
provides the flexibility
high speed data,
location and
voice services. sensor to scan all the c

bands are unlocked on


managed by the Summ
Altitude 4610/4620 del
Altitude
4610and
and
4620
high-performance,
dual-radio
Altitude 4610
4620
areare
high-performance,
dual-radio
access points that enable secure and costand reliability.
effective deployment and operation of 802.11n based Enterprise wireless LANs.

access points that enable secure and cost-effective deployment


and operation of 802.11n based Enterprise wireless LANs.
Altitude 4610 and
Superior Wireless Performance

The Altitude 4610/4620


4620 are concurrent
dual-radio
Access Points (APs) with unlocked mounting options with
bands. This provides
Up to six-fold increase in wireless performance
the flexibility to assign one of the radios as a sensor
wall or ceiling mount. A
Gigabit Ethernet connectivity to the wired
to scan all the channels on both bands.
The bands are
network
unlocked on each radio. The APs are
managed by the
integrated omni-directi
Up to six-fold increase in wireless performance
Greater and more reliable coverage
Summit WM3000 series contollers. Altitude 4610/4620
comes with six (6) deta
delivers full 802.11n performance and
reliability.

Superior Wireless Performance


Gigabit Ethernet connectivity to the wired network


Easy Deployment and Operation
Greater and more reliable coverage
Flexible mounting options with built-in ceiling
and wall mounting brackets
Fully compliant with existing 802.3af Power over
Ethernet (PoE) infrastructure
Centralised management and upgrades

antennas. Altitude 462

The Altitude 4610/4620 series APs provide flexible


be installed out-of-sigh
mounting options with built-in mounting
bracket for wall
or ceiling mount. Altitude 4610 comes with integrated
omni-directional antennas. Altitude 4620 comes with six
Altitude 4610/4620 AP
(6) detachable omni-directional antennas.
Altitude 4620
is plenum rated and thus can be installed
out-of-sight
and high-performance
above the ceiling.

Easy Deployment and Operation

Flexible mounting options with built-in ceiling and wall


for demanding enterpr
Altitude 4610/4620 APs deliver an easy-to-use, secure
mounting brackets
simultaneously suppor
and high-performance wireless solution
that is ideal
for demanding enterprises. Withneedsincluding video
the versatility to
Enterprise-Grade Wireless Services
Fully compliant with existing 802.3af Power over Ethernet
simultaneously support a wide variety of wireless needs location and voice serv
Supports WMM/UAPSD and Call Admission
including video streaming, high speed
data, location and
(PoE) infrastructure
Control
voice services. Altitude 4610/4620 dramatically
simplifies
dramatically simplifies
Location services
the installation and operation of enterprise wireless
Centralized management and upgrades
of enterprise wireless n
Fast secure mobility
networks.
Smart RF offers superior reliability for wireless
coverage

Enterprise-Grade Wireless Services


Comprehensive Security
Supports WMM/UAPSD and Call Admission Control
IEEE 802.11i compliant security suite
Location services

Multi-band sensor mode for rogue device

detection
Fast secure mobility

Tamper-proof housing

Smart RF offers superior reliability for wireless coverage

Comprehensive Security
IEEE 802.11i compliant security suite
Multi-band sensor mode for rogue device detection
Tamper-proof housing
Wireless Solutions

Superior Wireless Performance

Enterprise-Grade Wireless Services

Altitude 4600 series APs deliver a six-fold increase in


throughput over existing 802.11a/b/g legacy LANs.
The 2x3 MIMO with dual spatial streams, along with
Orthogonal Frequency-Division Multiplexing (OFDM)
modulation, enables the AP to deliver full 802.11n
performance. An Altitude 4600 AP and an 802.11n
client can bond two adjacent 20 MHz channels to create
a single 40 MHz wide channel. This potentially doubles
the throughput from a standard 20 MHz channel. Gigabit
Ethernet connectivity to the wired network enables full
speed access to the wired network.

The Altitude 4600 series APs support over-the-air


QoS protocol based on 802.11e/WMM specifications.
The APs also support standards-based (802.11e)
Unscheduled Automatic Power Save Delivery (UAPSD /
WMM Power Save) that extends the battery life of handheld client devices like VoWLAN handsets. It enables fast
secure roaming using several mechanisms including preauthentication, opportunistic key caching, and WPA2
based PMK caching.

The powerful 24 dBm radio increases coverage,


performance and obstruction penetration versus lower
dBm radios. In addition, receiver sensitivity has been
increased proportionally so users have an increased ability
to maintain highperformance access through thick doors
and walls to users even while on-the-move. The Altitude
4600 series APs 2 x 3 MIMO design ensures premium
transmit and receive communications.

Ease of Deployment and Operation


Altitude 4600 series APs offer a superior return on
investment when considering the total costs of upfront
capital expenditure, network upgrades, installation,
and operation. Flexible mounting options with builtin mounting brackets for wall or ceiling mount are
available. The APs conform to the 802.3af PoE standard
while delivering the full 802.11n performance. This
preserves the investment in existing PoE infrastructure
and eliminates the need to power each AP separately.
Altitude 4600 series APs require no configuration or
manual firmware maintenance. The Summit WM3000
series controller discovers the access points on the
network and automatically downloads all configuration
parameters and firmware, greatly reducing installation,
maintenance and troubleshooting costs for Layer 2 and
Layer 3 deployments.
Locationing services over 802.11 networks provide the
ability to locate and track people or assets, and even to
control access to the network or applications. In addition,
it is easy to provide hotspot and guest access and assure
the user can only access authorised networks, sites or
applications.

Wireless Solutions

The Altitude 4600 series APs provide low latency support


for the industry-leading VoWLAN devices. The APs
support over-the-air QoS protocols such as SpectraLink
Voice Priority (SVP) and 802.11e based WMM
specifications. Priorities can be set according to SSID,
allowing critical real-time voice traffic to be assigned to
a distinct high-priority queue. Interoperability with wired
network traffic prioritisation ensures end-to-end QoS as
the traffic traverses the network.
Common problems such as building attenuation,
electronic interference or sub-optimal access point
placement are minimised as the SMART RF feature
automatically optimises power and channel selection so
that each user gets always-on high-quality access and
mobility.

Comprehensive Security
Altitude 4600 series APs offer a high level of security
features for wired and wireless connectivity. The APs
supports standards- based, over-the-air encryption
schemes to protect the integrity of user data. The
APs participate in wireless client authentication using
802.11i standardsbased WPA or WPA2 mechanisms.
The APs also participate in its own authentication with
the wired switch port using 802.1X. They can support
several security profiles based on application. On-board
hardware accelerated encryption engine supports WEP,
TKIP and AES standards. Unique security profiles can be
configured on a per SSID basis.

Summit WM3000 Series WLAN Controllers

High-performance wireless LAN controller platforms


for advanced wireless services.
Enterprise-Class Mobility
High-speed, cross-subnet roaming
End-to-end Quality of Service (QoS)
Large-scale clustering with high availabilty

Comprehensive Security Features


Role-based firewall
IPSec VPN Gateway
Wireless intrusion detection and prevention

Value-Add Mobility Services


Real Time Location Services (RTLS)
Enhanced guest services

Enterprise-Class Mobility
Summit WM3000 controllers offer scalability in
capacity and performance, and help protect user
investment.

High-Speed, Cross-Subnet Roaming


Summit WM3000 series controllers support Layer 2/
Layer 3 inter-controller roaming. Inter-controller Layer
3 roaming allows clients to roam between controllers
which are not on the same LAN or IP subnet. This allows
controllers to be placed in different locations on the
network. Using standards-based 802.11i PMK caching
mechanisms, the roaming process is speeded up since
it allows a client to re-use previous PMK authentication
credentials and perform a four-way handshake. In
addition to reusing PMKs on previously visited APs,
Opportunistic Key Caching allows multiple APs to share
PMKs amongst themselves. This allows a client to roam to
an AP that it has not previously visited and reuse a PMK
from another AP to skip the 802.1x authentication.

End-to-End Quality of Service


QoS provides policy enforcement for mission-critical
applications and for users that have critical bandwidth
requirements when the controllers bandwidth is shared
by different users and applications. The Summit WM3000
controllers architecture offers end-to-end QoS from the
wireless client to the packet destination. QoS can be
configured for different classes of users through the
virtual APs or SSIDs. The wireless QoS solution maintains
the traffic priority from client to destination. Over-theair, latency-sensitive traffic is given priority transmit
access using either the SpectraLink Voice Protocol
(SVP) or 802.11e Wireless Multimedia (WMM) priority
management. Summit WM controllers map the wireless
QoS to wired Layer 2 (802.1p) and Layer 3 (DSCP) QoS
markings for upstream and downstream traffic.
The Summit WM controllers support Call Admission
Control (CAC) as per IEEE 802.11e based Traffic
Specifications (TSPEC). CAC is a traffic management
technique that regulates the number of calls for better
roaming. A client can request a new voice session with
specific traffic stream parameters including QoS. These
parameters are part of the TSPEC associated with a
session request. The Summit WM controller can accept
or reject the session request based on the availability
of network resources to enable the requested level of
service. It also prevents oversubscription of network
resources that can result in service degradation and poor
voice quality.
The Unscheduled Automatic Power Save Delivery (UAPSD)
feature, also known as WMM power save, defines an
unscheduled service period, which are contiguous
periods of time during which the controller is expected
to be awake. If the controller establishes a downlink flow
and specifies UAPSD power management, it requests
(and the AP delivers) buffered frames associated with
that flow during an unscheduled service period. The
controller initiates an unscheduled service period by
transmitting a trigger frame. A trigger frame is defined

Wireless Solutions

as a data frame (e.g. an uplink voice frame) associated


with an uplink flow with UAPSD enabled. After the AP
acknowledges the trigger frame, it transmits the frames in
its UAPSD power save buffer addressed to the triggering
controller. UAPSD is well suited to support bi-directional
frame exchanges between a Wi-Fi handset and its AP.

Large-Scale Clustering
with High Availability
A set of Summit WM3000 controllers can be clustered
to create a mobility domain and a redundancy group.
Within the cluster, controllers discover and establish
connections to controllers. The cluster has full mesh
connectivity. Up to 12 controllers can be configured as
members of a cluster to significantly reduce the chance
of a disruption in service to WLANs and associated clients
in the event of failure of a controller or intermediate
network failure.
In the event of a controller failure, an existing cluster
member assumes control. Therefore, the controllersupported network remains up and running even if
a controller fails or is removed for maintenance or a
software upgrade. Each redundancy group is capable
of supporting an Active/Active configuration responsible
for group load sharing. Members within the same
redundancy group can be deployed across different
subnets. APs can be load balanced across members of
the group. AP capacity licenses are aggregated across
the cluster. When a new member joins the cluster, the
new member can leverage the AP license(s) of existing
members.

Comprehensive Security
Comprehensive network security features help keep the
mission-critical wireless network and resources secure
and provide compliance for HIPAA and PCI. The Summit
WM3000 controllers provide a layered approach to
protect and secure data at every point in the network,
wired or wireless. The Summit WM3000 series controllers
offer a complete range of privacy options ranging from
unencrypted communication for guests, shared key for
phones and PDAs, to WPA and WPA2 for enterpriseclass applications. For high performance and scalability,
all over-theair encryption connections are terminated
at the AP with hardware acceleration. Each defined
SSID specifies how the wireless user or device should
authenticate, with options for browser-based login,
MAC address verification or 802.1x enterprise AAA
identity management. MAC address authentication can
be combined with other link security types for additional
protection.
The Summit WM3000 series controllers can be configured
to disallow traffic exchanged between the clients on
individual SSIDs. Once enabled on a SSID, the controller
will block at Layer 2 any communication attempts made
between all client MAC addresses associated to the
SSID.

Wireless Solutions

Firewalls
Firewalls protect networks from unauthorised traffic. The
Summit WM3000 controllers supported firewalls allow
authorised traffic while blocking unauthorised traffic.
They support Stateful Layer 2 and role-based firewalls.
Stateful Layer 2 Firewalls allow established sessions to
continue after a client roams. Role-based firewalls base
the security policy on user group location, encryption
strength, etc. It follows a user as it roams across different
APs and controllers.

IPSec VPN Gateways


IPSec VPN offers the security and encryption features
necessary to protect enterprise data, voice, and video
traffic as it traverses public or insecure networks. IPSec
VPN can be deployed to provide secure point-to-point
connectivity between sites as well as provide users remote
access into the network eliminating costly dial-up and
leased lines. Summit WM3000 controller supports IPSec
termination for site-to-site VPN and IPSec termination for
remote access VPN. The controller also supports IPSec
traversal of firewall filtering, IPSec traversal of NAT and
IPSec/L2TP (client to controller).

Wireless IDS/IPS
Unauthorised AP detection is directly integrated into
the Summit WM3000 series controllers when enabled
this allows the Summit WM3000 to monitor the RF
environment for unauthorised APs. Unauthorised APs
can be reported to the controller from managed radios
configured to perform scanning. The controller enables
an attached AP to scan the channels for such threats and
report them. The AP can scan for threats on its channel
or on all channels in that band. The controller analyses
the data and determines which APs are unauthorised
and creates an alert and a report. APs that have been
categorised as unapproved represent a potential threat
to the network. Unauthorised AP containment can be
used to provide temporary mitigation against active
unauthorised APs operating at a site by attempting to
disrupt communications with any associated clients
as well as attempting to prevent new clients from
associating with the AP.
The Summit WM3000 series controllers and Altitude
3500 series access points seamlessly integrate with
Motorola
AirDefense WIPS. One of the radios on the access point
can be converted into dedicated AirDefense sensors.
The AirDefense Enterprise server can detect and trust
APs managed by the Summit WM3000 controller. The
AirDefense Enterprise server can blacklist suspicious
clients by creating wireless filters on the controller.
Administrators can launch the AirDefense GUI from
within Extreme Networks Wireless Management Suite
(WMS). The AirDefense Enterprise server can forward
SNMP traps to WMS to provide centralised alarm
reporting and correlation.

Value Add Mobility Services


Real Time Location System
Real Time Location System (RTLS) is a wireless radio
frequency solution that continually monitors and reports
in real time the location of tracked resources. The
Extreme Networks RTLS solution leverages standardsbased 802.11a/b/g APs and the Low Level Reader
Protocol (LLRP) allowing the Summit WM3000 controller
to provide location services for standard 802.11 devices
and tags as well as RFID enabled devices and tags. By
eliminating the need to purchase overlay location
engines, the Extreme Networks WLAN system can provide
standard data, video and voice WLAN services to users
while simultaneously tracking Wi-Fi and RFID devices
providing faster deployments and lowering capital and
operating expenditure. An RTLS feature license for the
Summit WM3000 controller enables API for 3rd party
RTLS applications. In addition Extreme Networks provides
support for 3rd party RTLS solutions from industry leaders
AeroScout and Ekahau.

database on the Summit WM controller. The guest user


provisioning tool is designed for non-administrative users
such as front desk personnel and provides:
The ability to create guest user accounts
with user defined or random usernames and
password.
Ability to specify date and time when the
account is active and deactivated.
Ability to assign the user to a group which
determines WLAN, time of day, day of week
and bandwidth policies. The group can also be
utilised to assign a role to the users when the
role-based firewall is employed.
Ability to print a card which contains the
username, password and alloted time
information.

Enhanced Guest User Services


Guest authentication offers a simple way to provide
secure authenticated access on a WLAN for users and
devices using a standard web browser. Guest user
authentication allows enterprises to offer authenticated
access to the network by capturing and re-directing a
web browser session to a captive portal login page where
the user must enter valid credentials to be granted access
to the network.
This service can be utilised for multiple applications
including guest and visitor access or private user access
and can be found in enterprise, hospitality, healthcare, transportation and education environments.
Guest authentication is fast becoming a popular
means for authenticating users and devices as it
provides administrators with the means for performing
authentication without deploying 802.1X or distributing
shared keys. Visitors and guest users at a site would
be provided with a temporary username and password
from front desk personnel during the sign-in process
which would permit access to the network for the
duration of their visit. Once the alloted time for the guest
account expires, the user would be denied access to the
network.
Another common application for the guest access feature
is to provide authenticated access to private networks
for unmanaged devices. In certain vertical markets, such
as education, administrators need to provide access to
unmanaged devices that are owned and maintained
by end users like students and faculty. In environments
such as education, the make, model and OS of the enduser devices varies making 802.1X very challenging to
deploy, manage and maintain. Web-based guest user
authentication provides an elegant way to solve these
administrative challenges.
The web-based guest user administrator tool provides
the ability to create guest user accounts on the local

Wireless Solutions

Wireless Management Suite

Extreme Networks Wireless Management Suite is a scalable, full life cycle


management toolset for Summit WM3000 series wireless LANs.
Deployment Simplicity

Import site planning data


Network discovery
Visual validation of wireless deployment
Configuration management

Management Simplicity

Dashboard view of network health


Alarm and event correlation
RF visualisation with heat maps
Advanced RF diagnostics
Predefined and customised reporting

Comprehensive Security Features


WIPS interface
Role-based user administration
SNMPv3, SSH-2 and HTTPS protocol support

Service Extensibility
Manage 3rd party devices

WMS version 3.3 simplifies the deployment and maintenance of scalable multi-controller, multi-site
enterprise wireless LANs. A single WMS platform can manage a network of up to 8,000 access points.

Deployment Simplicity
It is a challenge to deploy a wireless network correctly the first time. Sometimes customers have to go through the
pain and expense of redeployments to achieve the desired coverage and capacity. With WMS, customers have a rich
toolset to enable them to deploy their wireless network correctly the first time. WMS comes bundled with Summit
WMScanner, a tool used for network device deployment, building formatting and site surveys. WMS and Summit
WMScanner provide a highly integrated toolset for network design, management and survey.
Summit WMScanner allows you to import building floorplans and measure performance using its site survey capabilities.
Summit WMScanner enables WMS to define new coverage areas, generate updated floor plans and display device
locations, as well as allows layout and measurement of wireless LANs.
The WLAN design process begins by modeling your deployment environment with Summit WMScanner. This can
be achieved by manually defining the building layout or by importing existing building information from a variety of
sources. Import formats include CAD files, scanned images, and digital pictures. Summit WMScanner is designed to

Wireless Solutions

provide advanced network modeling and verification utilities that allow a user to visually display network coverage
and performance within a site-specific map of their deployment environment. Customers can create designs separately
using a RF simulation tool like Motorolas LANPlanner. The LANPlanner design can be imported into WMS and then
validated in an actual deployment situation with Summit WMScanner.
A network view map is automatically generated by WMS based on the devices found with the WMS network discovery
process. The network view shows the logical connection of the devices. An RF view defines how devices and coverage
area maps display. Additionally, RF view shows wireless clients in a site map with respect to their associated device
radios.
WMS does a compliance check on saved configurations for wireless network devices. It checks the running configuration of a device (e.g. a controller) against the saved configuration in WMS and alerts the network administrator to
any differences. The network administrators can accept or reject the changes and use the configuration template to
change the configuration of the device.

Management Simplicity
WMS provides several dashboard level views on the health
of the network. Network administrators can select global
(multi-site) level, site level and device level dashboards. In
addition one can select a dashboard view of a particular
SSID. Dashboard views provide a quick graphical view of
the network health status and allow timely decisions to
be made to ensure continued wireless service.
Alarms and events are graphically displayed by both
severity and category. Severity and category information
can be displayed in pie chart, column chart and grid
formats. Move the cursor over the graphic to display
alarms and events based on percentage of total (pie
chart) or number out of total (column chart). This is an
enhancement over previous releases, as administrators
can now visually assess the severity of alarms and events
with respect to the total number of other existing events
of both greater or lesser severity. Network administrators
can refine how alarms and events are filtered for display
and manipulation. Alarms and events can be filtered
(displayed) daily, over the last three days, over the last
seven days. This helps refine how data is trended with
respect to any or all events or alarms. The network
administrators can be notified by email when a new
event or alarm is generated. In addition, an SNMP trap
is generated.
In RF view, wireless coverage (heat) maps can be
displayed by RSSI (Received Signal Strength Indicator)
value and by frequency channels used. The 20MHz and
40MHz channels can be displayed for 802.11n operation.
In addition, the particular type of radio (2.4/5GHz) can be
displayed as well as walls and the type of walls in the site
and RF views.
A network administrator can initiate diagnostics on
a controller, access point or client device. Parameters
include SSID details, number of clients associated to a
SSID or AP, SNR (Signal to Noise Ratio), RF utilisation
of an AP radio, and bit rates. These comprehensive
diagnostic tools enable the network administrators to
quickly troubleshoot the problems and restore service.

The data collected by WMS can be reported in rawdata and graphical formats. The data collected within a
WMS report is periodically polled by the MIB structures
supporting WMS device monitoring and data collection
activities.

Comprehensive Security
WIPS (Wireless Intrusion Protection Software) helps
protect your wireless network, mobile devices and traffic
from attacks and unauthorised access. WIPS provides
tools for standards compliance and around-the-clock
802.11a/b/g wireless network security in a distributed
environment. WMS permits the optional deployment of
the Motorola AirDefense WIPS as an application launched
from within WMS. WIPS is not bundled with WMS. It is
separately installed and launched as an independently
licensed application within the WMS interface.
WMS has the ability to launch Motorola AirDefense WIPS
and receive SNMP traps generated by the WIPS server.
Therefore a WMS maintained site can be secured by
the device detection capabilities resident to the WIPS
application. WMS also has the ability to define and
deploy sensors used by WIPS as detecting radios to locate
the position of a potentially hostile device or devices with
excessive association/ authentication requests. WMS can
launch the AirDefense WIPS server from its console.
For the highest level of security, WMS supports SNMP
v3 protocol. WMS has the ability to associate a user
to a particular site. In such cases, its possible a user
has access to a particular site and some devices at the
site. For example, the user can access APs but not the
controllers at that site.

Service Extensibility
WMS provides the ability to discover and manage 3rd
party infrastructure devices both wired and wireless.
These include FAT APs. Multi-vendor management
includes discovery of 3rd party devices, asset management
and status. WMS has the ability to process MIB-II traps
from 3rd party infrastructure devices.

Wireless Solutions

Security Solutions

Extreme Networks Security Series


Introducing the Sentriant Security series from Extreme Networks
Most organisations have experienced breaches in their network security whether this has been from
internal or external access. With an increasing number of devices connecting to the network, it is
important that organisations only allow access to valid endpoints. Once endpoints have been validated
then it is also important that there is ongoing monitoring of the applications in use.
If an application is in use by a device that isnt part of the corporate policy, then these devices should be quarantined
until alternative action has been taken. Real time monitoring of network traffic is essential to ensure that on detection
of what could be a malicious attack, immediate preventative measures can be taken to limit any disruption to the
network.

Real Time Threat Detection


The Sentriant NG300 platform is constantly sampling
network traffic and by looking for anomalies in
traffic patterns, it is able to identify potential
threats to the network and protect
against them. Examples of typical
threats could be viruses or worms
such as Sasser and Blaster or
Denial of Service (DoS) attacks such
as Ping Flood or IP Spoofing. It is
these types of threats that target network critical applications such as voice; that organisations depend upon so much
and without them, would be crippled.

Network Authentication

Flexibility

The Sentriant AG200 solution enables endpoint integrity


testing to ensure that devices attempting to access the
network are compliant with the organisations policy.
Devices that dont meet the pre-determined security
levels can be quarantined with limited network access
until the device meets the required security level.

All of the Sentriant series products are capable of


integrating into any network environment. There is no
dependency on specific types of device, levels of software
or type of hardware that is supporting the network. This
allows organisations to introduce enterprise class security
into their network but without any costly upgrades or
changes to support it.

Hardware Options
Both the Sentriant AG200 and Sentriant NG300 are
available in the form of hardware appliances. The
Sentriant AG200 can be purchased in a software only
option allowing for flexibility and choice of preferred
platform.

Increased Productivity
Many organisations arent aware of the many diverse
applications that employees often have running on their
computers. Peer to Peer (P2P) file sharing applications
such as BitTorrent are commonly being used on the
corporate network. Not only can these applications
actively introduce network threats but also reduce
employee productivity

High Performance
A single appliance is capable of monitoring multiple
10Gbps connections. As organisations scale their
networks, the Extreme Networks Sentriant solution will
scale at the same time minimising the level of investment
required to maintain a secure network.

Security Solutions

Enterprise-Class Management and


Administration
Operational complexity is reduced through use of a
centralised, web-based management interface that
allows for multi-user, role-based administrative access.
In addition to this, the ability to produce both standard
and custom reports assists organisations in getting the
maximum value from their network security solution.

Intelligent Policy Enforcement


CLEAR-Flow Security Rules Engine is a feature within
ExtremeXOS that monitors and inspects network traffic
in real time. Upon detection of potential network threats,
traffic can be mirrored to the Sentriant NG300 that can
invoke policies to automatically protect the network.
This feature available on both the BlackDiamond* and
Summit** series products, simplifies day to day network
operations as well as reducing the total cost of ownership
of an intelligent network infrastructure.

Network Protection
Access Control Lists (ACLs) are implemented based upon
CLEAR-Flow reporting metrics that are sent to the switch
in order to isolate malicious traffic streams. If the switch
detects an unusually large number of packets in the CPU
input queue, it will assemble ACLs that automatically
stop these packets from reaching the CPU. After a
period of time, these ACLs are removed, and reinstalled
if the attack continues.

Enterprise Voice Delivery

2
BlackDiamond

When deploying an IP Telephony infrastructure,


organisations can easily overlook the impact of security
attacks on their IP Telephony platform. Specific attacks
on voice networks such as call hijacking and Denial of
Service (DoS) can result in significant lost revenue as the
availability of dial tone is limited.

**Summit X450a series, *BlackDiamond 8800c series


and BlackDiamond 12800 series switches.

Automated Attack Mitigation in


Integrated Deployment Mode
1. An infected source enters the network
2. ExtremeXOS static ACLs and CLEAR-Flow rules
lter out DoS attacks, determine trafc class as
suspicious.
3. Selectively port-mirror trafc to Sentriant NG300 for
further analysis.
4. Sentriant NG300 continues to watch suspicious
trafc and uses its internal rules to escalate trafcclass from suspicious to high level alert.
5. Sentriant NG300 initiates a dynamic ACL on the
ExtremeXOS switch. The switch applies the dynamic
ACL in real-time and continues to port mirror
suspicious trafc.

Sentriant

Security Solutions

The Sentriant family of security products provides organisations with cost-effective, easy-to-deploy
solutions to todays tough network security challenges. These high-performance, highly scalable
appliances make it easy to verify that devices connecting to the network are in compliance with security
policies established by the IT department and mitigate rapidly propagating network threats in
seconds.
Working in combination with other Extreme Networks products, the Sentriant family provides a variety of capabilities
for detecting security policy violations and enforcing policy. Leveraging the capabilities within the network elements
allow our security products to scale with your infrastructure and reduce the number of appliances that you need
to achieve the required level of security. The reduction in the number of appliances improves the availability of the
network and reduces the total cost of ownership.

Sentriant NG300
Ideal for detecting and mitigating rapidly propagating security threats from inside the network.

Defends against security threats without interfering with network traffic.


Unique behavioral defense mechanism complements traditional signature-based IPS systems.
Integration with Extreme Networks switches for network-wide coverage.
Standalone mode for broad network compatibility.

Sentriant AG200
Ideal for endpoint compliance testing and Network Access Control.

Flexible deployment options (802.1X, DHCP, in-line) for broad infrastructure compatibility.
Fast, pre-connect testing of required security software and settings (PC and MAC).
Quarantines and facilitates remediation of non-compliant endpoints .
Enterprise-class endpoint testing scale, management and administration.

Security Solutions

Extreme Networks believe that the data infrastructure itself should play a key role in the network
security architecture. As all malicious traffic must pass over the network a dedicated appliance provides
the most effective threat detection and mitigation tool for interior LANs.

Sentriant NG300 Threat Management


Sentriant NG300 uses behaviour-based threat detection methods (no signatures to update) to detect threats. It also
includes a sophisticated early warning system that employs unused IP space to identify threats. The use of behaviourbased threat detection technology means Day-Zero threats for which signatures are unavailable can be detected very
quickly before they propagate and create a mitigation nightmare.
Unlike other internal LAN security systems, Sentriant NG300 is not an in-line device, creates no performance impact to
networks, and cannot jeopardise network availability all of which are especially critical while your network is under
attack.

Sentriant NG300 is the best choice for converged network security because it:
Defends against threats without interfering with network traffic.
Delivers fast detection with a network of virtual decoys creating an early warning system that fires an alert
when a virtual target is contacted.
Isolates attackers and prevents them from communicating with the remainder of the network, allowing
mission-critical data to continue to flow normally.

Security Solutions

Sentriant NG300 Complements existing perimeter security such as rewalls and host-based security solutions?
It also operates effectively with all vendor switches but delivers greatest benets when integrated with
ExtremeXOS enabled switches

What is Sentriant NG300?


Sentriant NG300 is commonly deployed on a
mirror port on a switch, much like a network
sniffer. However, unlike sniffers, Sentriant
NG300 can actively engage, deter and terminate
malicious behaviour. This deployment model
gives system administrators strong security
control over the internal network without the
latency or single point of failure risks associated
with inline devices.

What type of attack can you protect


against?
A number of different attacks can be mitigated by
Sentriant NG300. The most common is a Denial
of service (DOS) attack. These are software based
programs that create large volumes of unnecessary
traffic on a data network. The effect of this can be a
little as slight degradation in network performance to
complete overloading of network resources.
The presence of password sniffers and propagating
viruses can also be detected. It can also stop an
innocent network being used as the launching point
for an attack against a 3rd party.

Whether they know it or not, most organisations have experienced the pain and financial impact of network
compromises due to insecure endpoint devices connecting from within their own network. Preventing these security
incidents requires more than shutting off ports or limiting physical access within a building. Effective access control
requires a pro-active approach to ensuring that all endpoint devices are properly secured and free of threats before
they are granted access to internal network resources.

Sentriant AG200 Network Access Control (NAC) Platform


Sentriant AG200 meets this need by providing a complete Network Access Control (NAC) platform that works with
a variety of network infrastructures, across all access types (wired, wireless, VPN), and with a wide range of endpoint
devices. Sentriant AG200 automatically tests each endpoint and verifies that its security level meets the organisations
security requirements before allowing access to the network. A non-compliant device can be placed in quarantine with
restricted access until it can be repaired through several remediation options before being granted full access.

Security Solutions

Sentriant NG200

Sentriant AG200 protects the network by only allowing access for endpoint
devices that are free from threats and meet IT security policies.
Features

Target Applications

Advanced endpoint integrity testing - Sentriant


AG200 tests each endpoint as it connects to the
network to verify that it meets the organisations
security policy before allowing access.
Flexible deployment options - Sentriant AG200
supports several enforcement schemes for easy
integration with any network infrastructure
without costly network upgrades.
Enterprise-class management and administration
- Sentriant AG200 combines centralised system
management
with
multi-user,
role-based
administration to minimise operational complexity
for even the largest networks.

Preventing the introduction of malware or


use of high risk software in the network.
Protecting the LAN from remote or
foreign devices that are not controlled by
the organisation.
Security
initiatives
for
regulatory
compliance.

Most IT organisations have experienced the pain and financial impact of network compromises
originated via endpoint devices. The increasing number and types of attacks launched from endpoint
devices can no longer be ignored, and organisations must shift and expand their protection. While
traditional endpoint security measures are important, they are not sufficient to protect the network
from attack. End users often knowingly or unknowingly disable security applications (such as anti-virus
software or personal firewalls), neglect to install up-to-date security patches, improperly configure
security settings, install restricted software (peer-to-peer, file sharing or instant messaging) or are
subject to spyware contamination. All of these issues have historically been beyond the control of IT
administrators.
Sentriant AG200 is the next generation in endpoint security appliances that lets administrators regain control by
verifying that endpoint devices meet security policy requirements and do not introduce worms, Trojans or spyware
into an organisations network. Sentriant AG200 automatically tests the health of each device, both managed and
unmanaged, to verify it meets the organisations security requirements before allowing access to the network. This
proactive approach to managing network access greatly reduces the risk posed by non-compliant or infected devices,
without the cost or overhead of manual approaches.

Advanced Endpoint Integrity Testing


Using Sentriant AG200, administrators create access
policies that define the minimum required security level
for endpoint devices. These policies consist of one or
more integrity checks to assess whether key operating
system hotfixes and patches have been installed, verify
that anti-virus and other security applications are present
and up-to-date, and detect the presence of other
malware or other potentially dangerous applications such
as peer-to-peer file sharing. Sentriant AG200 ships with

a wide selection of in-the-box tests that are continuously


updated as new threats emerge, and offers the ability
for administrators to create custom tests required in their
environment.
When a device connects to the network, Sentriant
AG200 quickly tests the device to determine its security
level and quarantines devices that are not compliant. A
non-compliant endpoint can be automatically remediated
through integration with leading patch management
systems or via end user self-remediation. Once repaired,

Security Solutions

devices are allowed access to the network (see Figure 1)


where they will be periodically re-tested to verify ongoing
policy compliance.
Sentriant AG200 supports both Microsoft Windows and
Mac OS X endpoint devices and provides three options
for assessing endpoint integrity:
1.

Agent-less - No client-side agent required on


endpoint

2.

ActiveX Plug-in - Tests endpoint through web


browser

3.

Sentriant AG Agent - Tests endpoint through


installed client

All three support the same depth of testing providing a


consistent level of security protection regardless of the
option selected.

Flexible Deployment Options


Unlike solutions that only function in specific network
environments and architectures, Sentriant AG200 works
with any IP infrastructure. Sentriant AG200 provides
multiple enforcement options such as:
802.1X Enforcement
DHCP Enforcement
Inline Enforcement
for quarantining endpoints, ensuring all network entry
points (LAN, WLAN, VPN) are properly guarded without
requiring expensive upgrades or changes.
A single Sentriant AG200 appliance can be used to
test up to 1,500 endpoints and multiple appliances
(Management and Enforcement Servers) can be used to
cover large, multi-site environments consisting of tens
of thousands of devices. Sentriant AG200 Enforcement
Servers can also be grouped in clusters for high availability
and load balancing.

Security Solutions

Enterprise-class Management and


Administration
Even in a multi-appliance deployment, all management
functions are consolidated within a centralised webbased console making the system easy to operate.
Multi-user, role-based access to the management
console allows shared administrative use among multiple
groups in accordance with staff responsibilities. For
example, IT Help Desk users can access information on
why a particular endpoint device has been quarantined
but cannot change any configuration or policy settings.
Out-of-the-box Sentriant AG200 is pre-configured with
the following administrative roles:

System Administrator
Cluster Administrator
Help Desk Technician
View-Only User

Additional administrative roles may be created based on


fine-grained permissions or based on an administrators
need to manage only a certain set of servers or
endpoints.
The robust reporting capabilities of Sentriant AG200
allow you to meet the needs of auditors, managers and IT
staff. Reports provide concise security status information
on device compliance and access activity. For advanced
management needs, Sentriant AG200 provides a rich set
of APIs for integration with third-party IT systems.

Sentriant NG300

Sentriant NG300 protects your network


from rapidly propagating Day-Zero threats.

Features

Target Applications

Defends against threats without interfering with


network traffic or lowering network availability
Delivers fast detection with a network of virtual
decoys creating an early warning system that
fires an alert when a virtual target is contacted
Protects IP Telephony devices from targeted
attacks
Isolates attackers and prevents them from
communicating with the remainder of the
network, allowing mission-critical data to
continue to flow normally

Protection against viruses and worms such as


Welchia, Slammer, Blaster and MyDoom
Protection against Multi-Vector worms,
Polymorphic viruses, blended attacks and DayZero threats
Protection against Denial of Service (DoS)
attacks such as smurf, ping of death, ping
sweep, ping flood, port sweep, TCP Flood (Syn,
Syn-Ack, Ack, Fin, Xmas, Rst), and distributed
DoS
Protection for IP Telephony devices from
targeted attacks

Sentriant NG300 is a security appliance that secures the network interior against rapidly propagating
threats, such as virus or worm storms. Designed to protect the network from old and new virus or worm
attacks, Sentriant NG300 can reduce threat mitigation time down to seconds. Sentriant NG300 uses
behavior-based threat detection methods (no signatures, no traffic sampling as in sFlow) to detect
threats - including new threats for which no signatures exist at the time of attack. It also includes a
sophisticated early warning system that employs unused IP space to identify threats. This appliance is
designed to complement existing perimeter and endpoint security solutions.
Sentriant NG300 incorporates a unique threat termination technology called Cloaking. Cloaking is an aggressive,
protocol independent, automated threat termination capability that does not use software desktop agents, TCP resets,
or switch-dependent VLAN shunting to compartmentalise an infected endpoint. When used in conjunction with
Extreme Networks switches, Sentriant NG300 offers unparalleled multi-gigabit security across all enterprise endpoints.
Unlike other internal LAN security systems, Sentriant NG300 is not an inline device, which means that it creates no
performance impact to networks, and cannot jeopardise network availability.

Security Solutions

Detect Threats Early

Protect Your Network

On a typical network that uses private IP address space,


as much as 80% of IP address space is unassigned.
Sentriant NG300 uses this asset to identify threats by
creating a network of virtual decoys that populates all
or part of the unused IP address space in a broadcast
domain.

Sentriant NG300 continuously monitors all endpoints


on your network and protects the network from the
following types of threats:

Since most worms must conduct reconnaissance to


spread, there is a high probability that worm activity will
hit the virtual decoys in the unused IP address space.
Therefore, administrators have a much better chance of
being alerted of malicious activity quickly, giving them
more time to respond.

Slow Down Attacks


Sentriant NG300 actively engages an attacker during the
network reconnaissance phase that generally precedes a
threat and dramatically slows the scanning process. This
gives network administrators time to understand and
thwart the attack. During this time, Sentriant NG300 will
continue to provide false data to the scanning device,
slowing or even stopping the attack.
Sentriant NG300 also deceives fingerprinting malware
designed to provide precise data about operating
systems and application versions present on a network
by giving false data about the network topology, making
it difficult for it to attack effectively.

Mitigate Threats Precisely


Sentriant NG300 can logically insert itself in between
one or more attackers and one or more target devices
by redirecting communication streams from attackers
to itself. Sentriant NG300 can then selectively pass
or silently drop packets based on the threat potential,
thereby isolating infected computers while permitting
all other communication to flow normally on a network.
This process occurs at both Layer 2 and Layer 3 of the
OSI reference model. This represents a departure from
previous network security systems by combining the best
characteristics of an inline protection technology with the
performance and reliability benefits of a passive device.

Security Solutions

Viruses/Worms: Zotob, Sasser, Welchia, SQL


Slammer, Blaster MyDoom and others
DoS: IP spoofing, MAC spoofing, smurf, ping of
death, ping sweep, ping flood, port sweep, SYN
flood, TCP Xmas, Syn/Fin, Null, All Flags
Day-Zero, Multi-Vector, blended attacks,
polymorphic viruses
Targeted attacks on IP Telephony devices

Voice Class Availability


Sentriant NG300 is commonly deployed on a mirror port
on a switch, much like a network sniffer. However, unlike
sniffers, Sentriant NG300 can actively engage, deter and
terminate malicious behavior. This deployment model
gives system administrators strong security control over
the internal network without the latency or single point
of failure risks associated with inline devices.

Deployment Modes
Sentriant NG300 is designed to operate seamlessly with
perimeter and endpoint security products in a stand-alone
deployment mode; however, Sentriant NG300 offers the
greatest benefits operating in an integrated deployment
mode (see Figure 1). Sentriant NG300 provides a unique
and differentiated set of features in the standalone and
integrated deployment modes (see Figure 2).

Automated Attack Mitigation :


1. An infected source enters the network.
2. ExtremeXOS static ACLs and CLEAR-Flow rules filter out DoS
attacks, determine traffic class as suspicious.
3. Selectively port-mirror traffic to Sentriant for further analysis.
4. Sentriant continues to watch suspicious traffic and uses its
internal rules to escalate traffic-class from suspicious to high
level alert.
5. Sentriant initiates a dynamic ACL on the ExtremeXOS switch.
The Switch applies the dynamic ACL in real-time and continues
to port mirror suspicious traffic. Sentriant also sends the
mitigation action to Extreme Networks EPICenter network
management software.

1
2
BlackDiamond

EPICenter works with core and edge switches to enforce the


security policy (mitigation action).

Sentriant

Comparison of Integrated and Standalone Deployment Modes


Integrated Deployment

Standalone Deployment

Sentriant works with Extreme Networks Switches running


Extreme XOS, CLEAR-Flow and the XML-API for dynamic switch
assisted mitigation.

Sentriant works with all switches from all vendors in broadcast


only and fully mirrored modes.

Sentriant can dynamically refine filtering criteria using dynamic


ACLs to the core switch.

Sentriant filtering criteria are not coupled with the switch ACLs.

Detection and mitigation across a single mirrored port at miltugigabit line rates using CLEAR-Flow Security Rules-Engine.

Detection and mitigation across a single mirrored port at 1Gbps.

Security Solutions

Network
Management

EPICenter Network management


EPICenter management suite from Extreme Networks is a scalable full-featured network management
platform capable of establishing and maintaining networks that are undergoing rapid change. It
establishes a new benchmark for accommodating converged applications by offering intuitive user
interfaces and by reducing the complexity of managing converged networking environments.
EPICenter integration with Avaya Integrated Management (AIM) software helps users to launch AIM console and
Avaya Device Manager from within EPICenter.

Key features

Topology view with alarm integration, intelligent alarm systems


Dynamic reporting and comprehensive network summary reports
Firmware, configuration and ExtremeXOS CLI script management
Telnet macros for easier and quicker configuration across multiple devices concurrently
SNMPv3, SSH-2 and HTTPS and LLDP protocol support
EAPS Monitoring and Configuration Checker Applet
IP/MAC address finder
Voice integration with Avaya platform and management systems, Wireless discovery and management
Policy Manager and Quality of Service (QoS) policies
Universal Port Manager for easy deployment of ExtremeXOS Universal Port profiles
Dynamic Client Install via Java Web Start auto update of client when new client is available on the server
provides ease of installation of EPICenter clients

Network Management

Network Management

Ridgeline Service Advisor


Extreme Networks Ridgeline Service Advisor is powerful service management software that enables
carriers to monetise their networks by shifting from reactive circuit monitoring to proactive service
management. Ridgeline Service Advisor unifies service fulfilment, service assurance, and service
engineering so carriers can effectively manage next-generation residential triple play, business Ethernet,
wholesale Ethernet and mobile backhaul services.

Network Automation Scripts


The Ridgeline Script feature is a powerful scripting
capability that allows the user to automate provisioning
of network devices and services. It provides a
comprehensive set of programming control structures
that allows the user to create complex provisioning
workflows. The Ridgeline administrator can assign access
levels to control who is allowed to run and modify a
script. To use a script, the user simply selects the desired
script from the menu, enters the required parameters,
and selects the list of devices to which the script applies.
Configuration changes are recorded in an audit log.

Key Features
Flexible and intuitive user interface for ease of
use
Detailed topology view with alarm integration
to provide network health at a glance
Inventory, firmware/software and configuration
manager to manage devices and software
Customisable alarm system to enable
operators to view problems and troubleshoot
the network

Scheduler
The Job/Task Scheduler can execute Ridgeline functions
on specified devices at specified times. Ridgeline scripts
can now be configured as script tasks which can run
automatically at designated times.

EAPS Monitoring and


Configuration Checker
Ridgeline enables the deployment of highly available-ring
based architecture using Ethernet Automatic Protection

Network Management

Switching (EAPS) to support complex and demanding


applications. Ridgeline provides provisioning tools for
designing carrier-class network resiliency and availability
for service providers and enterprise networks. Ridgeline
meets the goals of operational simplicity and reliability
by providing a flexible, intuitive, and point-and-click
provisioning interface for network operators to easily
create VLANs and resiliency domains.
Ridgeline helps monitor EAPS rings graphically.

Network Service
Topology Visualisation
As network configuration becomes more complex, the
ability to visualise, monitor, and troubleshoot network
services end-to-end is critical. Network services like VLAN,
VLAN services, and vMAN can be viewed end-to-end
via Ridgeline. For example, if a user selects a particular
VLAN, the corresponding network devices and links are
highlighted on the topology map. Alarm conditions like
link failures can also be viewed at a network service
level. Devices and links will dynamically change in color
based on alarm condition. For network services like VLAN
translation, Ridgeline provides the user an end-to-end
view including the VLAN translations for the intermediary
devices. Knowing how a VLAN is being translated, and
the physical ports its connected to, allows the user to
trace and troubleshoot connectivity issues.
Simplified Provisioning
Powerful visualisation capabilities in Ridgeline provide
detailed graphical representations of the network coupled
with point-and-click provisioning that greatly reduces
the likelihood of human error. A user-friendly interface
allows the operator to select and provision network-wide
VLANs with greater ease. Whether a new department or
group needs to be integrated into the network, or existing
networks need to be managed, Ridgeline allows VLANs to
be created using the appropriate network elements and
link segments.

Universal Port Manager


The Universal Port Manager feature for ExtremeXOS
based switches simplifies network deployment of VoIP
and dynamic security policies.
The Universal Port Manager feature in Ridgeline
helps define and distribute Universal Port profiles for
ExtremeXOS based switches. The auto discovery feature
in Universal Port Manager helps in centralised monitoring
and management of network-wide profiles. It allows
network managers to audit currently deployed profiles
on port(s) and see how the deployed versions differ from
the ones maintained in Ridgeline. It makes it easier for
users to configure a triggering mechanism for a profile,
based on a timer or predefined events. It allows users
to deploy the profile to more than one port at the same
time, making it an effective time saver. Universal Port
Manager in Ridgeline makes it easy for users to start
rolling out this powerful Plug-and-Play capability with
prepackaged template profiles.

Identity Awareness
Ridgeline provides centralised reporting of network
users and devices, or identities that are connected to
the network. With Ridgeline, network managers can
gather user and device information from ExtremeXOS
based switches with Identity Management enabled, then
aggregate and analyze the data. For example, Ridgeline

provides network-wide visualisation and mapping of user


identity, computer host name, IP address, MAC address,
VLAN, and switch port location to help track and monitor
users and end points. The identity monitoring feature
provides the following:
Ability to collect and monitor identities across the
network
Archival of identity information which can be retrieved
easily at any time
Detailed reports which can aid in preparing information
required for compliance and internal audits
Network-wide identity information helps in addressing
key business requirements such as:
Reducing IT support costs in enterprises:
Shortening the time required to troubleshoot
and locate the users or devices in the network,
determine the authentication method used and
status of authentication and determine authorisations
(such as VLAN memberships) can reduce the
time required for support personnel to troubleshoot
problems reported by users.
Reducing compliance and audit costs: Detailed
reports which include user logon and logoff times,
status of authentication, and authorisations provided
to access network and IT resources can aid in internal
audits, and help in data collection for compliance
audits. Information collected from the network is
archived so that it can be retrieved at any point in
time.

Extensible Network and


Service Management
Ridgeline InSite Software
Development Kit (SDK)
Secure North Bound Interface (NBI)
Simple Object Access Protocol (SOAP) based message
envelope layer
Web Services Definition Language (WSDL) based API
layer and XML based data/information representation
New and enhanced APIs with every software release
Ridgeline InSite is a software development kit (SDK)
that extends the capabilities of Ridgeline through a set
of comprehensive application programming interfaces
(APIs). These interfaces are used by third-party, partner,
and OSS/BSS applications to retrieve information network
wide.
The APIs enable reliable and secure external applicationto-management communication. They provide a
mechanism to communicate with Ridgeline using XML
messages. The standards-based SOAP/XML architecture
of Ridgeline InSite makes it easier to integrate the
network infrastructure with high-level application and
business software. The network-wide information
retrieved using the APIs lets network administrators
create Service Oriented Architecture (SOA) solutions that
bridge the gap between applications and business logic.

Network Management

Snapshot Guides
5 Minute Green Guide
Summit Series X150 & X250e Switches
Summit X450 Series Switches
Summit X650 Series Switches
Sentriant Security Series

5 Minute Green Guide


Go Green!
With increased demands being placed on organisations to upgrade, enhance and expand their current
data infrastructure, total cost of ownership is a key factor in the decision making process. The number
of active Power over Ethernet (PoE) devices requiring network connectivity is increasing all the time. This
may be due to a new or expanding IPT infrastructure or even mobility solutions increasing the number
of Wireless LAN (WLAN) access points. Additionally, the requirement for a converged infrastructure
could result in the current network being incapable of delivering and supporting the necessary
performance. Organisations are conducting complete assessments of their existing infrastructure and
understanding green options and benefits before making a capital investment in new hardware.

Data Centre Consolidation


With server virtualisation now taking place in the data centre, it is imperative that the network infrastructure is
capable of supporting the high performance requirements but without incurring the operating cost of the legacy
infrastructure. Extreme Networks switches can not only support this in a reduced, cost effective form factor reducing
capital investment, but also in lower power requirements and lower demands on cooling, lowering operating
expenses.

Typical Power Consumption

Lowering Operating Expenses


Assume workers hours are Monday
Friday, 9am 5pm and desk phones are
powered 24x7.

Using Universal Port: power down at 5:00pm


each evening, restart at 9:00am the next
morning and phones remain powered off on
Saturdays and Sundays
(On/Off Times can be set to your preferences)
Power Savings
Immediate 75% electricity savings on PoE

Cost of Electricity ()

Identify non-critical desk phones

Using Extreme
Networks Power
Saving Technology

Green Effect
Lower power consumption and CO2 footprint

Updated Technology
Identify old
switching and wireless
hardware in the
organisation that is
consuming excessive
power...

Snapshot Guides

Replace with newer,


better performing
products that operate at a
fraction of the cost of the
legacy hardware.

Intelligent Power Management

Are you currently


operating or about to
deploy PoE in the
network for a converged
solution?

Power down noncritical devices outside of


operating times, reducing
operating expenses, while
reducing your CO2
footprint.

Move to a 2-tier design

Do you need to
have as many switches
in the network to
deliver the required
level of port density
and performance to
serve the number of
active devices?

Extreme Networks
could reduce your
network from a 3-tier to
a 2-tier design, reducing
the number of switches
and power usage
simultaneously.

Reduced Cooling

Approximately
every 1 of power used
in a typical network
infrastructure requires
2 of cooling to
maintain correct
operating
temperature...

Extreme Networks
technology allows the
switches to operate at
maximum capacity whilst
demanding less cooling
than that of competitive
and older products.

Snapshot Guides

BlackDiamond Switching Series


Solving tough network connectivity challenges
Products from Extreme Networks scale to solve tough voice and security challenges with high
availability, crystal clarity, and integrated security features. The products provide a powerful portfolio
to support everything from basic connectivity to advanced, high-speed services for demanding desktop
applications.

Key Features

Key Benefits
Modular Operating System:

Modular Operating System:


Robust operating system

Application availability is achieved with a modular operating system.


System uptime is enhanced by being able to restart and upgrade discrete
software modules providing non-stop operation.

Network Security:
Network Security:
Secure application access as well as device
access to the network

Business continuity relies heavily upon network availability and the


elimination of rogue devices and malicious code. CLEARFlow technology
integrated in Extreme Networks switches eliminates network threats,
preventing security breaches ensuring network and application availability.

Universal Port:

Universal Port:
Auto provisioning of converged networks
reducing deployment time

Simplified Management:
Switch configuration and administration

Reduce cost of ownership and be green with intelligent power


management enabling specific ports to be powered up and powered down
based on time of day schedules.
Increase productivity and deploy a voice network quickly by
auto provisioning specific Quality of Service and VLAN features for IP
Telephones.
Control OpEx by reducing power consumption and cooling costs.
BlackDiamond modules only require low power to operate. In addition
to powering down ports not required to supply power over ethernet,
consumption can be reduced by a further 30% when modules are in
hibernation mode.
Simplified Management:
Save time with a configuration and command set that is consistent across
all products, training is kept to a minimum, reducing the time to take out
highly skilled IT staff.
Scalable Architecture:

Scalable Architecture:
Simplify network design and deliver a high
performance, flexible network

Business continuity is managed through the modular design and


operating system of the BlackDiamond series. With n+1 redundancy and
the ability to hot swap modules network uptime is maximised.
Future proof investment with support for high density 10G technology,
the ability to design a high speed network core aids application and device
expansion.
Reduce Complexity and Costs:

Reduce Complexity & Costs:


Allow for network expansion and
virtualised applications with a cost effective
approach

Snapshot Guides

Reduce complexity and costs of deploying applications into virtualised


datacentre environments. Migration and expansion to a datacentre topology
is supported easily through a high performance modular platform.
Cost reduction in a datacentre is achieved through low power
consumption hardware and modules, intelligent power management and
reduced cooling requirements.

Key Features

Key Benefits
CLI Scripting:

CLI Scripting:

Increase efficiency with the CLI Scripting feature that allows the IT
administrator to deploy a common policy or configuration across multiple
switches automatically. This increases efficiency and reduces any possible
configuration errors.

Scripting tool for wide scale feature


deployment increasing efficiency

Ethernet Automatic
Switching (EAPS):
Network
resiliency
survivability

Max Auto-Negotiating
10/100/1000 BASE-T
Max 1 Gigabit
Ethernet Ports (SFP)
Max 10 Gigabit
Ethernet Ports

Protection
protocol

Ethernet Automatic Protection Switching (EAPS):


Business continuity is achieved using EAPS - introducing sub 50
millisecond failover in the network. In the event of link or hardware failure,
real time traffic is rerouted without loss or integrity.

for

20808

10808

12804R

12802R

12804C

8810

8806

480

80

40

80

864

480

320

480

80

40

80

440

248

64

48

216

120

Chassis/14.5RU

Chassis/22R

Chassis/10RU

Chassis/3RU

Chassis/10RU

Chassis/14RU

Chassis/10RU

2 Tbps

1.28 Tbps

160 Gbps

80 Gbps

160 Gbps

1.45 Tbps

816 Gbps

Programmable ASICS

Yes

Yes

Yes

Yes

Yes

No

No

Redundant Power

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Power over Ethernet


(802.3af)

No

No

No

No

No

Yes

Yes

Form Factor
Total Switching
Capacity

Wire-Speed Layer 2/
Layer 3 Switching

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Routing - IPv4

BGP4, IS-IS,
OSPF, RIP v1/v2,
PIM, MSDP

BGP4, IS-IS,
OSPF, RIP v1/v2,
PIM, MSDP

BGP4, IS-IS,
OSPF, RIP v1/v2,
PIM, MSDP

BGP4, IS-IS,
OSPF, RIP v1/v2,
PIM, MSDP

BGP4, IS-IS,
OSPF, RIP v1/v2,
PIM, MSDP

BGP4, IS-IS,
OSPF, RIP v1/v2,
PIM, MSDP

BGP4, IS-IS,
OSPF, RIP v1/v2,
PIM, MSDP

Routing - IPv6

RIPng,
OSPFv3, IS-IS

RIPng,
OSPFv3, IS-IS

RIPng,
OSPFv3, IS-IS

RIPng,
OSPFv3, IS-IS

RIPng,
OSPFv3, IS-IS

RIPng,
OSPFv3, IS-IS

RIPng,
OSPFv3, IS-IS

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes / Three Tier

Yes

Yes / Three Tier

Yes / Three Tier

Yes

Yes

Yes

Policy-Based
Routing/Switching
Policy-Based Quality of
Service (QoS)
Network Login

Yes

Yes

Yes

Yes

Yes

Yes

Access Control Lists

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Universal Port

Yes

Yes

Yes

Yes

Yes

Yes

Yes

CLI Scripting

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Widgets

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Layer 3 Virtual
Switching

Yes

Yes

Yes

Yes

Yes

No

No

vMANs (802.1ad)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

MAC-in-MAC (802.1ah)

Yes

Yes

Yes

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Yes (c series)

Yes (c series)

sFlow

Yes

Yes

Yes

Yes

Yes

Yes

EAPS

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Adv Spanning Tree


(802.1w, 802.1s, PVST+)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

CLEAR-Flow

Link Aggregation

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Switch Management
Capabilities

SNMP, XML,
Web, CLI, 4
RMON groups

SNMP, XML,
Web, CLI, 4
RMON groups

SNMP, XML,
Web, CLI, 4
RMON groups

SNMP, XML,
Web, CLI, 4
RMON groups

SNMP, XML,
Web, CLI, 4
RMON groups

SNMP, XML,
Web, CLI, 4
RMON groups

SNMP, XML,
Web, CLI, 4
RMON groups

License - Upgrades

MPLS, H-QoS

MPLS, H-QoS

MPLS, H-QoS

MPLS

Core

Core

Core

Core

Core

Core

Core

Advanced
Edge

Advanced
Edge

License - Default

Snapshot Guides

Summit Switching Series


Solving tough network connectivity challenges
The Summit switch series provides high availability and performance with its advanced traffic
management capabilities to support large scale rollouts of converged networks that support
devices such as IP telephones, wireless Access Points that require power from a LAN connection
as well as other computing devices such as desktop and laptop computers.

Key Features

Key Benefits
Modular Operating System:

Modular Operating System:

Application availability is enhanced with a modular operating system.


System uptime is increased by being able to restart and upgrade discrete
software modules providing non-stop operation.

Robust operating system.

Simplified Management:

Simplified Management:
Switch configuration and administration.

Save time with a configuration and command set that is consistent across
all products, training is kept to a minimum, reducing the time to take out
highly skilled IT staff.
Universal Port:

Universal Port:
Auto provisioning of converged networks
reducing deployment time.

Reduce cost of ownership and be green with intelligent power


management enabling specific ports to be powered up and powered down based
on time of day schedules.
Increase productivity and deploy a voice network quickly by
auto provisioning specific Quality of Service and VLAN features for IP
Telephones.
Control OpEx by reducing power consumption operating costs and
providing a green solution is a key investment driver.
Scalable Architecture:

Scalable Architecture:
Simplify network design and deliver a
high performance, flexible network.

Control CapEx with SummitStack stacking technology provides for a


pay as you grow infrastructure expanding capacity as the business grows.
Business continuity can be achieved by using the stacking feature
allows for up to 8 units to be stacked providing a highly available network
for real time applications.
Future proof investment with support for 10G technology in a
stackable form factor delivering high speed application access from edge
to core.
CLI Scripting:

CLI Scripting:
Scripting tool for wide scale feature
deployment increasing efficiency.

Ethernet Automatic
Switching (EAPS):
Network
resiliency
survivability

Protection

protocol

Snapshot Guides

for

Increase efficiency with the CLI Scripting feature that allows the IT
administrator to deploy a common policy or configuration across multiple
switches automatically. This increases efficiency and reduces any possible
configuration errors.
Ethernet Automatic Protection Switching (EAPS):
Business continuity is achieved using EAPS - introducing sub 50
millisecond failover in the network. In the event of link or hardware failure,
real time traffic is rerouted without loss or integrity.

Summit Specifications & Capacities

X650

X450a

X450e

X250e

X350

X150

Max Auto-Negotiating
10/100BASE-TX Ports

24 (SFP
available) or 48

24 or 48

Max Auto-Negotiating
10/100/1000BASE-T Ports

24 or 48

24 or 48
(both with PoE)

24 or 48

Max 1 Gigabit
Ethernet Ports (SFP)

24 (default),
32 (with VIM110G8X)

Fixed/
1RU

Fixed/
1RU

Fixed/
1RU

Fixed/
1RU

Fixed/
1RU

Fixed/
1RU

Yes,
SummitStack

Yes,
SummitStack

Yes,
SummitStack

Yes,
SummitStack

No

No

488-680
Gbps

128-256
Gbps

128-256
Gbps

48.8-97.6
Gbps

88-176
Gbps

8.8-13.6
Gbps

Yes/
Hot Swappable

Yes/
External

Yes/
External

Yes/
External

Yes/
External

Yes/
External

Power over Ethernet


(802.3af)

No

No

Yes

Yes

No

Summit
X150-24p

Wire-Speed Layer 2/Layer


3 Switching

Yes

Yes

Yes

Yes

Yes

Yes

Routing - IPv4

BGP4, IS-IS,
OSPF, RIP v1/v2,
PIM, MSDP

BGP4, IS-IS,
OSPF, RIP v1/
v2, PIM, MSDP

OSPF, RIP v1/


v2, PIM

OSPF, RIP v1/


v2, PIM

No

No

Routing - IPv6

RIPng, OSPFv3,
IS-IS

RIPng, OSPFv3,
IS-IS

RIPng

RIPng

No

No

Max 10 Gigabit Ethernet


Ports
(XFP, XENPAK, SFP+)
Form Factor/
Footprint
Stacking Support
Total Switching Capacity
Redundant Power

Policy-Based
Routing/Switching

Yes

Yes

Yes

Yes

Policy-Based
Quality of Service (QoS)

Yes

Yes

Yes

Yes

Yes

Yes

Network Login

Yes

Yes

Yes

Yes

Yes

Yes

Access Control Lists

Yes

Yes

Yes

Yes

Yes

Yes

Universal Port

Yes

Yes

Yes

Yes

CLI Scripting

Yes

Yes

Yes

Yes

Yes

Yes

Widgets

Yes

Yes

Yes

Yes

Yes

Yes

vMANs (802.1ad)

Yes

Yes

Yes

Yes

Yes

Yes

CLEAR-Flow

Yes

Yes

No

No

No

No

sFlow

Yes

Yes

Yes

Yes

Yes

Yes

EAPS

Yes

Yes

Yes

Yes

Yes

Yes

Advanced Spanning Tree


(802.1w, 802.1s, PVST+)

Yes

Yes

Yes

Yes

Yes

Yes

Link Aggregation
Switch Management
Capabilities
License - Upgrades
License - Default

Yes/Policy-Based Yes/Policy-Based
Switching
Switching

Yes

Yes

Yes

Yes

Yes

Yes

SNMP, XML,
Web, CLI, 4
RMON groups

SNMP, XML,
Web, CLI, 4
RMON groups

SNMP, XML,
Web, CLI, 4
RMON groups

SNMP, XML,
Web, CLI, 4
RMON groups

SNMP, XML,
Web, CLI, 4
RMON groups

SNMP, XML,
Web, CLI, 4
RMON groups

Core

Core

Advanced Edge

Advanced Edge

Advanced Edge

Advanced
Edge

Edge

Edge

Layer 2-Edge

Layer 2-Edge

Snapshot Guides

Summit X150 and X250e Series Switches


Application Evolution

High Performance Network Edge

Application evolution happens at the edge of the


network. Edge switches are required to support
emerging technologies and applications on a daily
basis without increasing the management burden
to maintain the application performance.

The Extreme Networks EAPS protocol (Ethernet


Automatic Protection Switching) ensures that if link
failure occurs or cable links are broken, traffic re-routing
and convergence time of the network takes place in
under 50 milliseconds.

High Availability Infrastructure

Cost Effective Network Core


For smaller deployments, the Summit X150 makes for
a very cost effective infrastructure without complexity,
whilst retaining application enhancing features such
as QoS and network survivability through the Extreme
Networks EAPS (Ethernet Automatic Protection
Switching) protocol.

Summit X150 and X250e switches provide high availability


and performance with advanced traffic management
capabilities supporting real time application delivery. In
addition to this, both switches support the ExtremeXOS
modular operating system ensuring for maximum
network availability.

NETWORK
CORE

Summit X150

Snapshot Guides

Summit X150

VIM1-SummitStack

VIM1-SummitStack

PoE

Scalable Network Architecture

Summit X150-24p, X250-24p and X250-48p switches


support the Power over Ethernet (PoE) 802.3af standard
delivering up to 15.4 watts to every port. For larger
deployments, stacking of the X250e-24p and or X250e48p switches enables network expansion to be easily
achieved in a cost effective form factor.

Summit X250e offers dual stacking interfaces to provide


high-speed 40 Gbps stacking bandwidth switching over
36 million packets per second. SummitStack supports
up to eight units in a stack (mixture of the units can
be Summit X250e, Summit X450e, Summit X450a and
Summit X650 switches) Summit X250e provides chassislike management and availability with its SummitStack
stacking technology.

Cost Effective
Summit X150 and X250 series switches support a
very rich feature set ensuring that a converged and
application driven infrastructure can be deployed
at a cost that is not prohibitive or compromising of
features.

Snapshot Guides

Reduced Total Cost of Ownership

Return on Investment

With features such as Universal Port, configuration and


deployment time of a converged infrastructure can be
significantly reduced as well as simplified.

Through the use of intelligent power management, cost


savings can be easily achieved whilst at the same time
reducing your carbon footprint. This could equate to
a 75% reduction in your energy costs for the network
infrastructure a compelling RoI.

Moves, Adds and Changes. ExtremeXOS operating


system delivers a robust platform for real-time
application deployment. With the ability to stop and start
services without having to reboot the switch, network
application availability is increased resulting in a positive
user experience.

Snapshot Guides

Summit X450 Series Switches


Introducing the Summit X450 Series switches from Extreme Networks
Expansion and delivery of converged networks where time sensitive applications, such as voice and
video, are being deployed require a high performance, secure and robust platform to operate from. The
Extreme Networks Summit X450e and X450a switches provide exactly this whilst at the same time
reducing network operating expenses.

Scalable Architecture

Security - Automated Attack Mitigation

The Summit X450a and X450e series switches not only


support stacking within their own product range of up to
8 units but can also be combined with the Summit X250
and Summit X650 series switches to deliver network,
application and performance expansion.

When critical applications such as voice are being


supported by the network infrastructure, it is of
paramount importance that availability of them is
99.999%. Combining X450a switches with the Extreme
Networks Sentriant NG300 appliance enables added
network protection against security threats such as
Denial of Service (DoS) attacks.

The X450 series switches are available in 24 or 48


10/100/1000Gbps port models (copper) as well as a
24 port 1000Gbps fibre port model. Standards based
802.3af Power over Ethernet (PoE) is supported by the
X450e switches. Both the X450a and X450e models
have an option slot for a module that will add a further
2x 10Gbps ports. Combining these options with the
stacking capability ensures maximum flexibility of the
solution.

Single management point for up to eight units


High-speed 40 Gbps stacking
Rapid Failover for converged applications
Can mix Summit X250e, Summit X450 series
and Summit X650 series switches

VIM1-SummitStack

VIM1-SummitStack

SummitStack Stacking Architecture

Snapshot Guides

How does it work?


1. An infected source enters the network.
2. Summit X450a series static Access Control Lists (ACL)
and CLEAR-Flow* rules lter out Denial of Service
(DoS) attacks, determine trafc class as suspicious.
3. Selectively port-mirror trafc to Sentriant NG300 for
further analysis.
4. Sentriant NG300 continues to watch suspicious
trafc and uses its internal rules to escalate trafcclass from suspicious to high level alert.
5. Sentriant NG300 initiates a dynamic ACL on Summit
X450a series. Summit X450a series applies the
dynamic ACL in real-time and continues to port
mirror suspicious trafc. Sentriant NG300 also sends
the mitigation action to Extreme Networks EPICenter
network management software.
6. EPICenter works with core and edge switches to
enforce the security policy (mitigation action).
*CLEAR-Flow

is

supported

in

1
2

Summit X450a

non-SummitStack

configuration only.

High Performance Network Core


The X450a series switches produce a high performance
network core with support for 10Gbps connections
between X450a and X450e switches. The X450e switches
provide edge device connectivity to PCs and shared
resources such as printers and servers. Devices requiring
Power over Ethernet (PoE) such as IP Telephones and
Wireless LAN Access Points are also connected to the
X450e switches

Sentriant NG300

Increase Application Availability

Reduced Total Cost of Ownership

Both Summit X450e and X450a switches support the


Extreme Networks EAPS protocol (Ethernet Automatic
Protection Switching). This ensures that if link failure
occurs or cable links are broken, traffic re-routing and
convergence time of the network takes place in under
50 milliseconds. As a result of this, business continuity is
maintained without any disruption or adverse affect to
applications in use.

With features such as Universal Port, configuration and


deployment time of a converged infrastructure can be
significantly reduced. Auto provisioning of IP Telephones
also alleviates administrative errors as well as simplifying
Moves, Adds and Changes.

Resilient Architecture
The ExtremeXOS modular operating system delivers a
robust platform for real-time application deployment.
With the ability to stop and start services without having
to reboot the switch, network application availability is
increased resulting in a positive user experience.

Snapshot Guides

Network expansion can take place on a pay as you


grow basis and with a standards based architecture,
this removes any need for costly forklift upgrades when
additional demands are required of the network.

Summit X450e

Summit X450e

Summit X450a

Summit X450a

Summit X450a

Summit X450a

Return on Investment
With a consistent software release path across all switching product families (Summit and BlackDiamond), configuration
complexity is removed as well as reducing training demands on the IT support team. Because the ExtremeXOS
operating system is modular, should a task or command fail to execute, then the task can be stopped and restarted
without impacting the rest of the network. This maximises network uptime and significantly reduces time and costs
should this type of event occur. Through the use of intelligent power management, cost savings can be easily achieved
whilst at the same time reducing your carbon footprint. This could equate to a 75% reduction in your energy costs for
the network infrastructure a compelling return on investment (RoI).

Snapshot Guides

Summit X650 Series Switches


Server virtualisation and
10 Gigabit Ethernet Switching
The Summit X650 series switch is a purpose-built Top-ofRack switch designed for emerging 10 Gigabit Ethernetenabled servers deployed in enterprise data centres.

High Port density in a


Small Form Factor

High Availability
ExtremeXOS modular OS for highly available
network operation
Carrier-grade redundant networking protocol
including Ethernet Automatic Protection
Switching (EAPS) for sub 50 millisecond failover
Internal redundant AC/DC power supply and
field replaceable fan tray

Seamless Migration Path

The Summit X650 switch provides remarkable high


density for 10 Gigabit Ethernet in a very small 1RU form
factor for up to 32 ports in one system and 192 ports in
a stacked system. The Summit X650 can also be stacked
with Summit X250e, Summit X450e and Summit X450a
series switches, delivering maximum network scalability.

Summit X650 helps optimise new server deployments


while providing a seamless migration path from existing
Gigabit Ethernet-based servers to 10 Gigabit Ethernetbased high-performance servers, to start the transition to
the new virtualised environment.

Flexible Connectivity

Low Cost and Energy Efficient

Summit X650 offers two of the most advanced 10


Gigabit Ethernet technologies: 10GBASE-T and SFP+ to
accommodate the needs for both copper twisted pair
cable and optical fibre-based 10 Gigabit Ethernet.

Not only is the X650 a very competitively priced switch


but is also energy efficient reducing your OpEx costs.
With Extreme Networks latest Widget technology,
scripts can be implemented on the X650 allowing for
intelligent power management. Ports can be powered
up or down on an individual or group basis suiting the
operational hours of your organisation.

Snapshot Guides

Summit X450a

Summit X450a

Summit X650

Summit X650

Summit X650

Summit X650

Return on Investment

Future Proof

Through the use of intelligent power management, cost


savings can be easily achieved whilst at the same time
reducing your carbon footprint. This could equate to
a 75% reduction in your energy costs for the network
infrastructure a compelling RoI.

Summit X650 helps address networking growth,


including future high-speed 40 Gigabit Ethernet and 100
Gigabit Ethernet with its remarkable Versatile Interface
Module architecture built into the switch.

High Performance Switching and


Routing Network Core
24-port 10 Gigabit Ethernet ports, non blocking
switching with 363 million packets per second
wire speed forwarding in a 1RU form factor and
up to 506 million packets per second aggregated
throughput (with VIM1-10G8X)
256 Gbps stacking bandwidth for up to 8 units in
a stack to provide up to 192 10 Gigabit Ethernet
ports with one logically integrated unit
512 Gbps ultra high speed stacking bandwidth
to provide for a high performance 48 port 10
Gigabit Ethernet stack

Snapshot Guides

Vertical Solutions

Healthcare Solution Overview


Extreme Networks

Healthcare Solution Overview

Healthcare organisations today face tough business transformation


and regulatory
challenges.
Key Benefits
to
Healthcare
Solution
Overview
Technology
helps enhance
patient safety,
improve operational efficiency
and meet
stringent government
Extreme
Networks
Solutions
for Healthcare
regulatory
standards. Healthcare IT professionals need lasting, feature-rich,
and affordable
infrastructure
Healthcare organizations today face tough business transformation and
solutions
to support growing application complexity, cope with tight resources and satisfy a large and
regulatory challenges. Technology helps enhance patient safety, improve
Ensure patient safety by providing
diverseoperational efficiency and meet stringent government regulatory standards.
user community.Solutions from Extreme Networks help healthcare
organisations meet their
doctors, clinicians, and nurses
Healthcare IT professionals need lasting, feature-rich, and affordable
toughest
challenges.
continuous access to clinical data
infrastructure solutions to support growing application complexity, cope
with tight resources and satisfy a large and diverse user community.

Healthcare
Infrastructure Requirements
Solutions from Extreme Networks help healthcare organizations meet
their toughest challenges.

Assure Patient Safety

and applications through a compre-

reduce energyhensive approach to high availability


consumption
Meet regulatory
compliance and HIPAA
Support mission-critical applications
requirements with powerful Quality of Service
with products and services that
provide confidentiality
of sensitive information
(QoS) capabilities and hosted

analytics services that optimize


Healthcare
Infrastructure
Requirements
By choosing
Extreme Networks,
healthcare organisations
network performance
Healthcare Infrastructure
Requirements
increase clinical productivity through continuous access
Promote greater productivity and
to real-time
such as Electronic Medical
Assureapplications
Patient Safety
collaboration among caregivers with
Records (EMR), Computerised Patient Order Entry
Support Mission-Critical
Applications
secure mobility solutions that
By choosing Extreme Networks, healthcare organizations increase clinical
(CPOE), and Picture Archiving and Communications
provide remote access to core
productivity through continuous access to real-time applications such as
Reliable support for mission-critical
applications is crucial
SystemsElectronic Medical Records (EMR), Computerized Patient Order Entry
(PACS). Our innovative approach to high
systems and applications from any
in maintaining the quality
of various departments within
availability
starts with the ExtremeXOSoperating system.
location
(CPOE), and Picture Archiving and Communications Systems (PACS). Our
thehealthcare organisation. Emergency services, surgical
ExtremeXOS
is an advanced, extensible modular software
innovative approach to high availability starts with the ExtremeXOS

Lower costs and increase operational
centers, intensive-careefficiencies with pre-tested VoIP
units, and other specialised units
platform
that protects against network and equipment
operating system. ExtremeXOS is an advanced, extensible modular software
need continuous access
to life-saving applications.
failures,platform that protects against network and equipment failures, reduces
reduces downtime caused by security breaches,
solutions and automation technologies
Extreme Networks solutions
support outstanding QoS
and delivers
unprecedented insight into infrastructure
that simplify network changes and
downtime caused by security breaches, and delivers unprecedented insight
which can be quickly reduce energy consumption
implemented with a simple, easyperformance
and operations. With Ethernet Automatic
into infrastructure performance and operations. With Ethernet Automatic
to-use management interface.
Our solutions combine
Protection
Switching (EAPS) protocol, critical applications
Protection Switching (EAPS) protocol, critical applications including
Meet regulatory compliance and
exceptional core switching
capacity with on-switch
including
Voice-over-IP (VoIP) and video delivery systems
HIPAA requirements with products
Voice-over-IP (VoIP) and video delivery systems continue to function even
protection against Denial
of Service (DoS) attacks to
and services that provide confidentiality
through a variety of equipment or network-related failures. By providing
continue
to function even through a variety of equipment
of sensitive information
support continuous operations.
With Extreme Networks
uninterrupted access to core systems and applications, caregivers improve
or network-related
failures. By providing uninterrupted
hosted
predictive analytics services, Premier Services

access communication and minimize clinical errors to deliver high-quality
to core systems and applications, caregivers
Program (PSP), healthcare organisations can monitor and
improvepatient care.
communication and minimise clinical errors to
fully optimise the powerful performance capabilities of
deliver high-quality patient care.
the network.

Key Benefits to Extreme


Networks Solutions for Healthcare
Ensure patient safety by providing doctors,
clinicians, and nurses continuous access to clinical
data and applications through a comprehensive
approach to high availability
Support mission-critical applications with
powerful Quality of Service (QoS) capabilities
and hosted analytics services that optimise
network performance
Promote greater productivity and collaboration
among caregivers with secure mobility solutions
that provide remote access to core systems and
applications from any location
Lower costs and increase operational efficiencies
with pre-tested VoIP solutions and automation
technologies that simplify network changes and

Vertical Solutions

Provide Remote and Mobile Access


With mobility solutions from Extreme Networks, clinical
caregivers and providers can enhance patient safety and
organisational efficiency with application access from any
location. Our solutions support demanding applications
such as voice services and secure guest access - all
across a common wireless infrastructure that integrates
with the wired network. Extreme Networks makes the
deployment of the new 802.11n wireless standard easy
with solutions that deliver full performance without the
need for changes to the existing infrastructure. Our
solutions offer very flexible traffic control for enhanced
security and throughput management - even in small
satellite clinic applications where an on-site controller
might not be economical.

Lower Costs and Increase Operational


Efficiencies
Extreme Networks solutions greatly simplify your
operations with advanced capabilities and powerful tools
that help you lower costs, save time, and make the most
of your resources. Universal Port significantly lowers the
cost of adds, moves, and changes to the dynamic and
ever-changing healthcare network. Readily available
deployment, operational, and security widgets automate
routine IT tasks and help enforce unified policies. Our
switches have been certified for interoperability with
solutions from leading VoIP solution vendors including
Avaya, ShoreTel, and Mitel. These certifications provide
you with more choices while making the deployment
of VoIP applications quick and easy. Consistency in
management and operating system with ExtremeXOS
throughout the entire network simplify operations and
greatly improve IT efficiencies.
Enable Regulatory Compliance
Versatile and robust network security is an essential
ingredient for healthcare organisations striving to keep
patient records private and secure. Extreme Networks
delivers a strong compliance foundation with user
authentication, device validation, and traffic integrity. You
can enjoy the basic protection services that are integrated
on every switching solution - even on solutions that are
priced for the value-conscious customer, with options to
deliver more sophisticated security capabilities as your
needs evolve. Extreme Networks professional services
organisation can provide you with expert services when
you need them including network assessment, design,
and consultation services. Extreme Networks offers
Security Assessment Services (SAS) designed specifically
for HIPAA and other regulatory security compliance.

Healthcare Network Topologies


Small Community Hospitals
Core Layer
As the backbone to the healthcare network, the
core layer plays a fundamental role in the overall
performance, reliability, and security of the network. The
BlackDiamond 8810 chassis switch and Summit WM2000
wireless controller from Extreme Networks provide a
versatile single network core solution that support both
wireless and wired connectivity .
Various modes of traffic control on the Summit WM2000
including Layer 2 Branch Office, Layer 2 Bridged, and
Layer 3 Tunneling modes offer wireless deployment
flexibility while enhancing security and can be chosen
based on layout of the campus, traffic type, or user
access domain.
Extreme Networks outstanding implementation of high
availability is built upon a triage of important principles
including operating system reliability, hardware

redundancies, and feature and protocol support to


provide caregivers assured access to applications and
patient data at any time.
ExtremeXOS modular operating system provides hitless
upgrades, hitless failover and process protection.
Hardware redundancies for Management Switch
Modules, fans, fan trays, and power supplies provide
protection against equipment failures. Layer 2 and
Layer 3 protocols including OSPF using Equal Cost
Multipath routing, Virtual Router Redundancy Protocol
(VRRP), and EAPS (RFC 3619, Ethernet Automatic
Protection Switching) provide transparent resiliency
and high availability to real-time medical applications.
EAPS provides the ability to design a Layer 2 access or
distribution network that provides convergence-grade
failover in supporting mission-critical applications such as
VoIP services or video distribution. As a Layer 2 protocol,
EAPS simplifies the design process by eliminating the
need to modify the existing IP addressing structure
during network expansion.
Through Extreme Networks hosted network monitoring
services delivered through our PSP, healthcare
organisations can further optimise clinical applications
performance and utilisation of the network.
Data Center
As the central location that houses all servers, database,
and clinical applications, switch performance and
throughput are key elements to the data center.
BlackDiamond 8810 provides low-latency, wire-rate
performance on all ports regardless of application or traffic
type. Hardware-based sFlow instrumentation technology
allows scalable monitoring of traffic and provides the
ability to control and manage network usage and even
trace sources of DoS attacks that deny clinicians access
to important applications. With network resources
and feature sets including wire-speed ACLs, hardwarebased implementation of QoS that bears no impact
on switch performance, and more traffic queues than
those provided by solutions from other leading vendors,
BlackDiamond 8810 provides outstanding support for
clinical and administrative applications including EMR,
PACS, and patient management systems.
Access Layer
As the first line of defense, the access layer is responsible
for ensuring that only authorised personnel and policycompliant devices gain access to the network. Stackable
10/100 Summit X250e switches deployed at the edge
lowers your acquisition costs while providing the
essential capabilities to protect the network to aid in
organisational policy and HIPAA and other regulatory
compliance requirements.
Outstanding automation features such as Universal Port
dynamically provision end-user devices and free security
widgets quickly identify abnormalities in the network.
Sentriant AG200 provides robust Network Access
Control (NAC), a primary function of the access layer
by using 802.1x and/or MAC-based authentication for

Vertical Solutions

pre-admission checks to ensure user and device integrity.


Sentriant NG300 provides agentless post-admission
checks using behavioral-based methods for protection
against malware and Day-Zero attacks. Agentless testing
and behavioral-based anomaly detection significantly
reduce the burden of healthcare IT administrators by
eliminating the need to install and manage agents at
the endpoints as well as need for signature updates on
numerous, newly identified threats.
Extreme Networks Power Conservation Module allow
you to significantly reduce energy costs by automatically
turning off power on edge ports connected to devices
such as IP phones or wireless handsets when they are
not in use.
Our wireless solution provides excellent support for
clinical mobility carts that enable caregivers to effectively
diagnose, prescribe and dispense medication, or
document patient information from anywhere on the
healthcare campus even at the bedside.
Extreme Networks new 802.11n wireless standard with
access points that deliver full performance with standard
Power over Ethernet (PoE) simplifies deployment.
Competitive solutions make installation difficult by
requiring either AC power or non-standard PoE for full
802.11n performance.
Extreme
Networks
offers
alternative
solution
configurations such as stackable core and chassis-based
access switches for small community healthcare networks
which can be chosen based on specific technical and/or
business requirements of the organisation.

Medium and Large Integrated


Delivery Networks (IDN)
Core Layer
BlackDiamond 8800 and Summit WM2000 switches form
a strong core layer foundation that provides wired and
wireless connectivity for the large healthcare community,
delivering unsurpassed performance, security, and
reliability on a large scale (see Figures 2 and 3). The
proven, non-blocking line rate performance offered by
BlackDiamond 8800 and the high-density multi-gigabit
ports with 10 Gigabit interface options makes it ideal in
supporting large networks running the most advanced
clinical applications.
Resiliency is implemented at three distinct levels including
the network, hardware and software. The EAPS protocol
provides the industrys fastest link failover protocol.
Hardware level redundancies on management modules,
power supplies, fans, and fan trays provide protection
against equipment failures. At the software level,
ExtremeXOS, a modular operating system eliminates
downtime associated with patches and upgrades.
Advanced chassis design of BlackDiamond 8800 including
redundant controller boards for power distribution, fan
control, and environmental monitoring also help detect
anomalies before they affect network availability.
Branch Office Mode in Summit WM supports users
at remote offices without requiring on-site wireless
controllers, reducing both equipment and operational
costs.
Data Center
High-density 10 gigabit interfaces, low-latency, and
reduced power and cooling costs make BlackDiamond
8800 ideal for data centers supporting large file server
and storage networks. The proven performance of
BlackDiamond 8800 under duress, wire-speed ACLs and
powerful toolsets for QoS implementation help provide
deterministic clinical application performance even under
high network traffic loads.
Distribution Layer
The distribution layer when implemented can provide
added security and allows you to build extra redundancy,
which is critical considering the number of missioncritical applications that may be running. By utilising the
Clear-Flow security rules engine with Sentriant NG300,
BlackDiamond 8800 at the distribution layer can prevent
serious network threats from ever reaching the core
layer that serves as the main backbone to the healthcare
network. With high-density 10 gigabit connections, the
BlackDiamond 8800 switch is also an ideal choice in
supporting bandwidth-intensive clinical applications.
Extreme Networks provides design flexibility for growing
mid-sized healthcare organisations by supporting both
Layer 2 EAPS and Layer 3 OSPF protocols which can
be chosen based on existing infrastructure or desired

Vertical Solutions

Vertical Solutions

campus layout. EAPS provides the ability to support realtime voice and video applications at Layer 2 and allows
expansion or additions to the infrastructure without a
redesign of the IP address structure required by Layer 3
access layer implementations.
Access Layer
The complexity and dynamics that result from a large
number of users and devices that constantly access the
network introduce numerous types of vulnerabilities that
can either compromise sensitive patient data or quickly
cripple healthcare operations. Summit X450e is an ideal
access switch for large IDNs where the need for widescale protection and control of the network, advanced
traffic management, and reduced operational complexity
and costs are crucial.
A variety of free, pre-built security widgets detect
network scans, spot protocol anomalies, and automate
dynamic configurations, making large-scale security
implementation much quicker and easier. For enforcement
of consistent, unified policies, Sentriant AG200 integrates
with major directory services and Universal Port uses
advanced multi-supplicant 802.1x authentication with
LLDP to dynamically configure and provision end-user
devices. To lower your energy consumption and costs,
Extreme Networks Power Conservation Module turns the
power off on handsets when they are not in use.
In support of advanced applications, Summit X450e
provides traffic classification using eight queues per
port, wire-speed ACLs and a true non-blocking core for
deterministic clinical performance. Stackable Summit

Vertical Solutions

X450e can support one gigabit to the desktop when


needed and provides cost benefits without compromising
the performance or management simplicity that are
characteristic of chassis-based systems.
Flexible modes for WLAN traffic control allow packets
to be tunnelled or bridged based on factors such as
healthcare campus layout, wireless population, or security
requirements. User access domains provide optimisation
of network bandwidth usage and virtualisation of
multiple wireless environments per physical access point
to enhance security making it ideal for large IDNs and
remote offices.
Extreme
Networks
offers
alternative
solution
configurations including stackable core and distribution
or chassis-based access switches for medium and large
healthcare networks which can be chosen based on
specific technical and/or business requirements of the
organisation.

WAN CONNECTIVITY
WAN Routers, WAN Accelerators
Firewalls, VPN Concentrators, etc.

Summit X350-48t

DATA
CENTER

Summit X350-48t

Application Servers:

Server Load Balancers


Electronic Medical Records
Lab and Pathology Mgmt.
PACS: Radiology/Cardiology
Picture Archiving
Patient Care Mgmt.

Data Center-1
BlackDiamond 8810

CORE

Data Center-2
BlackDiamond 8810

Sentriant AG200
EPICenter
IP-PBX

Network
Performance
Monitoring

Core-2
BlackDiamond 8810

Core-1
BlackDiamond 8810

Summit WM2000
WARNINIG!

WARNINIG!

Sentriant NG300
Layer 3 Boundary

Layer 3 Boundary

Layer 3 VRRP

ACCESS

ACCESS

IDF Based VLANS


L2: EAPS
L3: OSPF

Dept./Location
Based VLANs
L2: EAPS
L3: OSPF

Wireless
Security
Camera

Summit X250e-48p
(Stacked)

Summit X250e-48p
(Stacked)
VoWiFi
Phone

PoE

Altitude AP
802.11
a/b/g/n

10G

Patient
Registration
(ADT)
Summit X250e-48p
(Stacked)

PoE

PoE

IP
Phone

Wired
Security
Camera
`

Pager/Voice Badge
1G/10G

1G

Clinical Mobility
Cart
(MAC based)
Summit X250e-48p
(Stacked)
RFID
TAGGED

PoE

Altitude AP
802.11
a/b/g/n

Patient Care
Mgmt. Tools
(Cart on Wheels)

10/100/1000BASE-TX

Vertical Solutions

Vertical Solutions

Explanations of Technologies and


Protocols
Ethernet Automatic
Protection Switching (EAPS)
Ethernet Automatic Protection Switching (EAPS, RFC
3619) is a protocol invented by Extreme Networks,
designed to prevent loops in a ring topology running
Layer 2 traffic. The protocol provides the ability to design
a Layer 2 access or distribution network that provides
convergence-grade failover in the event of a cable cut
or a hardware failure without impacting mission-critical
VoIP or streaming video applications. Performance is
independent of the number of switches in the ring.
CLEAR-Flow Security Rules Engine
CLEAR-Flow is a flexible and powerful ExtremeXOS
feature that monitors 100% of all network traffic on
a switch and takes pre-defined actions when certain
traffic thresholds are met. CLEAR-Flow brings together
network monitoring, analysis and response in a single,
wire-speed process inside the Ethernet switching fabric.
When CLEAR-Flow detects an abnormal traffic pattern
it can dynamically change access rights granted to a
suspicious port, change QoS settings, mirror syslog
traffic, or present the traffic to an offline IDS/IPS resource
for further analysis. Because the CLEAR-Flow engine is
embedded in the switch hardware, traffic is examined
and controlled at wire-speed, greatly shortening the
time it takes to respond to attacks or policy violations
compared to off-switch analysis tools.
sFlow
sFlow is a packet sampling technology that provides a
network-wide view of usage and active routes enabling
IT managers to effectively control the network including
traffic congestion or to identify unauthorised network
activity. Unlike many vendors that implement sFlow
in software which requires CPU bandwidth, Extreme
Networks sFlow technology is implemented using
dedicated hardware for optimal network performance.

and force system-wide upgrade cycles. ExtremeXOS is


a POSIX-compliant operating system, making on-switch
application integration straightforward and fast. Wirerate instrumentation provides deep insight into critical
network activities to build sophisticated security and
voice applications.
802.11n
The Link Layer Discovery Protocol (LLDP), otherwise
known as 802.1AB, allows Ethernet devices to provide
a rich set of information to the network infrastructure,
giving the network more insight into the needs and
capabilities of each connected device. As a result,
provisioning and management tasks can be greatly
simplified and streamlined. Used in conjunction with
Extreme Networks Universal Port, LLDP is a powerful tool
for growing organisations facing growth and change
with limited staff.
Universal Port
Extreme Networks exclusive Universal Port brings
an innovative feature embedded into ExtremeXOS
advanced switches that reacts to network events with
intelligent, automated responses. In access layer switches
it reacts to 802.1ab (LLDP) and 802.1x authentication
events to self-provision the network and apply certain
policies as dictated by the administrator. By automatically
configuring, protecting and managing the deployment
of endpoints, Universal Port greatly simplifies security
policy enforcements for roaming users and devices.

Healthcare Services and Support


Extreme Networks comprehensive service and support
solutions help you optimise your healthcare network
and protect your investment. We empower you with
the tools that help you move from reactive to proactive
management of your network. As strategic information
technology advisors, we recommend and deliver
technical solutions and services, not based on what we
manufacture, but designed around what your business
requires. Our open platform allows for integration of
best-in-class technology.

ExtremeXOS
ExtremeXOS is an open network operating system that
delivers meaningful insight and unprecedented control
for mission-critical applications. With exceptional support
for VoIP, integrated security, and high availability,
ExtremeXOS stands out as a real alternative to closed,
proprietary products that limit choice and compromise
performance as well as be cost prohibitive.
Four powerful capabilities combine to make ExtremeXOS
the best operating system for solving your toughest
networking challenges. Modularity enhances availability
by isolating software processes to limit the impact of
changes, attacks, or instabilities. Our open interfaces allow
applications to effectively control the network without
unnecessarily tight integration that can limit flexibility

Vertical Solutions

Maintenance and Support


Maintenance and support aids in the successful operation
of your network by providing you with assistance to
maintain high availability and reduce risks. ExtremeWorks
helps you to operate and manage your network on a
day-to-day basis, 24x7x365, and provides you with the
security of knowing that you have access to expertise
and support when the unexpected occurs.

Education and Training


Networks are constantly changing to meet evolving
business needs. Skilled IT professionals can lead you
through the challenges of meeting todays and tomorrows
network demands. Extreme Networks provides you with
the education and training to help develop your in-house
technical expertise, to help you increase productivity and
to maximise your network investment.

Advanced and Professional Services


Premier Services Program
Extreme Networks is making the network visible with
the PSP. PSP goes beyond traditional transactional
management (reactionary, break-fix maintenance) and
delivers a suite of measurement tools that provide you
with information to allow you to proactively manage
your network and gain visibility across your entire multivendor network of devices, applications, and network
performance.
Security Assessment Services
Extreme Networks security experts offer assessment
services for healthcare organisations that are seeking
an overview of their posture and potential weaknesses
in complying with HIPAA and all other regulatory
standards.
Wireless Services
Our wireless networking professionals provide the
expertise to design, deploy, optimise, and secure your
Wireless Local Area Network (WLAN). Our team can help
you with the challenges of radio frequency planning
and design, access point configuration and installation,
and security of the wireless network for your particular
environment and business needs.

Vertical Solutions

Higher Education Solution Overview


Extreme Networks Higher Education Solution Overview

Todays innovative technologies play a fundamental role in helping colleges and universities create an
Higher
Education
Solution
Overview
enriching,
student-centric
learning
environment
that can attract and retain Key
the Benefits
brightestof of students
Extreme
Networkslearning,
and the best qualified faculty. Content-rich, on-line resources and collaborative
tools enhance
Todays innovative technologies play a fundamental role in helping colleges and
Solutions
improveuniversities create an enriching, student-centric learning environment that can attract
communications, and help maximise positive student outcomes. For
campusforadministrators,
Higher Education
efficientand retain the brightest of students and the best qualified faculty. Content-rich, on-line
implementation and reliability of business critical applications and emergency response systems
Prepare for growth and
is crucialresources and collaborative tools enhance learning, improve communications, and help
and
remains
a
top
priority.
Growing
bandwidth
requirements,
the
need
for flexible access to
maximize positive student outcomes. For campus administrators, efficient implementachange with flexible
the network
by diverse user groups, and increasing performance and security concerns
place very high
tion and reliability of business-critical applications and emergency response systems is
design options that
crucial and remains a top priority. Growing bandwidth requirements, the need for
ease new application
demands
on the campus network.
flexible access to the network by diverse user groups, and increasing performance and

integration and provide

security concerns place very high demands on the campus network.


Challenged
with limited capital and personnel resources, higher education IT managers are network expansion
more pressured than ever
before inChallenged with limited capital and personnel resources, higher education IT managers
maximising the value of their network investments. Extreme Networks solutions without complexity
can help you meet these
specific challenges.
are more pressured than ever before in maximizing the value of their network invest Help secure regulatory
ments. Extreme Networks solutions can help you meet these specific challenges.

compliance with prod-

ucts and services that


Higher Education
Key Benefits of Extreme
Networks
provide confidentiality of
Higher Education Infrastructure Requirements
sensitive information
Infrastructure
Requirements
Solutions
for
Higher
Education
Lasting Solutions that Meet Changing Demands

Provide robust support


and Expectations
Prepare for growth and change
with flexible design
for a wide variety of
LastingExtreme Networks provides a flexible campus infrastructure solution that will grow to
Solutions that Meet Changing
options that ease new application
integration and
educational and
support your changing needs without added complexity. We offer the ability to use the
Demands
and Expectations
provide network expansion business-critical
without complexity
standard three-tier design consisting of the core, distribution, and access layers or a
Help secure regulatory compliance
with products
applications with powerExtreme simplified two-tier design without the distribution layer. Two-tier designs can result in
Networks provides a flexible campus
ful Quality of Service
and services that provide confidentiality
of sensitive
operational simplicity and cost savings.
infrastructure
solution that will grow to support your
(QoS) and automated
information
changing needs without added complexity. We offer the
provisioning tools
Provide robust support for
a wide variety of
Our solutions provide an open, extensible architecture to easily and closely integrate
ability to new applications and business processes into the network, helping you maximize
use the standard three-tier design consisting of
Maximize valuable IT
educational and business-critical
applications with
the core,productivity and increase operational efficiencies. Powerful embedded network
distribution, and access layers or a simplified
personnel and capital
powerful Quality of Service
(QoS) and automated
two-tier intelligence supports network growth and change, allowing you to maximize the value
design without the distribution layer. Two-tier
resources with more
provisioning tools
and lifecycle of your network infrastructure.
designs can
result in operational simplicity and cost
affordable and extensible
Maximise valuable IT personnel
and capital resources
solutions that are simple
savings.
with
more
affordable
and
extensible
solutions that are
Security and Regulatory Compliance
to operate and manage
simple to operate and manage
Our solutions
provide an open, extensible architecture to
Extreme Networks solutions utilize the most robust mechanisms to address the growing
Enhance learning and
Enhance learning and improve communications with
easily andsecurity concerns surrounding campus network infrastructures. Our solutions provide
closely integrate new applications and business
improve communications
flexible and reliable access with flexible and reliable
to on-line resources and
processesintuitive, yet powerful security features embedded within the switch infrastructure to
into the network, helping you maximise
provision network users and mitigate even the most crippling network threats without
tools
from
any
location
access to on-line
productivity and increase operational efficiencies.
resources and tools from
Powerfulimpacting network performance. When needed, our professional team can provide a
embedded network intelligence support
Robust Support for Educational
and Business
any location
network security assessment to help you protect sensitive information and ensure regulatory
growth and change, allowing you to maximise
compliance.
Applications
the value and lifecycle of your network infrastructure.

Security and Regulatory Compliance


Extreme Networks solutions utilise the most robust mechanisms
2010 Extreme Networks, Inc. All rights reserved.
to address the growing security concerns surrounding campus
network infrastructures. Our solutions provide powerful,
behavioral-based intrusion detection and mitigation of even the
most crippling threats without impacting network performance.
When needed, our professional team can provide a security
assessment to help you protect sensitive information and ensure
regulatory compliance.

Extreme Networks high-performance switching solutions


with advanced traffic management and patented QoS
technology provide strong support for the most dataintensive applications and collaborative tools for both
educational and administrative services. Our solutions
have been tested by the independent research company,
the Tolly Group, and have been proven to provide
extraordinary performance under duress, outperforming
the capabilities of major competing solutions. Our open
and extensible architecture simplifies deployment and
operations with automated provisioning of voice and
video applications.

Vertical Solutions

Maximising Valuable IT Personnel


and Capital Resources
Extreme Networks allow you to make the most of your
limited resources with feature-rich solutions that are
more affordable and much easier to install and maintain.
Many vendors reserve the most advanced features for
their most advanced products. With Extreme Networks,
you can choose from a wide variety of solutions that not
only help control your costs, but also meet your important
technical requirements. Powerful network automation
capabilities simplify the deployment, operation, and
management of your network and are ideal when time
and personnel resources are scarce. Our solutions have
been proven to consume less power than solutions from
other leading vendors, allowing you to significantly
reduce your ongoing operational costs.
Flexible and Reliable Access to
On-line Resources and Tools
As students, faculty, and campus staff continue to rely
heavily on on-line resources and tools for education,
academic research, and campus operations, providing
continuous access to the network is an important
priority. With Extreme Networks, industry-leading
network resiliency features are implemented across the
board on every switch, providing robust end-to-end
solutions. With flexible network access, our easy-todeploy, high-performance wireless solutions are tightly
integrated with the wired network. The entire wired and
wireless network requires a single operating system and
one management platform for easy operations.

Higher Education Network Topology


Centralised Data Center
As the central location that houses servers, databases,
and numerous applications, high-performance switching
performance and low-latency throughput are key
elements to the data center. The BlackDiamond 8810
chassis switch provides wire-rate performance on all
ports and is an ideal core switch. The Summit X650 series
switch offers high bandwidth capacity providing up to 24
10 Gigabit ports in a compact 1RU form factor and may
be chosen as an edge switch. The Summit X650 switch
allows stacking and expansion of edge ports without
increasing the number of devices to manage using
SummitStack technology. With SummitStack, Summit
X650 can be stacked up to 8 units, providing up to
192 ports of 10 Gigabit Ethernet in 8 rack units height.
Summit X650 also supports an optional module running
at 512Gbps, which allows the clustering of two Summit
X650 switches together for a non-blocking 48-port 10
Gigabit Ethernet solution.
With superior instrumentation technologies and advanced
traffic management capabilities, Extreme Networks
solutions provide outstanding support for data-intensive
academic applications such as high-performance
computing, Computer-Aided Design (CAD), and online curriculums that require converged multimedia.

Vertical Solutions

Hardware-based sFlow and CLEAR-Flow provide scalable


monitoring of traffic and give you the ability to control,
manage network usage, and help protect the network
from crippling threats. Our solutions offer wire-speed
Access Control Lists (ACLs) and up to twice as many
traffic queues than solutions from other leading vendors,
providing you the ability to support more applications
and services. QoS is also implemented in hardware and
bears no impact on switch performance.
Advanced security can be implemented using Extreme
Networks Sentriant NG300 which provides agentless
post-admission checks using behavioral-based methods
for protection against malware and Day-Zero attacks.
Sentriant NG300 complements perimeter and/or
endpoint security solutions such as the Sentriant AG and
focuses on threats at the network interior. Unlike in-line
Intrusion Detection System (IDS) solutions from other
leading vendors that can become network chokepoints
or bottlenecks, the Sentriant NG300 provides networkwide coverage without risking network availability.
Deployment of the new 802.11n standard is also easy
with solutions that deliver full-performance without the
need for changes to the existing Power over Ethernet
(PoE) infrastructure. Solutions from other vendors require
either AC power or non-standard PoE.
Our wireless solution integrates tightly with the wired
network under one management platform, EPICenter
management suite for operational simplicity, and
provides single management and view of network assets
and topology.
Campus Operations
As the backbone to the campus network, the core layer
plays a fundamental role in the overall performance of
the network. The chassis-based BlackDiamond 8810 or
stacked Summit X650 switches are ideal core switches.
Summit X450e which supportsGigabit connections to
the desktop and Summit X250e switches that support
Fast Ethernet access are ideal choices at thenetwork
edge and can be selected based on specific bandwidth
needs or edge connectivity requirements.
A distribution layer may also be implemented depending
on the size and layout of the campus. With high-density
10 gigabit connections, BlackDiamond 8800 or the
Summit X650 switch are ideal choices for this layer.
Summit X650 provides up to 24 10 Gigabit ports in a
compact 1RU form factor with a high speed virtual
backplane for expansion. The distribution layer may
provide added security and allows you to build extra
redundancy, which is important considering the number
of critical applications that may be running. By utilising
the CLEAR-Flow security rules engine in combination
with Sentriant NG300, serious network threats can be
prevented from reaching deeper into the network.
SummitStack stacking technology on Summit X650,
Summit X450e and Summit X250e switches allow
stacking and expansion of edge ports without increasing
the number of devices to manage. Stacking provides
cost benefits without compromising the performance or

management simplicity that is more typical of chassisbased systems.


By utilising CLI scripting capabilities, Extreme Networks
provides free widgets that simplify the management of
network devices, which are particularly helpful when
dealing with complex, growing networks. CLI scripting
combined with Extreme Networks Universal Port is a
powerful tool that enables IT managers to automatically
configure switches based on trigger events such as device
discovery, user authentication, or time of day. Universal
Port is implemented on every edge switch. Extreme
Networks Power Conservation Module is an example of
a widget that utilises CLI scripting and Universal Port to
help you save energy and significantly reduce energyrelated operating costs by turning off edge ports that
are not in use.
Using ExtremeXOS InSite, a Software Development Kit
(SDK), colleges and universities can optimise network
usage and improve operational efficiencies with
custom applications that integrate with the business
infrastructure. Integration of role-based network access
or bandwidth on demand and service provisioning from
within the schools ERP system can help optimise network
usage. This can be accomplished for example, by limiting
students use of the wireless network for gaming
applications during specific hours.
With Extreme Networks solutions, network resiliency
is addressed at the hardware, software, and network
levels through operating system reliability, hardware
redundancies, and various features and protocol
support. ExtremeXOS modular operating system
provides hitless upgrades, hitless failover and process
protection. Hardware redundancies for Management
Switch Modules, fans, fan trays, and power supplies
provide protection against equipment failures. Layer 2
and Layer 3 protocols including OSPF using Equal Cost
Multipath routing, Virtual Router Redundancy Protocol
(VRRP), and EAPS (RFC 3619, Ethernet Automatic
Protection Switching) provide transparent resiliency and
high availability.
EAPS also provides the ability to design a Layer 2 access
or distribution network that provides convergence-grade
failover in supporting multi-media applications which
include Voice-over-IP (VoIP) and video distribution. As a
Layer 2 protocol, EAPS simplifies the design process by
eliminating the need to modify the existing IP addressing
structure during network expansion. Vendors that utilise
the spanning tree protocol recommend the use of
Layer 3 at the access layer since Layer 2 loop protection
using spanning tree cannot adequately support todays
real-time applications.
To help ensure secure regulatory compliance, our
solutions provide powerful network protection
mechanisms to protect the network from unauthorised
use and malware. Sentriant AG provides robust Network
Access Control (NAC), using 802.1x and/or MAC-based
authentication for pre-admission checks to ensure user
integrity and quarantines any endpoint device that does
not meet the organisations preset security policies and
standards. Agentless testing also reduces the burden of

IT administrators by eliminating the need to install and


manage agents at the endpoints. When needed, Extreme
Networks provides experienced security professionals
who provide assessment, design, and consultation
services.
The Summit WM2000 wireless controller supports
wireless Access Points (APs) located throughout the main
and remote campuses to provide students, faculty, and
administrative staff flexible access to the network from
any location. Our solutions are easy to install and operate
and provide extraordinary performance over secured
wireless connections. A Summit WM2000 controller can
support up to 200 APs and is scalable both in terms of
capacity and performance. Summit WM Mobility Access
Domains simplify the process of supporting multiple
users, devices, and access types, while defining the level
of security or QoS required.
Various modes of traffic control on Summit WM2000
including Layer 2 Branch Office, Layer 2 Bridged, and
Layer 3 Tunneling modes offer wireless deployment
flexibility while enhancing security and can be chosen
based on layout of the campus, traffic type, or user
access domain. For educational institutions with remote
campuses, Branch Office mode on Summit WM2000
supports users at each remote location without requiring
on-site wireless controllers. This reduces both acquisition
and ongoing operational costs.

Explanations of Technologies
and Protocols
Ethernet Automatic Protection Switching
(EAPS)
Ethernet Automatic Protection Switching (EAPS, RFC
3619) is a protocol invented by Extreme Networks,
designed to prevent loops in a ring topology running
Layer 2 traffic. The protocol provides the ability to design
a network that provides convergence-grade failover in
the event of a cable cut or a hardware failure without
impacting mission-critical VoIP or streaming video
applications. Performance is independent of the number
of switches in the ring.
sFlow
sFlow is a packet sampling technology that provides a
network-wide view of usage and active routes enabling
IT managers to effectively control the network including
traffic congestion or to identify unauthorised network
activity. Unlike many vendors that implement sFlow
in software which requires CPU bandwidth, Extreme
Networks sFlow technology is implemented using
dedicated hardware for optimal network performance.
ExtremeXOS
ExtremeXOS modular operation system is an open
network operating system that delivers meaningful
insight and unprecedented control for mission-critical

Vertical Solutions

applications. With exceptional support for high availability, integrated security, and VoIP, ExtremeXOS stands out as
a real alternative to closed, proprietary products that limit choice and compromise performance as well as being cost
prohibitive.

Vertical Solutions

Four powerful capabilities combine to make ExtremeXOS


the best operating system for solving your toughest
networking challenges. Modularity enhances availability
by isolating software processes to limit the impact of
changes, attacks, or instabilities. Our open interfaces allow
applications to effectively control the network without
unnecessarily tight integration that can limit flexibility
and force system-wide upgrade cycles. ExtremeXOS is
a POSIX-compliant operating system, making on-switch
application integration straightforward and fast. Wirerate instrumentation provides deep insight into critical
network activities to build sophisticated security and
voice applications.
Network Widget
A widget is a script or rule set designed to address a
specific network challenge. Extreme Networks widgets
utilise one of three technologies including CLI Scripts,
Universal Port Profiles, or CLEAR-Flow Policies, focusing
on three main areas: three main areas:
Reducing configuration/administration errors
(CLI Scripts)
Lowering operational costs through event driven
programmability (Universal Port)
Creating a self-healing and self-provisioning
network (CLEAR-Flow)
1. CLI Scripting
A CLI Script is the sequential and intelligent automation
of CLI commands and actions. Any command which may
be executed on the CLI may be put together in a script to
simplify and automate deployment and/or configuration
operations. This reduces administration errors, the
number one issue on networks today.
An example CLI Script is one which automates the
deployment of an EAPS ring for edge switches.
2. Universal Port
Extreme Networks exclusive Universal Port brings an
innovative feature embedded into ExtremeXOS advanced
switches which reacts to network events with intelligent,
automated responses. Universal Port extends the concept
of CLI Scripting by allowing any script to be automatically
triggered by various detection methods. The methods of
detection include:
Device detect / undetect via Link Layer Discovery
Protocol (LLDP) (i.e. IP Phone)
User authentication / unauthentication (via
Radius)
Any log event (i.e. SNMP trap, HW error,
software error, etc.)
An example is a Universal Port profile which automatically
configures network parameters for any VoIP phones (or
other devices) that support LLDP, but not 802.1x user
authentication on ExtremeXOS-based edge switches.

Reporting of Flows (CLEAR-Flow) is a flexible and


powerful ExtremeXOS feature. CLEAR-Flow makes it
possible to track and measure specific application flows
in the network accurately and at high forwarding rates.
It is a stateless protocol inspection engine, which lends
credence to its enormous speed and accuracy, however
it is often used as a pre-processor to more stateful
inspection techniques such as Sentriant NG300.
CLEAR-Flow brings together network monitoring, analysis
and response in a single, wire-speed process inside the
Ethernet switching fabric. When CLEAR-Flow detects
an abnormal traffic pattern it can dynamically change
access rights granted to a suspicious port, change QoS
settings, mirror syslog traffic, or present the traffic to an
offline IDS/IPS resource for further analysis. Because the
CLEAR-Flow engine is embedded in the switch hardware,
traffic is examined and controlled at wire-speed, greatly
shortening the time it takes to respond to attacks or
policy violations compared to off-switch analysis tools
An example of the CLEAR-Flow process is where the
switch counts the number of broadcast messages and
limits them if they start rising rapidly (as in the case of
a network loop.) CLEAR-Flow can then apply a QoS
profile to bring the broadcasts down to a manageable
level while the network administrator troubleshoots the
problem. This is in contrast to other methods which
would entirely shut down the traffic and make it difficult
to find the problem or culprit causing the misbehavior.
Widgets can be downloaded from Extreme Networks
Widget Central Web site for free. They can be utilised
upon customisation as necessary, based on your specific
network environment.

Higher Education Services and Support


Extreme Networks comprehensive service and support
solutions help you optimise your higher education
network and protect your investment. We empower
you with the tools that help you move from reactive to
proactive management of your network. As strategic
information technology advisors, we recommend and
deliver technical solutions and services, not based on
what we manufacture, but designed around what
your business requires. Our open platform allows for
integration of best-in-class technology.

Maintenance and Support


Maintenance and support aids in the successful
operation of your network by providing you with
assistance to maintain high availability and reduce risks.
ExtremeWorks Maintenance and Support helps you to
operate and manage your network on a day-to-day
basis, 24x7x365, and provides you with the security of
knowing that you have access to expertise and support
when the unexpected occurs.

3. CLEAR-Flow Security Rules Engine


Continuous

Learning,

Examination,

Action

and

Vertical Solutions

Education and Training


Networks are constantly changing to meet evolving
business needs. Skilled IT professionals can lead you
through the challenges of meeting todays and tomorrows
network demands. Extreme Networks provides you with
the education and training to help develop your in-house
technical expertise, to help you increase productivity and
to maximise your network investment.

Advanced and Professional Services


Premier Services Program
Extreme Networks is making the network visible with
the Premier Services Program (PSP). PSP goes beyond
traditional transactional management (reactionary, breakfix maintenance) and delivers a suite of measurement
tools
that provide you with information to allow you to
proactively manage your network and gain visibility
across your entire multi-vendor network of devices,
applications, and network performance.
Security Assessment Services
Extreme Networks security experts offer assessment
services for higher education organisations that are
seeking an overview of their posture and potential
weaknesses in complying with secure regulatory
standards.
Wireless Services
Our wireless networking professionals provide the
expertise to design, deploy, optimise, and secure your
Wireless Local Area Network (WLAN). Our team can
help you with the challenges of Radio Frequency (RF)
planning and design, AP configuration and installation,
and security of the wireless network for your particular
environment and business needs.

Vertical Solutions

Data Center Network OverviewExtreme Networks Data Center Solution Overview

Enterprises
on dataNetwork
centers to Overview
host essential business applications;Key
universities
Benefits and healthcare
Datarely
Center
facilities rely on data centers to provide access to critical information and applications; and content
Build a scalable foundation
ownersEnterprises rely on data centers to host essential business applications;
rely on data centers to host and scale access to content. The data center
is required to offer
to meet growing bandwidth
universities and healthcare facilities rely on data centers to provide access to
scalable
and agile responses to the ever-growing demands of the applications itneeds
supports. The underlying
critical information and applications; and content owners rely on data centers
switching infrastructure must have the intelligence to address security and resiliency issues, but do so
Industry-leading switch
to host and scale access to content. The data center is required to offer
with simple
and efficient solutions. In addition to each of these demands, the
switching infrastructure
density and capacity
scalable and agile responses to the ever-growing demands of the applications
must be
cost
effective
and
energy
efficient.
it supports. The underlying switching infrastructure must have the intelli Switch architectures that

gence to address security and resiliency issues, but do so with simple and
The most
significant recent innovation in data center architectures is storage and server enable migration to 40 GbE
virtualisation. Virtualisation
efficient solutions. In addition to each of these demands, the switching
permitsinfrastructure must be cost effective and energy efficient.
data center networks to do more with less; more applications on fewer servers,and 100 GbE
more storage with fewer
Long service life with
physical storage devices. This innovation was required to address the exponential growth
in data storage and access,
stackable fixed configuraas well The most significant recent innovation in data center architectures is storage
as control the escalation of capital and operating expenditures in data centers. In 2011,
the global amount of
tion products
digital data
is forecast by IDC to equal nearly 1,800 exabytes, or 10 times the quantity produced
in 2006.
and server virtualization. Virtualization permits data center networks to do
more with less; more applications on fewer servers, more storage with fewer

Offer resilient and agile

To support
the benefits of virtualisation and the exponential growth in data storage andinfrastructures
access, top-of-rack and endphysical storage devices. This innovation was required to address the expoof-row nential growth in data storage and access, as well as control the escalation of
switches must scale to support the bandwidth requirements from virtualised server
and storage systems. Today,
Highly available, modular,
capital and operating expenditures in data centers. In 2011, the global amount
the most common uplink speed from application servers is 1Gbps. As more servers become
virtualised and utilisation
and extensible network
of digital data is forecast by IDC to equal nearly 1,800 exabytes, or 10 times
increases, the next logical step is to deploy 10 GbE top-of-rack switches that connect withoperating system
high-density 10 GbE endthe quantity produced in 2006.
of-row and core chassis switches.
Network failure and
recovery protection
Similar To support the benefits of virtualization and the exponential growth in data
to edge networking, Ethernet is the de facto standard for connecting top-of-rack,
end-of-row and core
storage and access, top-of-rack and end-of-row switches must scale to support
Pervasive security offerings
switches
in the data center. Ethernet is also making inroads into storage systems with
iSCSI deployments. These
the bandwidth requirements from virtualized server and storage systems.
at line-rate speeds
advances,
coupled with Ethernets unsurpassed economics, make Ethernet the obvious choice for data center network
Today, the most common uplink speed from application servers is 1Gbps. As
Deliver cost-effective data
transport.
By de-layering the network, Ethernet transport also yields significant capital
and operating savings by
more servers become virtualized and utilization increases, the next logical
eliminating
overlay protocol networks, reducing the number of devices that need to becenter performance
deployed in the data center,
step is to deploy 10 GbE top-of-rack switches that connect with high-density
and simplifying
data center network architectures, management and support.
10 GbE end-of-row and core chassis switches.
Simplified deployment and
management to reduce

The Extreme
Networks data center switching infrastructure solution offers powerful, yet efficient
products to address
Similar to edge networking, Ethernet is the de facto standard for connecting
ongoing operating costs
top-of-rack, end-of-row and core switches in the data center. Ethernet is also
the tough
challenges faced by data centers.
Energy-efficient hardware

making inroads into storage systems with iSCSI deployments. These advances,
coupled with Ethernets unsurpassed economics, make Ethernet the obvious
choice for data center network transport. By de-layering the network,
Key Benefits
Ethernet transport also yields significant capital and operating savings by
Buildeliminating overlay protocol networks, reducing the number of devices that
a scalable foundation to meet growing bandwidth needs:
need to be deployed in the data center, and simplifying data center network
Industry-leading switch density and capacity
architectures, management and support.
Switch architectures that enable migration to 40 GbE and 100 GbE

design with customizable


software controls
Extensible XML solutions

and widgets to control and


tune the infrastructure

The Extreme Networks


Long service life with
stackable fixed configuration products

data center switching infrastructure solution offers


powerful, yet efficient products to address the tough challenges faced by
data centers.

Offer resilient and agile infrastructures:


Highly available, modular, and extensible network operating system
Network failure and recovery protection
Pervasive security offerings at line-rate speeds
2009 Extreme Networks, Inc. All rights reserved.

Deliver cost-effective data center performance:


Simplified deployment and management to reduce ongoing operating costs
Energy-efficient hardware design with customisable software controls
Extensible XML solutions and widgets to control and tune the infrastructure

Vertical Solutions

Data Center Architecture


Extreme Networks recommends a two-tier data center switching infrastructure architecture. Two-tier architectures are
typically comprised of stacked, redundant switches located at the top of rack or end of row that connect to redundant
core switches. For small data centers (less than 500 ports), medium data centers (500 to 2,000 ports) and large data
centers (more than 2,000 ports), two-tier architectures are usually sufficient. For some very large networks or networks
with unique application or architecture requirements, a three-tier architecture may be more appropriate. Three-tier
architectures typically include top-of-rack switches and end-of-row switches that connect to distribution layer switches
which in turn connect to core network switches.
For small enterprise data centers with a few application server racks that provide access to email, ERP systems and
data backup, fixed configuration top-of-rack aggregation switches that connect to fixed configuration core switches
are recommended.

Vertical Solutions

For medium enterprise data centers with multiple application racks that provide access to critical applications and data,
a two-tier network with stacked, redundant fixed configuration top-of-rack switches connecting to redundant highdensity chassis core switches is recommended.

For large enterprise data centers with more than 2,000 ports in a data center, we recommend a two-tier architecture
connecting stacked, redundant fixed configuration top-of-rack switches to redundant high-density chassis-based

Vertical Solutions

switches at the data center core. (See Figure 3)

Vertical Solutions

Key Data Center Terms


Top of Rack
Top-of-rack switches aggregate traffic from application
servers in a rack. These switches are one rack unit (RU)
high and, due to their mounting location, simplify a data
centers cabling plan. Typically, there is just one switch
domain per rack, which improves fault containment
and isolation. Top-of-rack switches also simplify
network planning by minimising oversubscription and
support port-to-port switching for in-rack application
interaction.
Top-of-rack switches typically uplink to end-of-row fixed
configuration or high-density chassis core switches.
End of Row
End-of-row switches aggregate traffic from servers or
top-of-rack fixed configuration switches. These high
density switches are valued for their port utilisation and
ability to support a wide range of application servers.
They are located at the end of the row to permit data
center administrators to provide more efficient and
targeted cooling solutions.
End-of-row switches may connect to customer-facing
services located on the customer network or to additional
switches in the data center core layer.

Data Storage Models


Application servers access data stored on rotating media
or disk drives housed in a storage system. These storage
systems are either Network Attached Storage (NAS)
or Storage Area Networks (SANs). For very small data
centers, Direct Attached Storage is sometimes used.

storage and mount this storage on each server to provide


developers a single data image of their storage resources.
It is important to remember that the file system and the
file system semantics reside in the network attached
storage system (e.g., a Network Appliances filer), not
in the server. The server only mounts the external file
system owned by a network attached storage system
onto its local file system.
Storage Area Network
Todays enterprise data storage is predominantly provided
by Storage Area Network storage systems. Examples of
SAN-based storage systems include EMCs Symmetrix
systems, Hitachis Universal Storage Platform systems,
and IBMs TotalStorage systems. SANs are typically used
to connect multiple rack mount and/or blade servers to
a SAN through a Fibre Channel Host Bus Adapter (HBA).
This Fibre Channel HBA connects to a Fibre Channel
network via Fibre Channel directors and switches which
are then connected to an enterprise-class storage system.
Fibre Channel protocol is the dominant protocol used in
SAN-based deployments. However, with the emergence
of iSCSI SANs, IP-based SANs are readily available and are
being offered by the major storage vendors Dell, EMC,
IBM, and NetApp. Most SANs support large relational
database engines and have sophisticated replication
solutions to ensure high-availability requirements are
met.
Standards work is currently in progress on another
protocol to leverage Ethernet, standard cabling and
standard Ethernet switches in the data center. Fibre
Channel over Ethernet (FCoE) intends to maintain
the Fibre Channel protocol over 10 GbE networks by
mapping Fibre Channel frames over full duplex IEEE
802.3 networks. Similar to the benefits of iSCSI, FCoE
intends to de-layer and simplify the data center network
architecture when it is ratified.

Network Attached Storage

Extreme Networks Solutions for Data Center Networks

The typical network attached storage configuration is a


server connected by an Ethernet network interface card
(NIC) to a LAN. This LAN, in turn, is connected to one or
more NAS storage systems. The storage protocol used in
network attached storage systems can be the popular
Network File System (NFS) used by Unix-based servers or
the Common Internet File System (CIFS) used by Microsoft
Windows Server systems. Network attached storage is
typically found in server configurations where file sharing
is important. For example, multiple servers supporting a
common development environment would deploy NFS

The following table shows where Extreme Networks


products are typically deployed in a data center
network.

Table 1: Extreme Networks Data Center Product Matrix

Vertical Solutions

The following section shows data center network architecture examples and recommends Extreme Networks products
to build powerful yet energy-efficient data center networks.

Application 1: Small Enterprise Data Center


The following network architecture highlights a typical small enterprise data center network with less than 500 ports.
In a small enterprise, e-mail is often the primary application. E-mail can be stored on the client side, on a server or,
most often, in both locations. In this architecture, the e-mail and other application servers and the storage network

Vertical Solutions

require 1 GbE uplinks to stacked, redundant top-of-rack switches. End-of-Row chassis-based switches aggregate
traffic from several data center racks. The fixed configuration and chassis switches uplink to data center core 10 GbE
stacked, redundant fixed configuration switches.
Key Data Center Solution: A Scalable Switching Infrastructure
One challenge of a small data center is that most dont remain small for long. Network administrators need to balance
the cost of their network deployment with the ability to scale as the enterprises applications and storage needs
grow.
Extreme Networks fixed configuration aggregation switches support the SummitStack stacking architecture designed
for rapid failover capability with n-1 master redundancy, distributed Layer 2 and Layer 3 switching, link aggregation
across the stack and distributed uplinks. SummitStack supports up to eight units in a stack, and the mixture of the
units can be Summit X250e, Summit X450a and Summit X650 switches. SummitStack provides 50msec failover for
path failure, sub-seconds hitless master/backup failover along with hitless protocol support (such as OSPF graceful
restart), and Network Login user authentication. Specifically, Summit X450a offers dual stacking interfaces to provide
high-speed 40 Gbps stacking bandwidth and provides chassis-like management and availability with its SummitStack
stacking technology. Summit X650 will have the capability to offer dual stacking interfaces to provide high-speed 512
Gbps stacking bandwidth and the same chassis-like management of the Summit X450a.

Vertical Solutions

Application 2:
Medium Enterprise Data Center
The following network architecture highlights a typical
medium enterprise data center network with more than
500 ports, but less than 2,000 ports. In this architecture,
the application servers and storage network require a
mix of 1 GbE and 10 GbE uplinks to top-of-rack fixed
configuration switches to support ERP applications and
database management systems. The fixed configuration
top-of-rack switches uplink to chassis-based switches at
the data center core. End-of-Row chassis-based switches
aggregate traffic from multiple data center racks and
uplink to redundant chassis at the data center core.
Key Data Center Solution: A Resilient
Switching Infrastructure
The challenge of medium enterprise data centers
comes from growth and complexity. Access to business
applications becomes even more critical while demands
on the network become more intense. Data center
network administrators are constrained by cost controls
and time limitations, while the network is expected to be
fully accessible 24x7x365.
Extreme Networks modular edge to core operating
system, ExtremeXOS, raises the bar for availability, to
support mission-critical data center business applications.
A highly available network can also lower operating
costs by drastically reducing emergency maintenance.
ExtremeXOS extends the capabilities of the network
via dynamic loading of applications, XML APIs and
CLI scripting. It also integrates specialised application
appliances such as security devices into the network.
ExtremeXOS has a rich set of Layer 2 and Layer 3
control protocols, provides flexibility in the design
of highly resilient networks and has been designed
from the ground up to support the next-generation
Internet Protocol, IPv6. Even if the network manager
is not planning to use IPv6 immediately, ExtremeXOS
can help secure the network using IPv6 Access Control
Lists. Security capabilities provide network control
and management plane protection via CLEAR-Flow
when paired with Sentriant NG300, Extreme Networks
behavior-based threat detection solution.
Ethernet Automatic Protection Switching (EAPS) allows
Extreme Networks top-of-rack and end-of-row switches
to provide the level of resiliency and uptime expected

Vertical Solutions

from data center networks. EAPS is superior to the


Spanning Tree or Rapid Spanning Tree Protocols, offering
sub-50ms recovery, and delivers consistent failover
regardless of number of VLANs, number of network
nodes or network topology.
EAPS Domains protect groups of multiple VLANs,
allowing scalable growth and broadcast loop protection.
They provide logical and physical segmentation, which
means failures in one EAPS ring will not impact data
center application services on other rings and VLANs.
EAPS provides a consistent and predictable recovery
behavior regardless of where link failures occur.
Extreme Networks data center switching solutions also
address network outages. The BlackDiamond 8800
series switches are configured with an automatic failover
mechanism so that if one Management Switch Module
(MSM) fails, the second MSM will automatically take
over management responsibility for the entire switch.
This feature is essential for data center networks with
mission-critical applications. In addition, BlackDiamond
8800 series switches include a passive backplane
complemented by high availability design elements such
as isolated control and data planes, redundant controller
boards for power distribution, and fan control and
environmental monitoring to identify anomalies before
they affect network availability.
BlackDiamond 8800 series switches support a set of
redundant power configurations that can load share
up to six internal power supplies simultaneously. Three
power supplies in a 2 + 1 redundancy configuration can
power a fully loaded chassis with gigabit or 10 Gigabit
Ethernet ports.
At the top of rack, the Summit X650 supports dual,
hot swappable AC/DC power supply units as well as a
removable fan tray to offer network resiliency.

Vertical Solutions

Application 3:
Large Enterprise Data Center
The following network architecture highlights a typical
large enterprise data center network with more than
2,000 ports. In this architecture, the application servers
and storage network require a mix of 1 GbE and 10 GbE
uplinks to top-of-rack fixed configuration switches to
support large, mission-critical ERP applications, database
management systems and service oriented architectures.
10 GbE uplinks are also necessary for supporting large
bandwidth services such as content-rich online video
and photo Web sites. For large enterprise data centers
with more than 2,000 ports, a two-tier architecture
connecting stacked, redundant fixed configuration topof-rack switches and redundant end-of-row chassisbased switches to redundant high- density chassis-based
switches at the data center core is recommended.
Key Data Center Solution: A Robust, Yet CostEffective Switching Infrastructure
The challenge of large data center networks is simply
their scale - they are large, their application and storage
demands are large, and they must be expertly managed
while being cost effective. They must support countless
applications, support 1 GbE and 10 GbE application
servers, scale to 40 GbE/100 GbE access, be secure, be
energy- and cost-efficient. Large data centers require
powerful, yet simple solutions.
Extreme Networks offers the BlackDiamond 8800 series
switches as the end-of-row and core switches for large
data centers. BlackDiamond 8800 series switches deliver
industry-leading 3.8 Tbps switch fabric bandwidth and
2.84 Tpps Layer 2 - Layer 3 hardware forwarding rate.
They support 2,352 gigabit ports or 582 10 Gigabit
Ethernet ports in a single, standard seven-foot data
center rack, allowing BlackDiamond 8800 series switches
to deliver a cost-effective connectivity option for clusters
of application servers.
A BlackDiamond 8800 series switch with 400 Gigabit
Ethernet ports consumes only 1.3 Kilowatts or 3.2 Watts
per port. This is significantly lower than other switches
in the industry, and can provide considerable savings
in power and cooling costs - both critical issues in large
data centers.
At the top of rack, Summit X650 connects 10 Gigabit
Ethernet application servers with SFP+ or 10GBASE-T to
accommodate existing and future cabling. The 24-port
10 Gigabit Ethernet switch also offers Versatile Interface
Modules for architectural flexibility to scale Summit X650
from 10 GbE to support future 40/100 GbE stacking
interfaces.
The cost of security issues are corralled by CLEARFlow Security Rules Engine that provides first-order
threat detection and mitigation, and mirrors traffic to
the Sentriant NG300 for further analysis of suspicious
traffic in the network. Using CLEAR-Flow with Sentriant
NG300 provides cost-effective scalability of the security
solution. Sentriant NG300 can add/modify the CLEARFlow rules and ACLs on the BlackDiamond 8800 and the

Vertical Solutions

Summit X650 switches to inspect additional traffic or


change inspection thresholds, thereby automatically fine
tuning inspection rules in real-time. Additional security is
provided by sFlow, a technology that provides the ability
to sample application-level traffic flows on all interfaces
simultaneously.
Extreme Networks ExtremeXOS modular operating
system is another powerful solution for data center
network administrators. ExtremeXOS dramatically
increases network availability using process monitoring
and restart. Each independent OS process is monitored
in real time. If a process becomes unresponsive or stops
running, it may be possible to automatically restart it, or
take other automatic corrective actions such as hitless
failover to a redundant management module or standby
stack master.
ExtremeXOS provides reliable infrastructure to
dynamically load, start and gracefully stop new
applications. ExtremeXOS embraces POSIX-compliant
interfaces to ease the integration of new applications
and to dynamically load Extreme Networks developed
functionality such as SSH/SCP/SSL. ExtremeXOS also
provides a CLI scripting infrastructure. Scripting can be
used to add incremental configuration to the network
infrastructure, such as a list of VLANs to be configured.
By leveraging scripting for switch configuration, the
time needed to roll out a new switch can be reduced to
minutes with just a few commands for switch-specific
settings.
Data center network administrators can simplify
management processes with automation widgets and
build an application-aware network infrastructure with
Extreme Networks ExtremeXOS InSite XML software
development kit. This XML infrastructure embraces the
concept of open yet secure communications to allow
business applications to easily interact with the network
for security policy enforcement, regulatory compliance
and performance management, and higher security.
The standards-based SOAP/XML architecture makes it
easy to integrate the network infrastructure with highlevel application and business software in data centers.
The configuration and monitoring capabilities provided
by the APIs let you create Service Oriented Architecture
solutions that bridge the gap between application and
business logic with network configuration and events.

Summary
Extreme Networks gigabit and 10 Gigabit Ethernet topof-rack, end-of-row and core switches provide agile
network infrastructure solutions to keep ahead of the
growing bandwidth demands in data center networks.
Our solutions offer scalable and agile responses to the
ever-growing requirements of data center applications
and storage they support. Extreme Networks switching
infrastructure has the intelligence to address security and
resiliency issues, and does so with simple and efficient
solutions. In addition to each of these benefits, Extreme
Networks switching infrastructure is cost effective and
energy efficient.

Explanation of
Protocols and Technologies
CLEAR-Flow Security Rules Engine
CLEAR-Flow is a flexible and powerful ExtremeXOS
feature that monitors 100% of all network traffic on
a switch and takes pre-defined actions when certain
traffic thresholds are met. CLEAR-Flow brings together
network monitoring, analysis and response in a single,
wire-speed process inside the Ethernet switching fabric.
When CLEAR-Flow detects an abnormal traffic pattern
it can dynamically change access rights granted to a
suspicious port, change QoS settings, mirror syslog
traffic, or present the traffic to an offline IDS/IPS resource
for further analysis. Because the CLEAR-Flow engine is
embedded in the switch hardware, traffic is examined
and controlled at wire-speed, greatly shortening the
time it takes to respond to attacks or policy violations
compared to off-switch analysis tools.
Ethernet Automatic Protection Switching
Ethernet Automatic Protection Switching (RFC 3619) is
a protocol invented by Extreme Networks, designed to
prevent loops in a ring topology running Layer 2 traffic.
The protocol provides the ability to design a Layer 2
access or distribution network that provides convergencegrade failover in the event of a cable cut or a hardware
failure without impacting mission-critical data center,
VoIP or streaming video applications. Performance is
independent of the number of switches in the ring.
ExtremeXOS
ExtremeXOS is an open network operating system that
delivers meaningful insight and unprecedented control
for mission-critical applications. With exceptional support
for VoIP, integrated security, and high availability,
ExtremeXOS stands out as a real alternative to closed,
proprietary products that limit choice and compromise
performance as well as being cost prohibitive.
Four powerful capabilities combine to make ExtremeXOS
the best operating system for solving the toughest
networking challenges. Modularity enhances availability
by isolating software processes to limit the impact of
changes, attacks, or instabilities. Open interfaces allow
applications to effectively control the network without
unnecessarily tight integration that can limit flexibility
and force system-wide upgrade cycles. ExtremeXOS is
a POSIX-compliant operating system, making on-switch
application integration straightforward and fast. Wirerate instrumentation provides deep insight into critical
network activities to build sophisticated security and
voice applications.

traffic congestion or to identify unauthorised network


activity. Extreme Networks implementation of sFlow uses
dedicated hardware for optimal network performance.

Data Center Services and Support


Extreme Networks comprehensive service and support
solutions help optimise the data center network and
protect your investment. Extreme Networks provides
tools that help you move from reactive to proactive
management of the network. As strategic information
technology advisors, Extreme Networks recommends and
delivers technical solutions and services, not based on
products, but designed around business requirements.
Extreme Networks open platform allows for integration
of best-in-class technology for a complete solution.
Maintenance and Support
Maintenance and support aids in the successful operation
of your network by providing you with assistance to
maintain high availability and reduce risks. ExtremeWorks
helps you operate and manage your network on a dayto-day basis, 24x7x365, and provides you with the
security of knowing that you have access to expertise
and support when the unexpected occurs
Education and Training
Networks are constantly changing to meet evolving
business needs. Skilled IT professionals can lead you
through the challenges of meeting todays and tomorrows
network demands. Extreme Networks provides you with
education and training to help develop your in-house
technical expertise, to help you increase productivity and
to maximise your network investment.

Advanced and Professional Services


Premier Services Program (PSP)
Extreme Networks is making the network visible with
the PSP. PSP goes beyond traditional transactional
management (reactionary, break-fix maintenance) and
delivers a suite of measurement tools that provide you
with information to allow you to proactively manage
your network and gain visibility across your entire multivendor network of devices, applications, and network
performance.
Security Assessment Services
Extreme Networks security experts offer assessment
services for data centers that are seeking an overview
of their posture and potential weaknesses in complying
with security and all other regulatory standards.

sFlow
sFlow is a packet sampling technology that provides a
network-wide view of usage and active routes, enabling
IT managers to effectively control the network including

Vertical Solutions

White Papers

Is Your Data Centre Extreme?

Los Angeles City Council has approved a multimillion-dollar proposal


to use Googles range of office products for its 30,000 workers.
The city council voted unanimously for the $7.2 million deal to replace
many of its computer systems with the Google Apps services...
The vote came amid a push by Google to market its 'cloud
computing; Apps services - applications that run remotely on the
companys own servers, instead of users desktop machines to governments and large security-conscious corporations.
The Times Online 29 Oct 2009

The concept behind cloud computing is to make computer


resources scalable, with applications and data Relevant Products
/Services on third-party servers accessible on the Web.
TopTechNews.com 2 Nov 2009

Changing requirements in the enterprise demand new strategies when considering the deployment of
new and diverse business applications. In addition, initiatives such as hosted or cloud based applications
and an increasing tendency towards centralisation of IT assets, place new demands on both enterprise
and service provider data centre infrastructures and server estates. Application virtualisation drives the
need for changes in the underlying network infrastructure in both the LAN and SAN.
These transitions create significant need for change in day-to-day data centre operational capability and demand five
9s resilience from a business continuity perspective.
Investment in new best-of-breed server, network and cooling infrastructures deliver tangible business benefits. These
include measurable reductions in capital and operating expenses and increased operational flexibility leading to
productivity gains and competitive advantage whilst delivering significant environmental benefits for the community
at large.
Now is the time to get involved in this fast changing market segment! Be Extreme with Westcon!
Data centres face many challenges as they continue to evolve and expand and organisations opt for hosted,
centralised and virtualised solutions.

Dealing with Growth, Consolidation &


Outsourcing

Managing Green Power


(Green Initiatives)

(Green Initiatives)
Merging of many data centres into few data
centres
Bandwidth doubling every 12 - 24 months
Future migration to 40 GbE and 100 GbE

White Papers

Physical limitations within rack


Physical limitations within data centres
OPEX cost burden
Regulatory compliance

Managing Virtualisation
(Green Initiatives)
Environments becoming more virtualised.
Support for cloud computing becoming more
important.

Lower power consumption, better


GREEN considerations

High performance, scalability &


availability
10GbE solutions are available in both chassis and fixed
configuration switches offering design flexibility.
High speed 512Gbps inter-switch stacking and high
density modular offerings guarantee organisations a
mission critical architecture.
A single modular operating system ensures application
availability by allowing rapid restart of stalled services
as opposed to a full switch/network reboot.

(Green Initiatives)
Automated power management for the data centre
allows the network to schedule power on a time/day
basis as well as enter hibernation mode delivering a
70% reduction in power costs.
Dynamic power management enables power to be
delivered on a demand driven basis. If a connection
is not detected on a port, then power delivery to that
port can be disabled.

Network level virtualisation


(Green Initiatives)
As servers move, the associated switch policies move
with the virtual machine.
Features such as VLAN, QoS policy and Access Control
Lists are dynamically managed by the network.
Continuity of application availability and security is
retained wherever the virtual machine moves to in the
network.

Highly automatable and extensible


architecture
Investment in an Extreme Networks Data Centre solution
introduces extensive performance and management
benefits as well as multiple cost savings:
Reduced acquisition cost of solution;
Reduced time required for moves, adds and
changes;
Reduced power consumption;
Reduced rack space requirements;
Reduced cooling requirements.
The end result - a secure future proof data centre with a
low Total Cost of Ownership

Cost efficient cabling


(Green Initiatives)
Extreme Networks data centre solutions can utilise the
existing copper cabling in place minimising re-cabling
costs.
Only replace expensive fibre or fibre channel cabling
where appropriate.

Highly automatable and extensible


architecture
(Green Initiatives)
The use of Extreme Networks Widget technology
allows for full control over the network.
Key tasks can be automated through scripting and
XML integration.
Network management reduces complexity of day to
day administration and delivers powerful reporting.

White Papers

Simple design both for ToR or EoR solutions


Small form factor 1RU 10GbE switches contribute towards reducing rack space required for networking and
maximising rack space for servers.
Top of Rack (ToR) or End of Row (EoR) designs are made possible by the flexibility of the Summit and BlackDiamond
switch series.

End of Row

White Papers

Organisations are scrutinising any investment that is being made especially in areas such as the data
network where identifying a Return On Investment (ROI) or a reduced Total Cost of Ownership (TCO)
can be particularly challenging. Frequently, organisations overlook the fact that the data network
provides the platform for delivery of business critical applications such as voice and video.
Products from Extreme Networks scale to solve tough voice and security challenges with high availability, crystal
clarity, and integrated security features. The products provide a powerful portfolio to support everything from basic
connectivity to advanced, high-speed services for demanding desktop applications.

Grow your business with


Westcon Convergence & Extreme Networks
White Papers

Key Features

Key Benefits
Modular Operating System:

Modular Operating
System:
Robust operating system.

Application availability is achieved with


a modular operating system. System uptime is
enhanced by being able to restart and upgrade
discrete software modules providing non-stop
operation.

Network Security:
Network Security:
Secure application access as well as device
access to the network.

Business continuity relies heavily upon


network availability and the elimination of rogue
devices and malicious code. CLEARFlow technology
integrated in Extreme Networks switches eliminates
network threats, preventing security breaches
ensuring network and application availability.

Universal Port:

Universal Port:
Auto provisioning of converged networks
reducing deployment time.

Simplified Management:
Switch configuration and administration.

White Papers

Reduce cost of ownership and be green


with intelligent power management enabling
specific ports to be powered up and powered
down based on time of day schedules.
Control OpEx by reducing power consumption
and cooling costs. BlackDiamond modules only
require low power to operate. In addition to
powering down ports not required to supply
power over ethernet, consumption can be
reduced by a further 30% when modules are in
hibernation mode.

Simplified Management:
Save time with a configuration and command
set that is consistent across all products, training is
kept to a minimum, reducing the time to take out
highly skilled IT staff.

Key Features

Key Benefits

Scalable Architecture:
Scalable Architecture:
Simplify network design and deliver a high
performance, flexible network.

Business continuity is managed through


the modular design and operating system of the
BlackDiamond series. With n+1 redundancy and
the ability to hot swap modules network uptime
is maximised.
Future proof investment with support for
high density 10G technology, the ability to design
a high speed network core aids application and
device expansion.

Reduce Complexity & Costs:

Reduce Complexity & Costs:


Allow for network expansion and virtualised
applications with a cost effective approach.

Reduce complexity and costs of deploying


applications into virtualised data centre
environments. Migration and expansion to a
data centre topology is supported easily through
a high performance modular platform.
Cost reduction in a data centre is achieved
through low power consumption hardware and
modules, intelligent power management and
reduced cooling requirements.

White Papers

New technology
Ethernet optimised silicon that is intrinsic to the Extreme
Networks products, ultimately results in less silicon required
to drive the products, more efficient processor usage,
better performance, lower power requirements and lower
TCO. Older products providing the network are likely to be
inefficient in these areas ultimately resulting in a more costly
network to operate as well as delivering lower performance
and access to business applications.

Review current architecture


Are 3 tiers of the network necessary to support the applications?
Three tier solutions have existed in the past because of the nature of the products. Issues such as port density and
overall switching performance have hindered organisations resulting in increased cost and complexity. This can now be
consolidated into 2 tiers with a new infrastructure delivering higher port density and performance levels at a reduced
TCO. Whats more, Extreme Networks can easily integrate with the existing network enabling a phased migration
approach as opposed to a big bang approach.

Features and Benefits


Extreme Networks place significant investment into hardware design and software features ensuring that challenges
faced by organisations can be met through deployment of an Extreme Networks solution. As shown below, features
such CLI Scripting, Universal Port and CLEAR-Flow show demonstrable return on investment whether this be from a
monetary or time perspective.

Fig.1
CLI Scripting
Sequential and
intelligent
automation of
CLI commands
and actions

White Papers

Value Proposition
Reduce
administration
errors which are
the number 1
issue on networks

Examples
Deploy dozens
of switches with
standard/custom
configurations
Automate branch/
remote office
installations

In Fig.1, the CLI Script is being used to automatically deploy multiple configurations across the data network from a
central location. Historically this would be a lengthy procedure requiring the IT department having to manually upload
the file to each switch separately a significant time saving, reducing TCO and delivering ROI.
Below (Fig.2), Universal Port functionality is used to automatically provision an IP handset with the IP PBX, shutdown
specific ports at a certain time of day and rate limit throughput of non-business applications. In these examples, we are
able to identify cost savings, time savings and increased efficiency of the data network for business applications.

Fig.2
Universal Port

Value Proposition

Event (trigger)
driven or
switch-initiated
actions on
individual ports

Reduce operational
costs with event driven
programmability
Green Initiative
Increase efficiency of
shrinking IT staffs

Examples
Automatically limit Wii or
XBOX throughput on the
network
Shutdown wireless access
at 6:30pm
Auto-provision a VoIP
phone

Fig.3
CLEAR-Flow
Collect, analyse,
and respond
to traffic flaws
data at line-rates

Value Proposition
Creat a self-aware/healing
network
Powerful pre-processor
to more stateful
inspection device like
Sentriant NG

Examples
Stop badly behaving
software from taking
down your whole
network
Prevent a DoS attack on
VoIP handsets (IPTel
rules)

The above example (Fig.3) of CLEAR-Flow in operation on the network demonstrates a very straight forward ROI.
How much does it cost your business if a security breach takes place? What is the effect on your business if your
IP Telephony platform experiences a Denial of Service attack preventing it from working? CLEAR-Flow consistently
monitors the data network and provides an intelligent self-healing proactive approach to potential security breaches
or rogue devices attempting to gain access to the network.

Business Automation with Widgets


A widget is the Extreme Networks term used for a
script that allows automation of frequently occurring
tasks within the network. Widgets are focused in four
main areas Monitor, Deploy, Operation and Optimise.
Examples of where a widget would be used could
be for deploying a quality of service (QoS) profile
to a number of switches, or hibernating slots in a
chassis reducing power requirements. This saves a
considerable amount of time that can be reassigned
to more critical issues encountered by the IT support
team as well as reducing operating costs. Yet another
example of how technology reduces TCO and delivers
ROI.

White Papers

LAN Security
Compliance with data protection and integrity standards such as the Data Protection Act and Sarbanes Oxley highlight
the importance of securing traffic and data that is being sent and received on the network. Recent research suggests
that in the US, the cost to a business for every compromised record is $197; additionally noted was that approximately
60% of the total cost of the incident was due to lost business. (The Register).
Using an Extreme Networks solution, it is possible to contribute towards the data protection standards through the use
of features such as CLEAR-Flow that monitor traffic on the network. When rogue traffic patterns, software or devices
are identified it is possible for the network to seamlessly invoke policies that deny access to the network and protecting
the data from being accessed. Not only does this protect data from being accessed, but also the overall health of the
network ensuring that access to applications such as IP Telephony are maintained.

Attack
Launched

Auto Detect
and Mirror

Analyse
& Request Action

Take
Action

CLEAR-Flow
Security Rules Engine

3
Sentriant NG300

4
BlackDiamond
8800 c series

Automated Attack Mitigation


Intelligent Power Management

Modular Operating System

With Extreme Networks Power over Ethernet (PoE)


solutions, it is possible to define periods of time whereby
the power to specific ports can be switched on or off.
For example IP telephones that are powered from
the data network can be turned off overnight and at
weekend reducing not
only the operating
expenditure, but also
contributing to the
Green Effect and
reducing the carbon
footprint.

With the LAN infrastructure supporting business


applications it is vital that it is able to deliver maximum
uptime of these applications to users. With a modular
operating system, it is possible to stop and start tasks
that hang without the need to reboot the switch and
therefore losing access to the business applications.
Extreme Networks are leading with a modular operating
system where competitors are still using static fixed
operating systems causing them to be more prone to
network failure. Combining this with built in security
policies that protect against network vulnerabilities and
attacks such as Denial of Service (DoS) and the ability
to interact with scripts for automated event scheduling,
results in a secure yet flexible network architecture.

White Papers

IP Telephony Deployment
When deploying a new or expanding IP Telephony voice network, one of the most time consuming tasks is based
around the provisioning of IP handsets. Ensuring that they are in the correct VLAN, have the correct priority configured
as well as appropriate secure authentication to the network takes time to not only plan but can easily introduce
configuration errors. Using the Universal Port feature that is intrinsic to the Extreme Networks switches, it has been
estimated that cost savings of $85 per handset can be achieved by managing and automating this centrally by the
network. As handsets are added, they are automatically authenticated and configured by the network and available
for dial tone within seconds. This delivers immediate time savings in not just the commissioning of the voice network,
but also eliminating configuration errors.

Data Centre Resilience


In the data centre 40% of causes of downtime in the network are software related. With mission critical applications
being supported by the Data Centre, 99.999% uptime is a must with this equating to 5mins 23s anything more could
be catastrophic resilience is critical.
The compounded effect of having a non-resilient network results in multiple costs to the business:
Productivity loss
Damaged reputation
Recovery expenses
1. Less power required from the utility supplier

Missed SLA contracts


National/International security
Lost revenue and customers
2. Less power = less cooling required

In addition to resilience, TCO in the data centre can be reduced significantly by using more power efficient switches.
This results in a two fold saving:
Cost implication for non resilience
Deployment of an Extreme Networks network,
delivers resilience maximising system uptime and
availability to critical applications. Features such as
Ethernet Automatic Protection Switching Protocol
(EAPS) enables traffic to be re-routed in less than
50 milliseconds in the event of connection failure.
A modular operating system ensures for robust core
and edge switching. What does all of this mean?
Applications such as voice or video continue as
expected providing for a seamless user experience.
More importantly though, disruption to business
services is minimised that would otherwise bring the
organisation to a standstill resulting in high levels of
lost revenue.

Industry Sector

Revenue /
Hour

Revenue/
Employee-Hour

Energy

$2,817,845

$569

Telecommunications

$2,066,245

$186

Manufacturing

$1,610,654

$134

Financial
Institution

$1,495,134

$1,079

Insurance

$1,202,444

$370

$1,107,274

$244

Retail
Transportation
Average

$668,586

$107

$1,010,536

$205

Total Cost of Ownership


Keeping it simple with functionality increasing and configurations becoming more complex, it is essential that
any complexity be minimised where possible. Task automation such as automatic provisioning of IP handsets
ensuring that they are available for day one operation, is not only a significant time saving but also reduces errors.
Another area relating to this is when new releases of software are made available with enhanced features. Extreme
Networks retain simplicity by ensuring that the ExtremeXOS operating system architecture is consistent across all
products regardless of size or type of switch. This reduces implementation time due to commonality across all
platforms and also removes additional costs per product per software release for training of engineers.

White Papers

Extreme Vs a Competitor
With the scalability to support a new or growing network and a resilient modular operating system, new features are
easily added in the Extreme Networks product range accommodating changing business requirements and future
proofing investment.

A Competitors Software Release Path (Complex)

11.0A

11.2(4)XA

11.1AA

11.0B

10.x

11.0

11.2(9)XA

11.1

11.2
11.2P
11.2SA

11.1CA

11.2F

11.2BC

11.1CC

11.2GS

11.1CT

11.2WA3

11.1A

Extreme Software Release Path (Simple!)

10.1

White Papers

11.0

11.1

11.2

11.3

11.3DA

12.00A

11.3WA

11.3NA

11.3HA

11.3AA

12.00B
12.00C
12.0S

12.0SC

12.0W5(x)

12.0SL

9.x

12.0SP

12.0WAG
11.3MA

11.3
11.3T
12.0

11.3(2)XA

12.0T
12.0(5)XP

11.4

12.0(1)XA

12.0(4)XI

12.0(4)XL

12.0(1)XB

12.0(4)XF

12.0(4)
XM

12.0(1)XC

12.0(7)XF

12.0(5)XN

11.5

11.6

12.0

12.1

White Papers

Business Continuity
Business continuity is a critical aspect that can be overlooked by any organisation. The ExtremeXOS modular operating
system delivers significant benefits when being deployed into environments whereby applications in use are mission
critical. The table below highlights examples of impact to organisations if the data network fails. With increased
resilience and simplicity of deploying a new feature or restarting a failed service, the ExtremeXOS operating system
mitigates against these issues whilst delivering business continuity at the same time. By contrast monolithic or static
operating systems would be unable to support rapid service restart (unlike ExtremeXOS) and ultimately all services
previously supported would be lost until the switch could be replaced.

Vertical Market

Healthcare

Finance

Government

Education

White Papers

Services Supported by the LAN

Impact of Network Failure

Medical Imaging

Increase in patient mortality

Patient Records

Loss of access to patient records

X-Rays

Loss of access to trained & specialist medical staff

Telephony

Unavailable patient services

Trading Systems

Lost revenue

Telephony

Lost customers

Public Services

Lost revenue

Telephony

Unavailable community services

Telephony

Access to parental contact

Administration Systems

Access to student records

Security Control

Safety of children

Green Initiatives
A report by the US Environmental Protection Agency stated that IT
consumed about 61 billion kilowatt-hours in 2006 - about 1.5 percent
of the total electricity consumed in the US - at a cost of about $4.5
billion. Power consumption in the industry could nearly double by
2011. increasingly organisations have to comply with and support green
initiatives. Working practices are being adopted by organisations in order
to be Green Aware wherever possible. How can this be achieved and
which areas should be considered?

Replace old switches in the network that are power inefficient


Manage power delivery intelligently
Use fewer switches to achieve more
Reduce Data Centre power and cooling

Before Extreme Networks Solution Deployed


Challenge
200
person
office

Office Hours

Concern

9:00 - 5:00
Monday - Friday
for most workers

Desk phones are


powered 24x7 high operating costs

After Extreme Networks Green Solution Deployed


Go Green
Solution
Identify
150
non-critical
desk phones

Universal Port:
Power down
handsets at
5:00pm each
evening

Power Savings
over the
weekendall ports
powered off

On/Off
times can
be set

Immediate 75% electricity savings - on PoE power

Summary
Extreme Networks provide medium and large enterprise class solutions that address the varied and diverse
requirements of organisations. The products are scalable and intelligent, being able to initiate dynamic policies for
security and automate tasks such as auto provisioning of IP handsets. As the demands of the organisation change
and increase, it is essential that the underlying infrastructure is not only capable of supporting this, but is also future
proofed for next generation applications. Equally as resources and skills become limited, it is not only critical that the
complexity of the day to day running of the network is kept to a minimum, but the network should also help minimise
operating expenditure and provide return on investment. There are many ways that ROI can be calculated and viewed.
Organisations shouldnt just consider the monetary ROI but also the time ROI solutions from Extreme Networks
can deliver both.

White Papers

10 Gigabit Ethernet Adoption


Driving 10 Gigabit Ethernet Adoption in the Data Center
Data volumes and network bandwidth consumed by data centers double every 18 months while devices
accessing networks double every 2.5 years. to support this thirst for data, a corresponding advance in
network bandwidth needs to occur. Given that ethernet has become the networking infrastructure of
not only the internet, but also information service delivery to corporations of all sizes, the logical answer
is migration to the next advance in ethernet - 10 Gigabit ethernet.
Whats driving the evolution to 10 Gigabit ethernet? the drive comes from advances in other information technologies multi-core processors, virtualised environments, advances in storage architectures, server clustering and consolidation,
new forms of information delivery using the internet,
and the next wave of digital media content. associated
with these technological advances is the advance in
networking itself that is making 10 Gigabit ethernet
affordable across the network from the core to the
edge.
Intel and extreme networks are two companies leading
the evolution to 10 Gigabit ethernet adoption. intel
10 Gigabit ethernet Server adapters provide fast and
reliable connections for high-performance servers and
workstations. these adapters have been designed for
multi-core processors, optimised for virtualisation, and
provide support for unified networking over ethernet.
extreme networks provides 10 Gigabit ethernet
networking solutions for layer 2 and layer 3 switching in
both modular and fixed configurations. extreme networks
versatile design for these configurations offers customers
a choice while providing an excellent migration path
from existing Gigabit ethernet network infrastructures.
By combining 10 Gigabit ethernet technology from
intel and extreme networks, customers can realise the
advantages of 10 Gigabit ethernet today at affordable
costs in seamless migration and coexistence with their
existing ethernet data center network.

Motivation Driving 10 Gigabit Ethernet

devices resulting in ineffective utilisation of processing


resources as they wait for I/O requests to complete.

CPU

I/O Hub

Ethernet Controller

PORT 1

PORT 1

Today, most server, desktop, and laptop systems come


standard with Gigabit Ethernet connectivity. It has
become natural for us to just plug into a Gigabit
Ethernet network. Although 10 Gigabit Ethernet has
been around since 2002, its adoption has been limited to
the core of data center networks. That is, until now.
Advances in technology delivering 10 Gigabit Ethernet
and falling prices are driving the adoption of 10 Gigabit
Ethernet from the core to the edge of the network. Lets
look at the motivators driving the adoption of 10 Gigabit
Ethernet in modern data centers.

LAN

Multi-Core Processors
Keeping pace with the processing demands of multicore and multi-threaded processors requires robust I/O
interfaces and devices. Constraining the I/O paths results
in the hour glass effect, or the metering of I/O requests
through a single, narrow interface. As in an hour glass,
I/O requests can be constrained by slow interfaces and

White Papers

Figure 1: network data flow in a previous-generation platform

The interface to the network and even the network


itself can be one of the leading contributors to limiting
processing efficiency in multi-core processor systems.
Ten years ago it was typical to find single-core, singlethreaded processors being supported by a Gigabit

Ethernet network. Today, trying to support eight to


sixteen concurrent execution streams supported by
multi-core, multi-threaded processors on yesterdays
Gigabit Ethernet is not sufficient. To achieve processing
efficiency with these advanced multi-core, multi-threaded
processors requires network interfaces and the network
itself to be exponentially greater - 10 Gigabit Ethernet.

deployed by large and small organisations to realise these


benefits. The ability to scale storage delivery performance
up to 10 gigabits per second gives these organisations a
simple and cohesive migration path for their NAS and
SAN storage systems.

Virtualised Environments

Another major trend is data centers clustering together


servers to improve performance and application
availability. It is not uncommon to hear of physical server
deployments in the hundreds consolidated in a single
data center. Applications are being rewritten to take
advantage of the parallel processing paradigm made
available through server clustering to improve not only
application performance, but also application availability.
Ethernet is becoming the de facto choice for clustering
servers in a network. Using inter-processor communication
(IPC) over an Ethernet network, applications can deliver
higher degrees of parallelisation as long as the network
throughput delivers the required performance.

In todays information technology vernacular, server


virtualisation means the ability to run more than one
operating system (OS) image on a single physical server.
Server virtualisation uses a software hypervisor running as
the kernel on a physical server to present multiple virtual
machine (VM) images to the guest OSs. In this model, the
OSs can be disparate; for example, Microsoft Windows
Server and Linux running on a VMware hypervisor on an
Intel Xeon processor-based server.
Key benefits to server virtualisation are:
Better utilisation of physical server resources
(specifically with multi-core processors)
Improved deployment of applications on virtual
servers (you dont need to order another physical
server to deploy an application)
Ability to balance physical server workloads
across many virtualised servers
However, along with these benefits come challenges. It is
easy to overtax the physical I/O resources in a virtualised
server environment. Each virtualised OS thinks it has
exclusive use of the physical resources when in reality
these resources are shared across the virtualised OSs
running concurrently on a physical server. The result is
an oversubscription of resources and, in a networking
environment, the physical network server adapter. The
problem with the demand on the network by a multi-core
processor is exacerbated in a virtualised environment.
One logical solution is to increase network bandwidth to
satisfy this increased virtualised server network demand
by deploying 10 Gigabit Ethernet at the network edge.

Ethernet-Based Storage
Ethernet-based storage offerings provide huge volumes
of connected data at attractive prices. As these storage
offerings continue to evolve and improve, organisations
can adopt strategies to consolidate their storage
infrastructure in the data center on an Ethernet network
achieving improved economies of scale and simplified
management of the infrastructure all delivered at an
affordable cost.
Today, Ethernet-based network attached storage (NAS)
and storage area network (SAN) systems are being

Server Clustering

The ability to migrate to 10 Gigabit Ethernet clustered


interconnect solutions provides customers the ability
to scale parallelised applications without the turmoil
of moving to a different network technology to realise
increased bandwidth, lower latencies, and better
performance.

Web 2.0
It has been estimated that the volume of web traffic will
experience a fifty-fold increase by the year 2015. Whats
driving this web traffic increase? Today, we have the
delivery of video, image, and audio content. Eight hours
of video content is loaded onto YouTube every minute.
In the near future, online video will transition to highdefinition (HD) video, which is seven to ten times more
bandwidth-hungry than todays video streams. Corporate
delivery of information both externally in describing
products and services and internally for training and
information delivery will be delivered through HD video
and audio streams. To handle these vast bandwidth
requirements traffic management appliances will be
required to spread out the workload to clustered servers
in a server load-balancing configuration.
To support this performance demand requires network
performance that is equal to the task. No longer will
Gigabit Ethernet be sufficient to respond to the demands
of advances in the Web 2.0 Internet. Addressing this
challenge will be 10 Gigabit Ethernet solutions that drive
through the traffic management appliances directly to
the web-facing servers handling Web 2.0s data-intensive
requests.

White Papers

Digital Imaging And Editing

The Solution

One of the fastest advances in technology has been in


the area of digital imaging. By 2010, it is estimated that
medical imaging alone will consume 30 percent of the
worlds data storage. Human interaction with digital
images will be through a global interconnected network
as productivity gains are realised by effectively using this
information form. To move hundreds of gigabytes of
digital content to computers in a timely fashion for display
and revision will require rethinking the infrastructure and
cabling requirements for computers.

Moving to a 10 Gigabit Ethernet environment has


never been easier. With solutions available from Intel
and Extreme Networks, deploying 10 Gigabit Ethernet
in both copper and fiber infrastructures in the data
center is both affordable and efficient. By using Intel 10
Gigabit Ethernet Server Adapters and Extreme Networks
10 Gigabit Ethernet switching solutions, the reality of
achieving 10 Gigabit performance at the edge of the
network is obtainable today.

Cost
When the 10 Gigabit Ethernet specification was released
in 2002, the cost of early 10 Gigabit Ethernet offerings
exceeded USD 10,000 per port. The only rational use
at this price was in the core of the network. Extreme
Networks can now deliver 10 Gigabit Ethernet at a cost
of USD 500 per port.
With this cost advantage, 10 Gigabit Ethernet will move
out of the core and access layers of the network to the
network edge. 10 Gigabit Ethernet adoption will further
accelerate the market for copper-based adapters and
switches making network infrastructure costs even more
reasonable.

Intel Ethernet
10 Gigabit Server Adapters
Intel has been the leading supplier and innovator of
Ethernet adapters for more than 25 years. Intels new
10 Gigabit Ethernet adapters are designed for multicore Intel Xeon processor-based systems, optimised for
virtualisation, and include support for unified networking
to ensure fast, power-efficient solutions for a broad range
of applications, including virtualised server environments,
blade servers, and copper-based infrastructures for
volume deployment.

CPU

CPU
CPU

CPU

MCH or I/O Hub

Ethernet Controller

PORT 1

PORT 1

LAN

Figure 2: Multiple queues, rSS, MSi-X working together in a


multi-core system.

White Papers

Optimised for multi-core processors

Optimised for Virtualisation

Intel Ethernet 10 Gigabit adapters include a number of


latency-lowering features that are optimised for multicore Intel Xeon processor-based servers:

Intel Virtualisation Technology for Connectivity (Intel


VT-c) enhances server I/O solutions by integrating
extensive hardware assists into the Ethernet controller.
This collection of technologies addresses I/O bottlenecks
by either offloading data-packet processing to the
Intel Ethernet adapter from the hypervisor or providing
direct I/O connectivity to the VMs for faster application
responsiveness and improved processor utilisation.

Extended Message-Signaled Interrupts (MSI-X)


provide multiple interrupt vectors, which allow
multiple interrupts to be handled simultaneously
and load-balanced across multiple processor
cores, helping to improve CPU utilisation and
lower latency. Previous-generation MSI passed
interrupts to a single processor core, leading to
less efficient performance.
Receive-side Scaling (RSS) improves server loadbalancing by segregating incoming packets into
flows and directing those flows to separate
hardware queues in Intel Ethernet adapters,
allowing them to be processed simultaneously.
(On Linux systems, this technology is known
as Scalable I/O.) RSS can also be used to direct
multiple TCP/IP streams to specific processor
cores for handling.

Two technologies comprise Intel VT-c: Virtual Machine


Device Queues (VDMq), which supports virtual switch
emulation, and Virtual Machine Direct Connect (VMDc),
which provides direct assignment between a network
connection and a VM.
VMDq (emulation) improves overall CPU
utilisation and throughput levels by offloading
the network I/O management burden from
the virtual switch in the hypervisor to the
Ethernet controller. Multiple queues and sorting
intelligence in the silicon support enhanced
network traffic flow in the virtual environment,
freeing processor cycles for application work.
VMDc (direct assignment) provides near-native
I/O performance by facilitating dedicated I/O
and data isolation among VMs and also enables
VM migration. VMDc uses PCI-SIG SR-IOV and
Intel Virtualisation Technology for Directed I/O
(Intel VT-d) to support this functionality.

Direct Assignment

VM 1

Emulation

VM 2

VM 4

VM 3

vSwitch

VMM
VM 1

VM 2

Port 2

Port 1

Intel Ethernet Adapter


with Intel VT -c

Figure 3: intel virtualisation technology for connectivity provides direct assignment and switch emulation modes.

White Papers

Driving storage over Ethernet

BlackDiamond 8800 series switches

The fast growth in storage capacity coupled with server


virtualisation has brought the need for the SAN to the
forefront, and technologies such as iSCSI are leading
the charge for storage over Ethernet. Limited bandwidth
and TCP processing overhead are two of the key factors
that have limited the adoption of iSCSI. However, todays
multi-core processor-based platforms have more than
enough power to handle these workloads, and 10 Gigabit
Ethernet bandwidth provides sufficient throughput.

The design of the BlackDiamond 8800 series switch


provides optimal flexibility to data center network
configurations with its modular design. Customers can
select purpose built modules or blades to tailor the
BlackDiamond 8800 port types and speeds. With its
non-blocking interconnect design and a total switching
capacity of 1.45 terabits per second and 816 gigabits
per second in the backplanes of the BlackDiamond 8810
and BlackDiamond 8806, respectively, there is plenty of
capacity to scale these switches when future network
needs increase.

Intel Ethernet 10 Gigabit server adapters include support


for iSCSI acceleration and advanced features for unified
storage connectivity. The controller enables fast and
reliable networked storage with native iSCSI initiator
support with Microsoft, Linux, and VMware OSs as well
as support for iSCSI remote boot.
The growth in 10 Gigabit Ethernet will enable greater
deployments of virtualised servers and Ethernet SANs,
providing unparalleled throughput. These performance
improvements come at a cost, however, as servers will be
forced to handle more network data than ever before.
Optimised for multi-core platforms, virtualised
environments, and storage over Ethernet, Intel 10
Gigabit Ethernet products provide the throughput and
traffic processing optimisations for the next generation
of data centers.
Intel 10 Gigabit adapters offer a broad range of OS
support, including Windows, Linux, and ESX, and its
broad Ethernet portfolio includes single-port and multiport adapters for fiber and copper networks.

Extreme Networks 10 Gigabit Ethernet


Switching Solutions
Extreme Networks is known for its leadership and
innovation in Ethernet switching. With more than 10
years of experience developing innovative products to
advance network technology, it is not surprising that
Extreme is a leader in providing 10 Gigabit Ethernet
switching solutions. With Extreme Networks awardwinning BlackDiamond 8800 series switches the
customer can tailor the chassis through purpose-built
core, aggregation, and edge modules to fit the exact
requirements of data center deployments. Extreme
Networks new Summit X650 fixed configuration switch
provides 24 non-blocking 10 Gigabit Ethernet ports.
The Summit X650 is ideal as a top-of-rack switch for
data center server connectivity. Correspondingly, the
BlackDiamond 8800 is well suited as an end-of-row
switch, aggregating edge and core connectivity in the
data center. Complementing the BlackDiamond 8800
and the Summit X650 is Extreme Networks ExtremeXOS
modular OS resulting in a highly reliable, yet simple
to configure, solution that meets the demanding
networking needs found in modern data centers.

White Papers

The latest BlackDiamond 8800s c series blade selection


offers an eight port 10 Gigabit Ethernet blade. With nine
of these blades configured in a BlackDiamond 8810, the
result is seventy-two 10 Gigabit Ethernet ports all within
a 14RU chassis. Similarly, the BlackDiamond 8806 can be
configured with up to five 10 Gigabit Ethernet blades for
a maximum of forty 10 Gigabit Ethernet ports contained
in a 10RU chassis.
Both BlackDiamond 8800 models include a passive
backplane complemented by high availability design
elements, such as isolated control and data planes,
redundant controller boards for power distribution, and
physical monitoring, to identify potential problems before
they affect network availability. To ensure continuous
operation the BlackDiamond 8800 series offers
redundant power supplies and redundant Management
Switch Modules (MSMs) with active failover.
Extreme Networks BlackDiamond 8800 series switches
deliver both Gigabit Ethernet and 10 Gigabit Ethernet
wherever it is needed - from the network edge to the
network core and the ability to aggregate high-speed
connections to eliminate bottlenecks between the edge
and the core. The BlackDiamond 8800 is an ideal end-ofrow solution for dense rack server environments in the
ever-expanding data center.

Summit x650 series switch

ExtremeXOS

The Summit X650 series switch offers remarkable


performance in a very small package. This switch is a
purpose-built top-ofrack design offering 24 non-blocking
10 Gigabit Ethernet ports in a 1RU form factor. It is ideal
for deployment in data centers where connectivity to
blade servers and Ethernet-based storage systems is
contained in a single data center rack.

Common to both the BlackDiamond 8800 and the


Summit X650 is a modular OS: ExtremeXOS. With
one OS supporting Extreme Networks entire product
switching portfolio, configuring and maintaining
the network environment has never been simpler.
ExtremeXOS extensive XML APIs and CLI scripting facility
allows network administrators to manage a complex data
center network through a single interface eliminating the
need to learn multiple management interfaces.

The Summit X650 is offered in two models: a 10GBASE-T


version to accommodate the need for copper twistedpair cable connections and an SFP+ version (10GBASE-X)
to
accommodate optical fiber connections. Both
models contain the most advanced 10 Gigabit Ethernet
technology to support exceptionally high-density
switching with very low latencies and highly scalable
routing. The result is an Ethernet switch that can meet
the critical demands of the data center.
One of the key features of the Summit X650 series switch
is its ability to stack with other Summit switches through
Extremes switch stacking technology, SummitStackTM
The Summit X650 offers flexible stacking options
supporting existing stacking configurations Summit
X250 and Summit X450 switches using a 40 Gigabit
SummitStack interconnection, a new ultra high speed
Summit Stack256 that supports the stacking of eight
Summit X650s for a massive 192-port 10 Gigabit Ethernet,
or a SummitStack512 allowing for two Summit X650s to
be stacked together for non-blocking performance across
all forty-eight 10 Gigabit Ethernet ports. These stacking
options are supported through Extremes unique Summit
X650 Versatile Interface Module (VIM) giving customers
the ability to configure the Summit X650 to meet their
specific data center needs.
The Summit X650 is the answer for migrating existing
servers and storage systems from Gigabit Ethernet
environments to 10 Gigabit Ethernet in modern,
virtualised data centers. With its versatile design, the
Summit X650 has the flexibility to accommodate massive
10 Gigabit Ethernet edge configurations along with
the ability to aggregate traffic onto a data centers core
backbone network.

Combined with ExtremeXOS ease of management is


its rich-feature set. Some of these features relevant
to the data center include seamless support for mixed
IPv4 and IPv6 network environments, security support
through access control lists (ACLs) to provide protection
to the network, and its high availability architecture
and Ethernet Automated Protection Switching (EAPS)
protocol to reduce network downtime for business
continuity of mission-critical applications.
ExtremeXOS common modular OS image spanning the
entire network switching environment affords a data
center the necessary command-and-control infrastructure
while, at the same time, removing inherent network
complexities.
Deploying Extreme Networks 10 Gigabit Ethernet
switching solutions at the data center network edge
enables servers, storage systems, and applications to
achieve greater levels of performance and productivity.
These performance and productivity improvements
can dramatically change the landscape of information
processing as we know it today - delivering vast amounts
of information to applications and users at data rates
previously not attainable. The result is new efficiencies
of scale and the corresponding realised cost savings as
productivity increases.

Conclusion
One thing is certain: The demand for information is
growing exponentially. Along with this growth is a
corresponding demand for delivering this information
to the applications and end-users that process it.
Advances in information-processing technology, such as
multi-core processors, server virtualisation, dramatically
increased capacities of storage systems, and a wealth of
new information forms, all are driving the demand on
networks to deliver more information faster and more
efficiently. To achieve these ends, Intel and Extreme
Networks are providing 10 Gigabit Ethernet solutions for
existing and new data center networking deployments,
ensuring that increased network demand can be realised
at affordable costs.

White Papers

Carrier Traffic Management


The objective of this white paper is to highlight the requirement for hierarchical rate shaping in advanced
carrier Ethernet networks. Differences between traffic shaping and traffic policing are considered along
with models for two-tier and three-tier Quality of Service. With service providers deploying a growing
number of latency sensitive services, three-tier hierarchical Quality of Service emerges as the clear
requirement.

Advanced Traffic Management for


Carrier Ethernet Networks

Supporting the Triple Play of Voice,


Video And Data

Providing the triple play of voice, video and data to


subscribers leads to increased protability, subscriber
retention and a compelling competitive advantage for
most metro service providers. Supporting the triple play
of enterprise services - voice, video, and data - enables
service providers to expand their service portfolios and
to not only attract new customers, but also to increase
the revenue from existing customers. However, the triple
play requires advanced trafc management capabilities
in the network.

Metro service providers know that service bundling leads


to subscriber retention, increased revenue, and increased
profitability. Service bundles are the best way to turn
bandwidth into money. Service bundling is possible in
all kinds of applications, like bundling cellular services
with land-line home telephone service, but it is the most
advantageous when all the services can be delivered over
the same infrastructure. Delivering differentiated services
over a single subscriber connection has long been the
vision of service providers. The emergence of Ethernet
broadband services in the metro and subscriber access
networks will finally present the opportunity to realise
that vision. However, raw bandwidth alone doesnt
enable the triple play. In order to effectively deliver
voice, video and data services over Ethernet, the network
must be service-aware and able to support the unique
requirements of each type of service being delivered.
Metro Ethernet and access network equipment must
support a set of features to provide bidirectional
bandwidth control, and service-aware QoS.

Advanced traffic management meets the application


specific requirements of each of these services by
intelligently assigning network resources per subscriber,
per application, and per traffic type. To support the
triple play and enforce service level agreements designed
around bundled services, you need advanced traffic
management capabilities in the network to ensure
that traffic from all customers is protected, delivered
optimally, and does not interfere with traffic from other
customers.
Extreme Networks carrier Ethernet service platforms
support advanced traffic management including
bidirectional bandwidth control, hierarchical rate
shaping, and service-aware Quality of Service (QoS).
With a hardware-based traffic management approach,
Extreme Networks implements these features at wirespeed without impacting the performance of the
network as traffic management is implemented on
network elements. With advanced traffic management
over Ethernet providers offer a rich set of converged
services to both commercial and residential subscribers.

White Papers

Central Office

Service Provisioning
SLA Monitoring

Alpine 3804

Subscriber Services
Summit48si

Summit48si

Figure 1: Triple Play of Subscriber Services


This flexible provisioning needs to be accompanied by SLA Monitoring. Differentiated service requirements satisfy the
need for flexible provisioning of bandwidth, bandwidth control (rate shaping and policing), differentiated QoS, and
proven end-to-end QoS.

White Papers

Meeting Service Level Agreements


from Educated Customers
Enterprise customers are growing increasingly astute
when it comes to negotiating service contracts with their
telecom service providers. Industry analysts, telecom
journals and experience are providing them with a
smart buying strategy, along with a wealth of tactics for
getting the most for each dollar they spend in telecom.
They are learning to aggregate all their spending into
one large contract to draw more (and more competitive)
bids from providers. They are demanding month-tomonth flexibility in bandwidth capacity that can be
verified with Service Level Agreements and monthly
compliance reports. To meet these growing set of
demands, providers must be able to deliver the triple play
of voice, video and data in a flexible manner. Dynamic
bandwidth provisioning enables providers to flexibly
throttle a subscribers bandwidth on demand without a
truck-roll to change the facilities or physical aspects of
the network. Extreme Networks metro services platform
was designed with advanced traffic management and
the service agility features necessary to maximise profits
from enterprise subscribers.

Advanced Traffic Management


Simply stated, advanced traffic management is the ability
to control bandwidth throughout the network. This is
accomplished by limiting or shaping traffic flows in both
directions (on egress and ingress) within the network.
Service awareness allows the network to intelligently
analyse the subscriber traffic present in the network and
to prioritise that traffic appropriately. Bandwidth control
is a crucial service to your customers; it prevents a few
users from tying up most of the resources. Without
bandwidth control, a handful of employees transferring
large files can monopolise an access link. With bandwidth
control, the network is intelligent enough to allow
latency-sensitive traffic to pass unabated, no matter
what else is going on - and deliver non-real time traffic
as soon as bandwidth becomes available. Bandwidth
control and service awareness creates an efficient, highperformance network that is capable of supporting the
diverse requirements of several service types, including
the requirements of real-time voice and video along with
priority and best-effort data traffic.

Components of Extreme Networks


Traffic Management Solution
Extreme Networks traffic management solution
addresses these concerns, and is optimised by the
following technologies:
Hierarchical rate shaping through bidirectional
bandwidth control
Service-aware QoS
High-performance hardware implementation
The bidirectional application of hierarchical rate shaping
- applying rate shaping on egress and ingress on each

White Papers

subscribers ports - lets a provider provision bandwidth


flexibly on a per subscriber basis. For instance, you can
provision 5MB pipe worth of bandwidth on a 100MB
or 1 Gigabit Ethernet interface, and then deliver multiple
services (voice, video and data) by applying service-aware
QoS techniques within that 5MB pipe. This may seem
simple to do when you consider a single subscriber
connected to a single port, but as subscribers are
aggregated together on the same port, preserving the
bandwidth allocated to each customer becomes more
difficult.
Service-aware QoS lets you protect your real-time latencysensitive applications such as voice and video. Simply
put, those services requiring low-latency, consistent (low
jitter) and low packet-loss support are prioritised ahead
of other services that do not require the same support
from the network in order to be delivered effectively.
Conceptually, the subscribers 5MB pipe is available
to all the services being delivered over it and available
bandwidth within the 5MB pipe that is not being used
by the high priority applications can be used by the best
effort traffic. However when the real-time applications
do need bandwidth from the network, they give high
priority access to it.
With most implementations of this type of service,
bandwidth is fixed per service, and bandwidth that is
not used by one of the services is lost. For example an
allocation of 1MB for voice 3MB for video conferencing
and 1MB for data, would result in a 1MB maximum for
data even when no video conferencing traffic is present
in the network. With Extreme Networks implementation,
unused bandwidth is made available to other services.
For instance, while the subscriber is not using the video
conferencing system, the 3MB allocated to it can be used
by either voice or best effort data traffic.

Traffic Management Illustrated


The following pictures show the principles of traffic
management: Figure 2 shows undifferentiated traffic
entering the metro switch. Without traffic classification,
all subscriber traffic looks the same.

In Figure 4, the switch determines whether the level of


traffic is within the allocated information rate or not. If
the traffic level falls within its committed information
rate it is colored green, if it falls within its peak rate it is
colored yellow, and if it requires bandwidth not currently
available it is colored red, meaning that it is eligible to
be dropped if the switch cannot buffer or store it until
bandwidth becomes available to transport it.
Incoming Traffic

Figure 2: Incoming Traffic


Figure 3 shows initial classification of individual
applications by application type. At this point the network
can identify and measure the traffic presented by each
service and determine whether or not the level of traffic
is within the allocated or committed information rate,
or not.

Classification by Application

Data

Incoming Traffic

Video
Voice

Traffic Policing
Discard or
Remark as
Best Effort

Peak Rate
Committed
Information
Rate

Data
Video

Data
Data

Data
Video
Video Video
Voice
Voice Voice

Medium
Priority
High
Priority

Figure 4: Policing and Remarking

Voice

Classification by Application

Figure 3: Classification by Application

This tiered ingress control prioritises traffic as it heads out


of the ingress port.
In Figure 5 the traffic heads into the switch fabric, and is
divided into low, medium and high priority.

White Papers

Figure 6 shows how you can take it a step further by


shaping the traffic to fit within its allocated capacity,
or re-marking (re-coloring) traffic to allow all service
agreements to be met. When you police traffic, you will
sometimes discard (drop) packets or re-mark traffic as
best effort for a particular leg of the network.

Incoming Traffic

With traffic shaping, the bursts of data traffic that


exceeded the peak rate are delayed or shaped to fit
within the peak rate and not dropped.

Classification by Application

Traffic Policing
Discard or
Remark as
Best Effort

Peak Rate
Data

Data
Data

Committed
Information
Rate

Video

Video
Video Video

Voice

Sent to Switch Fabric

Discard or
Remark as
Best Effort

Data
Data

Committed
Information
Rate

Medium Priority

Data
Video
Video Video

High Priority

Voice
Voice Voice

Traffic Policing
Peak Rate

Medium Priority

Data

High Priority

Excess
Traffic
Discarded

Peak Rate
Data
Data

Committed
Information
Rate

Medium Priority

Data
Video
Video
Video
Low Priority

Voice
Voice Voice

High Priority

Voice
HighVoice
Priority
Voice

Sent to Switch Fabric

Traffic Shaping

Excess
Traffic
Discarded

Peak Rate
Data
Data

Committed
Information
Rate

Medium Priority

Data
Video
Video
Video
Low Priority

High Priority

Voice
HighVoice
Priority
Voice
Figure 5: Traffic Sent to Switch Fabric

Bursty Traffic
is Shaped to
Meet PR

Peak Rate
Committed
Information
Rate

Data
Data

Video Video
Video
Voice
Voice Voice
Figure 6: Traffic Shaping

These priorities are mapped to the 802.1p (CoS) tag in


the vMAN header. (For more information on vMAN, see
the Building Scalable Metro Networks white paper.)

White Papers

Medium Priority

Data
High Priority

Hierarchical Rate Shaping:


Bidirectional Bandwidth Control
The rate shaping capabilities of trafc management
ensure link-speed (Gigabit Ethernet or 10 Gigabit
Ethernet) throughput on any port with oversubscription.
This allows exible (facility-free) provisioning of
bandwidth on a per-subscriber basis.

2 Tiered versus 3 Tiered QoS


Figure 7 illustrates both 2-tiered and 3-tiered QoS. The
three tiers of QoS allocation are as follows:

Extreme Networks metro service offering supports


both ingress and egress rate shaping. With bidirectional
rate shaping, you can reserve or limit bandwidth per
application or per subscriber. There are three colors
associated with rate shaping:

1st Level: Per Servicethis is often the customers


internal VLAN
2nd Level: Per Customercustomer traffic can
be isolated with a vMAN tag, thus eliminating
the 4,096 VLAN limit across the MAN (this is also
known as QinQ)
3rd Level: Per Physical Portthis allows a
customer to be mapped to one or more egress
ports

Green: Committed Information Rate (CIR) for


guaranteed traffic
Yellow: Peak Rate (PR) for Burst Services
Red: This is the marking for non-conforming
excess traffic

Bandwidth can also be allocated dynamically. This enables


the customer to use all of the available bandwidth and
to fill the available bandwidth according to the service
priorities (based on user and application prioritisation) of
their traffic.

Bidirectional rate shaping provides granular and accurate


shaping for increments as small as 1 kilobit per second
(ingress) or 2 kilobits per seconds (egress).

Each customer is assigned a CIR (for minimum bandwidth


available) and a PR (for maximum bandwidth available)
setting. After the priority CIR is met, available resources
within the customers total bandwidth are allocated to
the other service types in a weighted fashion.

Rate shaping also allows you to gather statistics for CIR,


PR, and dropped bytes.

Extreme Networks service-aware QoS implementation


consists of bandwidth allocation per user or application,
as well as classification, marking, and scheduling.

Just as unused bandwidth allocated to one service can


be made available to the others, similarly, an unused
amount of bandwidth from one customer can be
temporarily allocated (on a weighted fairness basis) to
another customer. When needed, bandwidth that has
been reapportioned in this way can be quickly reallocated
to its original use.

Classification, Marking, Scheduling

Wire-Speed Performance

Individual links can be provisioned to recognise individual


users (from source IP address) or applications (from TCP
port number) and to assign bandwidth to these entities
individually.

Most traffic management services are provided in


software or in Field Programmable Gate Arrays (FPGAs).
Extreme Networks traffic management is provided in
hardware, and maintains wire-speed at every network
node.

Service-Aware Quality of Service

Traffic classification allows you to differentiate between


QoS-aware (or QoS-sensitive) and QoS-unaware
applications.
Traffic can be marked at Layer 2 or Layer 3. At Layer 2, it
can be marked though 802.1p (Ethernet QoS); at Layer
3, it is marked through IP QoS. After classifying traffic,
you can mark and re-mark packets at any point from
end-to-end.
You can also schedule traffic to any of eight hardwarebased queues per port. This allows multiple tiering of
QoS, as the following section shows.

Extreme Networks ASIC architecture delivers wirespeed switching. Any end-to-end latency will only be
based on propagation delay across the wire; latency is
not increased based on the traffic load on the switch,
congestion within the network or due to error conditions
causing traffic to be routed around a failed component
or link. This wire-speed implementation includes both
the network processing and the control plane. There is
no impact on performance when rate shaping and QoS
features are activated.

White Papers

1st Level
Per Service

1st Level
Per Service

2nd Level
Per Customer

2nd Level
Per Customer

(VLAN)
(VLAN)

(VMAN)

3rd Level
Per Physical Port

(VMAN)

Customer A

Customer A

Customer B
Customer Z

Figure 7: Two-tiered and Three-tiered

Both unicast and multicast traffic can be forwarded


simultaneously at wire-speed. Adding multicast to a
traffic flow will not affect unicast forwarding. Even as
new multicast users (receivers) are added, forwarding
is never degraded. Every port in the network can
potentially be a multicast transmitter or receiver. There
is no performance drop for video applications supporting
video conferencing, or video streaming and distribution.

Conclusion
Extreme Networks advanced traffic management
supports differentiated service requirements in a wirespeed implementation. Rate shaping is bidirectional and
QoS can be tiered by service, customer, or port. Extreme
Networks traffic management solution supports the
triple play of voice, video and data, and also supports a
scalable multicast delivery that is best in class.

White Papers

For More Information


Extreme Networks is helping service providers offer highperformance Ethernet-based metro services and has
developed a broad portfolio of products and services
that support our vision of Ethernet Everywhere in the
metro. Extreme Networks darrier Ethernet service has
the advanced traffic management feature that supports
the triple play of voice, video and data on a converged
metro Ethernet infrastructure.

CLEAR-Flow
One of the fundamental limitations with most traffic monitoring and management methods in use
today is that they are not built into the network itself. CLEAR-Flow represents a new paradigm for
network traffic management. For the first time, CLEAR-Flow brings together network monitoring,
analysis, and response in a single process inside the Ethernet switching fabric. This creates a powerful
toolbox for solving diverse network challenges that were previously difficult or impossible to solve, such
as threat detection in high-speed networks.
In this white paper we present an overview of the CLEAR-Flow technology, including the key benefits. Additionally,
this paper provides an example of a security application that demonstrates CLEAR-Flows value.

CLEAR-Flow
Computer Economics estimated that for 2003, the
worldwide economic damage from the Blaster worm
was $400 million, the Sobig virus$1.10 billion and
the Slammer worm$1.25 billion. According to the
Cooperative Association for Internet Data Analysis
(CAIDA) The Sapphire/Slammer worm holds the record
of spreading the fastest. Doubling in size every 8.5
seconds. The Sapphire/Slammer worm scanned over
55 million IP addresses per second and infected 90
percent of vulnerable Internet hosts worldwide within
10 minutes. Worms and viruses will continue to become
more destructive using faster algorithms while carrying
more malicious payloads and Trojan horses.
Corporate IT professionals are struggling to understand
the types of applications, security threats, and trafc
trends affecting the network as enterprise networks
have experienced increased trafc, size, and importance
to business. Security threats, amplied by the increasing
application and trafc mix, are appearing at an
unprecedented rate and spreading worldwide within
hours or even minutes - with the nancial impact of
these attacks reaching billions of dollars.
Combating these security threats requires examination
of every packet traversing the enterprise - an approach
that clearly does not scale to todays high speed,
10 gigabit networks. To better solve this problem,
Extreme Networks has developed a trafc management
technology - Continuous Learning, Examination, Action,

and Reporting of Flows (CLEAR-Flow). CLEAR-Flow brings


new technology to bear on the problem of network
monitoring by bringing new awareness to network
switching hardware. This tech-nology makes it possible
to proactively identify anomalies in user, host, and
application behavior. CLEAR-Flow technology is ideally
suited for a number of trafc management challenges,
including:
Network security - Intrusion detection, worm
and virus containment, and Denial of Service
(DoS) suppression
Network management - Capacity planning,
trending analysis, application classication, and
Quality of Service (QoS) enforcement
Network billing - Accounting and Service Level
Agreement (SLA) enforcement
Early detection of threats such as viruses, worms and DoS
attacks is one of the most important challenges facing
corporate networks today. Successfully nding network
threats requires searching through all network trafc
looking for unusual packets. To date, network early
warning systems such as Intrusion Detection Systems
(IDS) have been unable to scale to meet the bandwidth
and latency challenges of monitoring trafc in enterprise
networks.

White Papers

CLEAR-Flow Basics

ANALYZE
MONITOR

Immediate Response

CLEAR-Flow represents a new paradigm for network


trafc management. For the rst time, CLEAR-Flow brings
together network monitoring, analysis, and response in
a single process inside the Ethernet switching fabric. This
creates a powerful toolbox for solving diverse network
challenges that were previously difcult or impossible to
solve, such as threat detection in high-speed networks.
One of the fundamental limitations with most trafc
monitoring and management methods in use today is
that they are not built into the network itself. Typically,
these strategies use some sort of software on the switch
to send trafc, summaries of trafc, or samples of trafc
to a remote collection device. Regardless of the exact
strategy used, the trafc sent to the monitoring station
does not represent interesting or unusual trafc, but
instead is an exact copy or summary of all the trafc on
the network.
The problem with this strategy is that it simply does not
scale. It is clearly impossible for the switch to forward a
copy of each and every packet to an off-switch analyser,
and it is also impossible for any real-world analyser
to keep up with the ow. There are simply too many
individual packets and ows for the embedded switch
software to keep up.
The CLEAR-Flow approach is fundamentally different.
CLEAR-Flow is a way for Ethernet switches to examine

White Papers

RESPOND

and forward data. Instead of simply looking at the source


and destination of the trafc and forwarding it along the
appropriate Layer 2 or Layer 3 path, CLEAR-Flow goes a
step further by allowing network administrators to specify
certain types of trafc that deserve more attention. Once
certain criteria for this trafc are met, the switch can
then either take an immediate, pre-determined action,
or send a copy of the trafc for off-switch analysis. This
analysis can, in turn, result in the appropriate response
to the particular trafc. For example, blocking a DoS
attack or rate-limiting a user in violation of his service
level agreement.
Using these three steps - monitor, analyse, and respond
- CLEAR-Flow provides a complete solution for detecting
network events and trends, analysing their signicance
to the network, and taking the appropriate response. A
closer look at how CLEAR-Flow works, and how it can be
used in some real-world scenarios, follows.

CLEAR-Flow processes all trafc


through the following series of steps:
Monitor
CLEAR-Flow uses hardware capabilities in the switch to
scan and lter each packet as they pass through. CLEAR-

Flow ignores any packets that are not of interest, and


focuses only on the ones that meet the monitoring
criteria set by the administrator. When it nds packets
of interest, CLEAR-Flow uses another hardware feature
- event counters - to track the occurrence. If immediate
response is warranted, the hardware triggers the
software to immediately change the way the trafc is
handled by the switch.

Step 2 - Count

Step 1 - Filter

Constant monitoring of counter values can be implemented with triggers congured to re as counters
exceed pre-determined limits. These limits can be
based on counters incrementing too fast, reaching an
absolute value, or even based on a ratio between two
different trafc counters. Once a threshold is exceeded,
administrators have the ability to trigger a predetermined
action, or send the trafc for analysis.

Integrated into the Access Control mechanisms of the


switch, special CLEAR-Flow classiers look for match
conditions as trafc traverses the switch at line rate. If
the switch nds the specied trafc, it can immediately
react to it, or increment a counter. On the BlackDiamond
10808 switch, CLEAR-Flow can look for up to 112,000
unique trafc types.

Trafc that matches a CLEAR-Flow classier is counted


in hardware. The BlackDiamond 10808 supports up to
112,000 hardware counters that can simultaneously
track individual events.

Step 3 - Threshold

ANALYZE

Mirror
Send via s-FLO W
Remote Mirr or
MONITOR

Find
Count
Threshold

RESPOND

Immediate Response

Block Traffic
Run Script
Slow Traffic
Report

CLEAR-Flow Process

White Papers

Analyse

Option 2 - Run a Script or CLI Command

Many times the exact nature of a trafc ow is uncertain.


In these cases, CLEAR-Flow can send the suspicious
trafc to an external device for further analysis. Once the
external device has determined the nature of the trafc,
better decisions can be made about how to handle the
trafc. There are a few different ways that CLEAR-Flow
can do this, and specic techniques are more applicable
to certain types of network events.

Execute a set of CLI commands on the switch. Both


approaches allow administrators to run a complex set of
commands in response to the trafc.

Method 1 - Mirror
Copies of the trafc of interest are sent to a mirror port,
where a trafc analyser or intrusion detection system
can have complete visibility into the nature of the trafc.
Mirrors allow a complete picture of exactly what is
happening, and allow for very deep packet inspection.

Method 2 - Tunnel to Remote Mirror


This technique is similar to the mirror, except that packets
are encapsulated with an additional IP packet header and
tunneled off to a remote system for further analysis. For
example, this method can be used to send the trafc to
a mirror port on a different switch. This allows network
analysis equipment to be leveraged over a much larger
network infrastructure, as well as enable better remote
debugging.

Method 3 - sFlow
sFlow is a sampling technology that meets the key
requirements for a network traffic monitoring solution.
Instead of copying the entire trafc ow, using sFlow
results in a statistical sampling of the packets being
forwarded to a network monitor using the sFlow protocol
is a much more scalable process because a much smaller
amount of data is sent to the collector. Using sFlow to
report anomalous behavior is most appropriate when it is
anticipated that there will be a very high amount of data
- for example when monitoring for a DoS attack.

Respond
Any time a classier sees a serious threat, a threshold
is hit, or an external device draws some conclusion
about a trafc ow, CLEAR-Flow allows switches to take
action. This allows network administrators to respond
appropriately to network events. These actions can
include:

Option 1 - Block the Trafc


Install an access control list (ACL) entry to completely
stop the trafc.

White Papers

Option 3 - Rate Limit


Install an ACL that slows down the trafc.

Option 4 - Report
Send a report to a network management console via an
SNMP trap or SYSLOG message.

CLEAR-Flow Applications for Security


Detecting and reacting to network viruses, worms, and
DoS attacks is one of the most difcult problems facing
corporate networks today. These attacks are also among
the most damaging incidents corporations can face
costing lost productivity or even e-commerce system
downtime. CLEAR-Flow can help with both of these
problems, adding valuable tools to the network security
arsenal.

Example - Virus and Worm Infection


One of the most pressing requirements for network
managers today is the need to identify and quarantine
new virus and worm outbreaks as quickly as possible.
CLEAR-Flow can provide the critical measurement
capability to dramatically shorten the time required to
detect and respond to virus events.
In order to accomplish this, CLEAR-Flow lters are
congured for each host system on the network to track
TCP SYN packets being emitted by each system. This
allows CLEAR-Flow to track the number of SYNs being
sent by each and every system.
These SYN packets indicate that a system is trying to
establish a new TCP connection with a remote system.
SYN packets are a normal part of network trafc.
However, viruses and worms typically attempt to spread
quickly, by opening as many connections to nearby hosts
as possible. When this happens, there is a much higher
than normal amount of SYN trafc on the network (see
Figure 3).

First we count the SYN packets received by the port:


entry detect-syn{
if{
TCP-ags SYN;
}then{
count detect-syn
}
}
For higher granularity, an individual IP address could also
be tracked by adding the source address eld:
entry detect-syn-200{
if{
source-address 10.10.10.200;
TCP-ags SYN;
}then{
count detect-syn-200
}
}
Now we create a threshold and specic the action.
In this example, we are overriding the global interval and
specifying a 5 second interval for the threshold. If the rate
of SYNs received is over 1000 for 5 seconds, we will start
the mirror.
entry eval rate{
if{
(rate (detect-syn, 5) > 1000 )
then{
sendsnmp 7 "Too many SYNs detected,
starting mirror";
mirror add detect-syn;
}

White Papers

If any single desktop system starts to initiate more than a few dozen connections a second, or if a server begins to
initiate more than one or two thousand connections a second, then it is highly likely the system is infected with a virus
that is attempting to spread itself (see Figure 4). Network administrators may want to immediately block the system
from the network, or automatically send this trafc for analysis by the intrusion detection system.

Infected PC

3
Intrusion Detection
System

ALERT!
ALERT!

1 Compromised system flo ods new connections


2 Per-port SYN threshold is hit, switch starts
mirroring traffic

3 Intrusion Detection Syste m takes action, blocking


source IP address and s ending trap to network
management

Figure 4: Detecting Virus Attacks


White Papers

Example - Denial of Service Detection


DoS attacks are a large problem for many companies, especially ones with a significant web presence. These attacks
take down web sites, e-commerce portals, and other corporate resources. Quickly determining that an attack is
happening, and identifying the sources of the attack, dramatically reduces its impact.
CLEAR-Flow provides an easy way to detect and respond to DoS attacks. The idea behind these attacks is to overwhelm
the server with meaningless messages that tie them up doing busy work, thereby keeping the server from servicing
legitimate requests. DoS attacks generally take the form of ICMP ping floods, or TCP SYN floods.
Servers can be protected by adding a CLEAR-Flow classifier for each type of traffic that should be monitored.
If excessive amounts of these types of traffic appear on the switch, CLEAR-Flow will detect the attack, and engage
the mirror port or other analysis method. All intrusion detection systems, as well as InMons sFlow data collector, are
capable of detecting the source of these attacks immediately. Once the sources are detected, network operators can
block the offenders. This is typically done at the upstream service provider, since these attacks can often consume the
bandwidth of the entire connection to the Internet (see Figure 5).

In this example, we monitor traffic headed toward


the server farm. One of the types of traffic we will
monitor is ICMP traffic.
entry icmpcnt{
if{
destination-address 10.203.134.0/24;
protocol icmp;
}then{
count icmpcnt;
}
}
If more than 100 ICMP packets are detected per
second, block the traffic.
entry eval rate{
if{
(rate(icmpcnt) > 100)
then{
sendsnmp 7 "Too Many ICMP packets"'
deny icmpcnt;
}

Figure 5: Denial of Service Detection CLI Sample

White Papers

Example - Maintaining an Audit Trail


For security conscious environments, it is often desirable to maintain an audit trail for all console traffic traversing the
network. Console sessions are often used as a point of attack by hackers, and having an audit log can often be the
only way to trace a break-in and prosecute the culprit.
Existing techniques often maintain a log on each server. But hackers have learned to delete such files and to disable
these logs in order to hide their tracks after breaching the security of a new system.
Using CLEAR-Flow, simple filters can be enabled to copy all telnet and SNMP management traffic to a mirror port
where it can be analysed and archived as appropriate (see Figure 6).
The hacker wont have any way to know that the network itself is tracing his or her movements, thus making it
possible to track the break-ins of even the most sophisticated attackers.

Find telnet packets going toward the servers.


entry capture-telnet{
if{
destination-address 10.203.134.0/24;
protocol TCP;
destination-ort 23;
}then{
}
}
As soon as we see one,start mirroring them.

entry eval threshold{


if{
(threshold(capture-telnet)>1)
then{
mirror add capture-telnet;
}
}

Figure 6: Maintaining an Audit Trail CLI Sample


Summary
By taking an integrated approach to traffic management, CLEAR-Flow is able to deliver scalable solutions to difficult
network problems, while scaling to meet the traffic demands of todays fastest networks. The monitor, analyse, react
methodology of CLEAR-Flow creates a very extensible model, which allows users to bring technology to bear on the
unique problems of their networks.
CLEAR-Flow has many applications beyond the ones described here, and the number of applications will continue to
grow as Extreme Networks continues to add on to CLEAR-Flow functionality.

White Papers

A Two-Tier Architecture for Converged Networks


This paper discusses the key requirements that IT
organisations should consider when building a
network. In brief, the network should provide
high
availability,
voice-quality
network
connections, comprehensive security and ease of
management and operations. We will introduce
the concept of the two-tier architecture as a way
to effectively achieve these four stated
requirements and the benefits of migrating from
a three-tier network architecture to a more
streamlined two-tier architecture. Individual
network components become the building blocks
in delivering a streamlined and effective network
capable of meeting the demands of current and
future business convergence initiatives.

A Two-Tier Architecture for


Converged Networks
Ethernet and IP are the basic ingredients of the modern
enterprise network. The ubiquity of these protocols has
simplied the choice of networking products and design.
While the days of protocol wars are long gone, the IT
organisation should not be fooled into a false sense of
security by the standardisation of the IP/Ethernet network.
While it is true that the advent of a single, standardised
protocol increases simplicity, the network must assume
a larger role in supporting emerging applications. The
rapid pace of technology innovation is forcing businesses
to evaluate the opportunities that applications like IP
Telephony offer. At the same time, the business must
be more effective in detecting and responding to the
security threats of a highly inter-networked world.
IP Telephony is reaching critical mass within large
enterprises causing many IT organisations to reevaluate
their assumptions about network design and availability.
Voice over Wi-Fi has emerged as an application that
could drive widespread wireless adoption within
the enterprise - forever shifting traditional
network
boundaries.
Advancements
in Power over Ethernet (PoE) have
given birth to new applications like
network-based security surveillance
and promise to reduce the cost
of provisioning IP telephones and
wireless Access Points (APs). However,
each of these new initiatives comes
with its own intrinsic complexity that
given the multipurpose nature of the
networkmust be closely managed.
A pressing item on every IT organisations
agenda is how to cope and respond to
internal and external security threats. It
is no longer sufcient for the network
to simply resist these threats; rather, the
network must play an active role in the
identication, quarantine and resolution
of threats as they occur.

The modern network not only provides connectivity


between users and resources, but also the services
required to guarantee the integrity, responsiveness and
quality of this connection. To respond to this added
complexity, enterprises are forced to reevaluate stafng
plans and training programsat the same time while
being pressured to decrease overall stafng levels!
Just as application demands, security threats and stafng
requirements have evolved, so too must the network.
This paper discusses the key requirements that IT
organisations should consider when building a network.
In brief, the network should provide high availability,
voice-quality network connections, comprehensive
security and ease of management and operations (see
Figure 1). We will deconstruct the historical view of how
to architect a network and ability to dynamically stop/
restart and load/ unload software modules without
impact to network and introduce the concept of the twotier architecture as a way to effectively achieve these four
stated requirements. Individual network components
become the building blocks in delivering a streamlined
and effective network capable of meeting the demands
of current and future business convergence initiatives.

> High Availability


> Comprehensive Security
> Voice-Quality Connections
> Ease of Management

Figure 1. Requirements for Convergence

White Papers

A Historical View of
Network Architecture

Simplifying the Network


Through a Two-Tier Architecture

The arrival of the Internet forced network architects to


reevaluate the way in which they designed networks.
Trafc patterns were turned upside-down as the
business became increasingly dependent on the Internet
to deal with suppliers, partners and customers. Scalability
became the buzzword of the day. Vendors delivered
products capable of gigabit and subsequently 10 Gigabit
Ethernet speeds. These capacity advancements allowed
enterprises to alleviate bottlenecks and create a network
for the Internet age.

The concept of the two-tier network architecture is derived


from the IT organisations inherent desire to simplify its
infrastructure. The end goal is to build a network for
convergenceone that has the extensibility to support
a variety of new applications in a highly available and
secure fashion. While the two-tier architecture represents
a simplication of previous designs, it does not represent
a compromise in terms of quality, availability, security
or management. As the name indicates, the two-tier
architecture is a collapsing of layers into intelligent core
and unied access (see Figure 2).

However, enterprise demands have not kept pace


with these capacity offerings. Rather, other criteria
have surfaced as being more important than pure
speeds and feeds. Many vendors have succeeded in
supplying customers with sufcient capacity, yet few
have met demands needed to support a converged
communications infrastructure. The age of voice, video
and data convergence has superseded the Internet
age. IT organisations now require a network capable
of supporting a plethora of emerging convergence
applications. The network must deliver a consistently
high quality of connectivity and be secure and
simple to manage. This new paradigm of converged
communications requires a fresh approach to network
architecture, and simplicity is key. Incumbent network
design principles are complex and are proving a
hindrance as enterprises seek the benets of a converged
infrastructure.
Several leading vendors have long advocated the
segmentation of the network into three-tierscore,
distribution and access. The stated purpose of the threetier design was scalability. Trafc was groomed as it
passed from access to distribution to core so as to limit
network contention. It was believed that a three-tier
network improved network availability by segmenting
operational domains. Routing and policy enforcement
were often available only as a function of the core,
while high-speed switching and aggregation capacity
were relegated to the distribution layer. The access layer
lacked intelligence and was limited in its ability to deliver
non-blocking throughput for end-user trafc. Thus,
rather than serving a functional purpose, the threetier architecture was born from a need to hide product
deciencies.
Still, many vendors preferred the three-tier architecture
as it encouraged users to purchase substantially more
network devices. By building products capable of linerate routing and switching with full service enablement,
vendors could allow enterprises to collapse the network
from three layers to two. This presents certain vendors
with a business dilemma since by collapsing the network
into two-tiers, enterprises require fewer products and
have the ability to lower their overall expenditure on
network equipment.

White Papers

UniedAccess
The edge of the enterprise network has evolved
substantially over the past ve years. Historically, users
accessed the network through hubsa shared medium
incapable of dedicating bandwidth or offering any
additional services. Today, not only can the edge scale to
meet the bandwidth needs of any user, it can offer both
wired and wireless access alternatives.

UniversalPort
The universal port takes away the guess work from
matching Ethernet ports with the function of the
endpoint. The combination of Gigabit Ethernet and PoE
into a high-density form factor results in a universal port
an ideal connection point for any mix of IP telephones,
wireless APs or PCs. The universal port responds to
the proliferation of networked devices by offering IT
organisations growth without compromise. The switch
delivers the power required by each individual port
without the need for tedious upgrades to power supplies
or compromises on how devices can be connected and
powered. At the root of the two-tier architecture is the
ability to collapse the access and distribution layers.
This is achieved by eliminating the need to groom
trafc as it passes from access to core. Performance
without compromise in the access layer is essential to
providing the scalabilityrequiredtocollapselayersand
ExtremeNetworks has designed its access products to
provide line-rate switching across all ports at all speeds
no compromises.
A key feature of the universal port is Extreme
Networks AccessAdapt technology. This innovative
feature is embedded into access layer switches and is
capable of determining the function of the connected
device. Armed with this information, the switch
can automatically and appropriately congure the
connecting device and enact certain policies as dictated
by the administrator. For example, using AccessAdapt,
the switch could automatically assign a specic virtual
LAN (VLAN) and Quality of Service (QoS) parameters
to trafc originating from an IP telephone or a wireless
AP connected to the universal port. In doing this, the
switch eliminates the need for a network administrator
to manually intervene to assign specic VLAN tags or

QoS rules. The connected device takes its personality


directly from the port. An IT administrator can
relocate a wireless AP from one part of the building
to
anotherwithout
worryingaboutreconguration.
AccessAdaptautomatically recognises the AP and delivers
the appropriate conguration information.
AccessAdapt simplies moves, additions and changes
and can alleviate much of the complexity in administering
usage policies across wired and wireless, and voice and
data networks.

Voice-Class Availability
A network is only as available as its weakest link and
high availability is critical in the new exible access
layer. Converged communications has raised the bar in
terms of the level of uptime and IT organisations expect
their network to provide the same level of availability
as traditional PBX and voice standards. Historically,
the access layer has taken a best effort approach to
availability. Today, IT organisations must insist that new
access layer products deliver a level of availability on par (if
not better) than traditional telephony products. Extreme

Networks has delivered a product portfolio with a high


level of design redundancy at the component, system,
and Operating System (OS) levels. All components are
provisioned with n+1 redundancy including management
modules and switch fabrics. Furthermore, Extreme
Networks has innovated in the area of resiliency protocols
to offer Ethernet Automatic Protection Switching (EAPS)
RFC 3619 for sub 50 millisecond network layer failover for
consistent and predictable recovery behavior regardless
of where link failures occur. Finally, the ExtremeXOSTM
modular OS provides users with the exibility to conduct
upgrades (or planned downtime) in real-time without the
need to power down or reboot. The need for voice-class
availability spans the breadth of the network and the
access and core layer features become interdependent to
provide the utmost in resiliency.

Access Security
IT organisations are faced with an onslaught of
new security threats including unauthorised users,
unauthorised access to resources, infected laptops,
and Day-Zero threats. Extreme Networks has pioneered
intelligent network access security service to help ensure

White Papers

Carrier-Class Availability

only authorised and compliant users and devices gain


network access. Extreme Networks is able to authenticate
a user or device and enforce predetermined policies
based on the authenticity of the entity. The network
then works with industry partners from the Trusted
Computing Group, to perform an integrity check and
determine the security health of the authenticated
device by verifying that this device carries no infection
and poses no threat to the rest of the network. Only
authorised users with healthy devices are allowed on
the corporate network while authorised users with
unhealthy devices are quarantined and cured (see
Figure 3). Additionally, access layer switches have been
hardened to mitigate some of the risk of attack and to
withstand harmful behavior directed at the switch itself.
Security features across the core and access layers must
mesh to guarantee the highest level of network integrity.
Extreme Networks security framework is designed with
exibility in mind and control can be handled at the
access or core layers depending on the IT organisations
requirements and preferences.

Intelligent Core
In the two-tier architecture, the core is the aggregation
point and the anchor of the network. The core must
provide enough horsepower to switch and route packets
with ease while also enforcing policies and delivering
intelligent services.
Network Determinism
As the work horse of the network, the core must
be capable of delivering consistency and quality of
connection. Latency and throughput must remain
constant irrespective of application type. Applications
and different device types introduce variability into the
network. By acting in a deterministic fashion, the core
preempts this variability and provides a higher QoS for all
applications. Extreme Networks achieves this functionality
through signicant provisioning of hardware and software
buffers, large routing tables and a mesh architecture that
increases scalability and redundancy without increasing
complexity or cost. Furthermore, the dual homing of
uplinks into the core combined with the ability of links to
operate in standby mode allows for greater exibility in
the way in which the network core aggregates trafc of
varying types (e.g. data center, end-user).

White Papers

The mission critical status of the network has risen


dramatically over the years as more and more business
functions become inextricably tied to network availability.
Extreme Networks extends its focus on delivering a
network capable of exceeding the availability requirements
of voice and other mission-critical applications from the
access layer into the core. At rst glance it is easy to view
carrier-class availability as a measure of uptime - typically
relying on the well known ve 9s scale (e.g. 99.999%
uptime). However, such numbers are often difcult to
measure and validate. It is generally unclear whether
these numbers refer to individual switch performance,
network system performance or application performance.
Operations teams frequently lack a solid understanding
of how to measure such performance. A preferable
approach to quantifying network availability is to focus
on the time it takes for the network and applications to
return to full operational capability.
Within the context of an overall high availability strategy,
network architects must consider all facets of switch/
router performance from the component to the system
level. The collapsing of network layers simplies the
network and thus promotes high availability. Extreme
Networks has demonstrated its understanding of high
availability requirements by offering the EAPS protocol.
In addition to sub 50 millisecond failover, EAPS offers
quick recovery at Layer 2 - obviating the need for any
re-convergence of routing protocols at Layer 3 - and
provides scalable network segmentation and fault
isolation. By collapsing network tiers into core and
access, Extreme Networks is able to more effectively
ensure that high availability is a service delivered across
all layers of the network. While some environments favor
complete device level redundancy (e.g. data centers), IT
organisations can simplify the remainder of the network
- favoring lower costs, while maintaining a high level of
uptime.
Core Security
Security becomes an important issue in the core due
to the possibility of malicious trafc affecting the
aggregate. The network core and access layers must
work cohesively to ensure the broadest level of defense
against malicious activity. Layer 3 Virtual Switching is a
unique offering from Extreme Networks that leverages
existing rewalls to isolate trafc ows at Layer 3 based
on predetermined policies - a feature that mirrors the
capabilities of the intelligent network access in the
access layer. IT organisations can establish various access
policies based on employee function, line of business or
any other predetermined grouping. In addition to the
Layer 3 Virtual Switching capability, Extreme Networks
also offers CLEAR-Flow - the ability to inspect trafc and
gather information which can then be passed to third
party security appliances for further action. CLEARFlow builds on the access layers ability to regulate
trafc ows using granular ACLs, but also allows the

network to respond to Day-Zero attacks by quarantining


suspect trafc. CLEAR-Flow relies on external appliances
for additional levels of security (e.g. IDS/IPS), freeing
the network core to perform its primary function delivering scalable bandwidth and advanced services to
the entire enterprise network. Thus, instead of trying to
integrate security directly into the chassis through bolt
on modules, Extreme Networks leverages CLEAR-Flow
to integrate cutting edge functionality from leading
security technology vendors.

Modular Operating System


The network OS has evolved to be one of the most complex
parts of the entire network. As certain vendors product
offerings have evolved over time, the OS has taken on a
life of its own - often time splitting into various strains
and code bases. Extreme Networks has again taken an
innovative approach to ensure the simplicity of its system.
The key characteristic of the ExtremeXOS is its modularity.
Prior to modularity, network operators were forced to
reboot the entire OS to recover from process failures. A
reboot was also required to add patches or new features
to the system. With the advent of modularity, the system
supports hitless software upgrades and maintains dual
images to allow network technicians to fail back to
the former versions of code. Furthermore, the software
can isolate specic areas or faults to allow for additional
maintenance without impacting the operation of other
software modules. ExtremeXOS spans core and access
layers decreasing the need for the administrator to learn
and support multiple versions.

Why Now? What Has Changed?


Organisations resist change. As a result, there has to be a
good reason for enterprises to veer from the incumbent
position. Up to this point we have discussed the reasons
enterprises architected a three-tier network. We have
also outlined the components that make up the two-tier
architecture. However, we have yet to discuss what has
changed in the industry to make this shift possible. The
combination of advancements in the following areas has
paved the way for overall network simplication.

Gigabit and 10 Gigabit Ethernet


The initial standard for Gigabit Ethernet revolutionised
the enterprise networking market. It gave birth to a
plethora of new equipment manufacturers eager to
offer customers greater network scalability at a lower
cost. Since the ratication of the 10 Gigabit Ethernet
standard, adoption has remained limited. The majority of
enterprises have yet to invest substantially in 10 Gigabit
Ethernet - largely due to a lack of immediate need.
However, as vendors continue to increase economies
of scale, price points are dropping to a point where it
becomes cost-effective for average enterprises to deploy
the technology. By deploying 10 Gigabit Ethernet links
between the network access and core, IT organisations

can scale the access layer without worry of contention.


These 10 Gigabit Ethernet links allow enterprises to
remove the distribution layer as both core and access
switches have enough capacity to aggregate trafc.

Wire-Speed Access Layer


Incumbent vendors have had limited success in developing
access layer switches capable of switching at wire-speed
with a high-density of Gigabit Ethernet ports. This lack of
horsepower was a key reason many vendors advocated a
three-tier architecture. Extreme Networks delivers access
layer switches that are non-oversubscribed - passing
packets at wire-speed on all ports.
This level of performance allows network architects to
shift their focus from limiting network contention to
the support of more advanced IP applications such as
converged communications. With high-performance
access switches the need to groom trafc across multiple
layers is no longer necessary.

High-Density PoE
Still relatively young feature in the networking portfolio,
PoE has the promise of substantially decreasing the
cost required to deploy a converged infrastructure. IT
organisations have the exibility to power any mix of
IP telephones, wireless APs and IP video or surveillance
end points. Previously, IT organisations were forced
to buy specic switches or mid-span products capable
of injecting power onto the wire. With the Extreme
Networks universal port concept, this additional step is
eliminated and the enterprise is left with an infrastructure
that provides the greatest degree of exibility and
investment protection.

Active Network Security


Once considered part of the problem, the network has
emerged as the key enterprise tool in detecting and
responding to security threats. The integration of security
functionality into the three-tier architecture has been
complex and costly to manage. Security policies must be
implemented and maintained across three layers and a
multitude of devicespotentially increasing the risk of
security holes through oversight and poor processes. By
simplifying the network into two-tiers, the number of
security zones can be decreased to a more manageable
number. IT organisations can leverage technologies like
Intelligent Network Access and host integrity services to
ensure a secure access layer. Extreme Networks offers
Layer 3 Virtual Switching and CLEAR-Flow as security
tools to help guarantee the integrity of critical data
within the network core. Both access and core security
can be unied through the Extreme Networks EPICenter
management framework to provide IT organisations with
a unied view of security and compliance levels across
the organisation.

White Papers

Limitations of a Two-Tier Approach


This paper must recognise that a two-tier network
architecture may not be appropriate for every enterprise.
Some enterprises may be limited by physical or
organisational constraints. A two-tier network design is
ideally suited for enterprises with Greeneld environments
or with sufcient space and modularity within the building
to handle the consolidation and changes necessary to
migrate from a three-tier approach. Enterprises with long
distances between core and access may nd it more costeffective to include additional network layers to ensure
reach of trafc ows. An example of this may be a large
manufacturing campus with distributed production
locations. In other cases, organisations that occupy
historical buildings with older cable plants or restrictions
on physical infrastructure changes may also be limited in
their ability to cleanly migrate to a two-tier design. While
a two-tier design should decrease the amount of space
required for the physical housing of switches, some
building layouts may not have the exibility of providing
space where it is required.
As a general rule, enterprises with a physical separation
between the data center or access layer and the core
that is greater than 100 meters for copper runs and 300
meters for multi-mode ber, could be faced with the
relatively more expensive option of using higher powered
optics to cover the greater distances. This additional
cost should be weighed carefully against the cost of
supporting additional network layers. Fundamentally,
the largest issues prohibiting a two-tier architecture are
distance, age of cable plants and the exibility of the
building structure. Assuming none of these are of major
concern, the enterprise is best served by collapsing layers
and simplifying overall network design.

Benefits of a Two-Tier Approach


So far this paper has identied several key benets of
migrating to a two-tier network design. Enterprises
benet from a lower network acquisition cost by
requiring fewer switches. Installation and maintenance
costs are decreased due to the added simplicity of the
two-tier design. A simplied network improves the IT
organisations ability to innovate at the application layer
and deliver next generation IP applications such as IP
Telephony with quality and consistency.
When designing a network, IT organisations should
remember the four principles of quality connections,
continuous uptime, maximum security and compliance
and simplicity of management and operations. It is
good practice to use these four criteria when evaluating
competitive network designs and products.
The best way to understand the true benets of
each of these principles is to evaluate their function
in a true enterprise example. Lets focus on a large
nancial institution undertaking serious application
and infrastructure projects. Suppose this company has
evaluated an IP Telephony solution and is now ready
to commence a broad roll-out of IP telephones. In
addition, the IT organisation, after being inundated with

White Papers

requests, has decided to deploy a Wi-Fi network at the


headquarters location.
The benets of the Extreme Networks architecture shine
in this scenario. The concept of quality connections
ensures that the network adjusts its services to meet the
requirements of each application.
In the case of an IP telephone, the network will
immediately recognise the device as a telephone, provide
power, assign it to the appropriate VLAN and verify that
the telephone has all the conguration information
required to operate effectively. Once the telephone has
been identied, the network can also assign policies for
QoS. By delivering low latency, low jitter and predictable
performance, the network is ready for converged
applications. In the case of the wireless deployment, the
network responds in a similar fashion. There is automatic
recognition of wireless APs followed by the provisioning
of power and requisite conguration and identity
information. In addition, the AP is immediately brought
into the established security policies of the business
helping to ensure the utmost in integrity. This ability to
differentiate and tailor services based on the endpoint
or application is at the heart of the quality connections
concept.
Lets continue with our nancial corporation. The
migration to IP Telephony and the addition of wireless
means the business reliance on the network is greater
than ever. The cost of downtown continues to rise with
estimates at the high-end reaching $6.4 million/hour
(see Figure 4). Extreme Networks considers continuous
uptime to be an intrinsic network design principle. The
simplication of network design via a two-tier architecture
favors a more highly available network. All things equal,
fewer switches mean the network has a longer average
MTBF since the likelihood that any one switch will fail and
cause network disruption is decreased. The simplication
of network design also allows network administrators to
decrease the MTTR by facilitating quicker fault isolation
and remedy. Additionally, EAPS provides the sub 50
millisecond failover our nancial customer needs to
guarantee the optimal support of its IP Telephony and
nancial applications.
Our nancial companyalong with practically any other
corporate entityis highly concerned with security and
compliance. As discussed earlier, the network must play
an active role in securing critical resources. The ability
to guarantee the integrity of customer nancial data is
a must in meeting compliance rules. Extreme Networks
two-tier architecture uses several technologies to help
ensure the network is highly secure. At the network
edge, Extreme Networks is able to authenticate a person
or device based on their credentials. This is irrespective
of the mean of access (wired or wireless). Once on the
network, Extreme Networks Layer 3 Virtual Switching
technology combined with third party integration of
rewalls and security gateways ensures these users do
not gain access to sensitive nancial information. Finally,
leveraging its security partnerships, Extreme Networks
can detect anomalies with its CLEAR-Flow technology
and take quick action to alert administrators to the

potential breach of security policy. Security is at the top


of the business agenda. Extreme Networks focus on
accountability within the network framework provides
the IT organisation with the requisite tools needed for a
highly secure environment.
With such complex infrastructure projects, our
nancial company is conscious of the human resources
required to operate such a network and seeks a simple
management solution. Network management has
advanced substantially over the past ve years. Through
its EPICenter platform, Extreme Networks offers a single
portal from which network administrators may control
conguration, performance monitoring, policy and fault
management. As previously disparate networks converge
(voice, data, wired and wireless), so too has Extreme
Networks view of management. EPICenter provides
tight integration of IP Telephony and Extreme Networks
wireless LAN product portfolios. In this way, network
administrators can converge network management
across wireless, wire-line, voice and data networks.
In addition to the benets of these four pillars, the two-tier
architecture decreases the total cost of network ownership - both in terms of capital and operating expenses.
By collapsing network layers, the IT organisation needs
fewer products with which to run the network. Fewer
products mean lower costs of capital, implementation
and training. Additionally, fewer products also mean
less management and greater ease of operations (e.g.
software upgrades, troubleshooting) contributing to
lower network operations costs.

Conclusion
In this paper we have sought to explain the benets of
migrating from a three-tier network architecture to a
more streamlined two-tier architecture. As companies
are faced with the pressures of supporting emerging
applications like IP Telephony and wireless networking,
the network must be adequately extensible to facilitate
this process. By evaluating network designs based on the
four principles of quality connections, continuous uptime,
security and compliance, and simplicity of management
and operations, IT organisations will realise the value that
a consolidation of network layers brings.
The timeliness of this architectural shift can be attributed
to the advancement of network technology in several key
areas. However, change for the sake of technology alone
is not logical. Instead, the true benets of a simplication
of architecture can be seen in the numbers. Enterprises
embracing such a strategy are certain to realise substantial
reductions in both capital and operational costs. In todays
world of tightened purse strings, lowering network Total
Cost of Ownership while maintaining levels of service is
the bottom line that ultimately matters the most.

White Papers

Deploying IP Telephony
This paper addresses issues that enterprises need to consider when deploying internet telephony and
converged communications applications into their network infrastructure. The move toward a converged
communication infrastructure should be gradual and protect your investments in existing legacy
infrastructure to ensure a smooth, low risk transition.

Enterprise
In November 2003, Extreme Networks and Avaya
announced a strategic partnership that will accelerate
the move toward convergence in the enterprise.
Avaya is the undisputed leader in enterprise TDM and
IP Telephony solutions deployed in 90% of the Fortune
1000. With 18,000 employees and over $4 billion dollars
TM
in annual revenue, Avayas robust MultiVantage
Communication application suite will take full advantage
of the network intelligence enabled by the award winning
Extreme Networks Alpine, BlackDiamond and Summit
families of switches. Extreme Networks is widely
recognised as the leader in highperformance, highly
resilient enterprise and metro solutions. The leaders
in delivering network infrastructure and converged
applications are cooperating to tightly integrate,
distribute, develop and support critical components
required for successful implementation of convergence
application solutions.
The multi-year, strategic alliance involves:
Joint Marketing and Distribution Agreement
Global Sales/Service Reseller Agreement
Converged Solutions Joint Development
The alliance will broaden the choices available to
customers looking for convergence solutions. For the first
time, end-to-end, best-of-breed converged application
and infrastructure solutions based on industry standards
will be available from a single accountable source. In
addition, 7,000 professionals in Avayas Global Services
Organisation are committed to helping you with your
network assessment, optimisation, security, continuity
planning, network deployment, training, technical
support and maintenance needs.

White Papers

The Move Towards


Converged Networks
What is convergence? Simply put, converged networks
are about extending your IP network to leverage a
common infrastructure for voice, video, data and all
other converged communications. In 2003, PBX line
shipments were close to 7 million lines, with traditional
TDMbased PBXs declining by 11% to 4.6 million lines
and modern IP lines doubling to 2.4 million lines. In
2007, Gartner expects the number of IP lines will surpass
TDMbased lines for the first time. The move toward
implementing converged communications applications
and infrastructure is afoot.
There are many benefits gained from convergence
including enabling a new class of enterprise applications
that are communication enabled resulting in
productivity gains through collaboration and un-tethered
access to corporate resources from anywhere from any
device. However, benefits enabled through convergence
can only achieved if all of the components and business
processes fit together from the beginning. Networks
need to be more applicationaware to handle the
incremental stress and unique requirements of converged
communications applications.
There are many compelling reasons for implementing IP
Telephony:
Empower a new class of communication
enabled enterprise applications that enhance
productivity
Gain operational efficiencies from managing a
single converged network
Bypass long distance toll charges for inter-office
calls within the enterprise
Least cost routing of off-network calls via the
enterprise network
Give remote workers full featured wire-line
and wire-less access to corporate enterprise
applications
Compliment or replace legacy PBXs at a much
lower cost and reduced maintenance
Create next generation contact centers for
improved customer relationship management
(CRM)

Decision Criteria
8.0

One premises network will cost less than two

7.3

Reduces cost of moves, adds and changes

7.1

One system manages multiple remote offices

6.3

Prerequisite for converged enterprise network

6.2

Leverage IP-based applications, e.g. CRM


Major vendors have endorsed IP Telephony

5.5

Upgrading call centers to contact centers

5.5

10

Rating of importance for decision


to implement IP Telephony
Major telephony equipment vendors now have stable
solutions to complement their traditional TDM voice
switching gear. Network infrastructure vendors have
optimised their products specifically for converged
applications and are working closely with application
vendors to fully exploit the underlying intelligence in
the network. Enterprises now have a choice of proven
solutions and no longer have to be locked into a single
vendor in order to enjoy an end-to-end solution.
This paper addresses issues that enterprises need
to consider when deploying internet telephony and
converged communications applications into their
network infrastructure. The move toward a converged
communication infrastructure should be gradual and
protect your investments in existing legacy infrastructure
to ensure a smooth, low risk transition.

Convergence Applications
Enterprise applications are changing and becoming more
accessible through the web and more integrated with
convergence applications like voice, instant messaging
and video. Consolidating infrastructure for distributed
call centers, remote access for sales people at customer
sites, video conferencing coupled with computer based
training curriculum and full featured IP Telephony
solutions with access to enterprise applications
at corporate headquarters are just some of the
examples of the proliferation of distributed converged
communications.

White Papers

Deploying IP Telephony
In the most basic form, IP Telephony is about taking
phone conversations and converting them into a stream
of IP packets and sending them over a packet switched
network as opposed to the public switched telephone
network (PSTN).
Voice traffic is converted to IP Telephony packets by
different devices, depending on the architecture of the
solution. In toll bypass applications, gateways convert
voice between the PBX and IP network. In most IP
Telephony deployments, packet conversion occurs at
the IP phone as well. And in the case of architectures
involving analog phones and phone hubs, IP Telephony
conversion occurs at the phone hub.
Most IP phones uses industry standard protocols such
as SIP or H.323 to communicate with other IP devices.
However, similar to TDMbased PBX and proprietary
handsets, not all IP phones will work with any vendors
IP call manager due to proprietary client/server protocols
like Ciscos SKINNY and Nortels Unistem protocols.
For a business that is considering voice and data
convergence, putting IP Telephony on the WAN is as
important as IP Telephony on the LAN. IP Telephony
on the WAN is where the advantages of toll bypass
show themselves. The reasons for this are primarily
economical. Cost savings can be immediate when long
distance phone calls are diverted from PSTN and sent
over an existing IP-based WAN. A significant portion of
IP Telephony deployments thus far have been toll-bypass
applications.
Implementing an IP Telephony infrastructure needs to be
an evolutionary step with proper consideration for legacy
TDM PBX systems.

Considerations for Voice Quality


The characteristics of TDMbased telephony that we have
come to expect is guaranteed dial tone, pin drop voice
quality, and a robust suite of features. An impediment
that slowed the acceptance of first generation IP
Telephony was that the network infrastructure had been
optimised for store and forward type data applications
like email, which had very different Quality of Service
(QoS) requirements as compared to voice traffic. Also,
many early IP Telephony call manager features were
lacking compared to their TDM competitors and were
not as reliable.
Latency - is simply measured as the amount of time
that it takes a packet to traverse the network from
sender to receiver. High latency results in speakers
talking over each other as they wait for delayed
packets to arrive as a response from a sender. When
planning your network infrastructure you need to
be aware that there are some delays that you can
and cant control. For example, on your private LAN
or leased lines between sites, you have the ability
to manage and control bandwidth to ensure that
voice packets experience minimal latency resulting

White Papers

in high voice quality. However, by definition voice


packets over the WAN take unpredictable routes
across many routers and switches all with different
store and forward requirements, buffer/queuing
mechanisms etc., which results in uncontrollably
high latency. Most experts agree that voice packets
can sustain 150 to 300 milliseconds of delay before
there is a noticeable impact on voice quality.
Extreme switches normally introduce only 8-12ms
per switch when forwarding 64byte voice packets,
considerably below the voice quality threshold for latency.
Jitter - is a measure of the variation in latency
over time. In data-only networks, jitter is normally
not measured as long as the packets arrive in a
reasonable timeframe at variable rates. In a converged
communications network, jitter can have a big
impact on the quality of voice applications resulting
in truncated sentences or very choppy dialog. It is
critical that the network infrastructure has QoS built
into the switches to enable them to buffer packets
with minimal overhead to ensure smooth packet
streaming rates. Jitter rates of less than 1 millisecond
is generally considered accepted by most experts.
Extreme switches normally only introduce a jitter
of 10s; considerably below the jitter threshold.
Bandwidth availability - bandwidth needs to
be available and granularly allocated so that voice
conversations are not starved due to congestion
on the network. Symptoms of poor bandwidth
availability result in dropped packets or out of
order packets that need to be resent. The end
result is voice clipping, skips and dropped calls.
Extreme Network switches allow for wire-speed
switching at Layer 2 and Layer 3 and all have
non-blocking switch fabrics ensuring that the
switch backplane will never be a congestion point
allowing for maximum bandwidth availability.
Echo - often packet switched voice conversations
can be impacted by a reverberation of speech
back through the handset and re-transmitted
causing distracting echoing. Echo cancellation
techniques are being implemented in DSP chips
that reside in IP telephones to minimise echo.
Codecs customer premise equipment (CPE) often
comes equipped with voice codec software on the
device. The purpose of the codec is to convert analog
signals into digital packets often using compression
before transmission. There are a number of different
codecs ranging from the lightweight, lower voice
quality of G.711 to G.729 which is much higher
voice quality but has higher bandwidth requirements.
Avaya endpoints utilise the highest quality components
including codecs and DSPs that support industry
standards like SIP and H.323.

Elements of a Converged Network

Elements of a Converged Network

There are a number of common steps in deploying a


converged network that are covered below:

These topics and their related issues are discussed in


more detail in the following sections.

Create and assign QoS profiles for all devices


that might have to support phones
Configure the logical topology for IP Telephony
Set up your call server clusters or IP PBX to
manage features and dial plans for the phones
Set up a DHCP service for address assignment
Set up power handling for the phones
Implement security for your dial plans and to
prevent unauthorised network access
Implement an E911 plan
Install and set up the phones
Test the system and dial plan

You should note that logical topology and Virtual Local


Area Network (VLAN) configuration, along with QoS
provisioning, comprise approximately 50% of the Moves,
Adds and Changes task set in deploying IP Telephony.

A related issue is the ongoing maintenance of the IP


telephony system. One of the promises of IP Telephony
on a converged network is reduced cost of Moves, Adds
and Changes which is difficult to realise without tools to
simplify and automate deployment. The following figure
shows estimates on the average relative time it takes to
fulfill the requirements of these areas.

Configuring the logical topology of your enterprise


network for high availability and IP Telephony includes
designing the Layer 2 and Layer 3 topologies including
VLANs and subnets. It also includes setting up your
Spanning Tree (Layer 2) and routing rules (Layer 3).

VLAN Configuration
A typical campus IP Telephony implementation involves
the creation of at least one VLAN for the voice service
on every switch that may have an IP phone attached to
it. The end-to-end QoS needs of voice are very different
from those of data and require that each switch be
configured with QoS profiles for voice.

VLANs are essential in a converged voice/data network.


Creating a voice VLAN provides the easiest configuration
and management options for IP phones. Separate VLANs
for voice and data is highly recommended as it allows
you to logically separate and prioritise IP Telephony
traffic over data transactions.

ephony System

10%

25%

10%

10%
15%
10%
Time
3%Allocations Setting up IP Telephony System

15%

2%

Time Allocations Setting up IP Telephony System


Design logical topology
Configure QoS and Auto-discovery
Configure DHCP and TFTP
Configure dial plan, E-911, Security
Install IP phones
Configure logical topology
Setup call manager clusters
Provision inline power
Test call setup and dial plan

Design logical topology


Configure QoS and Auto-discovery
Configure DHCP and TFTP
Configure
dial plan, E-911, Security
10%
25%
Install IP phones
10%
Configure logical topology
Setup call manager clusters
10%
Provision
inline power
Test call setup and dial plan

10%

10

15%

10%
3%

2%

15%

White Papers

Voice VLANs are configured as overlays across a network


that can be either routed, VLAN-separated, or a hybrid.
The telephony VLAN supports only the telephony
application components and traffic. However if it is
enabled, it provides application isolation for QoS and
administration, and also allows specific DHCP service to
keep Moves, Adds and Changes easy and cost effective
within the call server zone. Ideally, an IP Telephony VLAN
should also be its own subnet, fully routable across Layer
3 links or to interconnect voice VLANs that have been
separated for administrative or other reasons.
Phone Connectivity Options
A significant portion of the cost of a implementing
a converged communications infrastructure in large
enterprises is the cost of deploying a large volume
of IP handsets. Depending on functionality, wired IP
phones or wireless IP phones using 802.11b standards
and can range in price as low as $99 or expensive as
$500 with many features such as color LCDs. Most IP
handsets generally need to support the often proprietary

signaling protocols of the IP call manager. In the TDM


PBX/proprietary handset world, the proprietary razor/
razor blade pricing model has existed for generations
and it appears that IP handsets will continue down the
same path.
As part of your converged network, you have to
make some choices as to how your phones are going
to be configured at the desktop and how they will be
connected to the network. One configuration is to have
the IP phones use a dedicated switch port connection;
this option requires two drops to each desktop, one
for the phone and one for the PC. This option provides
a level of physical redundancy at the cost of an extra
switch port.
In order to reduce costs, a common alternative is
to daisychain the desktop PC to the IP phone. This
option essentially shares the network switch port and
cable between the PC and IP Phone. This aids in rapid
deployment and facilitates maintenance later with
Moves, Adds, and Changes but does requires a more
intelligent switching infrastructure. To achieve this, the

Single Cable
`

IP Phone

Multiple Cables
Summit48si

IP Phone

3
`

Soft Phone

White Papers

IP phone basically has a three port switch built in, so that


there is a 10/100/1000 port connection from the phone
to the network switch, a 10/100/1000 port connection
that connects to the desktop PC, and the internal port
that connects to the phone itself. Most vendor IP phones
support this mode.

QoS Profiles

Of course, if you are using a soft phone (driven by


software in the desktop PC), the only connection is to
the PC.

All relevant devices that might have to forward voice


traffic must be configured with QoS profiles. Doing this
once across the network may mitigate the need to make
changes at the edge for each IP phone Move, Add or
Change. However, as more phones are added at the
edge, or if large numbers of phones are moved from
one switch to another, QoS profiles at the aggregation
layer and core will need adjustment to guarantee more
aggregate bandwidth.

You do not need to use the same configuration at


each desktop, but the connectivity option you choose
may affect the feature sets available to you and the
maintainability of the network at the edge.
Analog phones, which you may still use in some areas,
must connect to an IP network via a voice hub. The voice
hub will digitise and packetise the analog signals, and
additionally provide control and/or call signaling to other
voice hubs, call servers, other SIP or H.323 endpoints
as well as gateways to the PBX or PSTN. Alternatively,
depending on which telephony vendor you select, you
may be able to re-use your analog phones by connecting
IP call servers or a related component to legacy peripheral
cabinets. In this case the conversion to IP occurs at the
device aggregating the peripheral cabinets.

IP Telephony VLANs contain much more, of course, than


the edge switches connecting the phones. They also must
include all aggregation and core switches endtoend
between all the IP phones throughout the enterprise.

In addition to simple packet marking and classification,


your infrastructure needs to be able to quickly parse
and prioritise queues for congestion management. Even
better, is the ability to monitor traffic and anticipate
congestion and react before performance degrades or
does not meet a QoS service contract.

Extreme Networks Policy-based QoS


Even though raw bandwidth capacity can be plentiful in a LAN/Campus network, you still need to provide a
guaranteed level of packet throughput for IP Telephony for it to function well. Without proper QoS settings, the
bursty, bandwidthhogging potential of certain data and video applications increases the latency and jitter of
voice to unacceptable levels.
Extreme Networks Policybased QoS relies on several components to achieve the desired results that allow
network administrators to get the proper control over managing the bandwidth characteristics various
applications demand. Stated simply, Policybased QoS consists of robust traffic classification combined with
bandwidth management treatments:
Classification + Treatment = Policy based QoS
These policies allow network administrators to control the bandwidth various applications use and maintain
latency and jitter control over the applications that need it. Extensive classification without robust treatment
capabilities are quite useless. Imagine having a carpool lane when there is only a single lane - thats similar to no
classification. Imagine no traffic laws on a multilane freeway, without minimum or maximum speed limits - thats
similar to no treatment capabilities.
Classification can be made using either explicit information (such as 802.1p DiffServ code points) or implicit
information (such as membership of a voice VLAN, or TCP/UDP ports).
Treatment refers to prioritisation and bandwidth management, which is handled in Extreme Networks switches
via min and max bandwidth control, in conjunction with eight queues on every switch port (in the I series chipset
switches). After traffic is classified, it is assigned to one of these priority queues for servicing. Each queue may
also be rate-shaped using bandwidth controls, thereby also controlling latency.

White Papers

Call Servers
Call setup and control is a key IP Telephony function. It
can be provided by a centralised call server with optional
backup servers, or can be distributed throughout the
network, depending on implementation. Alternatively,
an IP PBX, or an IP Telephony-enabled interface for a
standard PBX could also offer direct attachments to the
IP network and provide call management services.
Call servers manage the features and dial plans of the
phones. Setting up a call server involves configuring
rules for communicating between different call servers,
ensuring redundancy, and configuring device (phone)
pools. You must build a table containing a list of IP
phone Media Access Control Addresses and the phone
extension that should be allocated to each phone. As
new phones are added to the network they will need to
be defined to the call manager in this table.
DHCP Service Configuration
You can assign IP addresses for the phones using either
DHCP or static configuration. Since the phones will
require a lot of IP addresses, you will probably prefer to
use DHCP so addresses can be reused. This is another
reason why telephony VLANs should be on their own
subnet if possible - it will be easier to track IP addresses
used for phones.
Phones use the DCHP servers to get information about
what call servers exist. Some telephony vendors have
implemented extensions to DHCP to assign phones to
their appropriate VLANs in conjunction with IP address
assignment. Features like this will continue to make
deployment and configuration of IP Telephony more
Plug-and-Play.
In-line Power and Power over Ethernet (PoE)
Most traditional phones operate during power failures
as a result of being powered by the PBX itself. In an IP
Telephony environment, not only must uninterruptible
power be supplied to the call servers and gateways, but
each IP phone may also need similar power protection in
order to operate, in local power outages. Reliable power
delivery through in-line power to IP phones is critical for
service survivability and E911 services support. In-line
power reduces the risk of lost power to the phone and
reduces the support costs associated with troubleshooting
phone outages.

White Papers

Extreme Networks VLAN Manager


and VoIP Manager
Extreme Networks switches have been designed
from the beginning to support network
convergence. With eight hardware-based queues
per port, each with the ability to offer a minimum
and maximum bandwidth allocation, Extremes
ability to support IP Telephony along side other
mission critical applications is unparalleled in the
industry.
Moreover, Extreme Networks has automated as
much of this process as possible. As part of the
EPICenter network management suite, Extreme
Networks continues its tradition of award-winning
provisioning tools with VoIP Manager, helping
enterprise network admins congure IP Telephony
networks in the most efcient way possible.
VLAN Manager and VoIP Manager are both fully
integrated into the award winning EPICenter
management Solution. You can create VoIP VLANs
through EPICenters VLAN Manager, and VoIP
Manager inherits these VLAN denitions.
In addition to creating and conguring VoIP
VLANs and QoS proles end-to-end, VoIP Manager
calculates end-to-end min/max bandwidth
requirements based on the G.7xx compression
algorithm used, number and location of IP phones.
VoIP Manager also provides status reporting for all
VLANs on a per-switch and per-port basis.
Extreme Networks is working closely with Avaya to
ensure tight integration of tools for management
for both applications and infrastructure.

classification

treatment

policy

OSI REFERENCE MODEL


TRAFFIC GROUPS
4

Transport

TCP SESSION
UDP SESSION
(PORT #. IP SOURCE/
DESTINATION
ADDRESS & PORT)

QoS PROFILE
PRIORITY SERVICING

MINIMUM BANDWIDTH

Network

PROTOCOL (IP, IPX, SMA)


SUBNET OR IP ADDRESS
VLAN

MAXIMUM BANDWIDTH

Link
Media Access
Control (MAC)

MAC ADDRESS
802.ID - 1998 OR 802.1Q

PACKET MARKING
(Diffserv MPLS VMAN 802.1p)

Physical

PHYSICAL

Figure 5. Extreme Networks Classification and Treatment

Extreme Networks Infrastructure Security


When IP Telephony is deployed, network ports are exposed from semi-public or public areas - for example, there
may be an IP phone in the lobby or a wireless access point in a conference room.
Extreme Networks has advanced security capabilities. Access Control Lists (ACLs) lter out inbound trafc (such
as HTTP, FTP, Telnet, SMTP etc.) that may not be relevant to an IP phone. Thus, the network remains secure even
in the case of Layer 2 address spoong, and phones are protected against Denial of Service (DoS) attacks.
With ExtremeWares Layer 2 Address Security, a port can be limited to a number of MAC addresses that are
learned by the port (e.g., one address for a pure IP phone port). The MAC address of an IP phone can be learned
dynamically when the phone is installed, and the port is then locked down to this MAC address, even after a
reboot. This provides an excellent level of security against port abuse.
In cases where ports are allowed for data clients as well, phone discovery is combined with user level access
security. Network Login is an excellent user level security feature in ExtremeWare that requires no client software,
and thus works even in semi-public environments such as universities and libraries. Network Login works with
any client device and operating system that supports DHCP and a web browser. In addition, Extreme Networks
is following the standard for 802.1x (port based network access control) that will play an important long term
role in enterprise environments. The combination of Network Login and 802.1x on the same port will allow
deployment of user based security immediately, without requiring network client device changes.

White Papers

In-line power may be implemented as mid-span powered


hubs or integrated in to Ethernet switches themselves.
Extreme supports both third party mid-span power hubs
as well as the recently ratified IEEE 802.3af standard for
PoE. With in-line power support at every seat, enterprises
avoid having to verify and possibly change power
availability at the wiring closet every time an IP phone
is added or moved. This long-term goal of ubiquitous
power is a single piece in the puzzle of eliminating
support costs associated with service deployments.
Implementing Security
Voice security is at least as sensitive a topic as data
security. Users expect that all voice communications
are confidential (i.e. no one is listening in), even when
they dont have the same expectations of an e-mail
containing the same information. Similar to your needs
to protect the infrastructure against rogue access points
being inserted in the network, you should also prevent
unauthorised Moves, Adds and Changes of IP phones,
especially while automated procedures (QoS adjustment,
automated E911 tracking, etc.) are not available.
Password or access list changes may be needed to
accommodate a Move, Add or Change. Even if a phone
changes VLANs, some authentication updates may have
to be made to accommodate its new physical location.
Also, there may be some database updates needed for
accounting or billing purposes. This is especially true (as
with QoS) if the switch now supporting the phone was
not aware of the VLAN before the move. The call server
may need to generate a new security prole based on
the phones new physical location.

White Papers

Conguring Phones
The phones now have to be congured. This is a task
that will vary depending on your architectural choice at
the desktop - single cable, multiple cable, or soft phone.
This is an area where management tools can help with
VLAN assignment and QoS conguration. Testing the
IP Telephony System before deployment of even a part
of the IP Telephony infrastructure is complete, extensive
testing on a stand alone controlled network has to be
done on the IP Telephony system including on-net and
off-net calls, the dial plans, E911 emergency calls, and
fail-over conditions.
Training, Support and Maintenance
Because converged communications application tightly
rely on close integration with the underlying intelligence
in the network, it is a good idea to have a business
continuity plan in place. Application developers and IT
staff responsible for infrastructure need to be sensitive
to the ripple effect that even a small change may have.
Cross discipline training is always a good idea. Once fully
deployed, your converged network will need to have
24x7x365 global support to avoid costly down time.

E911 Considerations

Dial Plans

An E911 service has to provide automatic number and location


information (ANI and ALI) to a 911 - operator public safety
answering point (PSAP) - when an emergency call is made.
Most traditional PBXs are only able to provide this support
with third-party assistance and a lot of administration.

The dial plan architecture includes dial plan groups,


calling restrictions, and on-net route patterns. This area
includes dening which gateway to use when someone
makes a long distance call, or which PSTN trunks to use
for domestic versus international calls. For a least cost
routing example, consider the following: If someone in
Chicago wishes to call off-network to a customer in San
Jose, the call can be routed over the enterprise network
and get handed off to the public phone network via a
gateway in the San Francisco ofce (the nearest ofce
to San Jose), thereby being charged only for a local call
instead of a long distance call from Chicago to San Jose

To appreciate the unique issues of E911 support in IP


Telephony, consider how emergency calls are handled with a
traditional PBX. When an emergency call is made, information
is typically sent to a security staff relating the callers physical
location on the campus with their extension number. When
an emergency team (e.g., police or re department) arrives,
an employee can meet the team and direct them to the
emergency.

WANTED: End-to-End, Best-of-Breed


Convergence Solutions

IP Telephony offers two basic approaches to handling


emergency calls: on-net to campus security or off-net to
the carrier Point of Presence (POP). With on-net campus
security, usually an individual in the company assists the 911
respondent; with off-net approach, the number and location
of the individual in distress is made available to the PSAP.

To get the most out of deploying business critical IP


Telephony solutions, it is a necessary requirement
that all of the applications and network infrastructure
have a multiple-layer dialog mediated by open
standards encompassing authentication, QoS, security,
device discovery, auto conguration, monitoring and
management.

The issue to be solved here is that an IP phone can be


moved without any centralised administrative intervention. A
database has to be maintained to map the IP phones unique
Layer 2 addresses to a physical location now being served by
a port on a switch. This is not the case with a traditional PBX,
which just maps a port to a phone (see Figure 6).

Early attempts at convergence placed unnecessary


burdens on early adopters that slowed the acceptance of
IP Telephony. In some cases, customers had to perform

Figure 6. Extreme Networks 911 Phone Movement

1
1

MGMT =

10

11

12

13

14

15

16

17

18

19

20

21

22

23

IP
Phone

24

ST ACK NO

FAN =
PSU-I =
PSU-E =

CONSOLE

TCI
Script

E911
LDAP
Servers

User disconnects IP Phone. Switch Port enters down state.

Switch sends SNMP trap to EPICenter referencing port down condition

EPICenter launches an external script passing Switch IP address and


port # as parameters

Script spawns Telnet session Queries FDB for MAC address last at
down port, then disables port

Script passes MAC address to E911 directory


White Papers

complex systems integration to make sure that hardware


and software from multiple vendors actually worked
together and could be supported locally and remotely
in branch ofces and call centers. Solutions often ended
up being piece-meal with little regard for existing TDM
based infrastructure. Customers became tired and
frustrated being ping-ponged back and forth between
disparate vendors when seeking support. Another route
that early adopters took was to attempt to purchase
complete solutions from a single vendor. However,
often the customer had to settle for unbalanced, endto-end solutions from either telephony vendors who
were not well versed in the latest advancements in
network architecture like QoS or from data infrastructure
providers whose telephony solutions lacked some of the
basic call manager functionality of their robust featured
TDM PBX counterparts. These vendors who attempted
to deliver end-to-end solutions sometimes offered point
products that were sub-optimal in both telephony and
networking. Additionally, in order to get end-to-end
solutions, customers were held hostage by proprietary
protocols that increased vendor lock-in and inhibited
customer choice and negotiating power.
Telephony and data networking are vastly complex
businesses requiring vendors to make enormous
investments to stay current in their own highly
competitive markets where they have strong domain
expertise. Customers need solutions that are sensitive
to their past investments yet give them head room for
growth and the opportunity to exploit new developments
in areas like video-conferencing that will give them a
competitive advantage. Even with the largest vendors,
it is unfathomable to believe that one single vendor
can develop solutions that are competitive in both IP
Telephony and network infrastructure.

Cradle to Grave Support for


Convergence Solutions
Dial tone simply always has to work. Your business
depends on it. The cost of downtime in a global
economy can be tremendous. Implementing converged
communication architectures is a lot more than just
buying telephony and network equipment.
You should involve your vendors as partners in the
design, pilot and customer application integration
phases. End-to-end solutions need end-to-end planning,
maintenance and ongoing support. When deploying
a converged solutions you should expect 24x7x365
support on a world-wide basis from your vendor for the
entire solution not just a single component.
Your business is too important and the opportunity
cost is too great to experience vendor nger pointing.
Demand accountability from your convergence vendor
for the entire converged solution.

Extreme Networks: Network


Infrastructure of Choice for Avayas

White Papers

Extreme Networks Rapid


E911 Support
With Extreme Networks infrastructure, E911
database information can be maintained very
rapidly, whenever a phone is moved. Plugging
and unplugging a phone generates Link up
alerts (when the phone is plugged in) and Link
down alerts (when its unplugged). This provides
information to E911 applications to detect IP
phone movements allowing databases to be
updated automatically.
The benets and implications of turnkey E911
support include more rapid Moves, Adds and
Changes which include two main components:
Physically relocating station equipment or new
construction
Software-related updates,
QoS or authentication
database updates, and
functions such as display
phone numbers etc.

such as switch/router
conguration, E911
call manager-related
names, call coverage,

The process might start with a call or e-mail to a


help desk. A typical Service Level Agreement (SLA)
might call for software changes within half a day
and physical changes within 24 hours. Many of
the software changes with an IP Telephony Move,
Add or Change will be similar to their PBX based
counterparts, but can be automated to a greater
degree with sophisticated infrastructure tools
that take advantage of the intelligence of your
converged network.
End-to-end, Policy-based QoS conguration is
another area where Extreme Networks is ahead of
the eld in both rapid deployment and rapid Move,
Add and Change support see the VLAN Manager
and VoIP Manager sidebar for more information.

MultiVantage Communications
Architecture
Extreme Networks was chosen by Avaya to be the
infrastructure foundation for their Communications
Architecture encompassing infrastructure, applications
and services highlighted below:Telephony solutions with
Avaya Communication Manager use industry standards
to enhance scalability and exibility in traditional voice
systems, and serve nearly any employee need with
IP or traditional telephony solutions. Contact Center
solutions in the Avaya Customer Interaction Suite
combine multimedia integration, self-service and process
automation, efcient routing, service-level management,
reporting, and more for maximum efciency in enterprises
of any size.
Messaging solutions with Avaya Modular Messaging
and Avaya Message Networking combine scalability,

reliability, and availability whenever and wherever theyre


needed-so employees can better manage their time and
collaborate 24/7 across a virtual enterprise.
Unied Communication solutions with Avaya
Unied Communication Center offer one friendly
interface for all of the network services users rely on, plus
speech commands that provide access to features and
database information through any phone, Web browser,
cellular or wireless device.
System and Network Management: When
combined with Extreme Networks EPICenter, Avaya
Integrated Management, Network and Policy
Management and Security Management provide a
comprehensive set of tools that make it easier to manage
complex network infrastructures.
Avaya
Global
Services:
Single point of
accountability to design, build, and manage multi-vendor
communications networks worldwide with full life-cycle
support for your critical communications.
Security and Business Continuity Services consist of
consulting services that help safeguard and control access
to mission-critical infrastructure components in voice,
data, and converged networks. Convergence Services
provide for every aspect of planning, implementing, and
maintaining converged communication solutions.

support seamless, end-to-end network operations


including assessment, design, and optimisation services
that provide the blueprint for integrating new applications
and technologies and optimise network availability and
performance
Implementation and Integration Services
employ proven methodology for implementing voice,
data, contact center, and convergence solutions
including customer evaluation, converged and multivendor data expertise, and value-based service pricing
at the solution level. Maintenance Services provide
maintenance for voice, data, and converged needs
through a comprehensive, exible Avaya
Maintenance Services Agreement Avaya EXPERT
Systems Diagnostic Tools provide unparalleled remote
monitoring, diagnostics, and resolution for voice
systems
Managed Services provide fault, performance,
and conguration management for multi-vendor data
networks and Avaya MultiVantage Communications
Applications solutions.

Network and Applications Consulting Services


Alpine
3804

SMALL ROMOTE OFFICE

Voice VLAN
Default VLAN

IP Phones
`

PC Call Server

HEAD OFFICE

Alpine
3804

Call Server

LARGE REMOTE OFFICE


Call Server

Legacy
PBX

Media
Gateway
Alpine
3804

Media
Gateway

Voice VLAN

Default VLAN

Legacy
PBX
`

Analog or
Digital Phones

IP Phones

PC's

Voice VLAN

Default VLAN

PSTN
Analog or Digital Phones

IP Phones

PC's

Figure 8. Avaya and Extreme Networks Delivering End-to-End,


Best-of-Breed Solutions for the Distributed Collaborative
White Papers

White Papers

Avaya Converged Communications


Product Suite

Extreme Networks Family of Intelligent


Network Switches

Avaya
MultiVantage
Software:
Avayas
MultiVantage is the heart of the ECLIPS platform,
offering all of the features and functionality of traditional
business phone systems on an IP converged network.
The software operates on Avaya ECLIPS media servers
and gateways as well as existing circuit switched Avaya
DEFINITY servers.

The award-winning BlackDiamond 6800 product family


is optimised for large enterprise network core and data
centers and provides a highly resilient, highly scalable,
feature-rich platform with:

Avaya Media Servers Based on Linux and Windows


operating systems, Avaya Media Servers deploy voice
applications onto enterprise networks. Avaya offers three
media servers - S8100, S8300, and S8700 - each scaled
for differing communications network congurations,
including campus, multi-site, branch, remote, and home
ofce.
Avaya Media Gateways Avaya Media gateways
support voice and signaling trafc routed between
packet-switched and circuit-switched networks. Two
media gateways - G600 and G700 - provide scalable
support for large or small IP Telephony deployments.
Both adhere to IEEE standards, allowing internetworking
with a wide range of data networking infrastructures;
Avayas software permits continued compliance as IP
standards evolve.
Avaya Integrated Management Suite: Avayas
Integrated Management Suite provides a exible and
comprehensive set of web-enabled tools designed to
simplify the management of IP Telephony communications
networks, including IP Telephony fault monitoring,
performance management, policy management, and
conguration.
Avaya IP Handsets and Softphones Avayas line
of IP-enabled telephones and consoles provide a full
compliment of station features, impressive voice quality,
and incorporation of critical features such as E911 MAC
address support. Avayas commitment to innovative IP
terminals includes the IP Softphone for Pocket PC, which
converges IP Telephony, Wireless LAN, and telephony
features into a single PDA-enabled handset.

Hitless failover and hitless software upgrades, ensuring


the network remains operational even under the most
adverse conditions and while maintenance is being
performed
Granular QoS capabilities that provide superior
support for IP Telephony and other mission-critical
applications
Support for industry-standard protocols and interfaces
- including 10 Gigabit Ethernet, MPLS, PoS, and ATM
- that enable exible integration into a wide variety of
metropolitan or legacy networks
Scalability to a maximum of 1,440 10/100BASE-T
ports and 360 Gigabit Ethernet ports with a total
switching capacity of 768 GbpsThe Alpine 3800
product family is targeted at smaller core networks
and distribution applications within larger enterprise
networks. It offers:
A highly resilient platform with highperformance
and non-blocking interfaces
Many of the same features as BlackDiamond in a
smaller, more cost-effective chassis
Scalability to 256 10/100BASE-T ports or 128 Gigabit
Ethernet ports, and a switching capacity of 64 Gbps
The Summit product family spans several xedcongurations for the wiring closet and mid-tier
aggregation applications and:
Features robust, wire-speed Layer 3 switching,
intelligent Policy-based QoS, and advanced security.
The ExtremeWare Operating System delivers the
uncompromising management, control, and security
required by todays demanding enterprise networks.
This software base, common to all Extreme switch
platforms, includes:
Standards-based, multi-layer switching and Policybased QoS to give corporate networks the best
available tools for optimising operating capacity
Plug-and-play
deployment
and
stable,
consistent
performance
out
of
the
box.
EPICenter delivers an integrated network management
suite that simplies conguration and network
monitoring for all Extreme products within large
enterprise networks.

White Papers

Conclusion: Success Factors in


Deploying Internet Telephony
The hype over internet telephony from just a few short
years ago has subsided. Despite bold predictions from
entrenched data infrastructure vendors with their eye
on the voice market, large enterprises did not make
wholesale donations of the legacy PBX equipment.
However, they have begun the process of gradually
implementing plans to converge their next generation
voice and data networks with emphasis on protecting
their legacy TDM PBX investments. As the hype continues
to subside, most enterprises realise that a single vendor
regardless of whether they come from the voice or data
perspective is unlikely to develop and deliver complete
converged solutions that are competitive and can be
supported for the long term all by themselves.
As shown in the topology diagram above, the robust
platforms available from vendors like Avaya and Extreme
Networks can support any size location whether it is
centralised or distributed without compromising features
or performance. The partnership is ultimately aimed at
lowering TCO by simplifying IP Telephony deployments.
The partnerships stated goal is to increase uptime
through collaborating on resiliency, self-healing network
development and service aware routing where applications
can respond in real time to available bandwidth. Integrated
tools for network management, standards based device
discovery, plug and play auto-conguration and enhanced
security are just some of the fronts that the companies are
working on together.
The benets of convergence are real and are starting to be
obtained by enterprises who enable their workers, suppliers
and customers to achieve productivity gains through secure
access to communications-enabled enterprise applications
from a plethora of devices distributed around the globe. The
tremendous benets from communications applications can
not be achieved unless the underlying network has specically
been optimised for convergence. Performance and reliability
are obviously key, as phone systems must be available at all
the times and voice quality has to be maintained on a policy
basis with special attention to latency and jitter. But there are
also some unique needs in terms of the ability to power the
phones, deploy and maintain the IP Telephony system, and
maintain the security of the network as a whole.

White Papers

Customers have spoken. They want application and


network infrastructure vendors to take responsibility
for integrating and supporting end-to-end solutions
that allow communication applications to be able to
take full advantage of the intelligence inherent in the
network infrastructure. Furthermore, customers want
cradleto grave accountability for network assessment,
optimisation, security, deployment, training and
supporting converged networks.
The strategic alliance between industry leaders Extreme
Networks and Avaya is designed to give customers
exactly what they asked for a choice of best-of-breed,
end-to-end solutions specically designed and integrated
for convergence while being delivered and supported by
a single accountable vendor.

Ethernet Automatic Protection Switching


The networking industry has relied on the Spanning Tree Protocol (STP) in large Layer 2 networks to
provide a certain level of redundancy. However, STP has proven inadequate to provide the level of
resiliency required for real-time and mission critical applications. It is important to note that the entire
industry has recognised that a new technology is needed to replace STP and many vendors are in the
process of developing pre-standard technologies to meet that requirement. Ethernet Automatic
Protection Switching (EAPS) is Extreme Networks solution for fault-tolerant Layer 2 ring topologies.
EAPS is responsible for a loop-free operation and a sub-second ring recovery. This revolutionary
technology provides end users with a continuous operation usually only available in voice networks and
does so with radical simplicity.

Ethernet Automatic Protection


Switching (EAPS)

Technology Overview

The need for business continuity has placed a greater


demand on todays data networks - redundancy and
reliability are imperative and the network must be able to
support them. The network infrastructure must be able
to achieve a high availability environment and continuous
access to resources. For this reason the networking
industry has relied on the Spanning Tree Protocol (STP)
in large Layer 2 networks to provide a certain level of
redundancy. However, STP has proven inadequate to
provide the level of resiliency required for real-time and
mission critical applications. It is important to note that
the entire industry has recognised that a new technology
is needed to replace STP and many vendors are in the
process of developing pre-standard technologies to meet
that requirement.

Ethernet Automatic Protection Switching (EAPS) is


Extreme Networks solution for fault-tolerant Layer 2 ring
topologies. EAPS is responsible for a loop-free operation
and a sub-second ring recovery. This revolutionary
technology provides end users with a continuous
operation usually only available in voice networks. While
EAPS provides an advanced function, it does so with
radical simplicity. The real strength of EAPS comes from
its ability to integrate into existing and new networks
to solve real business issues. EAPS can be built using
Ethernet, WDM, vDSL, and WAN technologies, or any
combination thereof. Furthermore, EAPS is native to all i
based Extreme switches, making it readily available and
not requiring expensive hardware upgrades.

S4

S3

S5

S2

Direction of
"Health Messages"

MASTER

S1

S6

Secondary Port
Logically Blocked

Figure 1: EAPS Ring Elements


White Papers

CONTROL

LINK

DOMAIN

PROTECTED
PROTECTED

Figure 2: Domain and VLAN Relationship


Definition of EAPS Terms
A ring is made up of two or more switches. One of the
nodes on the ring is designated as Master (S1) as shown
in Figure 1. The two ring ports on the Master node
are configured as primary port (P) and secondary port
(S) respectively. All other nodes on the ring (S2-S6) are
designated as transit, which are also configured with
their respective primary and secondary ports.
An EAPS domain is configured to protect a group of
data carrying virtual local area networks (VLANs), called
protected VLANs as shown is Figure 2. There could be
multiple EAPS domains running on the same switch, each
with its unique control VLAN. Similarly, many domains
can co-exist on the same ring protecting different sets of
VLANs.
A control VLAN is created per EAPS domain. This control
VLAN is for the purpose of sending and receiving EAPS
messages.

Normal Operation
EAPS operates by declaring an EAPS domain on a
single ring. Any VLAN that warrants fault protection
is configured on all ring ports in the ring, and is then
assigned to an EAPS domain. On that ring domain, a
node is designated as the Master, and one of its two
ring ports is designated as the primary port and the
other as the secondary port. The Master node blocks the
secondary port for all non-control traffic belonging to this
EAPS domain, thereby avoiding a loop on the ring. Layer
2 switching & learning mechanisms operate as normal.

White Papers

The control VLAN is not blocked at the Master secondary


port and control traffic is allowed to flow through. The
Master sends out periodic poll packets from its primary
port on the control VLAN to be received on the secondary
port, thus ensuring that the ring is up.

Fault Detection
When a fault occurs on the ring as shown in Figure 3,
the Master detects it either by missing poll packets or
by special fault detection packets (traps) generated by
the nodes that detect the fault. Upon learning of a fault,
the Master unblocks its secondary port allowing protected
VLAN traffic through.
Fault detection is accomplished in one of two ways:
Trap message sent by a transit switch
When a transit switch detects any of its ring ports losing
link, it immediately sends a link-down message to
the Master on its good link via the control VLAN.
When the Master receives this link-down message,
it immediately declares failed state, and opens the
logically blocked protected VLANs on the secondary
port. It also flushes its forwarding database, or FDB,
and sends a flush FDB message to all other transit
switches on the ring via the control VLAN. The other
nodes on the ring need not be aware of the fault;
they simply flush their FDB on all VLANs belonging to
this domain. The destination switching decisions are
then re-learned following the normal Layer 2 learning
mechanisms.

Fault Restoration

Polling
Polling is the failsafe method for ring recovery. If
for any reason the traps from the transit nodes do
not reach the Master node for immediate recovery,
the polling mechanism will force a recovery in a few
seconds.

The Master continues to send health messages out on


its primary port even if the state is failed (i.e. the ring is
broken). As long as there is a break in the ring, the Masters
failtimer will keep timing out, and it will remain in the failed
state.

During normal operation, the Master node sends out


a health packet every hellotime milliseconds on the
control VLAN. If the ring is complete, the Master will
receive the packet on its secondary port (control VLAN
is not blocked on this port). When the Master receives
the health packet, it resets its failtimer and remains in
complete state.

When the broken link is restored, the Master gets its


health message back on its secondary port, and
declares the ring to be complete. It will then perform
the standard ring complete operations: logically blocking
(closing) the protected VLANs on the secondary port and
flushing the FDB on all transit switches.
During recovery, from the time the link goes up on the
transit switch until the Master detects ring complete
state, the transit node must not begin forwarding traffic
until the Master secondary port in blocked. Otherwise,
a temporary loop may occur due to having all ports
forwarding traffic on the ring. To rectify this condition,
EAPS takes the following steps on the transit node:

If the Master doesnt get the health packet before


failtimer times out, it declares failed state, and
performs the same operations as described above,
which are: unblock (open) the logically blocked
protected VLANs on the secondary port; flush FDB;
send flush FDB message to all transit switches.

Put all the protected VLANs on the repaired port


in a blocked state
Remember which port has been temporarily
blocked
Set its state to preforwarding

S4
S4 sends Link Down
message to Master

S3

S5

S3 sends Link Down


message to Master

S2

Direction of
"Health Messages"

Master

S1

S6

Secondary Port
Logically Blocked

Figure 3: Fault Detection

White Papers

When the Master node detects the ring is up via its polled
health message, it sends a flush FDB message to all
the transit switches. When the transit switches receive
this flush FDB message, they perform these steps:
Flush FDBs on protected VLANs
If state is set to preforwarding, begin forwarding
on all the protected VLANs on that port

Continuous Operation
While sub-second fault detection and recovery is good
enough for some applications, it is not reliable enough
for others when operating alone. Some applications
rely on a higher-level protocol to retransmit and recover
from a fault, therefore selecting a new path and getting
redirected. However, applications that do not rely on
acknowledgement from the remote end, like multicast,
need an intelligent network protocol to help with fast
recovery.
EAPS does just that. EAPS adds intelligence to the network
to help multicast streams get redirected around a broke
link with blasing speed, resulting in an uninterrupted
multicast service. This is the type of traffic that usually
runs over a university distance-learning program,
corporate voice-over IP network, or service provider
video broadcast. With real time and mission critical
applications such as these, EAPS is the only choice for
non-stop operation. All other protocols cause multicast
clients to timeout or hang. Not only is the interruption
noticeable but it also requires user intervention to get

the service restarted. EAPS reduces overall business


interruption and improves availability.

Multiple EAPS Domains Per Ring


Remember, each EAPS domain has its own Master node,
its own unique control VLAN, and its own group of
protected VLANs. Different EAPS domains could have
their Masters on the same switch or on different switches.
Furthermore, multiple EAPS domains may coexist on the
same ring. This feature allows EAPS to take advantage
of available resources and bandwidth on the ring, called
spatial reuse. It provides the flexibility to control each
group of VLANs independently, therefore utilising ring
bandwidth more efficiently. For instance, blocking the
secondary port on a Master node in one domain renders
that link useless (standby), but forwarding on that link in
a different domain takes advantage of that bandwidth.
In addition, a domain may contain VLANs with clients
in close proximity allowing more direct paths between
nodes and controlling the direction of traffic flow.

VLANs In Multiple EAPS Domains


(Multiple Rings)
A data VLAN could span 2 rings interconnected by
a common switch as shown in Figure 4. Each ring is
configured with a Master node, an EAPS domain, and a
control VLAN. The data VLAN that is spanning both rings
is added as a protected VLAN to both EAPS domains.

S6

S4

S3

S7

LEFT RING

RIGHT RING
S5

S2

MASTER

S1

MASTER

S8

S9

Figure 4: VLANs in Multiple EAPS Domains


White Papers

A ring can be built with as few as 2 switches


using EAPS
There is no theoretical maximum on the number
of switches on the ring
Multiple EAPS domains can coexist on a single
ring
Multiple EAPS domains can be defined on a
single node
Only one Master can be defined per domain
An EAPS domain can be defined on only one
ring (cannot cross rings)
A maximum of 64 EAPS domains can be defined
on a single switch
A maximum of 64 EAPS domains can be defined
on a single ring
A maximum of 4,096 EAPS VLANs can be
defined on a switch
Both protected and control VLANs are counted
towards the maximum VLAN limit
Works with many technologies, like Ethernet
(10, 100, 1000), WDM, vDSL, WAN
Master node selection should be based on least
busiest link (standby secondary port)
EAPS requires all i based switches
EAPS requires a full Layer 3 license on every
switch
User must configure the control VLAN to use
Quality of Service profile QP8
The control VLAN should not carry data traffic or
be assigned an IP address

Figure 5 shows a more complex setup, where two


switches, sharing a common link, interconnect the two
rings. This setup adds resiliency between the two rings in
case one of the common switches fails. A problem arises
if the common link breaks. The Master of each ring will
open their respective secondary port. A protected VLAN
spanning both rings will have a super-loop caused by
this break (S1-S2-S3-S4 S5-S6-S7-S8-S9-S10-S1). Future
code releases will address super loop protection. In the
meantime, either use STP in conjunction with EAPS or
make sure the common link never fails unless a common
switch fails (S5 or S10). One way to improve link uptime
is to place S5 and S10 at the same site and aggregate
multiple links between them, using different modules if
possible.
EAPS was created to solve slow recovery times inherent to
STP, in essence replacing STP in ring topologies. Although
STP and EAPS use a similar mechanism to avoid network
loops, EAPS provides much more control, resiliency and
flexibility. When designing an EAPS network follow
these best practices guidelines to achieve the desired
results:
EAPS is a Layer 2 resiliency protocol
Designed for ring and interconnected ring
topologies
Can coexist with a Layer 3 protocol like VRRP,
ESRP, OSPF
Can coexist with STP - Layer 2
Can be used in the core or at the edge

S6

S4

S5
S3

S7

Common link to
both rings

LEFT RING

RIGHT RING

MASTER

S8

S10
S2

MASTER

S1

S9

Figure 5: VLANs in Multiple EAPS


Domains with Two Common Switches
White Papers

Simplifying Network Management with EPICenter


EPICenter is a future-proof management platform capable of establishing and maintaining networks
that are undergoing rapid change due to convergence. EPICenter determines a new benchmark for
accommodating convergence applications by offering intuitive user interfaces and by focusing on
reducing the complexity of managing expansive network environments. It offers an open architecture,
able to accommodate a multi-vendor, service rich environment that helps to enable voice-class
availability, and establish robust security policies.

Network Challenge
Networking environments are being stretched to
accommodate a rapidly evolving set of demands.
Information arrives from multiple sources, traffic is
unpredictable, performance demands are steadily
rising and security threats seem to worsen daily. The
emergence of new technologies and data services
continue to drive this momentum. Enterprise networks
must gracefully accommodate a multitude of
applications such as e-commerce, enterprise resource
planning, private Intranets, supply-chain extranets and
new voice and wireless infrastructure. These networks
require a highly available and scalable broadband
infrastructure - one that overcomes provisioning and
performance constraints while satisfying the demand
for expanding IP service offerings. Service providers must
be able to reliably provision those services to customers
while offering predictable end-to-end service level
agreements. As if this werent enough, service providers
and enterprises alike are being driven to consolidate
their communications infrastructures into a single
converged intelligent data network without any room
for compromise on feature delivery or reliability. It is not
even a question of establishing a competitive advantage
anymore; it has become a requirement to survive.
As a result, network providers have been scrambling to
meet the needs of the market. Some solutions available
today look like a conglomeration of ports, boxes, wires,
tape and chewing gum.
Consequently, the demands placed on network
management systems are tremendous. An effective
system must enhance overall availability by monitoring
and dynamically responding to network failures and
security threats. It has become equally important for a
network management system to increase the extensibility
of a network by adapting to the changing demands of
new services and applications as convergence becomes
a reality. The proliferation of new data services such
as IP Telephony and wireless, in combination with a
rapidly changing business environment, require that a
network respond extremely well to change and network
complexity. A national auto parts distributor makes the
strategic decision to implement a Voice-over-IP (VoIP)
call center; a regional health care facility automates
patient record documentation; a service provider begins
rolling out wireless access points in town centers - a
next generation data infrastructure must include a
management system that can adapt to the specific needs
of each application. Maintaining productivity and cost
management goals will necessitate a system that can
handle this new network.

White Papers

Thats where Extreme Networks comes into the picture.


Extreme Networks has spent its existence working to
provide a platform that manages all of the demands
made on networks with one thought in mind - network
simplicity.

Enter EPICenter
The EPICenter management suite is a key component
of achieving network simplicity. EPICenter is a powerful
yet easy-to-use application suite that facilitates the
management of a network of Summit, Alpine, and
BlackDiamond switches, as well as giving the flexibility
to manage selected third-party devices like Avaya.
Offering a comprehensive set of network management
applications that provide the ability to configure,
provision, monitor, troubleshoot, and manage a rapidly
changing network and its elements, EPICenter delivers
on the basic requirements of network management
while adding valuable and intuitive features that help
save time by streamlining common tasks.
EPICenter uses the underlying principal of simplicity
to help ensure that a network provides carrier-class
availability, to allow flexibility to accommodate third
party applications and devices and to provide a high
level of security. EPICenter offers a comprehensive set
of network management tools that are easy to use from
a client workstation running EPICenter client software,
or from a workstation configured with a web browser
and the Java plug-in. Whether performing configuration
and status monitoring, creating Virtual LANs (VLANs), or
implementing policy-based networking in enterprise LANs,
EPICenter provides simplicity and efficiency. It establishes
a robust and fully available network implementation
while providing the flexibility to accommodate a
constantly evolving network environment.

EPICenter Architecture
EPICenter uses a three-tiered client/server/database
architecture implemented using Java tools. The server
and database applications currently support two of the
most popular operating environments in the marketplace,
Microsoft Windows 2000/2003/XP and Sun Microsystems
Solaris. Integration with HP OpenView and other thirdparty network management software products provides
additional flexibility. EPICenter client leverages the threetier client/server architecture framework represented
by Java applets, and can be accessed using Microsoft
Internet Explorer or with Suns Java Plug-in.
The three major functional component of EPICenter are
the server, the Relational Database and Management
System (RDBMS) and the standalone or browser-based
client.
The server is responsible for downloading applets and
data to the client, monitoring and communicating
with the devices being managed, managing security,
and communicating with the EPICenter database. The
EPICenter server software is based on the Sun Java Web
Server.

Figure 1 gives a general view of the interaction between


the EPICenter functional components.
In recent years, software development has evolved
towards using XML-based Web services as the impetus
for application interoperability. Network management
software now faces the same opportunity. XML provides a
flexible encoding mechanism that is both human readable
and supports programmatic operations. EPICenter
addresses this opportunity by providing northbound
XML APIs from EPICenter that offers extensions to third
party applications. XML allows EPICenter to act as single
intuitive user-friendly interface to an otherwise complex
and changing infrastructure.
For secure management, EPICenter supports HTTPS,
SNMPv3 as well as SSH2/SCP client integration for
encryption and authenticated communication with
network devices.

The RDBMS is Sybase Adaptive Server Anywhere,


containing the information EPICenter uses to manage
identified devices as well as EPICenter users. The database
is used as both a persistent data store and a data cache.
The EPICenter client applications are Java applets that
are either downloaded on demand from the server
to a browser on a client machine or executed by the
standalone client application.

3rd Party
Applications

Windows Client System

Windows or Solaris

Client System

Browser with Java plug-in

Installed Client

Browser

EPICenter Applets

EPICenter Applets

HTML
Reports

TCP Sockets

XML
API

Server System

EPICenter Server
Application Objects

SNMP
Extreme
Devices

Extreme
Device

Relational
Database

Telnet
Third-party
Device

Figure 1: EPICenter Ar chitectur e

White Papers

Extending Management Capabilities:


The Complete Network View

Simplicity

No matter how well designed the environment; the


management of networks can be a difficult job. Changing
the configuration of networks, creating VLANs, creating
protocol filters and assigning routing responsibilities
are all complex functions. EPICenter provides simple
streamlined methods for achieving these tasks by using
powerful management modules. Furthermore, these
tasks can be accomplished without creating a separate
program or telnet session.

EPICenter management suite achieves simplicity through


efficiency and intuitive user interfaces. Most information,
including that found in EPICenter topology maps, VLAN
management, configuration management, and real-time
statistics, is dynamically presented in an easy-to-navigate
hierarchical tree.

Intricate and complex networks may consist of


hundreds of switches and thousands of individual ports.
Keeping track of all of these devices and the network
layout typically require a complete team of network
professionals. EPICenter achieves the same tasks, in
addition to advanced features, with a single application
suite. EPICenter uses a comprehensive feature set
designed to deliver extensibility, availability and security
with an underlying commitment to simplicity.

Network Topology Views


Configuration Manager
Inventory Manager
Firmware Manager
Group Manager

Operational Simplicty
Network Topology Manager
Configuration Manager
Inventory
Firmware Manager
Group Manager

Availability

Security

Extensibility

EPICenter Alarm System

Voice over IP-Avaya Integration

Universal Port Manager

Real-Time Statistic Tool

Universal Port Manager

Dynamic Reporting

IP/MAC Address Finder

Interactive Telnet

VLAN Manager

EAPS Manager

Distribution Server

SNMPv3 & SSH.2

Third-party Device Integration Framework

Table 1: EPICenter V alue Proposition

White Papers

Network Topology Views


Simplicity begins with a detailed real-time view of the
entire network. EPICenters Topology Applet allows
a user to view a network (EPICenter-managed devices
and the links between devices) as a set of maps. These
maps can be organised into sets of submaps that allow
a network to be represented as a hierarchical system
of campuses, buildings, floors, closets, or any logical
groupings. Additional topology views can be created so
that several different representations of a network are
available for different purposes. The hierarchical views
are fully customisable to effectively meet the business
and network requirements of each organisation.
An Auto Populate View is available to enable the
Topology Applet to automatically add device nodes as
they are added to EPICenters device inventory. It also
adds any links that exist between the device nodes,
and organises them into submaps as appropriate. The
resulting maps can be customised by moving elements,
adding new elements, such as links, decorative (nonmanaged) nodes, and text, and customising the device
nodes themselves. The Default view, which appears when
the Topology Applet is first accessed, is auto-populated
with the devices currently in EPICenters inventory.
From the Topology View, other EPICenter functions can
be invoked such as the alarm browser, Telnet, real-time
statistics, a front panel view, the VLAN Manager, or

ExtremeWare Vista for the selected device, or view device


properties from a properties window. This functionality
allows the Topology View to serve as a single point of
entry to many of the functions within EPICenter.

Configuration Manager
Support for extensive configuration management is
crucial as network compliance requirements in ISO
and Sarbanes-Oxley begin to affect the network
management environment. Organisations must control
important information processes and demonstrate that
control through detailed systems and audits. Network
configuration management must support these new
evolving requirements. Baselining and automated
configuration management through EPICenter help to
implement these audits and ensure compliance.
EPICenter Configuration Manager provides a graphical
interface for uploading and downloading configuration
files to and from managed devices. The tool has been
designed to reduce the time and complexity of managing
configurations in large networks of Extreme Networks
devices.
Configuration Manager provides configuration status
and manageability for many devices in the network (see
Figure 4) and provides detailed configuration for a single
device in the network. It can also download ExtremeWare

Figure 2: Topology View

White Papers

and ExtremeXOS software images to Extreme Networks


devices. If a switchs software has not been upgrade in
a while, the automated multi-step upgrade capability
takes care of configuration upload and download,
boot ROM and ExtremeWare or ExtremeXOS software
upgrade all in one go. The configuration manager
provides a framework for storing the configuration files
to allow tracking of multiple versions. Uploads of these
configuration files can be performed on demand, or can
be scheduled to occur at regular times daily or at any
interval chosen.
Information regarding what and who made specific
configuration changes are fully available as audit
information. User audit information is stored in EPICenter
and can be pushed to a report and analysed.
Configuration changes are updated in EPICenter through
Extreme SmartTraps. Extreme Networks switches send
SmartTraps messages to EPICenter whenever a change
occurs in a switch status variable in which EPICenter has
registered interest. These include changes to operating
variables as well as configuration changes made through
other management entities such as the switch Command
Line Interface (CLI). SmartTraps was created as a method
of minimising network management traffic typically
associated with these updates.

Figure 3: Configuration Manager

White Papers

Baselining
Baselining is available in the Configuration Manager
where device configuration files can be uploaded and
stored as baseline configurations or where an existing
saved configuration file can be designated as the baseline
configuration. This provides a means for security audits
and configuration change audits as well as providing
a simple method for fallback to a previous good
configuration. Often, it will make sense to compare a
configuration to the baseline configuration for a device.
A built-in viewer enables the contents of a configuration
file to be viewed from within EPICenter. And with the
availability of an external Diff viewer, two configurations
can be visually compared, and their differences noted.
For each configuration difference found, relevant
device log entries will be scanned and included in a diff
notification report.
Furthermore, comparison of archival uploads with
the current baseline configuration can be pushed to a
specified user through automatically generated emails.

Inventory Manager
Simplicity requires immediate and comprehensive access
to the details of a network. Inventory Manager does this
by
maintaining
a database of all the devices managed or
Inventory
Manager
monitored by EPICenter, including Summit, Alpine and
Simplicity
requires
immediate
andas
comprehensive
access to
BlackDiamond switches
as well
any MIB-II-compatible
the details ofdevice.
a network.
Inventory
Manager
does this to
by the
third-party
Once
a device
is known
maintainingdatabase,
a databasean
of authorised
all the devices
managed
or
EPICenter
user
can configure
it
using
Inventory
Manager,
VLAN Manager,
Configuration
monitored
by EPICenter,
including
Summit, Alpine
and
Manager,
Interactive
optional Policy
BlackDiamond
switches asTelnet
well as or
any the
MIB-II-compatible
Manager.
third-party device. Once a device is known to the EPICenter
database, an authorized user can configure it using Inven-

Detailed device information is provided through a visual


tory Manager,
VLAN Manager,
Configuration
Manager,
device
representation
(interactive
front and
back panel
Interactive
Telnet
or the
optionalconfiguration
Policy Manager.and status
views)
along
with
detailed
information (see Figure 5). Switch configuration can
Detailed
deviceand
information
provided
through
visual
be
changed
devices iscan
be added
to aor
deleted
device EPICenters
representationinventory
(interactive
front and back
panel
from
database.
Auto-discovery
views)
along with
detailedand
configuration
status informaof
Extreme
Networks
third-partyandMIB-II-compliant
devices
quick configuration
inclusion of can
devices
into the
tion (see facilitates
Figure 4). Switch
be changed
management
can be
and devices cansystem.
be addedAdditionally,
to or deleted information
from EPICenters
inventory database. Auto-discovery of Extreme Networks

Figure 4: Inventory Manager

Extreme
Networks
White
exported into a comma-separated
file for
easy access
via Paper
any spreadsheet application.
All Extreme Networks devices and selected third-party
devices can display a device-specific front panel view in
the Summary view. In addition, numerous vendor-specific
and third-party
MIB-II-compliant
facilitates
quick
generic
images are
available fordevices
additional
third-party
devices
andofadevices
standard
image can
be displayed
inclusion
intogeneric
the management
system.
Additionforally,
all information
other unknown
devices. into a comma-separated
can be exported
file for easy access via any spreadsheet application.

As a means of expediting service calls, device reports


All Extreme Networks devices and selected third-party
can be generated from the Inventory Manager and
devices can
display a for
device-specific
panel Networks
view in the
exported
specifically
sending tofront
Extreme
SummarySupport
view. In addition,
vendor-specific
Technical
(TAC). numerous
This increases
the ease of
generic images
available
for additional
third-party
interaction
with are
TAC,
covering
all trackable
equipment
devices
and a standard
genericstatus
image checks
can be displayed
for
and
components
for service
by Extreme
all
other
unknown
devices.
Customer Advocacy.
As a means of expediting service calls, device reports can
be generated from the Inventory Manager and exported
specifically for sending to Extreme Networks Technical
Support (TAC). This increases the ease of interaction with
TAC, covering all trackable equipment and components for
service status checks by Extreme Customer Advocacy.

Figure 4: Inventory Manager

White Papers

Firmware Manager
EPICenter advances and simplifies the process of
upgrading networks with Firmware Manager. Firmware
Manager is used to obtain, manage and download the
most current ExtremeWare software and boot ROM
images for switches and modules. Specifically, the
Firmware Manager is used for:
Downloading boot ROM images to one or more
devices.
Downloading new slot software images to one
or more Extreme Networks modules.
Downloading boot ROM images to one or more
Extreme Networks modules.
Specifying ExtremeWare software images
as recommended images. The Firmware
Manager compares the image currently running
in a switch to determine if the switch is running
the recommended or most current image.
Retrieving the latest ExtremeWare and
ExtremeXOS software images from the Extreme
Networks website.

Figure 5: Firmware Manager

White Papers

Performing multi-step upgrades to upgrade


software and boot ROM images on Extreme
Networks i-series devices.
Firmware Manager is able to track the firmware versions
installed on Extreme Networks devices, compare them
with the currently available releases, and indicate if the
device is running the most current release. EPICenter
can automatically download from the Extreme Networks
web site a list of the current images that are available
for installation. The Firmware Manager is represented in
Figure 5.

Group Manager
EPICenter has been designed with an overall goal of user efficiency. Group Manager is an excellent example of an
implementation of this goal. By using the Group Manager, changes can be applied and actions taken on multiple
devices in a single step, thus increasing productivity and effectively reducing costs. The Group Manager allows a user
to collect network resources, such as devices, ports, users, hosts, and VLANs, into groups that can be manipulated or
managed as a single entity. Group Manager is represented in Figure 6.

Figure 6: Group Manager

Availability
Ensuring network and service resiliency has traditionally been the cornerstone of network management systems.
Availability must continue to be a strong focus as new service offerings, security threats and scalability demands are
placed on networks. EPICenter delivers many advanced features to continue providing a robust and available network
despite these new network requirements.

EPICenter Alarm System


Real-Time Statistics Tool
IP/MAC Address Finder
Spanning Tree Monitor
ESRP Manager

White Papers

EPICenter Alarm System


The original focus of network management systems was fault detection and recovery. However, the requirements
for network availability have become even more important and more complex today as mission critical data and
real-time traffic increasingly rely on data networks. EPICenter Alarm System (see Figure 8) takes fault detection and
alarm handling to a new level of sophistication. EPICenter will report on Extreme Networks devices and some thirdparty devices - those that the EPICenter software can include in its inventory database. The Alarm System provides
predefined alarms that immediately report conditions such as authentication or login failures, device problems and
reachability problems. It also provides customisation by allowing a user to define their own alarms that will report
errors under conditions that they specify, such as repeated occurrences or exceeded threshold values.
Fault detection is based on SNMP traps, syslog messages, and some polling. The Alarm System supports SNMP MIB-2,
the Extreme Networks private MIB, Remote Monitoring (RMON) traps and selected traps from other MIBs. Alarms can
also be configured based on certain event thresholds, or on the content of Syslog messages. When an alarm occurs a
user can specify actions such as sending e-mail, forwarding a trap, running a program, running a script or sounding
an audible alert.

Figure 7: EPICenter Alarm System

White Papers

Real-Time Statistics Tool


Real-time data monitoring and statistics are a necessity for maintaining a fully available network. In EPICenter, the
Real-Time Statistics tool provides an interface for viewing multi-port and multi-device port statistics in real-time.
Utilising RMON data from the switches, this tool allows a user to view the port utilisation and errors in a variety of
ways. Graphic displays include pie chart, bar, stacking bar, line and table views. Display filters are provided to sort
views based on a configurable top N ports (where N is the maximum number of ports that can be configured). An
example of port statistics for a device is displayed in Figure 8.

Figure 8: Statistic Tool

White Papers

IP/MAC Address Finder


Sometimes the best way to isolate a problem is to run a search. Address location and isolation are imperative aspects
of network troubleshooting. The MAC/IP Address Finder tool provides a simple and powerful interface for finding out
where on the network Layer 2 MAC and Layer 3 IP addresses have been learned and located. In addition, the MAC/IP
address finder can run simultaneous search jobs to more effectively troubleshoot on a network-wide basis. This finder
can find devices running ExtremeWare or ExtremeXOS operating systems. An example of IP/MAC Address Finder is
shown in Figure 9.

Figure 9: IP/MAC Address Finder

White Papers

Ethernet Automatic Protection Switching Manager


Ethernet Automatic Protection Switching (EAPS) provides carrier-class network resiliency and availability to enterprise
and metro Ethernet networks. EAPS brings fault-tolerance to Layer 2 ring topologies by providing a loop-free operation
and a sub-second ring recovery. This revolutionary technology can provide end users with a continuous operation
usually only available in voice networks, and does so with radical simplicity.
EPICenter EAPS Manager (see Figure 10) helps monitor EAPS rings through a graphical display of network nodes with
respect to their EAPS implementation. With its multiple status displays and the ability to focus on individual EAPS
domains, it can also help debug EAPS configuration problems in the network.

Figure 10: EAPS Monitoring

White Papers

The EAPS Manager can identify and display the status of EAPS rings, including Master and Transit nodes, link status,
and a variety of status information. Detailed status for domains, devices and links is presented in the form of multiple
tables (see Figure 11).

Figure 11: Viewing Detailed Domain and Device Status in EAPS Manager

The EAPS Manager can also run a configuration verification which produces a report (see Figure 12) that details
configuration errors detected among EAPS nodes or domains. Users can run an EAPS log report to see EAPS traps and
EAPS-related syslog entries that have occurred for a selected device. This report can be very helpful in troubleshooting
your EAPS device configurations.

Figure 12: EAPS Verification Report

White Papers

Extensibility
Convergence is becoming more of a reality today as
dissimilar communications services are better served by
a single data network resource. As a result, networks
are moving to a best-of-breed strategy where individual
components in the network are chosen for their unique
ability to handle an application. A network management
system must provide complete vision and control into this
cloud of heterogeneous network equipment. EPICenter
has functionality today that allows an immediate
transition into new technologies and is future-proof
against additional network changes down the road.
Universal Port Manager: The power of
ExtremeXOS scripts and Universal Port profiles
made simple
VoIP Management - Universal Port Manager and
Avaya Integration
Interactive Telnet
Third-party Device Integration Framework

Universal Port Manager:


The power of ExtremeXOS scripts and
Universal Port profiles made simple
ExtremeXOS Universal Port is a framework that allows
the switch to take direct action based on user events,
device Link Layer Discovery Protocol (LLDP) events, timers,
or user requests. The switch executes dynamic profiles
based on these events or timers. Users can request
switches to execute a profile on demand as well.
EPICenter Universal Port Manager (see Figure 13) offers
centralised tools to design, test, troubleshoot, deploy and
monitor event-driven edge policy provisioning based on
ExtremeXOS Universal Port dynamic profiles. It also eases
management of ExtremeXOS static profiles and scripts,
which can be used to simplify network configurations.

Figure 13: Universal Port Manager

White Papers

The auto discovery feature in Universal Port Manager helps in centralised monitoring and management of networkwide profiles. Universal Port Manager allows users to audit currently deployed profiles on port(s) and see how the
deployed versions differ from the ones maintained in EPICenter, both in terms of content and event binding. It can
also help find profiles that were deployed using EPICenter but are now missing from the network. Import and Export
capabilities provide more flexibility to users by allowing for sharing of Universal Port profiles. Audit Log (see Figure 14)
capability in Universal Port Manager helps users keep track of profile actions taken on the network. Users can review
execution results and redeploy profile(s) from within the Audit Log.

Figure 14: Audit Log in Universal Port Manager

White Papers

Universal Port Manager provides a user friendly editor (see Figure 15) to ease creation of Universal Port profiles. It
makes it easy for users to start rolling out this powerful Plug-and-Play capability with some pre-packaged profiles
that can be directly deployed or used as templates for creating new profiles. Universal Port Manager easily allows full
use of the mechanisms that can be applied to ExtremeXOS Universal Ports for binding profiles to timers and trigger
events. It makes deployment easier by providing an intuitive user interface that allows mass deployment of profiles
to devices, device groups or port groups. Universal Port Manager also provides an Audit Log so users can review the
actions taken on switches. Universal Port Manager delivers on write once, use multiple times, by providing for meta
data tags that allow parameterisation of scripts so users can alter those parameters during deployment to suit the
situation at hand.

Figure 15: Editing Profiles Using Universal Port Manager

White Papers

Universal Port Manager also aids users in debugging profiles. One of the biggest problems users face in debugging
trigger-based systems is not being able to reproduce the scenario. Universal Port Manager makes troubleshooting
easier by providing for simulation of trigger events and viewing results of profile executions (see Figure 16).

Figure 16: Testing Profiles Using Universal Port Manager

Voice-over-IP
In the past few years, VoIP has become a clear and viable alternative to traditional PBX-based phone systems. As
companies scramble to adopt this new technology, EPICenter meets the demand head on with a strong feature set for
VoIP implementations. Most notably, the VoIP Manager module enables a user to configure QoS parameters for VLANs
that are used for voice traffic. A user can easily identify VLANs that contain IP phone ports, specify which ports in the
VLAN are the egress ports for VoIP traffic, and configure the priority and bandwidth parameters for those VLANs. For
each VoIP VLAN, a user can specify the compressions algorithm and QoS profile settings.
The VoIP manager (see Figure 14) computes the minimum bandwidth required for acceptable VoIP performance based
on the number of VoIP phone ports in combination with the compression rates used in the IP phones for coding/
decoding voice traffic. The VoIP manager can then configure the appropriate QoS settings on the switches that the
VoIP VLANs reside.
A Voice VLAN Summary Report and a VoIP Details Report are available from the EPICenter Dynamic Reports page. The
summary report provides a list of the VLANs that have been selected as VoIP VLANs, along with the switches that are
included in those VLANs.
In addition, phone reports (See Figure 15) can be run in EPICenter to obtain a list of all discovered IP phones for
inventory status information and provide a mapping between IP phone extension, MAC and IP address and the
Ethernet switch port. This information can be used for status and troubleshooting purposes.

White Papers

Avaya Integration
Extreme Networks has paired with Avaya to provide
simplicity for deployment and management of a
converged network, security to protect infrastructure and
data, as well as tools to allow optimum use of resources.
By using an open, standards-based approach, customers
will benefit from choice as well as having access to future
applications that can be integrated.
The joint development activities between Extreme
Networks and Avaya are focused in the following areas:
Integrated Network and VoIP Management
Real-time network monitoring and proactive
testing
Discovery and authentication services
Plug-and-Play deployment
Integration of applications and network
infrastructurethe application aware network
EPICenter provides a set of tools that enable managing
and troubleshooting Avaya voice and Extreme Networks
infra-structure networks in a seamless manner. This
provides the benefits of a coordinated VoIP network
solution that will utilise runtime capabilities and

information of both Extreme Networks and Avaya


products and, in turn, offer a full scope of network and
service management.
EPICenter network management and Avaya Integrated
Management tools are both able to discover products
from Extreme and Avaya. If an Avaya device is selected
in any EPICenter view, its corresponding embedded
web-based management interface or Avaya Integrated
Management tool will be launched and the user can
manage the device. If an Extreme Networks device is
selected in any Avaya Integrated Management view, then
EPICenter will be launched allowing the user to manage
the Extreme Networks device. Both tools exchange
information, combining network level information
with application level VoIP information. Any device or
network faults are visible using both tools. Detailed
port information, including power usage on PoE ports
is available. EPICenter support standards based Link
Layer Discovery Protocol for Avaya devices. This protocol
prompts faster discovery of Avaya devices. EPICenter
shows Avaya gateways and switches in Topology View
and Inventory Manager. Figure 16 gives an example
using EPICenter Inventory Manager.

Figure 17: Avaya Device in Inventory Manager

White Papers

Interactive CLI Macros


EPICenter also offers advanced telnet operations. Users
with Administrator or Manager access can view and
modify configuration information for Extreme Networks
switches (Summit, Alpine and BlackDiamond switches)
and third-party devices managed by EPICenter using the
interactive Telnet feature (see Figure 18) and the Extreme
Networks CLI.
The Telnet feature provides two usage modes:
A macro view with Macro Player and Macro
Editor tabs: a user can set up context-based CLI
command macros, define variables to be used in
commands within the macro, and run them on
multiple switches in a single operation. A macro
can also be set up to run repeatedly, and can
be saved in the EPICenter database for future
use. Macros that are created in the macro editor
can be executed from other areas in EPICenter,
accessed through right-click pop-up menus or
the EPICenter Tools menu.
An individual session mode: a user can open
a session on an individual device, and execute
commands just as they would from a standard
Telnet interface.

Figure 18: Interactive Telnet

White Papers

The Telnet feature allows the scripting and playback


of groups of CLI commands (macros) to a selection of
Extreme Networks switches. This feature can also be
used to run an interactive Telnet session on an individual
switch, including third-party switches.

EPICenter in a Multi-Tool and


Multi-Vendor Environment
EPICenter has been explicitly designed to be usable
in multi-tool environments. Overlapping EPICenter
functionality can be hidden on a per applet basis to avoid
user confusion.
EPICenter is capable of managing non-Extreme Networks
devices as well. It can discover any device running an
agent that supports MIB-2. If users add these thirdparty devices to EPICenter, they can see these devices in
Inventory Manager and on Topology Maps, receive basic
MIB-2 traps, and also use SSH/Telnet capabilities to run
CLI commands on the device.

Users can enable this tighter integration with a minimum


of configuration changes. The integration is achieved
by simply adding or editing XML, text and image files
to accomplish different levels of integration. Users can
control each aspect of device integration independently.
For example, they can integrate a device into the
Inventory Manager but may elect not to integrate trap
support in the Alarm System. The third-part integration
framework in EPICenter has been tested with a series
of Avaya devices but also ships several sample device
descriptions for 3Com, Cisco, Compaq and Ericsson (see
Figure 19). For detailed instructions on how to use the
third-party Device Integration Framework in EPICenter
to manage non-Extreme devices, please refer to the
EPICenter Solutions Guide.

In addition to the generic support for third-party


devices described above, third-party device integration
framework in EPICenter provides more extensive support
for non-Extreme Networks devices. Once a device is
integrated using the third-party integration framework,
users can access EPICenter to see front and back panel
views in the Inventory Manager, receive traps, use
both interactive Telnet and Telnet macros and launch
third-party proprietary device-related tools from within
EPICenter.

<?xml version="1.0" encoding="utf-8" ?>


- <deviceType name="Avaya" version="1" parent="3rd Party"
<identity
>
<sysObjectID protocol="SNMP">6889</sysObjectID>
</identity>
<attributes>
<vendor>Avaya</vendor>
<imageIconsFileName>avayaicons.gif</imageIconsFileName>
<CLI.LOGIN_PROMPT>Login:</CLI.LOGIN_PROMPT>
<CLI.PASSWORD_PROMPT>Password:</CLI.PASSWORD_PROMPT>
<CLI.SHELL_PROMPT>[#>][ ]$</CLI.SHELL_PROMPT>
<CLI.MORE_PROMPT>q to quit</CLI.MORE_PROMPT>
<DEVICE_MANAGER>true</DEVICE_MANAGER>
</attributes>
</deviceType>

>

Figure 19: Integrating Non-Extr eme Networks Devices into EPICenter

White Papers

Network Security
EPICenter takes into account the inexorable necessity
for network security by addressing threats from multiple
angles. Robust network management security is provided
through encryption and extensive user access functions
while contribution to overall network security is provided
through functionality accessed in related EPICenter
management modules.
Network Management Security
Universal Port Manager: Securing Your Network
with Dynamic Security Policies
Dynamic Security Policies
Dynamic Reporting
VLAN Manager

Network Management Security


Ensuring the integrity and privacy of Network
Management communications is the first priority of a
Network Management system.
To provide a secured Network Management, EPICenter
supports SNMPv3 (encryption and authentication),
HTTPS and SSH-2 as communication protocols. The SSH2 protocol provides a very secure and efficient method of
creating an encrypted channel for logging into EPICenter.
SNMPv3 provides authentication and privacy, encryption,
and authorisation and access control. SNMPv3 is designed
to be secure against:
Modification of information attacks, where an
in-transit message is altered.
Masquerades, where an unauthorised entity
assumes the identity of an authorised entity.
Message stream modification, including delay
and replay attacks.
Disclosure: Ability to sniff packet exchanges and
learn about the contents.

Universal Port Manager: Securing Your


Network with Dynamic Security Policies
EPICenter Universal Port Manager takes network security
a step further by allowing users to create, deploy and
monitor static or dynamic event- based security profiles
provided for ExtremeXOS devices. Universal Port Manager
makes it easy for users to create a security profile and
mass deploy it to the network (see Figure 20).
One primary function of access-based security policies
is to protect core network resources by controlling and
enforcing security for user access at the point of entry to
the network (e.g. edge network devices). Users can be
granted or denied access to certain areas of the network
and users can be given different service level guarantees
by the use of different QoS profiles.
Static Universal Port profiles can be defined in conjunction
with dynamic policies profiles to establish a baseline
security access level and QoS level for all users. Typically,
these static profiles would be used to deny access to
sensitive network resources and to provide a base level
QoS. These static profiles can be verlayed with dynamic
profiles that are triggered based on user authentication
and unauthentication.
Universal Port Manager makes it really simple to then
mass deploy the security profiles to the network. If the
users would like this profile to be activated based on
authentication/unauthentication, Universal Port Manager
allows them to do so.
Another scenario that is painstakingly cumbersome to
take care of is time of the day security. Users may
want to have different kinds of security applied to their
network during different times of the day. This need
may range from shutting down the access completely to
whole or part of the network based on time. Another
scenario may be the need to apply different kind of
QoS parameters to the network based on time of the
day. Universal Port Manager helps solve this problem by
allowing users to deploy multiple profiles to the network
that can be tied to the time of the day they kick in. This
allows the network to automatically secure itself based
on time of the day without any intervention from
administrators.

VLAN Manager
A virtual LAN (VLAN) is a group of location and
topologyindependent devices that communicate as if
they were on the same physical LAN. Security is just one
of the many benefits of implementing VLANs. VLANs
inherently offer security by segmenting network users
based on authorised permissions.
EPICenter VLAN Manager is an enterprise-wide
application that manages many aspects of VLANs on
Extreme Networks Summit, BlackDiamond and Alpine
switches. Any EPICenter user can view status information
about the VLANs known to EPICenter across the network.
Users with the appropriate access can create and delete

White Papers

Administrator configur es user gr oup policies


(VLAN, ACLs, por t speed, Dot1p priority , etc.)
then maps policies to user gr oups

User logs on to the network

User

Administrator

RADIUS Ser ver


EPICenter Ser ver

RADIUS ser ver pushes user gr oup via


Vendor Specific Attributes (VSA)

Switch configur es VLAN, ACLs, por t speed,


Dot1p priority . . . on the por t

Administrator pushes
policies to switch

Figure 20: Example of a User-Based Dynamic Profile

VLANs, add and remove ports from existing VLANs, and


create and modify the protocol filters used to filter VLAN
traffic. When creating or modifying a VLAN, EPICenter
will determine whether there is connectivity between the
devices that have been included in the VLAN, and if not,
it can recommend ports and devices to add in order to
achieve connectivity.

Dynamic Reporting
All the management and viewing capabilities in the world
arent worth a dime without reporting capabilities that
will allow network managers to track and communicate
trends and analyses.

The Network Summary Report displays summary status


of the devices that the EPICenter server is managing, and
information about the version and patch level and status
of the EPICenter server.
EPICenter Dynamic Reports include a series of HTML
reports that present a wide variety of information about
a network and the devices EPICenter is managing.
These reports can be loaded quickly, even over a dialup connection, and can also be printed. Some of these
reports are actually tools to help access information
helpful for debugging problems with EPICenter or the
network devices being managed by EPICenter.

EPICenter has a series of predefined HTML pages that


show graphical representations of port link-status,
environmental status and physical configurations. A
statistical program is also available that provides graphs
and charts depicting the networks performance.
Customer reports can be made by modifying the existing
HTML or by writing new TCL scripts.
EPICenter provides sets of HTML-based reports that show
information about managed devices. The reports fall into
two categories; Network Summary Report and EPICenter
Dynamic Reports.

White Papers

Report/Tool

Detail

eSupport Report
Devices

Export Report for Use with eSupport Web Site


Device Inventory
Device Status Report
Slot Inventory
Interface Report
Unused Port Report
VLAN Summary
Voice VLAN Summary Reports
Alarm Log
Event Log
Syslog Log
Wireless Summary
Wireless AP (Port Inventory)
Wireless Interface
Safe AP MAC List
Rogue APs
Rogue AP Alarms
Network Login
Current Clients
Client History
Spoofed Clients
Unconnected Clients
Network Login
Current Clients
Client History
Spoofed Clients
Unconnected Clients
MIB Poller Summary
MIB Query
Server State Summary
Debug EPICenter
Resources to Attribute Mapping
User to Host Mapping

Slots and Ports

VLAN
Logs

Wireless Reports

Client Reports

MIB Poller Tools


EPICenter Server
Miscellaneous

Table 2: Dynamic Reporting

White Papers

EPICenter and FCAPs


FCAPS provides a categorical model of the working objectives of network management. The following EPICenter
feature-mapping diagram (Table 2) outlines functional adherence to FCAPS disciplines.

Fault

Configuration

Accounting

Performance

Security

Real-time statistics
Alarm System
Topology Manager
IP/MAC address finder
EAPS Manager

Configuration Manager
Group Manager
VLAN Manager
Topology Manager
Report Manager
EAPS Manager
Universal Port Manager

Inventory Manager
Report Manager

Real-time statistics
Topology Manager
Report Manager

Administration tools
IP/MAC address finder
Policy Manager
Report Manager
Universal Port Manager

Table 3: EPICenter Feature-Mapping Table

EPICenter Licensing: Growing With Your Needs and Your Network

Functionality

EPICenter grows with your network and your needs via a simple license key based mechanism. Scalability can be
extended with EPICenter Gold Upgrade. EPICenter Advanced Upgrade provides EAPS Applet, Universal Port Manager
for ExtremeXOS-based devices and Policy Manager for ExtremeWare-based devices. Universal Port Manager and Policy
Manager add more detailed control and monitoring of QoS, Access Control Lists (ACLs) and Network Login-/802.1xbased network access security. EAPS Manager allows users to view status of EAPS rings and validate configuration of
EAPS enabled devices. No reinstallation is required to turn on advanced capabilities or greater scalability, which also
keeps support costs for Extreme Networks low. This mechanism allows Extreme Networks to offer EPICenter at a very
competitive price.

Advanced
Upgrade

Table 2: Dynamic Repor ting

Base

Gold
Upgrade
Scalability

Figure 21: EPICenter Licensing

Summary
EPICenter is a future-proof management platform capable of establishing and maintaining networks that are
undergoing rapid change due to convergence. EPICenter determines a new benchmark for accommodating
convergence applications by offering intuitive user interfaces and by focusing on reducing the complexity of managing
expansive network environments. It offers an open architecture, able to accommodate a multi-vendor, service rich
environment that helps to enable voice-class availability and establish robust security policies. A 30-day demo of
EPICenter is available through the Extreme Networks internet.

White Papers

Quality of Service for Voice-over-IP Networks


There is growing interest in deploying Voice-over-IP (VoIP) services in the enterprise environment. While
common applications such as file transfer or web access do not need Quality of Service (QoS) mechanisms
in most environments, popular voice encoding algorithms might need support from QoS mechanisms
in some network environments. This paper discusses the reasons that QoS mechanisms might be
important, discusses approaches to deploying the Ethernet precedence and IP Type-of-Service to
support QoS, and also discusses potential pitfalls with such deployments.

Quality of Service for


Voice-over-IP Networks
There is growing interest in deploying Voice-over-IP
(VoIP) services in the enterprise environment. While
common applications such as file transfer or web access
do not need Quality of Service (QoS) mechanisms in most
environments, popular voice encoding algorithms might
need support from QoS mechanisms in some network
environments.
When a network deployment has been carefully
engineered and is over-provisioned throughout, then no
network congestion is possible and QoS mechanisms will
not be needed. However, over-provisioning of bandwidth
is less common in enterprise networks. In enterprise
networks where congestion might occur, deploying QoS
mechanisms can provide significant improvements to the
quality of VoIP service.
This whitepaper discusses the reasons that QoS
mechanisms might be important, discusses approaches
to deploying the Ethernet precedence and IP Type-ofService (ToS) to support QoS, and also discusses potential
pitfalls with such deployments.

Introduction
Voice applications have long been used with datagram
networks, such as the Internet. For example, audio/
video applications have been used for over a decade
on the Multicast Backbone (MBONE). VoIP deployments
are increasingly common in commercial environments,
primarily because of the potential cost savings. Recently,
there has been growing commercial interest in the use
of VoIP as an adjunct to or replacement of traditional
telephone service.
When using multimedia on the Internet, the multimedia
application has to take an analog natural signal source,
such as a human voice, and use an encoding algorithm
to convert the analog source into digital format for
packetisation and transmission through the network.
After the voice has been encoded and compression or
error correction coding added, it is placed into a data
packet and sent through the network. Commonly,
multimedia data is framed using the Real-Time Protocol
(RTP) and then sent via the User Datagram Protocol
(UDP).
Depending on the desired multimedia quality, the
encoding being used, and the nature of the underlying
network between the source and the destination,
problems could arise with delay, jitter, and/or packet loss.
Different encoding algorithms have different abilities to
tolerate delay, jitter, and data loss. Hence, voice encoding

White Papers

algorithm evaluation and selection are critical tasks when


system engineering a VoIP solution.
Network QoS mechanisms are one way to help ensure
that the desired multimedia quality is delivered when
delay, jitter, and/or packet loss are potential concerns.
A number of standards exist that can provide QoS
capabilities in IP-based networks.
This whitepaper provides a discussion of circumstances
when network QoS mechanisms might be helpful or
needed, some candidate network QoS mechanisms
to consider for deployment, a candidate deployment
strategy, and finally the residual issues that should be
considered before deploying network QoS mechanisms
in a network. The focus of this paper is an enterprise that
has its own IP network and is deploying VoIP services
within that network. Deployment scenarios involving
more than one organisation are outside the scope of this
paper.

Network Design Considerations


Many commercial IP backbones have been carefully
engineered so that congestion cannot occur within the
backbone. Typically, this involves over-provisioning the
backbone bandwidth so that the backbone capacity
exceeds the maximum possible load that could be placed
upon it. However, many customers of such backbones
have access links connecting to the backbone with less
capacity than the maximum possible load on that link. So
in modern IP networking, most access links experience
traffic congestion.
While congestion avoidance algorithms built into
commonly used transport-layer protocols like the
Transmission Control Protocol (TCP) or the Stream
Control Transport Protocol (SCTP) automatically detect
congestion and reduce the load on the network, it
typically takes at least one round-trip time for the
congestion avoidance algorithms to help reduce the load
on the congested link.
If a link is experiencing congestion, queuing and packet
loss are possible results. Depending upon how the
network is configured, periodic congestion can also cause
significant variation in the network delay experienced
by packets from some source to some destination. This
variation is commonly known as jitter. If the network has
more jitter than the voice-encoding algorithm in use can
tolerate, then either the encoding algorithm in use has
to be changed or the way the network is engineered
has to be altered. The two primary network engineering
choices are to increase provisioned bandwidth such that
congestion no longer occurs, or to deploy one or more
QoS mechanisms within the enterprise network.

Network QoS Mechanisms


QoS is a long-standing research topic for the Internet. So
far, no QoS mechanism has ever been widely deployed
across the Internet for the following reasons:
Internet applications are typically designed to
adapt to changing network conditions.
Deploying inter-domain QoS tends to create
significant operational security issues.
Most commercial IP backbone operators find it
less expensive to over-provision capacity than
to deploy and operate more complex network
configurations that include network QoS
mechanisms.
In the mid 1990s Internet Engineering Task Force (IETF)
tried to standardise the Resource Reservation Protocol
(RSVP) as a QoS mechanism. This effort did not lead
to widespread implementation or deployment of that
technology. Early commercial implementations of
RSVP experienced serious scaling problems. Therefore,
the operational networking communities like North
American Network Operators Group (NANOG) and
European Operators Forum (EOF) concluded that RSVP
lacked sufficient scalability to be practical for per-flow
QoS. RSVP remains in use for a very different purpose:
as a signaling protocol option for Multi-Protocol Label
Switching (MPLS) deployments. However, RSVP for perflow resource reservation is neither widely-available nor a
good design option for IP network deployments today.
Two mechanisms that are openly specified and widely
available in commercial networking equipment are
Ethernet Precedence, which was originally specified in
IEEE 802.1P, and IP ToS. IP ToS is defined identically for
both IPv4 and IPv6, so this paper will refer to IP and
mean both IPv4, and IPv6. The general design approach
outlined here is to mark and police traffic at the edge of
the packet network, while applying QoS throughout the
packet network.
It is important to note that not all implementations of
a given standard are of equally high quality. There are
often significant differences in quality between one
implementation and another. So it is important to
actually test the networking equipment in a laboratory
before selecting it for deployment in a packet
network. Subsequent sections of this paper highlight
implementation details that are likely to significantly
impact the quality of a VoIP deployment. It would be
prudent to consider each of those points as part of the
overall systems engineering for VoIP services.

Over-Provisioning Bandwidth
Over-provisioning bandwidth is the oldest QoS
mechanism in the Internet community. In a Local Area
Network (LAN) environment, fiber-optic backbones have
been common since the advent of Fiber Distributed
Data Interface (FDDI). Since Gigabit Ethernet, and now
10 Gigabit Ethernet, have appeared, over-provisioning
of LAN and even Metropolitan Area Networks (MANs)
has become even more common, in large part because

of the significant reduction in capital cost required to


overprovision bandwidth.
There are tradeoffs to adopting over-provisioning as
ones QoS mechanism. Capital costs may be higher,
however operational costs are usually lower because the
network design is simpler. The network operator does
not need to configure, operate, or trouble-shoot any
other QoS mechanism if the network is over-provisioned.
An additional benefit of an over-provisioned network
core is that it cant be disrupted by a Denial of Service
(DoS) attack originating at the edge of the network.

Ethernet Precedence
Ethernet is by far the most widely used technology in
LANs today and is likely to remain so in the future. In the
late 1990s, the IEEE standardised various extensions to
Ethernet, for example support for Virtual LANs (VLANs).
IEEE also extended Ethernet by adding a QoS mechanism,
Ethernet Precedence, which was originally specified in
IEEE 802.1p. This extension specifies a 3-bit field within
the VLAN tag header that is used to carry precedence
information. There are 8 precedence values, numbered 0
through 7, with precedence 7 being the highest priority.
This scheme maps directly to the IP Precedence bits.

Ethernet Precedence Implementations


Many Ethernet switches now implement support for
Ethernet Precedence. In better implementations, it is
possible to guarantee some minimum bandwidth amount
for each QoS value. Typically, such implementations will
make any guaranteed capacity that is unused available
for traffic having other QoS values. Equipment varies
widely in the forms of queuing that are supported
within an 802.1p implementation. A variety of queuing
algorithms can be found, most commonly strict priority
queuing and weighted round-robin are used. Although
the IEEE standard specifies 8 different precedence values,
not all Ethernet equipment supports a full 8 queues
per port. Some equipment that implements the 802.1p
specification supports 8 queues per port, others support
only 4 queues per port, or even 2 queues per port. As
will be discussed later, 3 queues per port is a practical
minimum needed to support two different QoS levels for
user traffic within a real operational network, though
8 queues per port is needed to support full military
precedence.
Some Ethernet equipment will evaluate the precedence
tag on ingress and use that information to mediate
access to the switch backplane, which helps ensure that
higher precedence traffic gets higher priority access to
the switch backplane. By contrast, some other equipment
does do this, in which case lower precedence traffic delay
backplane access for higher precedence traffic.
Moreover, not all Ethernet switches offer all of
capabilities. The network engineer should carefully and
test equipment to ensure that it has full capabilities to
support all kinds of network traffic.

White Papers

IP Type-of-Service (ToS)
IP has long supported a per-packet QoS marking in its
ToS field. This 8-bit field originally used 3 bits to support
8 precedence values, along with some handling flags in
the remaining 5 bits. While the precedence values were
widely supported in early IP routers, not all products
supported them.
The designers of the IP Precedence model simply adopted
a long-standing message handling precedence scheme
of the U.S. Department of Defense (DoD). In this scheme,
there are 6 precedence levels for user-traffic, ranging
from Routine used for most traffic to Flash Override used
only in a dire emergency. In addition, the IP Precedence
model has 2 precedence values higher than those used
for any user traffic. The highest precedence value is called
Internet Control and is normally used for control traffic
that can affect network availability and stability across
multiple administrative domains (e.g. Border Gateway
Protocol which carries inter-domain routing information).
The second-highest precedence value is called Network
Control and is normally used for traffic control that can
affect network availability and stability within a single
administrative domain (e.g. Open Shortest Path First,
which carries intra-domain routing information).
The IP Precedence model ensures that critical network
control traffic is given higher precedence than any user
traffic. Should user traffic ever crowd out that network
control traffic, the network would probably develop
faults that would ultimately prevent user traffic from
reaching its intended destination. Further, if the network
were to develop non-protocol faults (e.g. a fiber cut),
the network control traffic would be crucial to letting
the network discover that fault and automatically route
around the damaged section(s) of the network.
More recently, the IETF has produced the Differentiated
Services (DiffServ) specification that provides an alternate
set of interpretations for this 8-bit ToS field. Further, the
IETF defines some packet handling specifications for use
with DiffServ. The two IETF specifications for DiffServ
packet processing are known as Assured Forwarding (AF)
and Expedited Forwarding (EF). The DiffServ specifications
were carefully written to remain backwards compatible
with the JANAP-128 precedence model.
There is a common misconception that only EF is well
suited for handling voice traffic, because EF was originally
designed for carrying voice traffic in the U.S. Department
of Energys research Energy Sciences Network (ESnet). In
fact, experience has shown that AF is also well suited
for use with voice traffic. The EF specification contains
specific suggestions on how to calculate delay and jitter
bounds for a given EF implementation. While the AF
specification does not contain specific suggestions, both
delay and jitter bounds for AF processing can also be
calculated.

IP Type-of-Service Implementations
Better quality DiffServ implementations offer a finergrained set of queuing configurations to the network

White Papers

operator, rather than merely offering the operator the


two coarse-grained options of AF or EF. For example,
better implementations offer the operator a choice
of queuing algorithms, commonly including Priority
Queuing, Weighted Fair Queuing, and Weighted
Random Early Drop (WRED). Better implementations
permit each queue an allocation of minimum and
maximum bandwidth that will always be available for
traffic in that queue. The remainder of this paper will talk
about the QoS configuration in more detail than merely
referring to AF or EF would permit. It is recommended
that equipment that permits such fine-grained QoS
configuration, not mere DiffServ support, be used as this
helps the resulting deployed network configuration to be
fully successful.
It is important to select and deploy networking equipment
that has all of these capabilities, ideally including 8
queues per port, a variety of queuing algorithms, and the
ability to provision minimum and maximum bandwidths
for each queue.

Ethernet and IP QoS Comparison


Since Ethernet Precedence and IP Precedence both specify
8 precedence values or QoS queues, it is straightforward
to use these two mechanisms in tandem to provide endto-end QoS within the packet network. To do so, it is
important that the deployed network equipment support
both mechanisms. Table 1 shows the mapping between
the Ethernet Precedence and IP Precedence, along with
original JANAP-128 mapping that the DoD uses for each
QoS value.

QoS Filtering Implementations


While the standards define how a QoS marking is
represented in an IP packet header or Ethernet frame
header, the standards do not define how to ensure
that a given packet or frame contains the correct QoS
marking. In practice, better implementations of Ethernet
Precedence or IP ToS support filtering incoming traffic,
often using Access Control Lists (ACLs), and then
marking (or re-marking) the incoming packet or frame
with the correct QoS marking. This marking is then used
within the switch or router to apply appropriate packet
or frame processing to implement the desired QoS.
In equipment implementations that do not support a full
8 queues per port, the equipment will generally need to
be configured so that traffic with the correct set of QoS
markings is sent to the correct queue. Equipment having
the full 8 queues per port will be more successful in
applying the desired QoS handling to packets or frames
passing through it.
Also, it is important to select networking equipment that
has very flexible ACL capabilities so that the deployment
can ensure that only authorised traffic is able to obtain
preferred service quality.

Network Deployment Considerations


The simplest QoS deployment consists of carefully
engineering the deployed network so that congestion
cannot occur, because bandwidth has been overprovisioned. If this option is available and economically
sensible, it is probably the best approach. Such overprovisioning is however, unlikely to be practical for
ships at sea and many other tactical environments. On
links where congestion might occur, use of other QoS
mechanisms might make sense. Here we recommend
using both Ethernet Precedence and IP ToS in combination
on such links.

supports IP ToS has 8 queues per port and optionally also


supports Ethernet Precedence. In both of these models, a
minimum bandwidth is provisioned for most QoS queues
to prevent high-precedence traffic from totally starving
low precedence traffic of bandwidth. The third model,
called the Strict Priority Model, differs from the first two
in that traffic at higher precedence levels. This third
model is applicable in situations where there is a welldefined QoS policy that requires starvation. For example,
in an emergency situation or in a military context it might
be strongly desirable for the most important traffic to be
deliveredeven if less important traffic were unable to
be sent at all.

This whitepaper paper presents three deployment


models. The first model, called the Simple QoS Model
can be implemented if equipment on potentially
congested links supports IP ToS, has 4 queues per port,
and optionally also supports Ethernet Precedence. The
second model, called the Fine-Grained QoS Model can be
implemented if equipment on potentially congested links

It is important to keep in mind that these are three


deployment examples, not hard and fast design rules.
Each organisation ought to consider what kind of QoS
policy is appropriate for that organisationand then
deploy a configuration consistent with that locally
designed policy. Each organisation has different needs,
different network designs, and so each will probably have

Janap Trac Type

Ethernet Precedence

IP Precedence

Internet Control

Network Control

Critical ECP

Flash Overdrive

Flash

Immediate

Priority

Routine

Table 1: IP Precedence Mapping

a different QoS policy. If an organisation does not mind


having lower-priority services starved of network access,
then a Strict Precedence queuing approach without any
bandwidth guarantee might make sense.

Time Protocol (RTP), but also any telephony signaling


protocols that are deployed, for example SIP. The last
category contains all other traffic, probably consisting
mainly of HTTP for web access and SMTP, POP, or IMAP
for email access.

Simple QoS Model

In this model, no class of traffic must be starved of


bandwidth by other classes of traffic during normal
operation, therefore a minimum reserved bandwidth
must be configured for each class. For example, 20%
of bandwidth for Voice, 5% for other and 10% for
each type of control traffic may be guaranteed, with the
remaining bandwidth dynamically allocated among the
four QoS values based on the relative precedence of the
QoS values in the traffic being received.

In the Simple Qos Model, shown in Table 2, we break


network traffic into four categories: Internet Control,
Network Control, Voice, and Other. This breakdown
requires 4 queues per port in the application network
equipment. In the network, equipment can only support
3 queues per port; their Internet Control and Network
Control can be consolidated into a single category
without much adverse impact. The Control categories are
highest precedence and Other is the lowest precedence
in this scheme.
Inter-domain control traffic, for example Border Gateway
Protocol (BGP), belongs in Internet Control. Intra-domain
control traffic, for example SNMP, OSPF, or RIP, belongs
in Network Control. Voice traffic is sorted out next. This
includes not only actual voice packets sent using the Real-

A shortcoming of this model is that it lumps all non-voice


user traffic into a single QoS class. In most enterprises,
not all data traffic is equally important. For example, file
server access is typically very important, with database
access only slightly less so. Finally, even for mundane data
traffic, interactive traffic (e.g. instant msging) normally
should get higher priority than background traffic.

White Papers

Fine-Grained QoS Model


In the Fine-Grained QoS Model, shown in Table 3, we
break network traffic into eight categories. This scheme
contains the same four categories as in the Simple QoS
Model, but adds four more categories having precedence
greater than Other, but less than Voice. Also, the Voice
category is broken into two separate categories. The
first of these categories is Voice Control, which contains
only voice control or telephony signaling protocols, such
as the Session Initiation Protocol (SIP) RFC-3261. The
second of these categories, which is lower precedence
than the first, is Voice Traffic, which contains only the
actual voice content, typically carried in the Real-Time
Protocol (RTP). This leaves three additional categories for
higher precedence, non-voice user traffic. A common
configuration would use one of these categories for
fileserver and remoteprocedure-call-traffic and the
other two for business-critical applications (e.g. remote
database access). Web content, electronic mail, instant
messaging, and any gaming applications would typically
be split between the Interactive and Other categories as
shown.
Again, some categories (e.g. Control and Voice)
would probably be given guaranteed capacity, but the
percentage that is guaranteed would probably decrease
for most categories. For example, the network control
traffic categories might each get guaranteed access to
10% of capacity, with the next highest five categories
each getting guaranteed access to 5% of capacity.
combination on such links.

Deployment Concept
The general deployment concept outlined here is to
mark and police QoS at the edge of the network, while
applying QoS throughout the network. This approach
has been shown to scale well in past deployments and is
straightforward to deploy.
Telephone handsets designed for use with VoIP
should support setting the IP Precedence and Ethernet
Precedence bits appropriately, based on the precedence
associated with each telephone call placed using that
handset. The policing and authorisation mechanisms
currently used with traditional telephone systems
can also be used with VoIP telephone systems. IETF is
enhancing telephony signaling protocol standards, for
example Signaling Information Protocol (SIP), used with
IP to support transmission of call precedence as part of
the telephony signaling information.

Trafc Type

Industry experience shows that it is best if VoIP traffic


is segregated from other data traffic. While this is not
always practical to deploy on shared WAN links, it can
easily be deployed on Ethernet networks by simply using
VLANs to provide appropriate separation. For example,
VoIP traffic might be on VLAN number 3, while data
traffic is on a different VLAN, perhaps VLAN number
0, the default VLAN. It is very important that VLANs
do not accidentally leak traffic onto other VLANs.
Therefore, networking equipment that implements VLAN
capabilities in dedicated ASIC hardware, rather than on
the main switch CPU, should be selected.
Each Ethernet port used for VoIP should be locked
down to the specific MAC Address of the device that
is supposed to be connected to that port. This will help
reduce the risk of misconfiguration, for example, where
a native user plugs his or her laptop into an Ethernet port
and the phone into the laptops Ethernet port. Not all
Ethernet switches support this MAC lockdown feature,
so MAC lockdown capabilities should be considered
when selecting an Ethernet infrastructure.

Equipment Considerations
Traditional network engineering concerns must be
given additional importance, when voice or other realtime services are deployed. Network core switches and
routers should have high availability capabilities, such as
redundant power, redundant switch fabrics, redundant
management modules, and fast failover. Edge switches
ought to have at least redundant power options, ideally
wired to separate power sources, for example one to a
primary power circuit and the other to a separate backup
power circuit. When using Ethernet, ring-oriented
topologies, for example Ethernet Automatic Protection
Switching (EAPS), offer higher resiliency in the face of
fiber cuts or equipment failures than strict tree-andbranch topologies can offer. Deploying networking
equipment that has lower jitter and lower latency inside
the switching/ routing fabric will also help provide higher
quality VoIP services.
Some Ethernet equipment still relies on implementing
ACLs on the main switch CPU, rather than having specific
hardware support for ACLs. CPU-based ACLs cause switch
performance to drop as the number of ACLs increases or
the data traffic increases, while hardware-based ACLs
can operate at wire-speed regardless of the packet load
or the number of configured ACLs. It is recommended
that networking equipment that implements ACLs in
hardware, not on the main CPU, be selected.

Example Protocols

Ethernet Precedence

IP Precedence

Internet Control

BGP, PIM, SNMP

Network Control

STP, OSFP, RIP

Voice

SIP, MGCP, RTP

Other

NFS, SMB, RPC, SQL, IM,


HTTP, FTP, SMTP

Table 2. Simple QoS Model

White Papers

Trafc Type

Example Protocols

Ethernet Precedence

IP Precedence

Internet Control

BGP, PIM, SNMP

Network Control

STP, OSFP

RIP

Voice Signaling
Voice Traffic

SIP, MGCP RTP

File Access

NFS, SMB, RPC

Database

SQL

Interactive

HTTP, IM, X11

FTP, SMTP

Other
Table 3. Fine-Grained QoS Model

Security Considerations
Security is one of the larger barriers for deployment
of QoS mechanisms in networks. If a network offers
differing service quality to different packets, this creates
an incentive for users to improperly cause their traffic to
get the best service quality. In a best effort only network,
there is no incentive to improperly mark traffic to obtain
best service quality since all packets are always treated
equally.
There are no cryptographic mechanisms available for
validating the IP ToS bits or for validating the Ethernet
Precedence bits. Even if a cryptographic mechanism were
available, it likely would be impractical to employ. For
example, consider the hardware cost and deployment
complexity required to authenticate every frame that is
transiting a 10 Gigabit Ethernet link.
Instead, the best security approach is to have ACLs
deployed at the edge of the network. These ACLs
cause packets that are not marked to become properly
marked and also cause packets that are erroneously
marked to become properly marked. A side benefit of
this approach is that any sort of host can be used on
the network and still obtain the benefits of differentiated
service quality. There is no need to upgrade hosts to
implement the QoS mechanisms, nor to configure the
hosts with a local QoS policy, nor to modify applications
to use some new networking API to request a different
service quality from the network. The primary issue with
this is that the local QoS policy must be implemented
consistently at each edge of the network. This can
represent a significant operational cost for the network
operator, not only for initial configuration but also
for configuration maintenance over time. Automated
systems for configuration management, such as
EPICenter management suite from Extreme Networks,
are a practical requirement for any network of medium
or large size.

Network Management
Finally, if multiple service qualities are deployed, the
usage of varying service qualities should be monitored
to ensure that the services actually provided are those
that were intended. This increases operational cost in
network monitoring. Fortunately, monitoring lends itself
readily to automation, most commonly using SNMP-

based tools like Multi Router Trace Graphics (MRTG),


perhaps in combination with UNIX scripts or a graphical
network management system like EPICenter.

Conclusion
Organisations considering VoIP service deployment on
their IP network should consider where to over-provision
capacity and where to deploy QoS such that their network
provides the best service quality while also conforming
with applicable QoS policies. The organisation should
carefully consider which voice encoding algorithms to
deploy, giving preference to rate-adaptive voice encoding
algorithms. In tactical environments, a number of lowdata rate voice encoding algorithms exist that work well
in low bandwidth environments.
Wherever QoS is deployed, the network should be
outfitted with equipment supporting a full 8 queues per
port, flexible QoS queuing and scheduling algorithms,
both minimum and maximum bandwidths for each
queue, and flexible ACLs to ensure that the correct
QoS marking is applied to each packet and to filter out
unauthorised traffic. Networked devices, whether VoIP
handset or a traditional computer workstation, should
support appropriate marking of IP Precedence and
Ethernet Precedence fields. Following these guidelines
will help ensure a successful deployment and optimal
network performance during periods of stress.
It is also important to select and deploy networking
equipment that has ASIC-based implementations of
ACLs, VLANs, Ethernet bridging, and IP forwarding. This
helps ensure that enabling important features does not
reduce network performance, and the latency through
the switch or router is minimised. While CPU-based
implementations are becoming less common due to their
inherent technical problems, some equipment being
sold today still places important capabilities inside the
main CPU because that equipment does not have ASIC
support for these features.
To reduce operational and deployment costs, the
network operations staff should consider using a scalable
and secure network management system that has the
ability to provision policy and other configuration across
the entire network.

White Papers

Making the Network Visible With sFlow


The objective of this white paper is to present the sFlow traffic sampling technology and Extreme
Networks sFlow implementation on the Ethernet switch products. sFlow will provide the great visibility
in the network by its sampling technology to monitor the network status. By providing complete visibility
into the network usage of todays high-speed and complex networks, you will be able to effectively
control and manage network usage, helping to ensure that network services provide a competitive
advantage.

Traffic Monitoring using sFlow

A Brief History of Packet Sampling

With the ever-increasing reliance on network services


for business critical applications, the smallest change in
network usage can impact the performance and reliability
of a network. This has a direct impact on the ability of
a company to conduct key business functions and on
the cost of maintaining network services. Therefore, it
is important to monitor the network traffic in order to
keep the network operating reliably and at the right
performance level.

Packet sampling has been used to monitor network traffic


for over ten years. Hewlett-Packard first demonstrated
network-wide monitoring using packet sampling of the
University of Geneva and CERN networks at Telecom 91.
This was followed up with the introduction of networking
products with embedded packet sampling capability - HP
Extended RMON - in 1993.

sFlow is a sampling technology that meets the key


requirements for a network traffic monitoring solution:
sFlow provides a network-wide view of usage
and active routes. It is a scalable technique for
measuring network traffic, collecting, storing,
and analysing traffic data. This enables tens of
thousands of interfaces to be monitored from a
single location.
sFlow is scalable thereby enabling it to monitor
links of speeds up to 10 Gigabits per Second
(Gbps) and beyond without impacting the
performance of core Internet routers and
switches, and without adding significant
network load.
sFlow is an industry standard with a growing
number of vendors delivering products with
sFlow support.
By providing unprecedented visibility into network
usage and active routes of even todays high-speed and
complex networks, sFlow provides the data required to
effectively control and manage network usage, ensuring
that network services provide a competitive advantage.
Applications of sFlow data include:
Detecting, diagnosing, fixing network problems
Real-time congestion management
Understanding application mix (e.g. P2P, Web,
DNS etc) and changes
Usage accounting for billing and charge-back
Audit trail analysis to identify unauthorised
network
activity and trace the sources of
denial-of-service attacks
Route profiling and peering optimisation
Trending and capacity planning.
Extreme Networks has added support for the sFlow
protocol to its switching product line because of the
need for increased visibility into network traffic, even at
very high speeds such as 10 Gbps.

White Papers

However, broad acceptance of this technique is only


just starting, driven by the introduction of higher speed
networks and the transition from shared to switched
networks. Packet based sampling as an embedded
network traffic monitoring technique is now compelling.
In a switched environment, the most effective place to
monitor traffic is within the switch/router, where all the
traffic will be seen. Traditional probes will only have
a partial view of traffic. However, a traffic monitoring
solution embedded within a switch or router must not
impact forwarding performance. Switches and routers
with embedded sFlow sampling technology have been
available since 2001. This solution provides detailed and
quantitative traffic measurements, at gigabit speeds,
gives insight into forwarding decisions, and does not
impact forwarding or network performance.

sFlow Technology Overview


sFlow provides the ability to continuously monitor
application level traffic flows at wire speed on all
interfaces simultaneously.
The sFlow Agent is a software process that runs as part
of the network management software within a device
(see Figure 2). It combines interface counters and flow
samples into sFlow datagrams that are sent across
the network to an sFlow Collector. The state of the
forwarding/routing table entries associated with each
sampled packet is also recorded.
The sFlow Agent does very little processing. It simply
packages data into sFlow Datagrams that are immediately
sent on the network. Immediate forwarding of data
minimises memory and CPU requirements associated
with the sFlow Agent.
Figure 2 shows the basic elements of the sFlow system.
sFlow Agents throughout the network continuously send
a stream of sFlow Datagrams to a central sFlow Collector
where they are analysed to produce a rich, real-time,
network-wide view of traffic flows. sFlow monitoring
of high-speed, routed and switched networks has the
following properties:

sFlow Diagram

Flow Sampling
Total_Packets = 0
Total_Packets = 0
Skip = NextSkip(Rate)

Switch/Router

Wait for Packet

Management
Interface
Counters

sFlow
Agent

Yes

No
Assign Destination
Interface

Flow
Samples

Switching/Routing ASICs

Exclude
Packet?

Decrement_Skip
Increment Total_Packages
Skip = NextSkip(Rate)
Increment Total_Samples
Send copy of Sampled
Packet, Source Interface,
Destination Interface,
Total_Samples and
Total_Packets to Agents

Yes
Skip = 0?
No
Send Packet to
Destination Interface

Figure 1: sFlow Agent Embedded in Switch/Router


Accurate - The sFlow system is designed so
that the accuracy of any measurement can be
determined. Other traffic flow measurement
technologies clip under heavy loads resulting in
errors that are difficult to quantify.
Detailed - Complete packet header and
switching/routing information permits detailed
analysis of Layer 2-Layer 7 traffic flows.
Scalable - The sFlow system is scalable in both
the size and speed of the network it can monitor.
sFlow is capable of monitoring networks at
10Gbps, 100Gbps and beyond. Thousands
of devices can be monitored by a single sFlow
Collector.
Low Cost - The sFlow Agent is very simple to
implement and adds negligible cost to a switch
or router.
Timely - The sFlow Collector always has an up to
the minute view of traffic throughout the entire
network. Timely information is particularly
important if the traffic data is needed to provide
real-time controls, for example to manage
quality of service or to defend against a denial
of service attack.

Using sFlow
Using sFlow to continuously monitor traffic flows
on all ports gives network-wide visibility into the use
of the network. This visibility replaces guesswork,
fundamentally changing the way that network services
are managed.
Troubleshooting Network Problems
Any use of a network generates traffic. Consequently,
problems are often first observable in abnormal traffic
patterns. sFlow makes these abnormal traffic patterns
visible with sufficient detail to enable rapid identification,
diagnosis, and correction.
Controlling Congestion
By monitoring traffic flows on all ports continuously,
sFlow can be used to instantly highlight congested links,
identify the source of the traffic, and the associated
application level conversations. sFlow provides the
necessary information to determine effective controls,
for example which traffic to rate control or prioritise or
where to provision more bandwidth.

White Papers

The following platforms support hardware-based


sampling at a programmed interval:
Traffic Data

Analysis

sFlow Datagrams

sFlow Agents

BlackDiamond 10808 switch


BlackDiamond 8800 e-series modules
BlackDiamond 8800 a-series modules
Summit X450e series switches
Summit X450a series switches
With hardware-based sampling, the data path for
a packet that traverses the switch does not require
processing by the CPU. Fast path packets are handled
entirely by ASICs and are forwarded at wire-speed rate.
Hardware based sampling enables more accurate
information correction by having the more samples to be
used and provides better scalability and security under
conditions such as high traffic load.
A number of software applications take advantage of
the sFlow network traffic monitoring capability in these
switches. These applications provide a variety of solutions
including congestion control and troubleshooting, route
profiling, audit trail security analysis and accounting for
billing.

Figure 2: sFlow Agents and Collector

Security and Audit Trail Analysis


Gartner estimates that 70% of security incidents that
actually cause loss to enterprises involve insiders,
while service providers and other organisations are
constantly bombarded with various external attacks.
A comprehensive security strategy involves protecting
the network from external and internal misuse and
information assets from theft.
Since attacks and security threats will come from unknown
sources, effective security monitoring requires complete
network surveillance, with alerts to suspicious activity.
sFlow provides this blanket audit trail, for the whole
network. The continuous network-wide surveillance
and route tracing information provided by sFlow allows
internal and externally sourced security threats and
attacks to be rapidly traced and controlled. When sFlow
is used to build a detailed traffic history a baseline of
normal behavior is established, from which anomalies
can be detected and suspicious activity identified.
By giving visibility into real-time and historical networkwide usage, sFlow can be used to prevent intentional
attacks, minimise unintentional mistakes, and protect
information assets.

Availability
sFlow solutions consist of:
ExtremeXOS powered switches running
ExtremeXOS 11.0 or greater
A software application that receives and analyses
sFlow data

White Papers

A full list of sFlow solutions can be found at


www.sFlow.org

Appendix A: Configuring sFlow in


ExtremeWare and ExtremeXOS
Configuring sFlow
ExtremeWare and ExtremeXOS allow the collection of
sFlow statistics on a per port basis. An agent, residing
in the switch, sends data to the collector, typically a
Windows or Linux server.
Appendix A explains how you configure sFlow on
ExtremeXOS system.
To configure sFlow on a switch, you must do the
following tasks:
Configure the local agent
Configure the addresses of the
collectors
Enable sFlow globally on the switch
Enable sFlow on the desired ports

remote

Optionally, you may also change the default values of the


following items:
How often the statistics are collected
How frequently a sample is taken, globally or
per port
How many samples per second can be sent to
the CPU
Configuring the Remote Collector Address
You can specify up to four remote collectors to send
the sFlow data to. Typically, you would configure the IP

address of each collector. You may also specify a UDP


port number different from the default value of 6343,
and/or a virtual router different from the default of
VR-Mgmt. When you configure a collector, the system
creates a database entry for that collector that remains
until the collector is unconfigured. All the configured
collectors are displayed in the show sflow {configure}
command. To configure the remote collector, use the
following command:
configure sflow collector {ipaddress}
<ip-address> {port <udp-port-number>}
{vr <vrname>}

To unconfigure the remote collector and remove it from


the database, use the following command:
unconfigure sflow collector {ipaddress}
<ip-address> {port <udp-port-number>}
{vr <vrname>}

Additional sFlow
Configuration Options
You can configure three global options to different
values from the defaults. These options affect how
frequently the sFlow data is sent to the remote collector,
how frequently packets are sample and the maximum
number of sFlow samples that could be processed in the
CPU per second. You can also configure how frequently
packets are sampled per port.
Polling Interval
Each port counter is periodically polled to gather the
statistics to send to the collector. If there is more than
one counter to be polled, the polling is distributed in
such a way that each counter is visited once during each
polling interval, and the data flows are spaced in time. For
example, assume that the polling interval is 20 seconds
and there are 40 counters to poll. Two ports will be
polled each second, until all 40 are polled. To configure
the polling interval, use the following command:
configure sflow poll-interval <seconds>

Global Sampling Rate


The default sample rate is 8192, so by default sFlow
samples one packet out of every 8192 received. This can
be changed with the following command:
configure sflow sample-rate <number>

Per Port Sampling Rate


The per port sampling rate overrides the system-wide
value set in the configure sflow sample-rate command.
The rate is rounded off to the next power of two, so if
400 is specified, the sample rate is configured as 512.
The valid range is 1 to 536870912. To set the sampling
rate on individual ports, use the following command:
show sflow configuration

Displaying sFlow Information


To display the current configuration of sFlow, use the
following command:
show sflow statistics

To display the sFlow statistics, use the following


command:

White Papers

Product Part Codes

BlackDiamond 20800 Switches


BlackDiamond 20800 Switches
68020

Chassis 20808

BlackDiamond 20808 10-slot Chassis


(Includes Fan Tray and Blank Front Panels)

Service Code

Type

Other Info

97005-20808
97007-20808
97008-20808
97001-20808
97004-20808
97011-20808
97000-20808
95505-20808
95507-20808
95508-20808
95504-20808
95511-20808
95807-20808
95804-20808
95800-20808
95605-20808
95601-20808
95604-20808
95600-20808

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48hr AHR -20808


4hr AHR -20808
4hr On-Site -20808
EXT WARR -20808
NBD AHR -20808
NBD ON-SITE -20808
TAC & OS -20808
48hr AHR -20808
4hr AHR -20808
4hr ON-SITE -20808
NBD AHR -20808
NBD ON-SITE -20808
4hr AHR -20808
NBD AHR -20808
TAC & OS -20808
48hr AHR -20808
EXT WARR -20808
NBD AHR -20808
TAC & OS -20808

68021

Management and Switching Modules


20808

BD 20800 MM Basic
BlackDiamond 20800 Management Module Basic

68024

Interface Modules

BD 20800 XM-8XB
BlackDiamond 20800 I/O Blade 8-port 10GBASE-X
XFP Module with basic cong.

Service Code

Type

Other Info

97005-XM-8XB
97007-XM-8XB
97008-XM-8XB
97001-XM-8XB
97004-XM-8XB
97011-XM-8XB
97000-XM-8XB
95505-XM-8XB
95507-XM-8XB
95508-XM-8XB
95504-XM-8XB
95511-XM-8XB
95807-XM-8XB
95804-XM-8XB
95800-XM-8XB
95605-XM-8XB
95601-XM-8XB
95604-XM-8XB
95600-XM-8XB

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48hr AHR -20808


4hr AHR -20808
4hr On-Site -20808
EXT WARR -20808
NBD AHR -20808
NBD ON-SITE -20808
TAC & OS -20808
48hr AHR -20808
4hr AHR -20808
4hr ON-SITE -20808
NBD AHR -20808
NBD ON-SITE -20808
4hr AHR -20808
NBD AHR -20808
TAC & OS -20808
48hr AHR -20808
EXT WARR -20808
NBD AHR -20808
TAC & OS -20808

Product Part Codes

Interface Modules

BD 20800 GM-40XB
BlackDiamond 20800 I/O Blade 40 port GIGE Fiber
with basic cong

Service Code

Type

Other Info

97005-GM-40XB
97007-GM-40XB
97008-GM-40XB
97001-GM-40XB
97004-GM-40XB
97011-GM-40XB
97000-GM-40XB
95505-GM-40XB
95507-GM-40XB
95508-GM-40XB
95504-GM-40XB
95511-GM-40XB
95807-GM-40XB
95804-GM-40XB
95800-GM-40XB
95605-GM-40XB
95601-GM-40XB
95604-GM-40XB
95600-GM-40XB

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48hr AHR -20808


4hr AHR -20808
4hr On-Site -20808
EXT WARR -20808
NBD AHR -20808
NBD ON-SITE -20808
TAC & OS -20808
48hr AHR -20808
4hr AHR -20808
4hr ON-SITE -20808
NBD AHR -20808
NBD ON-SITE -20808
4hr AHR -20808
NBD AHR -20808
TAC & OS -20808
48hr AHR -20808
EXT WARR -20808
NBD AHR -20808
TAC & OS -20808

68031

Management and Switching Modules


20804
BD 20804 XFM-2
BlackDiamond 20804 Cross Bar Switch Fabric
Module2

Management and Switching Modules


20808
BD 20808 XFM-1
BlackDiamond 20808 Cross Bar Switch Fabric
Module Generation1

68023

68025

68040

Chassis 20804

BD 20804 6-Slot CHASSIS


BlackDiamond 20804 6-slot Chassis (Includes Fan
Tray and Blank Front Panels)

Service Code

97005-20804
97007-20804
97008-20804
97001-20804
97004-20804
97011-20804
97000-20804
95505-20804
95507-20804
95508-20804
95504-20804
95511-20804
95807-20804
95804-20804
95800-20804
95605-20804
95601-20804
95604-20804
95600-20804

Type
EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

Other Info

48hr AHR -20804


4hr AHR -20804
4hr On-Site -20804
Extended Warranty -20804
NBD AHR -20804
NBD Onsite -20804
Software and TAC -20804
48hr AHR -20804
4hr AHR -20804
4hr On-Site -20804
NBD AHR -20804
NBD Onsite -20804
4hr AHR -20804
NBD AHR -20804
Software and TAC -20804
48hr AHR -20804
Extended Warranty -20804
NBD AHR -20804
Software and TAC -20804

68041

Accessories and Spares 20808

68042

Accessories and Spares 20808

BD20808 SPARE FAN TRAY


BlackDiamond 20808 Spare Fan Tray

BD20808 SPARE MID MOUNT KIT


BlackDiamond 20808 Spare Mid Mount Kit

BlackDiamond 8800 Switches


68043

Accessories and Spares 20800

BlackDiamond 8800 Switches

68044

Accessories and Spares 20800

41011

68045

BD20800 SPARE IOB BLNK PNL


BlackDiamond 20800 Spare IOB Blank Panel
BD20800 SPARE MM BLNK PNL
BlackDiamond 20800 Spare MM Blank Panel

Accessories and Spares 20808

BD20808 SPARE XFM-1 BLNK PNL


BlackDiamond 20808 Spare XFM-1 Blank Panel

68047

Accessories and Spares 20808

68049

Accessories and Spares 20800

68051

Power Supplies

68052

Power Supplies

68058

Interface Module

68064

Accessories and Spares 20808

68070

Software

68071

Software

BD20808 SPARE AIR FILTER KIT


BlackDiamond 20808 Spare Air Filter Kit (includes
chassis and XFM)
BD20800 AIR BAFFLE KIT
BlackDiamond 20800 Spare Air Bafe Kit
2400W AC PSU
BlackDiamond 20800 2400W 220VAC PSU
1900W DC PSU
BlackDiamond 20800 1900W -48V DC PSU
BD 20800 HM-2X24GA
BlackDiamond 20800 I/O Blade 2 port 10GIGE 24
port GIGE Fiber with advanced cong
BD20808 SPARE PSU RETENTION KIT
BlackDiamond 20808 Spare PSU Retention Kit
BD20800 MPLS-Layer2 VPN
BlackDiamond 20800 ExtremeXOS MPLS-Layer2 VPN
Feature Pack
BD20800 H-QoS FP
BlackDiamond 20800 Hierarchical QoS Feature Pack
BlackDiamond 8800 Switches

BD 8800 Chassis

BD 8810 10- Slot Chassis


BlackDiamond 8810 10-Slot Chassis (Includes Fan
Tray)

Service Code

Type

Other Info

97005-8810
97007-8810
97008-8810
97001-8810
97004-8810
97011-8810
97000-8810
95505-8810
95507-8810
95508-8810
95504-8810
95511-8810
95807-8810
95804-8810
95800-8810
95605-8810
95601-8810
95604-8810
95600-8810

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48HR AHR ASPEN


4HR AHR ASPEN
4HR ONSITE ASPEN
EXT WAR ASPEN
8X5 NBD AHR ASPEN
NBD ONSITE ASPEN
TAC & OS BD 8810
48HR AHR ASPEN
24X7X4 AHR ASPEN
24X7X4 Onsite ASPEN
NDB AHR ASPEN
NBD Onsite ASPEN
4hr AHR 8810
NBD AHR 8810
TAC & OS 8810
48HR AHR ASPEN
EXT WAR ASPEN
NDB AHR ASPEN
TAC & OS BD 8810

41012

BD 8800 Chassis

BD 8806 6-Slot Chassis


Black Diamond 8806 6-Slot Chassis (Includes Fan
Tray)

Service Code

Type

Other Info

97005-8806
97007-8806
97008-8806
97001-8806
97004-8806
97011-8806
97000-8806
95505-8806
95507-8806
95508-8806
95504-8806
95511-8806
95807-8806
95804-8806
95800-8806
95605-8806
95601-8806
95604-8806
95600-8806

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48HR AHR 8806


4HR AHR 8806
4HR ONSITE 8806
EXT WAR 8806
8X5 NBD AHR 8806
NBD ONSITE 8806
TAC & SW 8806
48HR AHR 8806
24X7X4 AHR 8806
24X7X4 Onsite 8806
NDB AHR 8806
NBD Onsite 8806
4hr AHR 8806
NBD AHR 8806
TAC & OS 8806
48HR AHR 8806
EXT WAR 8806
NDB AHR 8806
TAC & SW 8806

41050

Power Supplies

41111

Accessories and Spares

41112

Accessories and Spares

BD 8806 600W/900W PSU


BD 8806 600W/900W 100-240V PSU
BD 8810 Spare Fan Tray
BlackDiamond 8810 Spare Fan Tray
BD 12K / BD 8800 Spare PSU/Fan Controller
BlackDiamond 12K / BlackDiamond 8800 Spare PSU/

Product Part Codes

BlackDiamond 8800 Switches


Fan Controller

Service Code

41114

Accessories and Spares

41115

Accessories and Spares

41121

Accessories and Spares

41141

Accessories and Spares

41151

Accessories and Spares

41211

8800 Series Management Modules

BD 8806 AC PSU Cover


BlackDiamond 8806 PSU cover (includes power cord
retainer bracket)
BD 8810 AC PSU Cover
BlackDiamond 8810 PSU cover (includes power cord
retainer bracket)

41213

BD 8800 / BD 12800 Spare Blank Panel


BlackDiamond 12K / BlackDiamond 8800 Spare
Blank Panel
BD 8810 Mid Mount Kit
BlackDiamond 8810 Mid Mount Kit
BD Cable Management Clip Kit
BlackDiamond Cable Management Clip Kit
BD 8800 MSM-G8X Mgmt Module
BlackDiamond 8800 Management Switch Module w/
8 1000BASE-X SFP ports

Service Code

Type

Other Info

97005-MSMG8X
97007-MSMG8X
97008-MSMG8X
97001-MSMG8X
97004-MSMG8X
97011-MSMG8X
97000-MSMG8X
95505-MSMG8X
95507-MSMG8X
95508-MSMG8X
95504-MSMG8X
95511-MSMG8X
95807-MSMG8X
95804-MSMG8X
95800-MSMG8X
95605-MSMG8X
95601-MSMG8X
95604-MSMG8X
95600-MSMG8X

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48HR AHR BD MSMG8X


4HR AHR BD MSMG8X
4HR ONSITE BD MSMG8X
EXT WARR BD MSMG8X
NBD AHR BD MSMG8X
NBD ONSITE BD MSMG8X
TAC & OS BD MSMG8X
48HR AHR BD MSMG8X
4HR AHR BD MSMG8X
4HR ONSITE BD MSMG8X
NBD AHR BD MSMG8X
NBD ONSITE BD MSMG8X
4HR AHR BD MSMG8X
NBD AHR BD MSMG8X
TAC & OS BD MSMG8X
48HR AHR BD MSMG8X
EXT WARR BD MSMG8X
NBD AHR BD MSMG8X
TAC & OS BD MSMG8X

41212

95807-MSM48
95804-MSM48
95800-MSM48
95605-MSM48
95601-MSM48
95604-MSM48
95600-MSM48

8800 Series Management Modules

BD 8800 MSM-48
BlackDiamond 8800 Management Switch Module

Service Code

97005-MSM48
97007-MSM48
97008-MSM48
97001-MSM48
97004-MSM48
97011-MSM48
97000-MSM48
95505-MSM48
95507-MSM48
95508-MSM48
95504-MSM48
95511-MSM48

Type
EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW

Other Info

48HR AHR BD MSM48


4HR AHR BD MSM48
4HR ONSITE BD MSM48
EXT WARR BD MSM48
NBD AHR BD MSM48
NBD ONSITE BD MSM48
TAC & OS BD MSM48
48HR AHR BD MSM48
4HR AHR BD MSM48
4HR ONSITE BD MSM48
NBD AHR BD MSM48
NBD ONSITE BD MSM48

Product Part Codes

Type
PWL
PWL
PWL
PWP
PWP
PWP
PWP

Other Info

4HR AHR BD MSM48


NBD AHR BD MSM48
TAC & OS BD MSM48
48HR AHR BD MSM48
EXT WARR BD MSM48
NBD AHR BD MSM48
TAC & OS BD MSM48

8800 Series Management Modules

BD 8800 MSM-48c
BlackDiamond 8800 Management Switch Module,
optional I/O port

Service Code

Type

Other Info

97005-MSM48C
97007-MSM48C
97008-MSM48C
97001-MSM48C
97004-MSM48C
97011-MSM48C
97000-MSM48C
95505-MSM48C
95507-MSM48C
95508-MSM48C
95504-MSM48C
95511-MSM48C
95807-MSM48C
95804-MSM48C
95800-MSM48C
95605-MSM48C
95601-MSM48C
95604-MSM48C
95600-MSM48C

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48HR AHR BD MSM48c


4HR AHR BD MSM48c
4HR ONSITE BD MSM48c
EXT WARR BD MSM48c
NBD AHR BD MSM48c
NBD ONSITE BD MSM48c
TAC & OS BD MSM48c
48HR AHR BD MSM48c
4HR AHR BD MSM48c
4HR ONSITE BD MSM48c
NBD AHR BD MSM48c
NBD ONSITE BD MSM48c
4HR AHR BD MSM48c
NBD AHR BD MSM48c
TAC & OS BD MSM48c
48HR AHR BD MSM48c
EXT WARR BD MSM48c
NBD AHR BD MSM48c
TAC & OS BD MSM48c

41231

8900 Series Management Modules


BD 8900-MSM128
Management Switch Module

Service Code

Type

Other Info

97005-MSM128
97007-MSM128
97008-MSM128
97001-MSM128
97004-MSM128
97011-MSM128
97000-MSM128
95505-MSM128
95507-MSM128
95508-MSM128
95504-MSM128
95511-MSM128
95807-MSM128
95804-MSM128
95800-MSM128
95605-MSM128
95601-MSM128
95604-MSM128
95600-MSM128

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48HR AHR BD MSM128


4HR AHR BD MSM128
4HR ONSITE BD MSM128
EXT WARR BD MSM128
NBD AHR BD MSM128
NBD ONSITE BD MSM128
TAC & OS BD MSM128
48HR AHR BD MSM128
4HR AHR BD MSM128
4HR ONSITE BD MSM128
NBD AHR BD MSM128
NBD ONSITE BD MSM128
4HR AHR BD MSM128
NBD AHR BD MSM128
TAC & OS BD MSM128
48HR AHR BD MSM128
EXT WARR BD MSM128
NBD AHR BD MSM128
TAC & OS BD MSM128

41251

8500 Series Management Modules

BD 8500-MSM24
BlackDiamond 8500 Management Switch Module,
optional I/O port

BlackDiamond 8800 Switches


Service Code

Type

Other Info

97005-MSM24
97007-MSM24
97008-MSM24
97001-MSM24
97004-MSM24
97011-MSM24
97000-MSM24
95505-MSM24
95507-MSM24
95508-MSM24
95504-MSM24
95511-MSM24
95807-MSM24
95804-MSM24
95800-MSM24
95605-MSM24
95601-MSM24
95604-MSM24
95600-MSM24

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48HR AHR BD MSM24


4HR AHR BD MSM24
4HR ONSITE BD MSM24
EXT WARR BD MSM24
NBD AHR BD MSM24
NBD ONSITE BD MSM24
TAC & OS BD MSM24
48HR AHR BD MSM24
4HR AHR BD MSM24
4HR ONSITE BD MSM24
NBD AHR BD MSM24
NBD ONSITE BD MSM24
4HR AHR BD MSM24
NBD AHR BD MSM24
TAC & OS BD MSM24
48HR AHR BD MSM24
EXT WARR BD MSM24
NBD AHR BD MSM24
TAC & OS BD MSM24

41311

BD 8800 Core License


BlackDiamond 8880 ExtremeWare XOS Core
software upgrade
Type

Other Info

97000-88XOS
95800-88XOS
95600-88XOS

EW
PWL
PWP

TAC & SW 88XOS


TAC & OS 88XOS
TAC & SW 88XOS

BD8800 MPLS Feature Pack

ExtremeXOS MPLS Feature Pack for BlackDiamond


8800 series switches, requires MSM128 and 8900-XL
interface modules

41513

8800 Series Interface Modules

41514

8800 Series Interface Modules

41515

41516

41517

41521

41531

8900 Series Interface Modules

41542

8800 Series Interface Modules

41543

8800 Series Interface Modules

41544

8800 Series Interface Modules

41551

8500 Series Interface Modules

41561

8500 Series Interface Modules

41613

8800 Series Interface Modules

41614

8800 Series Interface Modules

41615

8800 Series Interface Modules

41631

8900 Series Interface Modules

Software

Service Code

41312

41532

BD 8800 G48Te Module


BlackDiamond 8800 48-port 10/100/1000BaseT
RJ-45 Module
BD 8800 G48Pe Module
BlackDiamond 8800 48-port POE 10/100/1000BaseT
RJ-45 Module

8900 Series Interface Modules


BD 8900-G48T-xl
48-port 10/100/1000BASE-T, RJ45

BD 8500-G48T-e
BlackDiamond 8500 48-port 10/100/1000BASE-T
RJ-45 card
BD 8500-G24X-e
BlackDiamond 8500 24-port 1000BASE-X SFP card
BD 8800 10G4Ca
BlackDiamond 8800 4-port 10GBASE-CX4
BD 8800 10G4Xc
BlackDiamond 8800 4-port 10GBASE-XFP
BD 8800 10G8Xc
BlackDiamond 8800 8-port 10GBASE-XFP
BD 8900-10G8X-xl
8-port 10GBASE-X, XFP

Service Modules

41821

Service Modules

41822

Service Modules

60020

Power Supplies

65043

Accessories and Spares

8900 Series Interface Modules


BD 8900-G48X-xl
48-port 1000BASE-X, SFP

BD 8800 G48Xc
BlackDiamond 8800 48-port 1000BASE-X mini-GBIC

41811

8800 Series Interface Modules

BD 8800 G48Tc
BlackDiamond 8800 48-port 10/100/1000BASE-T
RJ-45, optional POE card

BD 8800 G24Xc
BlackDiamond 8800 24-port 1000BASE-X mini-GBIC

BD 8900-10G24X-c
24-port 10GBASE-X, SFP+

8800 Series Interface Modules

BD 8800 G48Te2
BlackDiamond 8800 48-port 10/100/1000BASE-T
RJ-45, edge, optional POE card

BD 8800 G48Xa Module


BlackDiamond 8800 48-port 1000BASE-X SFP (miniGBIC) A-Series Module, RoHS-5

41632B 8900 Series Interface Modules

8800 Series Interface Modules

BD 8800 G48Ta Module


BlackDiamond 8800 Advanced 48-port
10/100/1000BaseT RJ-45 Module

BD 8900-G96T-c
96-port 10/100/1000BASE-T, MRJ21

BD 8800 S-POE
BlackDiamond 8800 POE Card (add-on module for
G48Tc, G48Te2)
BD 8800 S-G8Xc
BlackDiamond 8800 8-port 1G SFP card (add-on
module for MSM-48c)
BD 8800 S-10G1Xc
BlackDiamond 8800 1-port 10G XFP card (add-on
module for MSM-48c)
700W/1200W 100-240V PSU
700W/1200W 100-240VAC Power Supply Unit
BD 12804 / BD 8806 Spare Fan Tray
BlackDiamond 12804 / BlackDiamond 8806 Spare
Fan Tray,

Product Part Codes

Infrastructure & Services Management


Infrastructure & Services Management

Optics

81615

10011

EPICenter

EPICenter 7.1 Bronze-20 Base is a comprehensive


network management suite for status monitoring,
conguration and troubleshooting of Extreme
Networks wired, wireless and security product lines.
EPICenter allows centralised management using
an intuitive and easy-to-use UI. Manages up to 20
network devices. Key only, software downloadable

Service Code

Type

Other Info

97003-EPI-20

EW

ExtremSoftware and TAC

81631

EPICenter

EPICenter 7.1 Silver-250 Base is a comprehensive


network management suite (see above). EPICenter
allows centralised management using an intuitive
and easy-to-use user interface. Manages up to 250
network devices. CD, Key + documentation

Service Code

Type

Other Info

97003-EPI-SIL

EW

ExtremSoftware and TAC

81632

EPICenter

EPICenter 7.1 Silver-250 Upgrade is a scalability


upgrade to EPICenter 7.1 Bronze-20 software suite
via license key to allow managing up to 250 network
devices. Key only, rq EPICenter 7.1 Bronze-20 Base

Service Code

97003-EPI-UPG

81633

Type
EW

Other Info

ExtremSoftware and TAC

Service Code

Type

Other Info

97003-EPI-GLD

EW

ExtremSoftware and TAC

83001

83002

83003

83004

SX GBIC
GBIC, 1000BASE-SX, MMF 220 & 550 meters, SC
connector

10013

Ridgeline Service Advisor

Ridgeline SA 2.0 Base-20 is a comprehensive


service aware network management suite for status
monitoring, conguration and troubleshooting of
Extreme Networks wired, wireless & security product
lines. Ridgeline SA allows centralised management
using intuitive and easy user interface. Manages up
to 20 network devices. Key only, software download.

10017

10018

10019

Product Part Codes

GBIC [Gigabit Interface Converter]


Modules

LX100 GBIC
GBIC, 1000BASE-LX100, SMF 100km, SC connector

10051

SFP [Small Form-Factor Pluggable]


Modules

SX mini-GBIC
Mini-GBIC SFP, 1000BASE-SX, MMF 220 & 550
meters, LC connector

10052

SFP [Small Form-Factor Pluggable]


Modules

LX mini-GBICP
Mini-GBIC SFP, 1000BASE-LX, MMF 220 & 550
meters, SMF 10km, LC connector

10053

SFP [Small Form-Factor Pluggable]


Modules

ZX mini-GBIC
Mini-GBIC SFP, 1000BASE-ZX, SMF 70km, LC
connector

10056

SFP [Small Form-Factor Pluggable]


Modules

1000BASE-BX-D BiDi SFP


1000BASE-BX-D SFP, 1490-nm TX/1310-nm RX
wavelength

10057

SFP [Small Form-Factor Pluggable]


Modules

1000BASE-BX-U BiDi SFP


1000BASE-BX-U SFP, 1310-nm TX/1490-nm RX
wavelength

10058

SFP [Small Form-Factor Pluggable]


Modules

100BASE-BX-D BiDi SFP


100BASE-BX-D Bidirecttion Downstream SFP module,
SMF 10km link, LC-connector for Fast Ethernet SFP
Port

Ridgeline Service Advisor

Ridgeline SA 2.0 Feature Pack - Advanced Services is


a feature pack which allows PBB and VPLS discovery,
monitoring and provisioning. Key only, RQ Ridgeline
SA 2.0 Base-20..

GBIC [Gigabit Interface Converter]


Modules

UTP GBIC
GBIC, 1000BASE-T, Cat 5 UTP 80 meters, RJ-45

Ridgeline Service Advisor

Ridgeline Service Advisor 2.0 +250 Device Upgrade


is a scalability upgrade to the NMS Base-20 software
suite via license key to allow managing an additional
250 network devices. RQ Ridgeline SA 2.0 Base-20.

GBIC [Gigabit Interface Converter]


Modules

ZX GBIC
GBIC, 1000BASE-ZX, SMF 70km, SC connector

Ridgeline Service Advisor

Ridgeline Service Advisor 2.0 +50 Device Upgrade is


a scalability upgrade to the NMS Base-20 software
suite via license key to allow managing an additional
50 network devices. RQ Ridgeline SA 2.0 Base-20.

GBIC [Gigabit Interface Converter]


Modules

LX GBIC
GBIC, 1000BASE-LX, MMF 220 & 550 metres, SMF
10 km, SC connector

EPICenter

EPICenter 7.1 Gold-2000 Upgrade is a scalability


upgrade to EPICenter 7.1 Silver-250 software suite
via license key to allow managing up to 2000
network devices. Key only, requires EPICenter 7.1
Silver-250 Base or Upgrade

GBIC [Gigabit Interface Converter]


Modules

10059

SFP [Small Form-Factor Pluggable]

Optics
Modules

100BASE-BX-U BiDi SFP


100BASE-BX-U Bidirecttion Downstream SFP module,
SMF 10km link, LC-connector for Fast Ethernet SFP
Port

10060

SFP [Small Form-Factor Pluggable]


Modules

100FX/1000LX mini-GBIC
Mini-GBIC SFP, dual-speed 100 FX / 1000 LX, LC
connector

10063

SFP [Small Form-Factor Pluggable]


Modules

Service Code

Type

Other Info

95511-SR-XEN
95807-SR-XEN
95804-SR-XEN
95800-SR-XEN
95605-SR-XEN
95601-SR-XEN
95604-SR-XEN
95600-SR-XEN

PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

NBD OS SR XEN
4hr AHR SR-XEN
NBD AHR SR-XEN
TAC & OS SR-XEN
48HR AHR SR XEN
EXT WARR SR XEN
NDB AHR SR XEN
TAC & OS SR XEN

10111

100FX mini-GBIC Module


Mini-GBIC, SFP, 100FX MMF, LC connector

10064

SFP [Small Form-Factor Pluggable]


Modules

LX100 mini-GBIC
Mini-GBIC, SFP, Extra long distance SMF 100 Km/30
dB budget, LC connector

10065

SFP [Small Form-Factor Pluggable]


Modules

10/100/1000BASE-T SFP
10/100/1000BASE-T SFP module, CAT5 cable 100m
link, RJ45-connector for Giga Bit Ethernet SFP Port.

10066

SFP [Small Form-Factor Pluggable]


Modules

100BASE-LX10 SFP
100BASE-LX10 SFP module, SMF 10km link, LCconnector for Fast Ethernet SFP Port.

10067

SFP [Small Form-Factor Pluggable]


Modules

100BASE-FX SFP
100BASE-FX SFP module, MMF 2km link, LCconnector for Fast Ethernet SFP Port.

10071

SFP [Small Form-Factor Pluggable]


Modules
SX SFP 10 Pack
SX-SFP 10 Pack

10072

SFP [Small Form-Factor Pluggable]


Modules
LX SFP 10 Pack
LX-SFP 10 Pack

10110

Xenpak & XFP Modules

SR XENPAK Module
10 Gigabit Ethernet XENPAK, 850nm, MMF 300m,
SC connector

Service Code

Type

Other Info

97005-SR-XEN
97007-SR-XEN
97008-SR-XEN
97001-SR-XEN
97004-SR-XEN
97011-SR-XEN
97000-SR-XEN
95505-SR-XEN
95507-SR-XEN
95508-SR-XEN
95504-SR-XEN

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW

48HR AHR SR XENPACK


4HR PARTS ONLY SR XEN
24X7X4 OS SR XEN
EXT WARR SR XENPACK
NBD AHR SR XENPACK
NBD OS SR XENPACK
TAC & SOFTWARE SR XEN
48HR AHR SR XEN
24X7X AHR SR XEN
24X7X4 OS SR XEN
NDB AHR SR XEN

Xenpak & XFP Modules

LR XENPAK Module
10 Gigabit Ethernet XENPAK, 1310nm, SMF 10km,
SC connector

Service Code

97005-LR-XEN
97007-LR-XEN
97008-LR-XEN
97001-LR-XEN
97004-LR-XEN
97011-LR-XEN
97000-LR-XEN
95505-LR-XEN
95507-LR-XEN
95508-LR-XEN
95504-LR-XEN
95511-LR-XEN
95807-LR-XEN
95804-LR-XEN
95800-LR-XEN
95605-LR-XEN
95601-LR-XEN
95604-LR-XEN
95600-LR-XEN

10112

Type
EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

Other Info

48HR AHR LR XENPACK


4HR PARTS ONLY LR XEN
24X7X4 OS LR XEN
EXT WARR LR XENPACK
NBD AHR LR XENPACK
NBD OS LR XENPACK
TAC &Software LR XENPAK
48HR AHR LR XEN
24X7X AHR LR XEN
24X7X4 OS LR XEN
NDB AHR LR XEN
NBD OS LR XEN
4hr AHR LR-XEN
NBD AHR LR-XEN
TAC & OS LR-XEN
48HR AHR LR XEN
EXT WARR LR XEN
NDB AHR LR XEN
TAC & SW LR-XEN

Xenpak & XFP Modules

ER XENPAK Module
10 Gigabit Ethernet XENPAK, 1550nm, SMF 40km,
SC connector

Service Code

Type

Other Info

97005-ER-XEN
97007-ER-XEN
97008-ER-XEN
97001-ER-XEN
97004-ER-XEN
97011-ER-XEN
97000-ER-XEN
95505-ER-XEN
95507-ER-XEN
95508-ER-XEN
95504-ER-XEN
95511-ER-XEN
95807-ER-XEN
95804-ER-XEN
95800-ER-XEN
95605-ER-XEN
95601-ER-XEN
95604-ER-XEN
95600-ER-XEN

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48HR AHR ER XENPACK


4HR PARTS ONLY ER XEN
24X7X4 OS ER XEN
EXT WARR ER XENPACK
NBD AHR ER XENPACK
NBD OS ER XENPACK
TAC &Software ER XENPAK
48HR AHR ER XEN
24X7X AHR ER XEN
24X7X4 OS ER XEN
NDB AHR ER XEN
NBD OS ER XEN
4hr AHR ER-XEN
NBD AHR ER-XEN
TAC & OS ER-XEN
48HR AHR ER XEN
EXT WARR ER XEN
NDB AHR ER XEN
TAC & SW ER-XEN

Product Part Codes

Optics
10113

Xenpak & XFP Modules

ZR XENPAK Module
10 Gigabit Enthernet XENPAK, 1550nm, SMF 80km,
SC connector

Service Code

97005-ZR-XEN
97007-ZR-XEN
97008-ZR-XEN
97001-ZR-XEN
97004-ZR-XEN
97011-ZR-XEN
97000-ZR-XEN
95505-ZR-XEN
95507-ZR-XEN
95508-ZR-XEN
95504-ZR-XEN
95511-ZR-XEN
95807-ZR-XEN
95804-ZR-XEN
95800-ZR-XEN
95605-ZR-XEN
95601-ZR-XEN
95604-ZR-XEN
95600-ZR-XEN

10114

Type
EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

Other Info

48HR AHR ZR XENPAK


4HR AHR ZR XENPAK
4HR ONSITE ZR XENPAK
EXT WAR ZR XENPAK
8X5 NBD AHR ZR XENPAK
NBD ONSITE ZR XENPAK
TAC & SW ZR-XEN
48HR AHR ZR XENPAK
24X7X4 AHR ZR XENPAK
24X7X4 Onsite ZR XENPAK
NDB AHR ZR XENPAK
NBD Onsite ZR XENPAK
4hr AHR ZR-XEN
NBD AHR ZR-XEN
TAC & OS ZR-XEN
48HR AHR ZR XENPAK
EXT WAR ZR XENPAK
NDB AHR ZR XENPAK
TAC & SW ZR-XEN

Xenpak & XFP Modules

LX4 XENPAK Module


10 Gigabit Ethernet XENPAK, 1310nm WWDM,
MMF 300m and SMF 10km, SC connector

Service Code

Type

Other Info

97005-LX4-XEN
97007-LX4-XEN
97008-LX4-XEN
97001-LX4-XEN
97004-LX4-XEN
97011-LX4-XEN
95505-LX4-XEN
95507-LX4-XEN
95508-LX4-XEN
95504-LX4-XEN
95511-LX4-XEN
95807-LX4-XEN
95804-LX4-XEN
95800-LX4-XEN
95605-LX4-XEN
95601-LX4-XEN
95604-LX4-XEN
95600-LX4-XEN

EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48HR AHR LX4-XEN


4HR AHR LX4-XEN
4HR ONSITE LX4-XEN
EXT WAR LX4-XEN
8X5 NBD AHR LX4-XEN
NBD ONSITE LX4-XEN
48HR AHR LX4-XEN
24X7X4 AHR LX4-XEN
24X7X4 Onsite LX4-XEN
NDB AHR LX4-XEN
NBD Onsite LX4-XEN
4hr AHR LX4-XEN
NBD AHR LX4-XEN
TAC & OS LX4-XEN
48HR AHR LX4-XEN
EXT WAR LX4-XEN
NDB AHR LX4-XEN
TAC & SW LX4-XEN

10116E Xenpak & XFP Modules

LW XENPAK Module
WAN PHY XENPAK, 10GBASE-LW, 1310nm, up to
10 KM over SMF, SC Connector, RoHS-5

Service Code

97005-LW-XEN
97007-LW-XEN
97008-LW-XEN
97001-LW-XEN
97004-LW-XEN
97011-LW-XEN
95505-LW-XEN

Type
EW
EW
EW
EW
EW
EW
PW

Other Info

48HR AHR LW-XEN


4HR AHR LW-XEN
4HR ONSITE LW-XEN
EXT WAR LW-XEN
8X5 NBD AHR LW-XEN
NBD ONSITE LW-XEN
48HR AHR LW-XEN

Product Part Codes

Service Code

95507-LW-XEN
95508-LW-XEN
95504-LW-XEN
95511-LW-XEN
95807-LW-XEN
95804-LW-XEN
95800-LW-XEN
95605-LW-XEN
95601-LW-XEN
95604-LW-XEN
95600-LW-XEN

10121

Type
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

Other Info

24X7X4 AHR LW-XEN


24X7X4 Onsite LW-XEN
NDB AHR LW-XEN
NBD Onsite LW-XEN
4hr AHR LW-XEN
NBD AHR LW-XEN
TAC & OS LW-XEN
48HR AHR LW-XEN
EXT WAR LW-XEN
NDB AHR LW-XEN
TAC & SW LW-XEN

Xenpak & XFP Modules

SR XFP Module
10GBASE-SR XFP, LC Connector

Service Code

Type

Other Info

97005-SR-XFP
97007-SR-XFP
97008-SR-XFP
97001-SR-XFP
97004-SR-XFP
97011-SR-XFP
97000-SR-XFP
95505-SR-XFP
95507-SR-XFP
95508-SR-XFP
95504-SR-XFP
95511-SR-XFP
95807-SR-XFP
95804-SR-XFP
95800-SR-XFP
95605-SR-XFP
95601-SR-XFP
95604-SR-XFP
95600-SR-XFP

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48HR AHR SR-XFP


4HR AHR SR-XFP
4HR ONSITE SR-XFP
EXT WAR SR-XFP
8X5 NBD AHR SR-XFP
NBD ONSITE SR-XFP
TAC & SW SR-XFP
48HR AHR SR-XFP
24X7X4 AHR SR-XFP
24X7X4 Onsite SR-XFP
NDB AHR SR-XFP
NBD Onsite SR-XFP
4hr AHR SR-XFP
NBD AHR SR-XFP
TAC & OS SR-XFP
48HR AHR SR-XFP
EXT WAR SR-XFP
NDB AHR SR-XFP
TAC & SW SR-XFP

10122

Xenpak & XFP Modules

LR XFP Module
10GBASE-LR XFP, LC Connector

Service Code

Type

Other Info

97005-LR-XFP
97007-LR-XFP
97008-LR-XFP
97001-LR-XFP
97004-LR-XFP
97011-LR-XFP
97000-LR-XFP
95505-LR-XFP
95507-LR-XFP
95508-LR-XFP
95504-LR-XFP
95511-LR-XFP
95807-LR-XFP
95804-LR-XFP
95800-LR-XFP
95605-LR-XFP
95601-LR-XFP
95604-LR-XFP
95600-LR-XFP

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48HR AHR LR-XFP


4HR AHR LR-XFP
4HR ONSITE LR-XFP
EXT WAR LR-XFP
8X5 NBD AHR LR-XFP
NBD ONSITE LR-XFP
TAC & SW LR-XFP
48HR AHR LR-XFP
24X7X4 AHR LR-XFP
24X7X4 Onsite LR-XFP
NDB AHR LR-XFP
NBD Onsite LR-XFP
4hr AHR LR-XFP
NBD AHR LR-XFP
TAC & OS LR-XFP
48HR AHR LR-XFP
EXT WAR LR-XFP
NDB AHR LR-XFP
TAC & SW LR-XFP

Optics
10124

Xenpak & XFP Modules

ER XFP Module
10GBase-ER XFP 40km reach LC connector

Service Code

97005-ER-XFP
97007-ER-XFP
97008-ER-XFP
97001-ER-XFP
97004-ER-XFP
97011-ER-XFP
97000-ER-XFP
95505-ER-XFP
95507-ER-XFP
95508-ER-XFP
95504-ER-XFP
95511-ER-XFP
95807-ER-XFP
95804-ER-XFP
95800-ER-XFP
95605-ER-XFP
95601-ER-XFP
95604-ER-XFP
95600-ER-XFP

10125

Other Info

48HR AHR ER-XFP


4HR AHR ER-XFP
4HR ONSITE ER-XFP
EXT WAR ER-XFP
8X5 NBD AHR ER-XFP
NBD ONSITE ER-XFP
TAC & SW ER-XFP
48HR AHR ER-XFP
24X7X4 AHR ER-XFP
24X7X4 Onsite ER-XFP
NDB AHR ER-XFP
NBD Onsite ER-XFP
4hr AHR ER-XFP
NBD AHR ER-XFP
TAC & OS ER-XFP
48HR AHR ER-XFP
EXT WAR ER-XFP
NDB AHR ER-XFP
TAC & SW ER-XFP

Xenpak & XFP Modules

ZR XFP module
10 Gigabit Ethernet XFP module, 1550nm, SMF
80km, LC connector

Service Code

97005-ZR-XFP
97007-ZR-XFP
97008-ZR-XFP
97001-ZR-XFP
97004-ZR-XFP
97011-ZR-XFP
97000-ZR-XFP
95505-ZR-XFP
95507-ZR-XFP
95508-ZR-XFP
95504-ZR-XFP
95511-ZR-XFP
95807-ZR-XFP
95804-ZR-XFP
95800-ZR-XFP
95605-ZR-XFP
95601-ZR-XFP
95604-ZR-XFP
95600-ZR-XFP

10301

Type
EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

Type
EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

Other Info

48HR AHR -ZR-XFP


4HR AHR -ZR-XFP
4HR ON-SITE -ZR-XFP
EXT WARR -ZR-XFP
NBD AHR -ZR-XFP
NBD ON-SITE -ZR-XFP
TAC & OS -ZR-XFP
48HR AHR -ZR-XFP
4HR AHR -ZR-XFP
4HR ON-SITE -ZR-XFP
NBD AHR -ZR-XFP
NBD ON-SITE -ZR-XFP
4HR AHR -ZR-XFP
NBD AHR -ZR-XFP
TAC & OS -ZR-XFP
48HR AHR -ZR-XFP
EXT WARR -ZR-XFP
NBD AHR -ZR-XFP
TAC & OS -ZR-XFP

SFP+ 10G [Small Form-Factor Pluggable]


Modules

SR SFP+ Module
10 Gigabit Ethernet SFP+ module, 850nm, MMF 26300m link, LC connector

10302

SFP+ 10G [Small Form-Factor Pluggable]


Modules
LR SFP+ Module
10 Gigabit Ethernet SFP+ module, 1310nm, SMF
10km link, LC connector

Service Code

Type

Other Info

97005-LR-SFPP
97007-LR-SFPP
97008-LR-SFPP
97001-LR-SFPP
97004-LR-SFPP
97011-LR-SFPP
97000-LR-SFPP
95505-LR-SFPP
95507-LR-SFPP
95508-LR-SFPP
95504-LR-SFPP
95511-LR-SFPP
95807-LR-SFPP
95804-LR-SFPP
95800-LR-SFPP
95605-LR-SFPP
95601-LR-SFPP
95604-LR-SFPP
95600-LR-SFPP

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48HR AHR GBIC LR-SFP Plus


4HR AHR GBIC LR-SFP Plus
4HR ONSITE GBIC LR-SFP Plus
EXT WARR GBIC LR-SFP Plus
NBD AHR GBIC LR-SFP Plus
NBD ONSITE GBIC LR-SFP Plus
TAC & OS GBIC LR-SFP Plus
48HR AHR GBIC LR-SFP Plus
4HR AHR GBIC LR-SFP Plus
4HR ONSITE GBIC LR-SFP Plus
NBD AHR GBIC LR-SFP Plus
NBD ONSITE GBIC LR-SFP Plus
4HR AHR GBIC LR-SFP Plus
NBD AHR GBIC LR-SFP Plus
TAC & OS GBIC LR-SFP Plus
48HR AHR GBIC LR-SFP Plus
EXT WARR GBIC LR-SFP Plus
NBD AHR GBIC LR-SFP Plus
TAC & OS GBIC LR-SFP Plus

10304

SFP+ 10G [Small Form-Factor Pluggable] Modules

10305

SFP+ 10G [Small Form-Factor Pluggable] Modules

10306

SFP+ 10G [Small Form-Factor Pluggable] Modules

10307

SFP+ 10G [Small Form-Factor Pluggable] Modules

10309

SFP+ 10G [Small Form-Factor Pluggable] Modules

SFP+ Cable Assembly 1M


10 Gigabit Ethernet SFP+ passive cable assembly,
1m length
SFP+ Cable Assembly 3M
10 Gigabit Ethernet SFP+ passive cable assembly,
3m length
SFP+ Cable Assembly 5M
10 Gigabit Ethernet SFP+ passive cable assembly,
5m length
SFP+ Cable Assembly 10M
10 Gigabit Ethernet SFP+ passive cable assembly,
10m length
ER SFP+ module
10 Gigabit Ethernet SFP+ module, 1550nm, SMF
40km link, LC connector

Service Code

Type

Other Info

97005-ER-SFPP
97007-ER-SFPP
97008-ER-SFPP
97001-ER-SFPP
97004-ER-SFPP
97011-ER-SFPP
97000-ER-SFPP
95505-ER-SFPP
95507-ER-SFPP
95508-ER-SFPP
95504-ER-SFPP
95511-ER-SFPP
95807-ER-SFPP
95804-ER-SFPP
95800-ER-SFPP
95605-ER-SFPP
95601-ER-SFPP
95604-ER-SFPP
95600-ER-SFPP

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48hr AHR -ER-SFPP


4hr AHR -ER-SFPP
4hr On-Site -ER-SFPP
Extended Warranty -ER-SFPP
NBD AHR -ER-SFPP
NBD Onsite -ER-SFPP
Software and TAC -ER-SFPP
48hr AHR -ER-SFPP
4hr AHR -ER-SFPP
4hr On-Site -ER-SFPP
NBD AHR -ER-SFPP
NBD Onsite -ER-SFPP
4hr AHR -ER-SFPP
NBD AHR -ER-SFPP
Software and TAC -ER-SFPP
48hr AHR -ER-SFPP
Extended Warranty -ER-SFPP
NBD AHR -ER-SFPP
Software and TAC -ER-SFPP

Product Part Codes

Power Cords [AC]


Wireless Controllers

Power Cords [AC]


10033

Summit Fixed/Stackable Switches--X150,


X250, X350, X450, X480, X650, Alpine
3800 Chassis and Wireless Controllers
Pwr Cord,10A,CEE 7/7,C13
Pwr Cord,10A,CEE 7/7,IEC320-C13

10034

Summit Fixed/Stackable Switches--X150,


X250, X350, X450, X480, X650, Alpine
3800 Chassis and Wireless Controllers
Pwr Cord,10A,BS546,C13
Pwr Cord,10A,BS546,IEC320-C13

10036

Summit Fixed/Stackable Switches--X150,


X250, X350, X450, X480, X650, Alpine
3800 Chassis and Wireless Controllers
Pwr Cord,10A,AS3112,C13
Pwr Cord,10A,AS3112,IEC320-C13

10037

Summit Fixed/Stackable Switches--X150,


X250, X350, X450, X480, X650, Alpine
3800 Chassis and Wireless Controllers
Pwr Cord,10A,SEC1011,C13
Pwr Cord,10A,SEC1011,IEC320-C13

10038

Summit Fixed/Stackable Switches--X150,


X250, X350, X450, X480, X650, Alpine
3800 Chassis and Wireless Controllers
Pwr Cord,10A,CEI 23-16/VII,C13
Pwr Cord,10A,CEI 23-16/VII,IEC320-C13

10039

Summit Fixed/Stackable Switches--X150,


X250, X350, X450, X480, X650, Alpine
3800 Chassis and Wireless Controllers
Pwr Cord,10A,GB1002 YP-03,C13
Pwr Cord,10A,GB1002 YP-03,IEC320-C13

10041

BlackDiamond 8K, 10K, 12K Chassis and


Wireless Controllers

Pwr Cord,10A,NEMA 5-15P,C13,RA


Pwr Cord,10A,NEMA 5-15P,IEC320-C13,Right Angle

10042

BlackDiamond 8K, 10K, 12K Chassis and


Wireless Controllers
Pwr Cord,12A,JISC8303,C13,RA
Pwr Cord,12A,JISC8303,IEC320-C13,Right Angle

10043

BlackDiamond 8K, 10K, 12K Chassis and


Wireless Controllers
Pwr Cord,10A,CEE 7/7,C13,RA
Pwr Cord,10A,CEE 7/7,IEC320-C13,Right Angle

10044

BlackDiamond 8K, 10K, 12K Chassis and


Wireless Controllers
Pwr Cord,10A,BS1363,C13,RA
Pwr Cord,10A,BS1363,IEC320-C13,Right Angle

10045

10046

BlackDiamond 8K, 10K, 12K Chassis and

Product Part Codes

BlackDiamond 8K, 10K, 12K Chassis and


Wireless Controllers
Pwr Cord,10A,AS3112,C13,RA
Pwr Cord,10A,AS3112,IEC320-C13,Right Angle

10047

Summit Fixed/Stackable Switches--X150,


X250, X350, X450, X480, X650, Alpine
3800 Chassis and Wireless Controllers
Pwr Cord,10A,BS1363,C13
Pwr Cord,10A,BS1363,IEC320-C13

10035

Pwr Cord,10A,BS546,C13,RA
Pwr Cord,10A,BS546,IEC320-C13,Right Angle

BlackDiamond 8K, 10K, 12K Chassis and


Wireless Controllers
Pwr Cord,10A,SEC1011,C13,RA
Pwr Cord,10A,SEC1011,IEC320-C13,Right Angle

10048

BlackDiamond 8K, 10K, 12K Chassis and


Wireless Controllers

Pwr Cord,10A,CEI 23-16/VII,RA


Pwr Cord,10A,CEI 23-16/VII,IEC320-C13,Right Angle

10049

BlackDiamond 8K, 10K, 12K Chassis and


Wireless Controllers
Pwr Cord,10A,GB1002 YP-03,C13,RA
Pwr Cord,10A,GB1002 YP-03,IEC320-C13,Right
Angle

10061

Summit Fixed/Stackable Switches--X150,


X250, X350, X450, X480, X650, Alpine
3800 Chassis and Wireless Controllers
Pwr Cord,10A,NEMA 5-15P,C13
Pwr Cord,10A,NEMA 5-15P,IEC320-C13

10062

Summit Fixed/Stackable Switches--X150,


X250, X350, X450, X480, X650, Alpine
3800 Chassis and Wireless Controllers
Pwr Cord,12A,JISC8303,C13
Pwr Cord,12A,JISC8303,IEC320-C13

10080

BlackDiamond 20K Chassis

10081

BlackDiamond 20K Chassis

10084

BlackDiamond 20K Chassis

10087

BlackDiamond 20K Chassis

10088

BlackDiamond 8K, 10K, 12K Chassis and


Wireless Controllers

Pwr Cord,16A,NEMA 6-20P,C19


Pwr Cord,16A,NEMA 6-20P,IEC320-C19
Pwr Cord,16A,CEE 7/7,C19
Pwr Cord,16A,CEE 7/7,IEC320-C19
Pwr Cord,15A,AS/NZZS3112,C19
Pwr Cord,15A,AS/NZZS3112,IEC320-C19
Pwr Cord,13A,BS1363,C19
Pwr Cord,13A,BS1363,IEC320-C19

Pwr Cord,10A,NEMA L6-15P,C13,RA


Pwr Cord,10A,NEMA L6-15P,IEC320-C13,Right
Angle

Reach NXT
Reach NXT
12101

Security & Policy Appliances and Software

ReachNXT

ReachNXT R100-8t
ReachNXT R100-8t 8x 10/100BASE-T ports, 1
Gigabit combo ports (1 unpopulated Gigabit SFP and
10/100/1000BASE-T, PoE input)

Service Code

Type

Other Info

97004-R100-8T
95504-R100-8T
95804-R100-8T
95604-R100-8T

EW
PW
PWL
PWP

ExtremNBD AHR
NBD AHR
NBD AHR
NBD AHR

12102

12103

72001

Sentriant AG Security Software [6]

Sentriant AG Management Server S/W w/100


endpoints
Sentriant AG Management Server software with
100 endpoint licenses. Can manage 1 or more AG
Enforcement Servers or operate as a standalone
server with integrated enforcement capabilities.
Requires dedicated server hardware. Service contract
required.

Service Code

Type

Other Info

97003-AG-MCS

EW

TAC & SW AG-MCS

ReachNXT Accessories and Spares

ReachNXT R100-8t AC Power Adapter


ReachNXT R100-8t Optional AC power adapter with
3 attachable power pins/plugs; input: 100-240V ~
50/60Hz, Max 0.5A; output: 12V ~ 1.25A

72002

ReachNXT Accessories and Spares


ReachNXT R100-8t Mounting Kit
ReachNXT R100-8t Mounting Kit

Sentriant AG Security Appliances [6]

SENTRIANT AG200 MANAGEMENT SERVER w100


ENDPOINTS
Sentriant AG200 Management Server with 100
endpoint licenses included. 1U appliance with
2x10/100/1000 ports (integrated bypass switch),
mounting brackets, AC PSU and US power cord.
Supports deployment as a dedicate server for
managing for one or more Enforcement Servers or
as a standalone server with integrated enforcement
capabilities. Service contract required.

Service Code

Type

Other Info

97005-AG200-MS
97001-AG200-MS
97004-AG200-MS
97000-AG200-MS
95505-AG200-MS
95504-AG200-MS
95804-AG200-MS
95800-AG200-MS
95605-AG200-MS
95601-AG200-MS
95604-AG200-MS
95600-AG200-MS

EW
EW
EW
EW
PW
PW
PWL
PWL
PWP
PWP
PWP
PWP

48HR AHR AG200-MS


EXT WAR AG200-MS
8X5 NBD AHR AG200-MS
TAC & SOFTWARE AG200-MS
48HR AHR AG200-MS
NDB AHR AG200-MS
NBD AHR AG200-MS
TAC & OS AG200-MS
48HR AHR AG200-MS
EXT WAR AG200-MS
NDB AHR AG200-MS
TAC & OS AG200-MS

72005

Sentriant AG Security Software [6]

Sentriant AG Enforcement Server S/W


Sentriant AG Enforcement Server software platform.
Requires dedicated server hardware. Service contract
required.

Service Code

Type

Other Info

97003-AG-ES

EW

TAC & SW AG-ES

72006

Sentriant AG Security Appliances [6]

SENTRIANT AG200 ENFORCEMENT SERVER


Sentriant AG200 Enforcement Server. 1U appliance
with 2x10/100/1000 ports (integrated bypass switch),
mounting brackets, AC PSU and US power cord.
Service contract required.

Service Code

97005-AG200-ES
97001-AG200-ES
97004-AG200-ES
97000-AG200-ES

Type
EW
EW
EW
EW

Other Info

48HR AHR AG200-ES


EXT WAR AG200-ES
8X5 NBD AHR AG200-ES
TAC & SOFTWARE AG200-ES

Product Part Codes

Security & Policy Appliances and Software


Service Code

95505-AG200-ES
95504-AG200-ES
95804-AG200-ES
95800-AG200-ES
95605-AG200-ES
95601-AG200-ES
95604-AG200-ES
95600-AG200-ES

Type
PW
PW
PWL
PWL
PWP
PWP
PWP
PWP

Other Info

Service Code

48HR AHR AG200-ES


NDB AHR AG200-ES
NBD AHR AG200-ES
TAC & OS AG200-ES
48HR AHR AG200-ES
EXT WAR AG200-ES
NDB AHR AG200-ES
TAC & OS AG200-ES

97003-AG1000

72125

Sentriant AG Security Software [6]

Sentriant AG add endpoint, 100-250 endpoints


Additional endpoint license for orders between 100250 endpoints. Round up to the nearest 50. Service
contract required.

Service Code

97003-AG250

72050

Type
EW

Other Info

TAC & SW AG250

Sentriant AG Security Software [6]

Sentriant AG add endpoint, 251-500 endpoints


Additional endpoint license for orders between 251500 endpoints. Round up to the nearest 50. Service
contract required.

Service Code

Type

Other Info

97003-AG500

EW

TAC & SW AG500

72051

Sentriant Security Appliances

SENTRIANT NG300
Sentriant NG V2.5 on the Sentriant NG300 platform
is a security appliance that detects threats in real-time
and contains them. It is focused on interior network
threat detection and watches either mirrored or
Broadcast trafc at Layer 2; thus, it p

Service Code

97005-NG300
97007-NG300
97008-NG300
97001-NG300
97004-NG300
97011-NG300
97000-NG300
95505-NG300
95507-NG300
95508-NG300
95504-NG300
95511-NG300
95807-NG300
95804-NG300
95800-NG300
95605-NG300
95601-NG300
95604-NG300
95600-NG300

72100

Type
EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

Other Info

48HR AHR NG300


4HR AHR NG300
4HR ONSITE NG300
EXT WAR NG300
8X5 NBD AHR NG300
NBD ONSITE NG300
TAC & SOFTWARE NG300
48HR AHR NG300
24X7X4 AHR NG300
24X7X4 Onsite NG300
NDB AHR NG300
NBD Onsite NG300
4HR AHR NG300
NBD AHR NG300
TAC & OS NG300
48HR AHR NG300
EXT WAR NG300
NDB AHR NG300
TAC & OS NG300

Sentriant AG Security Software [6]

Sentriant AG add endpoint, 501-1000 endpoints


Additional endpoint license for orders between
501-1000 endpoints. Round up to the nearest 50.
Service contract required

Product Part Codes

Type
EW

Other Info

TAC & SW AG2500

Sentriant AG Security Software [6]

Sentriant AG add endpoint, 2501-10000 endpoints


Additional endpoint license for orders between
2501-10000 endpoints. Round up to the nearest 50.
Service contract required.

Service Code
97003-AG10000

72200

TAC & SW AG1000

Sentriant AG add endpoint, 1001-2500 endpoints


Additional endpoint license for orders between
1001-2500 endpoints. Round up to the nearest 50.
Service contract required.

97003-AG2500

72150

Other Info

Sentriant AG Security Software [6]

Service Code

72025

Type
EW

Type

Other Info

EW

TAC & SW AG10000

Sentriant AG Security Software [6]

Sentriant AG add endpoint, over 10000 endpoints


Additional endpoint license for orders over 10000
endpoints. Round up to the nearest 50. Service
contract required.

Service Code

Type

Other Info

97003-AG-PLUS

EW

TAC & SW AG-PLUS

Summit 10 Gigabit Switches


Summit 10 Gigabit Switches
10914

Accessories and Spares

10915

Accessories and Spares

10916

Accessories and Spares

Summit AC PSU
AC Power Supply module for Summit X650 series
switches
Summit DC PSU
DC Power Supply module for Summit X650 series
switches
Summit FAN Module
FAN module for Summit X650 series switches, spare

17001B Summit 10 Gigabit Switches

Summit X650-24T
24 10GBASE-T, VIM slot populated with 1 VIMSummitStack (2 SummitStack stacking ports and 4
100/1000BASE-X SFP ports), ExtremeXOS Advanced
Edge License, unpopulated dual PSU power slot

Service Code

Type

Other Info

97005-X650-24T
97007-X650-24T
97008-X650-24T
97001-X650-24T
97004-X650-24T
97011-X650-24T
97000-X650-24T
95505-X650-24T
95507-X650-24T
95508-X650-24T
95504-X650-24T
95511-X650-24T
95807-X650-24T
95804-X650-24T
95800-X650-24T
95605-X650-24T
95601-X650-24T
95604-X650-24T
95600-X650-24T

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48hr AHR X650-24T


4hr AHR X650-24T
4hr Onsite X650-24T
Ext Wrty X650-24T
NBD AHR X650-24T
NBD Onsite X650-24T
TAC & OS X650-24T
PW 48hr AHR X650-24T
PW 4hr AHR X650-24T
PW 4hr Onsite X650-24T
PW NBD AHR X650-24T
PW NBD Onsite X650-24T
4HR AHR X650-24T
NBD AHR X650-24T
TAC & OS X650-24T
48hr AHR X650-24T
Ext Wrty X650-24T
NBD AHR X650-24T
TAC & OS X650-24T

Service Code

Type

Other Info

95511-X650-24X
95807-X650-24X
95804-X650-24X
95800-X650-24X
95605-X650-24X
95601-X650-24X
95604-X650-24X
95600-X650-24X

PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

PW NBD Onsite X650-24X


4HR AHR X650-24X
NBD AHR X650-24X
TAC & OS X650-24X
48hr AHR X650-24X
Ext Wrty X650-24X
NBD AHR X650-24X
TAC & OS X650-24X

17010

Software

Summit X650 Core License


ExtremeXOS Core License, Summit X650 series

Service Code

Type

Other Info

97000-65XOS
95800-65XOS
95600-65XOS

EW
PWL
PWP

TAC & OS X650 XOS Core Lic


TAC & OS X650 XOS Core Lic
TAC & OS X650 XOS Core Lic

17012B Interface Modules

VIM1-10G8X, 8 10GBASE-X SFP+ ports, 2


SummitStack stacking ports

Service Code

97005-VIM1-10G8X
97007-VIM1-10G8X
97008-VIM1-10G8X
97001-VIM1-10G8X
97004-VIM1-10G8X
97011-VIM1-10G8X
97000-VIM1-10G8X
95505-VIM1-10G8X
95507-VIM1-10G8X
95508-VIM1-10G8X
95504-VIM1-10G8X
95511-VIM1-10G8X
95807-VIM1-10G8X
95804-VIM1-10G8X
95800-VIM1-10G8X
95605-VIM1-10G8X
95601-VIM1-10G8X
95604-VIM1-10G8X
95600-VIM1-10G8X

Type
EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

Other Info

48hr AHR VIM1-10GX8X


4hr AHR VIM1-10GX8X
4hr Onsite VIM1-10GX8X
Ext Wrty VIM1-10GX8X
NBD AHR VIM1-10GX8X
NBD Onsite VIM1-10GX8X
TAC & OS VIM1-10GX8X
PW 48hr AHR VIM1-10GX8X
PW 4hr AHR VIM1-10GX8X
PW 4hr Onsite VIM1-10GX8X
PW NBD AHR VIM1-10GX8X
PW NBD Onsite VIM1-10GX8X
4HR AHR VIM1-10GX8X
NBD AHR VIM1-10GX8X
TAC & OS VIM1-10GX8X
48hr AHR VIM1-10GX8X
Ext Wrty VIM1-10GX8X
NBD AHR VIM1-10GX8X
TAC & OS VIM1-10GX8X

17002B Summit 10 Gigabit Switches

Summit X650-24X
24 10GBASE-X SFP+, VIM slot populated with 1
VIM1-SummitStack (2 SummitStack stacking ports
and 4 100/1000BASE-X SFP ports), ExtremeXOS
Advanced Edge License, unpopulated dual PSU
power slot

Service Code

Type

Other Info

97005-X650-24X
97007-X650-24X
97008-X650-24X
97001-X650-24X
97004-X650-24X
97011-X650-24X
97000-X650-24X
95505-X650-24X
95507-X650-24X
95508-X650-24X
95504-X650-24X

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW

48hr AHR X650-24X


4hr AHR X650-24X
4hr Onsite X650-24X
Ext Wrty X650-24X
NBD AHR X650-24X
NBD Onsite X650-24X
TAC & OS X650-24X
PW 48hr AHR X650-24X
PW 4hr AHR X650-24X
PW 4hr Onsite X650-24X
PW NBD AHR X650-24X

17013

Interface Modules

VIM1-SummitStack256, 2 x 128G stacking ports for


256Gbps stacking up to eight Summit X650 switches

Service Code

97005-VIM1-SS256
97007-VIM1-SS256
97008-VIM1-SS256
97001-VIM1-SS256

Type
EW
EW
EW
EW

97004-VIM1-SS256
97011-VIM1-SS256
97000-VIM1-SS256

EW
EW
EW

95505-VIM1-SS256
95507-VIM1-SS256
95508-VIM1-SS256
95504-VIM1-SS256
95511-VIM1-SS256

PW
PW
PW
PW
PW

Other Info

48hr AHR -VIM1-SS256


4hr AHR -VIM1-SS256
4hr On-Site -VIM1-SS256
Extended Warranty -VIM1SS256
NBD AHR -VIM1-SS256
NBD Onsite -VIM1-SS256
Software and TAC -VIM1SS256
48hr AHR -VIM1-SS256
4hr AHR -VIM1-SS256
4hr On-Site -VIM1-SS256
NBD AHR -VIM1-SS256
NBD Onsite -VIM1-SS256

Product Part Codes

Summit 10 Gigabit Switches


Service Code

95807-VIM1-SS256
95804-VIM1-SS256
95800-VIM1-SS256

Type
PWL
PWL
PWL

95605-VIM1-SS256
95601-VIM1-SS256

PWP
PWP

95604-VIM1-SS256
95600-VIM1-SS256

PWP
PWP

17014

4hr AHR -VIM1-SS256


NBD AHR -VIM1-SS256
Software and TAC -VIM1SS256
48hr AHR -VIM1-SS256
Extended Warranty -VIM1SS256
NBD AHR -VIM1-SS256
Software and TAC -VIM1SS256

Interface Modules

VIM1-SummitStack512, 4 x 128G stacking ports


for 512Gbps cross connecting two Summit X650
switches

Service Code

97005-VIM1-SS512
97007-VIM1-SS512
97008-VIM1-SS512
97001-VIM1-SS512
97004-VIM1-SS512
97011-VIM1-SS512
97000-VIM1-SS512
95505-VIM1-SS512
95507-VIM1-SS512
95508-VIM1-SS512
95504-VIM1-SS512
95511-VIM1-SS512
95807-VIM1-SS512
95804-VIM1-SS512
95800-VIM1-SS512
95605-VIM1-SS512
95601-VIM1-SS512
95604-VIM1-SS512
95600-VIM1-SS512

17021

Other Info

Type
EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

Other Info

48hr AHR -VIM1-SS512


4hr AHR -VIM1-SS512
4hr Onsite -VIM1-SS512
Ext Wrty -VIM1-SS512
NBD AHR -VIM1-SS512
NBD Onsite -VIM1-SS512
TAC & OS -VIM1-SS512
PW 48hr AHR -VIM1-SS512
PW 4hr AHR -VIM1-SS512
PW 4hr Onsite -VIM1-SS512
PW NBD AHR -VIM1-SS512
PW NBD Onsite -VIM1-SS512
4HR AHR -VIM1-SS512
NBD AHR -VIM1-SS512
TAC & OS -VIM1-SS512
48hr AHR -VIM1-SS512
Ext Wrty -VIM1-SS512
NBD AHR -VIM1-SS512
TAC & OS -VIM1-SS512

Accessories and Spares

Stacking Cable 128G, 0.5M


SummitStack256/512 Stacking Cable, 0.5M

Service Code

Type

Other Info

97005-SC01
97007-SC01
97008-SC01
97001-SC01
97004-SC01
97011-SC01
97000-SC01
95505-SC01
95507-SC01
95508-SC01
95504-SC01
95511-SC01
95807-SC01
95804-SC01
95800-SC01
95605-SC01
95601-SC01
95604-SC01
95600-SC01

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48HR AHR Summit SC01


4HR AHR Summit SC01
4HR ONSITE Summit SC01
EXT WARR Summit SC01
NBD AHR Summit SC01
NBD ONSITE Summit SC01
TAC & OS Summit SC01
48HR AHR Summit SC01
4HR AHR Summit SC01
4HR ONSITE Summit SC01
NBD AHR Summit SC01
NBD ONSITE Summit SC01
4HR AHR Summit SC01
NBD AHR Summit SC01
TAC & OS Summit SC01
48HR AHR Summit SC01
EXT WARR Summit SC01
NBD AHR Summit SC01
TAC & OS Summit SC01

Product Part Codes

17022

Accessories and Spares

Stacking Cable 128G, 1.0M


SummitStack256/512 Stacking Cable, 1.0M

Service Code

Type

Other Info

97005-SC02
97007-SC02
97008-SC02
97001-SC02
97004-SC02
97011-SC02
97000-SC02
95505-SC02
95507-SC02
95508-SC02
95504-SC02
95511-SC02
95807-SC02
95804-SC02
95800-SC02
95605-SC02
95601-SC02
95604-SC02
95600-SC02

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48HR AHR Summit SC02


4HR AHR Summit SC02
4HR ONSITE Summit SC02
EXT WARR Summit SC02
NBD AHR Summit SC02
NBD ONSITE Summit SC02
TAC & OS Summit SC02
48HR AHR Summit SC02
4HR AHR Summit SC02
4HR ONSITE Summit SC02
NBD AHR Summit SC02
NBD ONSITE Summit SC02
4HR AHR Summit SC02
NBD AHR Summit SC02
TAC & OS Summit SC02
48HR AHR Summit SC02
EXT WARR Summit SC02
NBD AHR Summit SC02
TAC & OS Summit SC02

17023

Accessories and Spares

Stacking Cable 128G, 3.0M


SummitStack256/512 Stacking Cable, 3.0M

Service Code

Type

Other Info

97005-SC03
97007-SC03
97008-SC03
97001-SC03
97004-SC03
97011-SC03
97000-SC03
95505-SC03
95507-SC03
95508-SC03
95504-SC03
95511-SC03
95807-SC03
95804-SC03
95800-SC03
95605-SC03
95601-SC03
95604-SC03
95600-SC03

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48HR AHR Summit SC03


4HR AHR Summit SC03
4HR ONSITE Summit SC03
EXT WARR Summit SC03
NBD AHR Summit SC03
NBD ONSITE Summit SC03
TAC & OS Summit SC03
48HR AHR Summit SC03
4HR AHR Summit SC03
4HR ONSITE Summit SC03
NBD AHR Summit SC03
NBD ONSITE Summit SC03
4HR AHR Summit SC03
NBD AHR Summit SC03
TAC & OS Summit SC03
48HR AHR Summit SC03
EXT WARR Summit SC03
NBD AHR Summit SC03
TAC & OS Summit SC03

17034

Accessories and Spares

Stacking Cable 128G/20G, 1.0M


Conversion cable for SummitStack256 and
SummitStack, 1.0M

Summit Fast Ethernet Switches


Summit Fast Ethernet Switches
15101

15103

15105

15123

Fast Ethernet Edge Switches

15201

Fast Ethernet Value L2 Edge Switches

15203

Fast Ethernet Value L2 Edge Switches

15205

Fast Ethernet Value L2 Edge Switches

Fast Ethernet Edge Switches

Summit X250e-24t
24 10/100BASE-TX, 2 gigabit combo ports (2
unpopulated gigabit SFP and 10/100/1000BASE-T),
2 SummitStack Stacking ports, ExtremeXOS Edge
license, 1 AC PSU, connector for EPS-160 external
redundant PSU

Fast Ethernet Edge Switches

Summit X250e-48t
48 10/100BASE-TX, 2 gigabit combo ports (2
unpopulated gigabit SFP and 10/100/1000BASE-T),
2 SummitStack Stacking ports, ExtremeXOS Edge
license, 1 AC PSU, connector for EPS-160 external
redundant PSU

Fast Ethernet Edge Switches

Summit X250e-24p
24 10/100BASE-TX with PoE, 2 gigabit combo ports
(2 unpopulated gigabit SFP and 10/100/1000BASE-T),
2 SummitStack Stacking ports, ExtremeXOS Edge
license, 1 AC PSU, connector for EPS-500 external
redundant PSU

15107

Fast Ethernet Edge Switches

15109

Fast Ethernet Edge Switches

Summit X250e-24xDC
24 100BASE-X SFP ports, 2 gigabit combo ports (2
unpopulated gigabit SFP and 10/100/1000BASE-T),
2 SummitStack Stacking ports, ExtremeXOS Edge
license, 1 DC PSU, connector for EPS-150DC external
redundant PSU
Summit X150-24t
24 10/100BASE-TX, 2 gigabit combo ports (2
unpopulated gigabit SFP and 10/100/1000BASE-T),
ExtremeXOS L2 Edge license, 1 AC PSU, connector
for EPS-160 external redundant PSU
Summit X150-48t
48 10/100BASE-TX, 2 gigabit combo ports (2
unpopulated gigabit SFP and 10/100/1000BASE-T),
ExtremeXOS L2 Edge license, 1 AC PSU, connector
for EPS-160 external redundant PSU
Summit X150-24p
24 10/100BASE-TX with PoE, 2 gigabit combo ports
(2 unpopulated gigabit SFP and 10/100/1000BASE-T),
ExtremeXOS L2 Edge license, 1 AC PSU, connector
for EPS-500 external redundant PSU

Summit X250e-48p
48 10/100BASE-TX with PoE, 2 gigabit combo ports
(2 unpopulated gigabit SFP and 10/100/1000BASE-T),
2 SummitStack Stacking ports, ExtremeXOS Edge
license, 1 AC PSU, connector for EPS-C external
redundant power system chassis (requires EPS-600LS)
Summit X250e-24x
24 100BASE-X SFP, 2 gigabit combo ports (2
unpopulated gigabit SFP and 10/100/1000BASE-T),
2 SummitStack Stacking ports, ExtremeXOS Edge
license, 1 AC PSU, connector for EPS-160 external
redundant PSU

Service Code

95807-X250E-24X

Type
PWL

Other Info

4hr AHR X250E-24X

15113

Software

15121

Fast Ethernet Edge Switches

15122

Fast Ethernet Edge Switches

Summit X250e Adv Edge License


ExtremeXOS Advanced Edge License, Summit X250e
series
Summit X250e-24tDC
24 10/100BASE-TX, 2 gigabit combo ports (2
unpopulated gigabit SFP and 10/100/1000BASE-T),
2 SummitStack Stacking ports, ExtremeXOS Edge
license, 1 DC PSU, connector for EPS-150DC external
redundant PSU
Summit X250e-48tDC
48 10/100BASE-TX, 2 gigabit combo ports (2
unpopulated gigabit SFP and 10/100/1000BASE-T),
2 SummitStack Stacking ports, ExtremeXOS Edge
license, 1 DC PSU, connector for EPS-150DC external
redundant PSU

Product Part Codes

Summit Gigabit Switches


40 Gigabit Ethernet QSFP+ active optical cable
assembly, 10m length.

Summit Gigabit Switches


10318

Accessories and Spares

Accessories and Spares

11011

Direct Attach Feature Pack

10909

Accessories and Spares

16105

Accessories and Spares

16106

Accessories and Spares

10910

Accessories and Spares

16107

Accessories and Spares

16108

Accessories and Spares

16112

Interface Module

10906

Accessories and Spares

10907

10911

EPS-T External Power Tray


EPS-T, 2-slot power tray for External Power System
EPS-160 AC Power Module
EPS-160, 160W AC power module for External
Power System, with cable
EPS-150DC
External Power System power module for EPS-T, 150
Watts, with cable, DC Input
EPS-T2
External Power System power tray 2. Accepts up
to two EPS-150DC power modules. Add one EPS150DC for each redundantly powered system.

Accessories and Spares

EPS-500 External AC PSU


External Power System 500 Watts, with cable

10912

Accessories and Spares

10913

Accessories and Spares

10917

Accessories and Spares

10918

Accessories and Spares

10930

Accessories and Spares

10931

Accessories and Spares

EPS-C
External Power System Chassis, with cable. Accepts
up to three EPS-600LS power modules.
EPS-600LS
External Power System power module for EPS-C,
600 Watts
Summit X480 AC PSU
AC Power Supply module for Summit X480 series
switches
Summit X480 DC PSU
DC Power Supply module for Summit X480 series
switches
Summit 300W AC PSU
300W AC Power Supply module

Summit 750W PoE AC PSU


750W PoE AC Power Supply Module

10934

Accessories and Spares

10935

Accessories and Spares

10312

Accessories and Spares

10315

Accessories and Spares

Summit 300W DC PSU


300W DC Power Supply Module

Summit X460 FAN module


FAN Module for Summit X460 Series Switches, spare
1m QSFP+ Passive Copper Cable
40 Gigabit Ethernet QSFP+ passive copper cable
assembly, 1m length.
10m QSFP+ Active Optical Cable

Product Part Codes

100m QSFP+ Active Optical Cable


40 Gigabit Ethernet QSFP+ active optical cable
assembly, 100m length.
Direct Attach Feature Pack for Summit X450a/X460/
X480, Summit X650 and BlackDiamond 8800 Series
with ExtremeXOS 12.5.1 or Greater
SummitStack Stacking cable, 5.0M (not supported
for UniStack)
SummitStack/UniStack Stacking cable, 0.5M
SummitStack/UniStack Stacking cable, 1.5M
SummitStack/UniStack Stacking cable, 3.0M
XGM2-2XF
Option card, two unpopulated 10 Gigabit XFP slots,
compatible with Summit X350, Summit X450e,
Summit X450a

Service Code

Type

Other Info

97007-XGM2-2XF
97008-XGM2-2XF
97001-XGM2-2XF
97004-XGM2-2XF
97011-XGM2-2XF
97000-XGM2-2XF
95507-XGM2-2XF
95508-XGM2-2XF
95504-XGM2-2XF
95511-XGM2-2XF
95807-XGM2-2XF
95804-XGM2-2XF
95800-XGM2-2XF
95601-XGM2-2XF
95604-XGM2-2XF
95600-XGM2-2XF

EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP

4HR AHR XGM2-2XF


4HR ONSITE XGM2-2XF
EXT WAR XGM2-2XF
8X5 NBD AHR XGM2-2XF
NBD ONSITE XGM2-2XF
TAC & SW XGM2-2XF
24X7X4 AHR XGM2-2XF
24X7X4 Onsite XGM2-2XF
NDB AHR XGM2-2XF
NBD Onsite XGM2-2XF
4hr AHR XGM2-2XF
NBD AHR XGM2-2XF
TAC & OS XGM2-2XF
EXT WAR XGM2-2XF
NDB AHR XGM2-2XF
TAC & SW XGM2-2XF

16113

Interface Module

XGM2-2XN
Option card, two unpopulated 10 Gigabit XENPAK
slots, compatible with Summit X350, Summit X450e,
Summit X450a

Service Code

Type

Other Info

97007-XGM2-2XN
97008-XGM2-2XN
97001-XGM2-2XN
97004-XGM2-2XN
97011-XGM2-2XN
97000-XGM2-2XN
95507-XGM2-2XN
95508-XGM2-2XN
95504-XGM2-2XN
95511-XGM2-2XN

EW
EW
EW
EW
EW
EW
PW
PW
PW
PW

4HR AHR XGM2-2XN


4HR ONSITE XGM2-2XN
EXT WAR XGM2-2XN
8X5 NBD AHR XGM2-2XN
NBD ONSITE XGM2-2XN
TAC & SW XGM2-2XN
24X7X4 AHR XGM2-2XN
24X7X4 Onsite XGM2-2XN
NDB AHR XGM2-2XN
NBD Onsite XGM2-2XN

Summit Gigabit Switches


Service Code

Type

Other Info

95807-XGM2-2XN
95804-XGM2-2XN
95800-XGM2-2XN
95601-XGM2-2XN
95604-XGM2-2XN
95600-XGM2-2XN

PWL
PWL
PWL
PWP
PWP
PWP

4hr AHR XGM2-2XN


NBD AHR XGM2-2XN
TAC & OS XGM2-2XN
EXT WAR XGM2-2XN
NDB AHR XGM2-2XN
TAC & SW XGM2-2XN

16114

Interface Module

Versatile Interface Modules

16141

Summit X450e-24t

16147

Summit X450e-48t

16142

Gigabit Edge Switches

16148

Gigabit Edge Switches

16151

Gigabit Aggregation Switches

16153

Gigabit Aggregation Switches

16155

Gigabit Aggregation Switches

16157

Gigabit Aggregation Switches

16159

Gigabit Aggregation Switches

XGM2-2SF
Option card, two unpopulated 10 Gigabit SFP+ slots,
compatible with Summit X350, Summit X450e,
Summit X450a

Service Code

Type

Other Info

97007-XGM2-2SF
97008-XGM2-2SF
97001-XGM2-2SF
97004-XGM2-2SF
97011-XGM2-2SF
97000-XGM2-2SF
95507-XGM2-2SF
95508-XGM2-2SF
95504-XGM2-2SF
95511-XGM2-2SF
95807-XGM2-2SF
95804-XGM2-2SF
95800-XGM2-2SF
95601-XGM2-2SF
95604-XGM2-2SF
95600-XGM2-2SF

EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP

4HR AHR XGM2-2SF


4HR ON-SITE XGM2-2SF
EXT WARR XGM2-2SF
NBD AHR XGM2-2SF
NBD ON-SITE XGM2-2SF
TAC & OS XGM2-2SF
4HR AHR XGM2-2SF
4HR ON-SITE XGM2-2SF
NBD AHR XGM2-2SF
NBD ON-SITE XGM2-2SF
4HR AHR XGM2-2SF
NBD AHR XGM2-2SF
TAC & OS XGM2-2SF
EXT WARR XGM2-2SF
NBD AHR XGM2-2SF
TAC & OS XGM2-2SF

16115

16420

Interface Module

XGM2-2BT
Option card, two 10GBASE-T ports, compatible with
Summit X350, Summit X450e, Summit X450a

Service Code

97007-XGM2-2BT
97008-XGM2-2BT
97001-XGM2-2BT
97004-XGM2-2BT
97011-XGM2-2BT
97000-XGM2-2BT
95507-XGM2-2BT
95508-XGM2-2BT
95504-XGM2-2BT
95511-XGM2-2BT
95807-XGM2-2BT
95804-XGM2-2BT
95800-XGM2-2BT
95601-XGM2-2BT
95604-XGM2-2BT
95600-XGM2-2BT

Type
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP

Other Info

4HR AHR XGM2-2BT


4HR ON-SITE XGM2-2BT
EXT WARR XGM2-2BT
NBD AHR XGM2-2BT
NBD ON-SITE XGM2-2BT
TAC & OS XGM2-2BT
4HR AHR XGM2-2BT
4HR ON-SITE XGM2-2BT
NBD AHR XGM2-2BT
NBD ON-SITE XGM2-2BT
4HR AHR XGM2-2BT
NBD AHR XGM2-2BT
TAC & OS XGM2-2BT
EXT WARR XGM2-2BT
NBD AHR XGM2-2BT
TAC & OS XGM2-2BT

16117

Versatile Interface Modules

16419

Versatile Interface Modules

XGM3-2SF
Option card, two unpopulated 10 Gigabit SFP+ slots,
compatible with Summit X460
SummitStack module for Summit X460

SummitStack-V80 module for Summit X460


24 10/100/1000BASE-T, 4 1000BASE-X unpopulated
SFP (4 SFP ports shared with 10/100/1000BASE-T
ports), XGM2 slot, Summit Stack Stacking ports, 1
AC PSU, ExtremeXOS Edge license, connector for
EPS-500 external power supply.
48 10/100/1000BASE-T, 4 1000BASE-X unpopulated
SFP (4 SFP ports shared with 10/100/1000BASE-T
ports), XGM2 slot, Summit Stack Stacking ports,
1 AC PSU, connector for EPS-500 external power
supply.
Summit X450e-24p
24 10/100/1000BASE-T Power over Ethernet, 4
unpopulated 1000BASE-X SFP (mini-GBIC) ports; dual
10G option slot, 2 dedicated 10G stacking ports,
AC PSU, connector for EPS-500 or EPS-LD external
redundant PSU, ExtremeXOS Edge license
Summit X450e-48p
48 10/100/1000BASE-T with PoE, 4 unpopulated
mini-GBIC ports, option slot for 10 Gigabit option
card XGM2-2xn/xf, 2 SummitStack Stacking ports,
1 AC PSU, ExtremeXOS Edge license, connector
for EPS-C external power system chassis (Requires
EPS-600LS)
Summit X450a-24t
24 10/100/1000BASE-T, 4 unpopulated 1000
base-X SFP (mini-GBIC) ports; dual 10G option slot,
2 dedicated 10G stacking ports, AC PSU, connector
for EPS-500 or EPS-LD external redundant PSU,
ExtremeXOS Advanced Edge license
Summit X450a-24tDC
24 10/100/1000BASE-T, 4 unpopulated 1000BASE-X
SFP (mini-GBIC) ports; dual 10G option slot, 2
dedicated 10G stacking ports, DC PSU, connector for
EPS-150DC external redundant PSU, XOS Advanced
Edge license
Summit X450a-24x
24 1000BASE-X mini-GBIC ports, 4
10/100/1000BASE-T ports, option slot for 10 Gigabit
option card XGM2-2xn/xf, 1 AC PSU, ExtremeXOSTM
Advanced Edge license, connector for EPS-500 or
EPS-LD external redundant PSU
Summit X450a-48t
48 10/100/1000BASE-T, 4 unpopulated 1000BASE-X
SFP (mini-GBIC) ports; dual 10G option slot, 2
dedicated 10G stacking ports, connector for EPS-500
external redundant PSU, ExtremeXOS Advanced
Edge license
Summit X450a-24xDC
24 1000BASE-X mini-GBIC, 4 10/100/1000BASE-T
ports, option slot for 10 Gigabit option card XGM22xn/xf, 1 DC PSU, ExtremeXOSTM Advanced Edge

Product Part Codes

Summit Gigabit Switches


license, connector for EPS-150DC external redundant
PSU

16165

16170

Gigabit Aggregation Switches

Summit X450a-48tDC
48 10/100/1000BASE-T, 4 unpopulated mini-GBIC
ports, option slot for 10 Gigabit option card XGM22xn/xf, 1 DC PSU, ExtremeXOSTM Advanced Edge
license, connector for EPS-150DC external redundant
PSU

Service Code

95604-X480-48T
95600-X480-48T

16303

Software

Summit X450 CORE LICENSE


ExtremeXOS Core License for Summit X450-24x,
Summit X450-24t, Summit X450a-24t/24tDC,
Summit X450a-48t/48tDC and Summit X450a24x/24xDC

Service Code

Type

Other Info

97000-45XOS
95800-45XOS
95600-45XOS

EW
PWL
PWP

TAC & SOFTWARE S45XOS


TAC & OS 45XOS
TAC & OS S45XOS

16171

Software

16201

Gigabit Edge Switches

16202

Gigabit Edge Switches

16301

Gigabit Aggregation Switches

Summit X450 ADV EDGE LICENSE


ExtremeXOS Advanced Edge License for Summit
X450e-24p, Summit X450e-48p and Summit X450e48p-TAA
Summit X350-24t
24 10/100/1000BASE-T, 4 unpopulated mini-GBIC
ports, option slot for 10 Gigabit option card XGM22xn/xf, 1 AC PSU, ExtremeXOS L2 Edge license,
connector for EPS-500 external redundant PSU
Summit X350-48t
48 10/100/1000BASE-T, 4 unpopulated mini-GBIC
ports, option slot for 10 Gigabit option card XGM22xn/xf, 1 AC PSU, ExtremeXOS L2 Edge license,
connector for EPS-500 external redundant PSU
Summit X480-48t
48 10/100/1000BASE-T, 4 100/1000BASE-X
unpopulated SFP (shared), No PSU with two
unpopulated PSU slots, one VIM2 slot, ExtremeXOS
Advanced Edge license

Service Code

97005-X480-48T
97007-X480-48T
97008-X480-48T
97001-X480-48T
97004-X480-48T
97011-X480-48T
97000-X480-48T
95505-X480-48T
95507-X480-48T
95508-X480-48T
95504-X480-48T
95511-X480-48T
95807-X480-48T
95804-X480-48T
95800-X480-48T
95605-X480-48T
95601-X480-48T

Type
EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP

Other Info

Product Part Codes

48hr AHR -X480-48T


4hr AHR -X480-48T
4hr On-Site -X480-48T
Extended Warranty -X480-48T
NBD AHR -X480-48T
NBD Onsite -X480-48T
Software and TAC -X480-48T
48hr AHR -X480-48T
4hr AHR -X480-48T
4hr On-Site -X480-48T
NBD AHR -X480-48T
NBD Onsite -X480-48T
4hr AHR -X480-48T
NBD AHR -X480-48T
Software and TAC -X480-48T
48hr AHR -X480-48T
Extended Warranty -X480-48T

Type
PWP
PWP

Other Info

NBD AHR -X480-48T


Software and TAC -X480-48T

Gigabit Aggregation Switches

Summit X480-24x
24 100/1000BASE-X unpopulated SFP, 12
10/100/1000BASE-T (shared), 2 unpopulated XFP
ports, No PSU with two unpopulated PSU slots, one
VIM2 slot, ExtremeXOS Advanced Edge license

Service Code

Type

Other Info

97005-X480-24X
97007-X480-24X
97008-X480-24X
97001-X480-24X
97004-X480-24X
97011-X480-24X
97000-X480-24X
95505-X480-24X
95507-X480-24X
95508-X480-24X
95504-X480-24X
95511-X480-24X
95807-X480-24X
95804-X480-24X
95800-X480-24X
95605-X480-24X
95601-X480-24X
95604-X480-24X
95600-X480-24X

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48hr AHR -X480-24X


4hr AHR -X480-24X
4hr On-Site -X480-24X
Extended Warranty -X480-24X
NBD AHR -X480-24X
NBD Onsite -X480-24X
Software and TAC -X480-24X
48hr AHR -X480-24X
4hr AHR -X480-24X
4hr On-Site -X480-24X
NBD AHR -X480-24X
NBD Onsite -X480-24X
4hr AHR -X480-24X
NBD AHR -X480-24X
Software and TAC -X480-24X
48hr AHR -X480-24X
Extended Warranty -X480-24X
NBD AHR -X480-24X
Software and TAC -X480-24X

16304

Gigabit Aggregation Switches

Summit X480-48x
48 100/1000BASE-X unpopulated SFP, No PSU
with two unpopulated PSU slots, one VIM2 slot,
ExtremeXOS Advanced Edge license

Service Code

97005-X480-48X
97007-X480-48X
97008-X480-48X
97001-X480-48X
97004-X480-48X
97011-X480-48X
97000-X480-48X
95505-X480-48X
95507-X480-48X
95508-X480-48X
95504-X480-48X
95511-X480-48X
95807-X480-48X
95804-X480-48X
95800-X480-48X
95605-X480-48X
95601-X480-48X
95604-X480-48X
95600-X480-48X

16311

Type
EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

Other Info

48hr AHR -X480-48X


4hr AHR -X480-48X
4hr On-Site -X480-48X
Extended Warranty -X480-48X
NBD AHR -X480-48X
NBD Onsite -X480-48X
Software and TAC -X480-48X
48hr AHR -X480-48X
4hr AHR -X480-48X
4hr On-Site -X480-48X
NBD AHR -X480-48X
NBD Onsite -X480-48X
4hr AHR -X480-48X
NBD AHR -X480-48X
Software and TAC -X480-48X
48hr AHR -X480-48X
Extended Warranty -X480-48X
NBD AHR -X480-48X
Software and TAC -X480-48X

Interface Modules

VIM2-SummitStack, 2 SummitStack stacking ports

Summit Gigabit Switches


Service Code

Type

Other Info

Service Code

Type

Other Info

97005-VIM2-SS
97007-VIM2-SS
97008-VIM2-SS
97001-VIM2-SS
97004-VIM2-SS
97011-VIM2-SS
97000-VIM2-SS
95505-VIM2-SS
95507-VIM2-SS
95508-VIM2-SS
95504-VIM2-SS
95511-VIM2-SS
95807-VIM2-SS
95804-VIM2-SS
95800-VIM2-SS
95605-VIM2-SS
95601-VIM2-SS
95604-VIM2-SS
95600-VIM2-SS

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48hr AHR -VIM2-SS


4hr AHR -VIM2-SS
4hr On-Site -VIM2-SS
Extended Warranty -VIM2-SS
NBD AHR -VIM2-SS
NBD Onsite -VIM2-SS
Software and TAC -VIM2-SS
48hr AHR -VIM2-SS
4hr AHR -VIM2-SS
4hr On-Site -VIM2-SS
NBD AHR -VIM2-SS
NBD Onsite -VIM2-SS
4hr AHR -VIM2-SS
NBD AHR -VIM2-SS
Software and TAC -VIM2-SS
48hr AHR -VIM2-SS
Extended Warranty -VIM2-SS
NBD AHR -VIM2-SS
Software and TAC -VIM2-SS

95508-VIM2-SS128
95504-VIM2-SS128
95511-VIM2-SS128
95807-VIM2-SS128
95804-VIM2-SS128
95800-VIM2-SS128
95605-VIM2-SS128
95601-VIM2-SS128

PW
PW
PW
PWL
PWL
PWL
PWP
PWP

95604-VIM2-SS128
95600-VIM2-SS128

PWP
PWP

4hr On-Site -VIM2-SS128


NBD AHR -VIM2-SS128
NBD Onsite -VIM2-SS128
4hr AHR -VIM2-SS128
NBD AHR -VIM2-SS128
Software & TAC -VIM2-SS128
48hr AHR -VIM2-SS128
Extended Warranty -VIM2SS128
NBD AHR -VIM2-SS128
Software and TAC -VIM2SS128

16312

Interface Modules

Software

Summit X480 Core License


ExtremeXOS Core License for Summit X480 series switches

Service Code

Type

Other Info

97000-X480CORE
95800-X480CORE
95600-X480CORE

EW
PWL
PWP

Software and TAC -X480CORE


Software and TAC -X480CORE
Software and TAC -X480CORE

VIM2-10G4X, 4 10GBASE-X XFP ports

Service Code

97005-VIM210G4X
97007-VIM210G4X
97008-VIM210G4X
97001-VIM210G4X

Type
EW
EW
EW
EW

97004-VIM210G4X
97011-VIM210G4X
97000-VIM210G4X

EW
EW
EW

95505-VIM210G4X
95507-VIM210G4X
95508-VIM210G4X
95504-VIM210G4X
95511-VIM210G4X
95807-VIM210G4X
95804-VIM210G4X
95800-VIM210G4X

PW
PW
PW
PW
PW
PWL
PWL
PWL

95605-VIM210G4X
95601-VIM210G4X

PWP
PWP

95604-VIM210G4X
95600-VIM210G4X

PWP
PWP

16313

16321

Other Info

48hr AHR -VIM210G4X


4hr AHR -VIM210G4X
4hr On-Site -VIM210G4X
Extended Warranty
-VIM210G4X
NBD AHR -VIM210G4X
NBD Onsite -VIM210G4X
Software and TAC
-VIM210G4X
48hr AHR -VIM210G4X
4hr AHR -VIM210G4X
4hr On-Site -VIM210G4X
NBD AHR -VIM210G4X
NBD Onsite -VIM210G4X
4hr AHR -VIM210G4X
NBD AHR -VIM210G4X
Software and TAC
-VIM210G4X
48hr AHR -VIM210G4X
Extended Warranty
-VIM210G4X
NBD AHR -VIM210G4X
Software and TAC -VIM210G4X

16322

97000-X480MPLS
95800-X480MPLS
95600-X480MPLS

Type

Other Info

EW
EW
EW
EW

97004-VIM2-SS128
97011-VIM2-SS128
97000-VIM2-SS128
95505-VIM2-SS128
95507-VIM2-SS128

EW
EW
EW
PW
PW

48hr AHR -VIM2-SS128


4hr AHR -VIM2-SS128
4hr On-Site -VIM2-SS128
Extended Warranty -VIM2SS128
NBD AHR -VIM2-SS128
NBD Onsite -VIM2-SS128
Software & TAC -VIM2-SS128
48hr AHR -VIM2-SS128
4hr AHR -VIM2-SS128

Type
EW
PWL
PWP

Other Info

Software and TAC -X480MPLS


Software and TAC -X480MPLS
Software and TAC -X480MPLS

16401

Summit X460-24t

16402

Summit X460-48t

16403

Summit X460-24p

16404

Summit X460-48p

16405

Summit X460-24x

VIM2-SummitStack128, 2 x 64G stacking ports

97005-VIM2-SS128
97007-VIM2-SS128
97008-VIM2-SS128
97001-VIM2-SS128

ExtremeXOS MPLS Feature Pack for Summit X480


series switches

Service Code

Interface Modules

Service Code

Software

24 10/100/1000BASE-T, 8 100/1000BASE-X
unpopulated SFP (4 SFP ports shared with
10/100/1000BASE-T ports), XGM3 slot, Stacking
module slot, AC PSU with one unpopulated PSU slot,
Fan module, ExtremeXOS Edge license
48 10/100/1000BASE-T, 4 100/1000BASE-X
unpopulated SFP, XGM3 slot, Stacking module slot,
AC PSU with one unpopulated PSU slot, Fan module,
ExtremeXOS Edge license
24 10/100/1000BASE-T PoE-plus, 8 100/1000BASE-X
unpopulated SFP (4 SFP ports shared with
10/100/1000BASE-T ports), XGM3 slot, Stacking
module slot, 750W AC PoE PSU with one
unpopulated PSU slot, Fan Module, ExtremeXOS
Edge License
48 10/100/1000BASE-T PoE, 4 100/1000BASE-X
unpopulated SFP, XGM3 slot, Stacking module slot,
AC PSU with one unpopulated PSU slot, Fan module,
ExtremeXOS Edge license
24 100/1000BASE-X unpopulated SFP, 8
10/100/1000BASE-T (4 10/100/1000BASE-T ports
shared with SFP ports), XGM3 slot, Stacking module
slot, AC PSU with one unpopulated PSU slot, Fan
module, ExtremeXOS Edge license

Product Part Codes

Wireless Products and Software


16406

Summit X460-48x

16407

Summit X460-24tDC

16408

16409

48 100/1000BASE-X unpopulated SFP, XGM3 slot,


Stacking module slot, AC PSU with one unpopulated
PSU slot, Fan module, ExtremeXOS Edge license
24 10/100/1000BASE-T, 8 100/1000BASE-X
unpopulated SFP (4 SFP ports shared with
10/100/1000BASE-T ports), XGM3 slot, Stacking
module slot, DC PSU with one unpopulated PSU slot,
Fan module, ExtremeXOS Edge license

Wireless Products and Software


15451

Unied Access RF Manager Application

Unied Access RF Manager


Unied Access RF prediction software for a maximum
of 10 Altitudes per design. Unlimited Designs.

Service Code

Type

Other Info

97003-RF

EW

SW Subscription UA RF Mgr

Summit X460-48tDC

48 10/100/1000BASE-T, 4 100/1000BASE-X
unpopulated SFP, XGM3 slot, Stacking module slot,
DC PSU with one unpopulated PSU slot, Fan module,
ExtremeXOS Edge license

15452

Summit X460-24xDC

24 100/1000BASE-X unpopulated SFP, 8


10/100/1000BASE-T (4 10/100/1000BASE-T ports
shared with SFP ports), XGM3 slot, Stacking module
slot, DC PSU with one unpopulated PSU slot, Fan
module, ExtremeXOS Edge license

16410

Summit X460-48xDC

16421

Software Licence Upgrades

Unied Access RF Manager Adv


Unied Access RF prediction, measurement and
optimisation software. Unlimited Access Point
placement.

Service Code

Type

Other Info

97003-RFA

EW

SW Subscription RF Mgr Adv

15710

48 100/1000BASE-X unpopulated SFP, XGM3 slot,


Stacking module slot, DC PSU with one unpopulated
PSU slot, Fan module, ExtremeXOS Edge license
SX460 Advanced Edge Lic
ExtremeXOS Advanced Edge License for Summit
X460 series switches

Unied Access RF Manager Application

Summit WM3700 Wireless Controllers

Summit WM3700 WLAN Controller


Summit WM3700 WLAN controller with 4xGE Cu/SFP
ports, 1xFE management port, and 1x serial console
port. Has1 CF card slot, 2 USB slots. Can manage
up to 1,024 Access Points. AP capacity and feature
licenses sold separately. Power cord sold separately.

Service Code

97005-WM3700
97007-WM3700
97008-WM3700
97001-WM3700
97004-WM3700
97011-WM3700
97000-WM3700
95505-WM3700
95507-WM3700
95508-WM3700
95504-WM3700
95511-WM3700
95807-WM3700
95804-WM3700
95800-WM3700
95605-WM3700
95601-WM3700
95604-WM3700
95600-WM3700

Type
EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

Other Info

48hr AHR -WM3700


4hr AHR -WM3700
4hr On-Site -WM3700
Extended Warranty -WM3700
NBD AHR -WM3700
NBD Onsite -WM3700
Software and TAC -WM3700
48hr AHR -WM3700
4hr AHR -WM3700
4hr On-Site -WM3700
NBD AHR -WM3700
NBD Onsite -WM3700
4hr AHR -WM3700
NBD AHR -WM3700
Software and TAC -WM3700
48hr AHR -WM3700
Extended Warranty -WM3700
NBD AHR -WM3700
Software and TAC -WM3700

16422

Software Licence Upgrades

16423

Software Licence Upgrades

16424

Software Licence Upgrades

16125

Software Licence Upgrades

17026

Accessories and Spares

15711

Summit WM3700 Wireless Controllers

17030

Accessories and Spares

15712

Summit WM3700 Wireless Controllers

17038

Accessories and Spares

15713

Summit WM3700 Wireless Controllers

SX460 Core Lic from Edge Lic ExtremeXOS Advanced


Core License upgrade from Edge License for Summit
X460 series switches
SX460 Core Lic from Adv Edge
ExtremeXOS Advanced Core License upgrade from
Advanced Edge License for Summit X460 series
switches
SX460 MPLS Feature Pack
ExtremeXOS MPLS Feature Pack for Summit X460
Series Switches
SX460 Network Timing Feature Pack
ExtremeXOS Network Timing Feature Pack for
Summit X460 Series Switches
Stacking Cable 128G/64G, 1.0M
Conversion cable for SummitStack256 and
SummitStack128, 1.0M
Stacking Cable 64G, 1.0M
SummitStack128 Stacking Cable, 1.0M
Stacking Cable 64G/20G, 1.0M
Conversion cable for SummitStack128 and
SummitStack, 1.0M

Product Part Codes

16AP Lic for Summit WM3700


16 AP capacity license for Summit WM3700
controller. Shipped as a voucher.

64AP Lic for Summit WM3700


64 AP capacity license for Summit WM3700
controller. Shipped as a voucher.

RTLS Lic for Summit WM3700


Real Time Location System (RTLS) feature upgrade
license for Summit WM3700 controller. Enables the
API between the RTLS engine in controller and 3rd

Wireless Products and Software


party RTLS application.
Service Code

Type

97000-WM37-RTLS EW
95800-WM37-RTLS PWL
95600-WM37-RTLS PWP

15714

Other Info

Software and TAC -WM37-RTLS


Software and TAC -WM37-RTLS
Software and TAC -WM37-RTLS

Summit WM3600 Wireless Controllers

Summit WM3600 WLAN Controller


Summit WM3600 WLAN controller with 1x GE Cu/
SFP Uplink port, 8x GE PoE ports, 1x FE Mgmt port,
1x USB 2.0 Host
1x ExpressCard Slot, 1x PCI-X, 1x Serial Port, 2 USB
slots. Can manage up to 256 APs. Licenses sold
separately. Power cord sold separately.

Service Code

Type

Other Info

97005-WM3600
97007-WM3600
97008-WM3600
97001-WM3600
97004-WM3600
97011-WM3600
97000-WM3600
95505-WM3600
95507-WM3600
95508-WM3600
95504-WM3600
95511-WM3600
95807-WM3600
95804-WM3600
95800-WM3600
95605-WM3600
95601-WM3600
95604-WM3600
95600-WM3600

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48hr AHR -WM3600


4hr AHR -WM3600
4hr On-Site -WM3600
Extended Warranty -WM3600
NBD AHR -WM3600
NBD Onsite -WM3600
Software and TAC -WM3600
48hr AHR -WM3600
4hr AHR -WM3600
4hr On-Site -WM3600
NBD AHR -WM3600
NBD Onsite -WM3600
4hr AHR -WM3600
NBD AHR -WM3600
Software and TAC -WM3600
48hr AHR -WM3600
Extended Warranty -WM3600
NBD AHR -WM3600
Software and TAC -WM3600

15715

Summit WM3600 Wireless Controllers

15716

Summit WM3600 Wireless Controllers

16 AP Lic for Summit WM3600


16 AP capacity license for Summit WM3600
controller. Shipped as a voucher.

RTLS Lic for Summit WM3600


Real Time Location System (RTLS) feature upgrade
license for Summit WM3600 controller. Enables the
API between the RTLS engine in controller and 3rd
party RTLS application.

Service Code

Type

Other Info

97000-WM36-RTLS
95800-WM36-RTLS
95600-WM36-RTLS

EW
PWL
PWP

Software and TAC -WM36-RTLS


Software and TAC -WM36-RTLS
Software and TAC -WM36-RTLS

15717

Summit WM3400 Wireless Controllers

SUMMIT WM3400 WLAN CONTROLLER


Summit WM3400 WLAN controller with 5xGE PoE+
LAN ports, 1xGE WAN port and serial console port.
Includes 1x ExpressCard and 1x USB port. Bundled
with license for 6 Access Points.

Service Code

97005-WM3400
97007-WM3400
97008-WM3400

Type
EW
EW
EW

Other Info

48hr AHR -WM3400


4hr AHR -WM3400
4hr On-Site -WM3400

Service Code

97001-WM3400
97004-WM3400
97011-WM3400
97000-WM3400
95505-WM3400
95507-WM3400
95508-WM3400
95504-WM3400
95511-WM3400
95807-WM3400
95804-WM3400
95800-WM3400
95605-WM3400
95601-WM3400
95604-WM3400
95600-WM3400

Type
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

Other Info

Extended Warranty -WM3400


NBD AHR -WM3400
NBD Onsite -WM3400
Software and TAC -WM3400
48hr AHR -WM3400
4hr AHR -WM3400
4hr On-Site -WM3400
NBD AHR -WM3400
NBD Onsite -WM3400
4hr AHR -WM3400
NBD AHR -WM3400
Software and TAC -WM3400
48hr AHR -WM3400
Extended Warranty -WM3400
NBD AHR -WM3400
Software and TAC -WM3400

15718

Summit WM3700 Wireless Controllers

15719

Summit WM3600 Wireless Controllers

15720

Access Point 3510 Dual Radio 11a/b/g


Indoor

256 AP Lic for Summit WM3700


256 AP capacity license for Summit WM3700
controller. Shipped as a voucher.

64 AP Lic for Summit WM3600


64 AP capacity upgrade license for Summit WM3600
controller. Shipped as a voucher.

Altitude 3510-US abg AP


Altitude 3510 dual-radio 802.11a/b/g indoor Access
Point for US regulatory domain. Has 10/100 WAN/
LAN ports. Managed by Summit WM 3x00 controller;
Includes 4x external omni-directional antennas. PoE
powered or use optional external power supply (Part
No. 15728).

Service Code

Type

Other Info

97005-3510
97007-3510
97008-3510
97001-3510
97004-3510
97011-3510
97000-3510
95505-3510
95507-3510
95508-3510
95504-3510
95511-3510
95807-3510
95804-3510
95800-3510
95605-3510
95601-3510
95604-3510
95600-3510

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48hr AHR -3510


4hr AHR -3510
4hr On-Site -3510
Extended Warranty -3510
NBD AHR -3510
NBD Onsite -3510
Software and TAC -3510
48hr AHR -3510
4hr AHR -3510
4hr On-Site -3510
NBD AHR -3510
NBD Onsite -3510
4hr AHR -3510
NBD AHR -3510
Software and TAC -3510
48hr AHR -3510
Extended Warranty -3510
NBD AHR -3510
Software and TAC -3510

15721

Access Point 3510 Dual Radio 11a/b/g


Indoor

Altitude 3510-ROW abg AP


Altitude3510 dual-radio 802.11a/b/g indoor Access
Point for Rest of the World regulatory domain. Has

Product Part Codes

Wireless Products and Software


10/100 WAN/LAN ports. Managed by Summit WM
3x00 series controller; Includes 4x external omnidirectional antennas. PoE powered or use optional
external power supply (Part No. 15728).
Service Code

Type

Other Info

97005-3510-ROW
97007-3510-ROW
97008-3510-ROW
97001-3510-ROW
97004-3510-ROW
97011-3510-ROW
97000-3510-ROW
95505-3510-ROW
95507-3510-ROW
95508-3510-ROW
95504-3510-ROW
95511-3510-ROW
95807-3510-ROW
95804-3510-ROW
95800-3510-ROW
95605-3510-ROW
95601-3510-ROW
95604-3510-ROW
95600-3510-ROW

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48hr AHR -3510-ROW


4hr AHR -3510-ROW
4hr On-Site -3510-ROW
Extended Warranty -3510-ROW
NBD AHR -3510-ROW
NBD Onsite -3510-ROW
Software and TAC -3510-ROW
48hr AHR -3510-ROW
4hr AHR -3510-ROW
4hr On-Site -3510-ROW
NBD AHR -3510-ROW
NBD Onsite -3510-ROW
4hr AHR -3510-ROW
NBD AHR -3510-ROW
Software and TAC -3510-ROW
48hr AHR -3510-ROW
Extended Warranty -3510-ROW
NBD AHR -3510-ROW
Software and TAC -3510-ROW

15722

Type

Other Info

97005-3510-IL
97007-3510-IL
97008-3510-IL
97001-3510-IL
97004-3510-IL
97011-3510-IL
97000-3510-IL
95505-3510-IL
95507-3510-IL
95508-3510-IL
95504-3510-IL
95511-3510-IL
95807-3510-IL
95804-3510-IL
95800-3510-IL
95605-3510-IL
95601-3510-IL
95604-3510-IL
95600-3510-IL

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48hr AHR -3510-IL


4hr AHR -3510-IL
4hr On-Site -3510-IL
Extended Warranty -3510-IL
NBD AHR -3510-IL
NBD Onsite -3510-IL
Software and TAC -3510-IL
48hr AHR -3510-IL
4hr AHR -3510-IL
4hr On-Site -3510-IL
NBD AHR -3510-IL
NBD Onsite -3510-IL
4hr AHR -3510-IL
NBD AHR -3510-IL
Software and TAC -3510-IL
48hr AHR -3510-IL
Extended Warranty -3510-IL
NBD AHR -3510-IL
Software and TAC -3510-IL

15724

Service Code

Type

Other Info

97005-3550
97007-3550
97008-3550
97001-3550
97004-3550
97011-3550
97000-3550
95505-3550
95507-3550
95508-3550
95504-3550
95511-3550
95807-3550
95804-3550
95800-3550
95605-3550
95601-3550
95604-3550
95600-3550

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48hr AHR -3550


4hr AHR -3550
4hr On-Site -3550
Extended Warranty -3550
NBD AHR -3550
NBD Onsite -3550
Software and TAC -3550
48hr AHR -3550
4hr AHR -3550
4hr On-Site -3550
NBD AHR -3550
NBD Onsite -3550
4hr AHR -3550
NBD AHR -3550
Software and TAC -3550
48hr AHR -3550
Extended Warranty -3550
NBD AHR -3550
Software and TAC -3550

Access Point 3510 Dual Radio 11a/b/g


Indoor

Altitude 3510-IL abg AP


Altitude3510 802.11b/g indoor Access Point with
single band radio for Israel regulatory domain. Has
10/100 WAN/LAN ports. Managed by Summit WM
3x00 controller; Includes 2x external omni-directional
antennas. PoE powered or use optional external
external power supply (Part No. 15728).

Product Part Codes

Access Point 4610/4620 Dual Radio


11a/b/g/n Indoor

ALTITUDE 4610-US ABGN INAN AP


Altitude 4610 dual-radio 802.11a/b/g/n indoor
Access Point for US regulatory domain. Has one
10/100/1000 LAN port. Managed by Summit WM
3x00 controller; Includes internal omni-directional
antennas. PoE powered or use optional external
power supply

Access Point 3550 Dual Radio 11a/b/g


Outdoor

Altitude 3550-US abg OAP


Altitude 3550 dual-radio 802.11a/b/g outdoor Access
Point for US regulatory domain. Has 10/100 LAN
port. Managed by Summit WM 3x00 controller.
Require ext power supply (Part No. 15729).

15723

Service Code

Service Code

Type

Other Info

97005-4610
97007-4610
97008-4610
97001-4610
97004-4610
97011-4610
97000-4610
95505-4610
95507-4610
95508-4610
95504-4610
95511-4610
95807-4610
95804-4610
95800-4610
95605-4610
95601-4610
95604-4610
95600-4610

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48hr AHR -4610


4hr AHR -4610
4hr On-Site -4610
Extended Warranty -4610
NBD AHR -4610
NBD Onsite -4610
Software and TAC -4610
48hr AHR -4610
4hr AHR -4610
4hr On-Site -4610
NBD AHR -4610
NBD Onsite -4610
4hr AHR -4610
NBD AHR -4610
Software and TAC -4610
48hr AHR -4610
Extended Warranty -4610
NBD AHR -4610
Software and TAC -4610

15725

Access Point 4610/4620 Dual Radio


11a/b/g/n Indoor

ALTITUDE 4610-ROW ABGN INAN AP


Altitude 4610 dual-radio 802.11a/b/g/n indoor
Access Point for Rest of the World regulatory
domain. Has one 10/100/1000 LAN port. Managed
by Summit WM 3x00 controller; Includes internal
omni-directional antennas. PoE powered or use
optional external power supply

Service Code

Type

Other Info

97005-4610-ROW

EW

48hr AHR -4610-ROW

Wireless Products and Software


Service Code

Type

Other Info

97007-4610-ROW
97008-4610-ROW
97001-4610-ROW
97004-4610-ROW
97011-4610-ROW
97000-4610-ROW
95505-4610-ROW
95507-4610-ROW
95508-4610-ROW
95504-4610-ROW
95511-4610-ROW
95807-4610-ROW
95804-4610-ROW
95800-4610-ROW
95605-4610-ROW
95601-4610-ROW
95604-4610-ROW
95600-4610-ROW

EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

4hr AHR -4610-ROW


4hr On-Site -4610-ROW
Extended Warranty -4610-ROW
NBD AHR -4610-ROW
NBD Onsite -4610-ROW
Software and TAC -4610-ROW
48hr AHR -4610-ROW
4hr AHR -4610-ROW
4hr On-Site -4610-ROW
NBD AHR -4610-ROW
NBD Onsite -4610-ROW
4hr AHR -4610-ROW
NBD AHR -4610-ROW
Software and TAC -4610-ROW
48hr AHR -4610-ROW
Extended Warranty -4610-ROW
NBD AHR -4610-ROW
Software and TAC -4610-ROW

15726

Access Point 3550 Dual Radio 11a/b/g


Outdoor

Altitude 3550-ROW abg OAP


Altitude 3550 dual-radio 802.11a/b/g outdoor Access
Point for Rest of the World regulatory domain. Has
10/100BaseT LAN port. Managed by Summit WM
3x00 controller. Need ext power supply (Part No.
15729).

Service Code

Type

Other Info

97005-3550-ROW
97007-3550-ROW
97008-3550-ROW
97001-3550-ROW
97004-3550-ROW
97011-3550-ROW
97000-3550-ROW
95505-3550-ROW
95507-3550-ROW
95508-3550-ROW
95504-3550-ROW
95511-3550-ROW
95807-3550-ROW
95804-3550-ROW
95800-3550-ROW
95605-3550-ROW
95601-3550-ROW
95604-3550-ROW
95600-3550-ROW

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48hr AHR -3550-ROW


4hr AHR -3550-ROW
4hr On-Site -3550-ROW
Extended Warranty -3550-ROW
NBD AHR -3550-ROW
NBD Onsite -3550-ROW
Software and TAC -3550-ROW
48hr AHR -3550-ROW
4hr AHR -3550-ROW
4hr On-Site -3550-ROW
NBD AHR -3550-ROW
NBD Onsite -3550-ROW
4hr AHR -3550-ROW
NBD AHR -3550-ROW
Software and TAC -3550-ROW
48hr AHR -3550-ROW
Extended Warranty -3550-ROW
NBD AHR -3550-ROW
Software and TAC -3550-ROW

15728

Altitude Accessories

15729

Altitude Accessories

Power Supply for A3510 AP


External power supply for Altitude 3510 indoor
AP. Input of 90-264V AC and output of 48V DC.
Optional accessory if PoE source not available. Indoor
use only. Power cord sold separately.
PowerTap Ext Pwr for A3550 AP
Outdoor power supply for Altitude 3550 outdoorAP.
AC source is 100-280V. 48VDC output via special
Ethernet cable into AP. Also provides surge
protection for AP. Required for outdoor use with the
AP. Power cord sold separately.

15730

Access Point 4610/4620 Dual Radio


11a/b/g/n Indoor

ALTITUDE 4620-US ABGN EXAN AP


Altitude 4620 dual-radio 802.11a/b/g/n indoor
Access Point for US regulatory domain. Has a
10/100/1000 LAN port. Managed by Summit WM
3x00 controller; Includes 6x external omni-directional
antennas. 802.3 af PoE powered or use optional
external power supply

Service Code

Type

Other Info

97005-4620
97007-4620
97008-4620
97001-4620
97004-4620
97011-4620
97000-4620
95505-4620
95507-4620
95508-4620
95504-4620
95511-4620
95807-4620
95804-4620
95800-4620
95605-4620
95601-4620
95604-4620
95600-4620

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48hr AHR -4620


4hr AHR -4620
4hr On-Site -4620
Extended Warranty -4620
NBD AHR -4620
NBD Onsite -4620
Software and TAC -4620
48hr AHR -4620
4hr AHR -4620
4hr On-Site -4620
NBD AHR -4620
NBD Onsite -4620
4hr AHR -4620
NBD AHR -4620
Software and TAC -4620
48hr AHR -4620
Extended Warranty -4620
NBD AHR -4620
Software and TAC -4620

15731

Access Point 4610/4620 Dual Radio


11a/b/g/n Indoor

ALTITUDE 4620-ROW ABGN EXAN AP


Altitude 4620 dual-radio 802.11a/b/g/n indoor
Access Point for Rest of the World regulatory
domain. Has a 10/100/1000 LAN port. Managed by
Summit WM 3x00 controller; Includes 6x external
omni-directional antennas. 802.3 af PoE powered or
use optional external power supply

Service Code

Type

Other Info

97005-4620-ROW
97007-4620-ROW
97008-4620-ROW
97001-4620-ROW
97004-4620-ROW
97011-4620-ROW
97000-4620-ROW
95505-4620-ROW
95507-4620-ROW
95508-4620-ROW
95504-4620-ROW
95511-4620-ROW
95807-4620-ROW
95804-4620-ROW
95800-4620-ROW
95605-4620-ROW
95601-4620-ROW
95604-4620-ROW
95600-4620-ROW

EW
EW
EW
EW
EW
EW
EW
PW
PW
PW
PW
PW
PWL
PWL
PWL
PWP
PWP
PWP
PWP

48hr AHR -4620-ROW


4hr AHR -4620-ROW
4hr On-Site -4620-ROW
Extended Warranty -4620-ROW
NBD AHR -4620-ROW
NBD Onsite -4620-ROW
Software and TAC -4620-ROW
48hr AHR -4620-ROW
4hr AHR -4620-ROW
4hr On-Site -4620-ROW
NBD AHR -4620-ROW
NBD Onsite -4620-ROW
4hr AHR -4620-ROW
NBD AHR -4620-ROW
Software and TAC -4620-ROW
48hr AHR -4620-ROW
Extended Warranty -4620-ROW
NBD AHR -4620-ROW
Software and TAC -4620-ROW

15732

Altitude Accessories

HeavyWeather Kit-Altitude 3550

Product Part Codes

Wireless Products and Software


Heavy weather kit for Altitude 3550 outdoor Access
Point. Optional accessory. Enables deployment of AP
in very harsh weather environments like high winds,
deserts and mountain tops.

15733

15736

Altitude Accessories

WallPole MntgKit-Altitude 3550


Wall and Pole mounting kit for Altitude 3550
outdoor AP. Allows for installation of the Access
Point on at surfaces or poles up to 18 inches in
diameter. Optional accessory.

97000-EWMS-50
95800-EWMS-50
95600-EWMS-50

15744

Summit WM3600 Wireless Controllers

AdvSecurity Lic for WM3600


Advanced Security feature upgrade license for
Summit WM3600 controller. Enables Role Based
Firewall Conguration and increases number of
IPSEC VPN tunnels from 100 to 1024. Shipped as a
voucher.

Service Code

Type
97000-WM36-SEC EW
95800-WM36-SEC PWL
95600-WM36-SEC PWP

15737

a voucher.
Service Code

Other Info

Software and TAC -WM36-SEC


Software and TAC -WM36-SEC
Software and TAC -WM36-SEC

Summit WM3700 Wireless Controllers

AdvSecurity Lic for WM3700


Advanced Security feature upgrade license for
Summit WM3700 controller. Enables Role Based
Firewall Conguration and increases number of
IPSEC VPN tunnels from 600 to 2048. Shipped as a
voucher.

Service Code

Type

Other Info

97000-WM37-SEC
95800-WM37-SEC
95600-WM37-SEC

EW
PWL
PWP

Software and TAC -WM37-SEC


Software and TAC -WM37-SEC
Software and TAC -WM37-SEC

Type
97000-EWMS-100 EW
95800-EWMS-100 PWL
95600-EWMS-100 PWP

Extreme Wireless Management Suite

Wireless Mgmt Suite Base Lic


Extreme Networks Wireless Management Suite
(WMS) base server software. Includes Summit
WMScanner application and support for 50 APs.
Shipped as a CD.

Service Code

Type

Other Info

97000-EWMS
95800-EWMS
95600-EWMS

EW
PWL
PWP

Software and TAC -EWMS


Software and TAC -EWMS
Software and TAC -EWMS

15742

Extreme Wireless Management Suite

Wireless Mgmt Suite 25AP Lic


Extreme Networks Wireless Management Suite
(WMS) 25 AP capacity upgrade license. Shipped as
a voucher.

Service Code

Type

Other Info

97000-EWMS-25
95800-EWMS-25
95600-EWMS-25

EW
PWL
PWP

Software and TAC -EWMS-25


Software and TAC -EWMS-25
Software and TAC -EWMS-25

15743

Extreme Wireless Management Suite

Wireless Mgmt Suite 50AP Lic


Extreme Networks Wireless Management Suite
(WMS) 50 AP capacity upgrade license. Shipped as

Product Part Codes

Software and TAC -EWMS-100


Software and TAC -EWMS-100
Software and TAC -EWMS-100

Wireless Mgmt Suite 250AP Lic


Extreme Networks Wireless Management Suite
(WMS) 250 AP capacity upgrade license. Shipped as
a voucher.
Type
EW
PWL
PWP

Other Info

Software and TAC -EWMS-250


Software and TAC -EWMS-250
Software and TAC -EWMS-250

Extreme Wireless Management Suite

Wireless Mgmt Suite 500AP Lic


Extreme Networks Wireless Management Suite
(WMS) 500 AP capacity upgrade license. Shipped as
a voucher.

97000-EWMS-500
95800-EWMS-500
95600-EWMS-500

15747

Other Info

Extreme Wireless Management Suite

Service Code
97000-EWMS-250
95800-EWMS-250
95600-EWMS-250

15746

Software and TAC -EWMS-50


Software and TAC -EWMS-50
Software and TAC -EWMS-50

Wireless Mgmt Suite 100AP Lic


Extreme Networks Wireless Management Suite
(WMS) 100 AP capacity upgrade license. Shipped as
a voucher.

Service Code

15745

Other Info

Extreme Wireless Management Suite

Service Code

15741

Type
EW
PWL
PWP

Type
EW
PWL
PWP

Other Info

Software and TAC -EWMS-500


Software and TAC -EWMS-500
Software and TAC -EWMS-500

Extreme Wireless Management Suite

Wireless Mgmt Suite 2000AP Lic


Extreme Networks Wireless Management Suite
(WMS) 2000 AP capacity upgrade license. Shipped
as a voucher.

Service Code

Type

Other Info

97000-EWMS-2000
95800-EWMS-2000
95600-EWMS-2000

EW
PWL
PWP

Software and TAC -EWMS-2000


Software and TAC -EWMS-2000
Software and TAC -EWMS-2000

15748

Extreme Wireless Management Suite

Wireless Mgmt Suite 5000AP Lic


Extreme Networks Wireless Management Suite
(WMS) 5000 AP capacity upgrade license. Shipped
as a voucher.

Service Code

97000-EWMS-5000
95800-EWMS-5000
95600-EWMS-5000

Type
EW
PWL
PWP

Other Info

Software and TAC -EWMS-5000


Software and TAC -EWMS-5000
Software and TAC -EWMS-5000

Global Headquarters

United Kingdom

France

Sweden

Tarrytown, New York, USA


Tel: + 1 914 829 7000
Fax: + 1 914 829 7137
www.westcongroup.com

Westcon Convergence
Slough
+44 1753 797800
Burgess Hill
+44 1444 230004
Warrington
+44 1444 230004
www.westcon.co.uk
+44 1925 661700

Westcon Convergence
Courbevoie
+33 1 41 18 51 00
www.westcon.fr

Malm
+46 40 650 82 00
www.westcon.se

Westcon Security
Courbevoie
+33 1 41 85 10 20
www.westconsecurity.fr

Copenhagen
+45 44 92 86 00
www.westcon.dk

Westcon Security
Slough
+44 845 6442564
www.westconsecurity.co.uk

Comstor
Courbevoie
+33 1 41 18 51 00
www.comstor.fr

Comstor
Cirencester
+44 1285 647000
www.comstor.co.uk

Belgium

North America
Tarrytown, New York, USA
+1 914 829 7000
www.westcon.com

South Africa
Johannesburg
+27 11 233 33 33
www.westcon.co.za

Brazil
Rio De Janeiro
+21 3535 9300
www.westcon.com.br

Australia
Canberra
+61 2 6248-9158
www.westcongroup.com.au

India
Bangalore
+91 80 51265151
www.westcongroup.com

Indonesia
Jakarta
+6221 794 5301
www.comstor-indonesia.com

UAE
Dubai
+971 4 2998860
www.westconme.com

Germany

Westcon Convergence
Vilvoorde
+32 2 401 6050
www.westcon.be

Westcon Convergence
Mnchengladbach
+49 2166 14464 - 150
www.de.westcon.com

Westcon Security
Vilvoorde
+32 2 461 01 70
www.westconsecurity.be

Westcon Security
Unterschleiheim
+49 (0)89 3715642-30
www.westconsecurity.de

Comstor
Vilvoorde
+32 2 401 6000
www.comstor.be

Comstor
Berlin
+49 (0)30 346 03-0
www.comstor.de

Italy

Netherlands
Westcon Convergence
Houten
+31 30 248 94 11
www.westcon.nl

Westcon Convergence
Milano
+39 039 60722.1
www.westconconvergence.it
Westcon Security
Milano
+39 039 60722.1
www.westconsecurity.it

Denmark

Norway
Oslo
+47 67 11 87 70

Finland
Helsinki
+358 9 756 82 330

Baltics
Vilnius
+370 699 423 40

Spain
Madrid
+34 902 00 60 60
www.comstor.es

Czech Republic
Praha
+420 224 267 311
www.comstor.cz

Greece
Athens
+30 2107 279 094
www.westcon.gr

Westcon Security
Houten
+31 30 602 54 00
www.westconsecurity.nl
Comstor
Houten
+31 30 248 95 92
www.nl.comstor.com

Copyright 2011 Westcon, a Westcon Group, Inc. company. All Rights Reserved. WESTCON is a trademark of Westcon Group, Inc.