SmartMC (Smart Management Center)
As the network scale increases, a large number of access devices are required at the edge of the network, which makes the management of these devices very cumbersome. The main purpose of SmartMC is to solve the problem of centralized management of a large number of scattered network devices. It aims to solve the switch-based operation and maintenance tasks of small enterprises. SmartMC realizes the unified operation and maintenance and management of the network by means of built-in equipment and graphical operation
The four major business segments of SmartMC simplify O&M and management:
Intelligent management:
It mainly includes device role selection, FTP server configuration, global configuration and network management port configuration, etc.
Intelligent operation and maintenance:
It mainly includes group management, device or group upgrade backup, monitoring and device failure replacement, etc.
Visualization:
It mainly includes network topology visualization and management, device list display, etc.
Smart business:
It mainly includes user management, etc.: After creating network access users and successfully activating them, these users can access the inside of the SmartMC network through the port of one-key arming.
High performance IPv4/IPv6 service capability
KNPB-48 series switches implement a hardware-based IPv4/IPv6 dual-stack platform, support multiple tunneling technologies, rich IPv4 and IPv6 layer-3 routing protocols, multicast technology and policy routing mechanism, and provide users with a complete IPv4/IPv6 solution .
IRF2 (Second Generation Intelligent Resilient Architecture)
KNPB-48 series switches support IRF2 (Second Generation Intelligent Resilient Architecture) technology, which is to connect multiple physical devices to each other and make them virtual as a logical device. That is to say, users can regard these multiple devices as one A single device for management and use. IRF can bring the following benefits to users:
Simplified management: After the IRF architecture is formed, it can be connected to any port of any device to log in to a unified logical device. Through the configuration of a single device, the effect of managing the entire intelligent elastic system and all member devices in the system can be achieved without using Physically connect to each member device to configure and manage them individually.
Simplify business :The various control protocols running in the logical device formed by IRF also run as a single device. For example, the routing protocol will be calculated as a single device, and with the application of cross-device link aggregation technology, it can replace the original generated Tree protocol, which saves the exchange of a large number of protocol packets between devices, simplifies network operation, and shortens the convergence time when the network is turbulent.
Elastic Expansion: Flexible expansion can be realized according to user needs to ensure user investment. And when the newly added device joins or leaves the IRF architecture, "hot swap" can be realized without affecting the normal operation of other devices.
High reliability: The high reliability of IRF is reflected in three aspects: links, devices and protocols. The physical ports between member devices support the aggregation function, and the physical connection between the IRF system and the upper and lower devices also supports the aggregation function, which improves the reliability of the link through multi-link backup; the IRF system is composed of multiple member devices. Once the Master device fails, the system will quickly and automatically elect a new Master to ensure that the business through the system is not interrupted, thus realizing the device-level 1:N backup; the IRF system will have a real-time protocol hot backup function responsible for the configuration information of the protocol Backup to all other member devices to achieve 1:N protocol reliability.
High performance: For high-end switches, the improvement of performance and port density will be limited by the hardware structure. The performance and port density of the IRF system are the sum of the performance and number of ports of all devices inside the IRF. Therefore, the IRF technology can easily expand the switching capability of the device and the density of user ports several times, thereby greatly improving the performance of the device.
Complete security control strategy
KNPB-48 series switches support the EAD (End Access Control) function, and cooperate with the background system to integrate terminal security measures such as terminal anti-virus and patch repair with network security measures such as network access control and access control into a linked security system , through the inspection, isolation, repair, management and monitoring of network access terminals, the entire network is changed from passive defense to active defense, from single-point defense to comprehensive defense, and from decentralized management to centralized policy management, which improves the network's resistance to viruses, Overall defense against emerging security threats such as worms.
KNPB-48 series switches support centralized MAC address authentication, 802.1x authentication, PORTAL authentication, support dynamic or static binding of user identification elements such as user account, IP, MAC, VLAN, port, etc., and realize user policies (VLAN, QoS, ACL) dynamic distribution; support the real-time management of online users with H3C's iMC system, timely diagnosis and disintegration of illegal network behaviors.
KNPB-48 series switches provide enhanced ACL control logic, support super-capacity ingress port and egress port ACL, and support VLAN-based ACL delivery, which simplifies the user configuration process and avoids the waste of ACL resources. In addition, the KNPB-48 series will also support unicast reverse path lookup technology (uRPF). The principle is that when a data packet is received on an interface of the device, it will look up the path in reverse to verify whether there is a path from the receiving interface to the packet. The route between the source addresses formulated in , that is, its authenticity is verified, and if it does not exist, the data packet will be deleted, so that we can effectively prevent the source address spoofing that is increasingly rampant in the network.
Multiple reliability protection
KNPB-48 series switches have multiple reliability protections at the device level and link level.
KNPB-48 series switches support the reliability design of plugable AC and DC dual power supply modules, and can flexibly configure AC or DC power supply modules according to the needs of the actual environment. In addition, the whole machine also supports fault detection and alarm for power supplies and fans. These designs Make the equipment have higher reliability.
In addition to device-level reliability, the product also supports rich link-level reliability technologies, including protection protocols such as LACP/STP/RSTP/MSTP/Smart Link/RRPP fast ring network protection mechanisms, supports IRF2 intelligent elastic architecture, and supports 1 : N redundant backup, supports ring stacking, supports cross-device link aggregation, greatly improves network reliability, does not affect network convergence time when the network carries multiple services and large traffic, and ensures normal business development.
Rich QoS policies
KNPB-48 series switches support L2 (Layer 2) ~ L4 (Layer 4) packet filtering function, providing based on source MAC address, destination MAC address, source IP address, destination IP address, TCP/UDP port number, protocol type, VLAN stream classification. Provides a flexible queue scheduling algorithm, which can be set based on ports and queues at the same time, and supports SP (Strict Priority), WRR (Weighted Round Robin), and SP+WRR modes. Support CAR (Committed Access Rate) function, the minimum granularity is 16Kbps. Support outbound and inbound port mirroring, which is used to monitor the packets on the specified port, and copy the data packets on the port to the monitoring port for network detection and troubleshooting.
Excellent management
KNPB-48 series switches support rich management interfaces, such as Console port, out-of-band network management port, support SNMPv1/v2/v3 (Simple Network Management Protocol), and can support general network management platforms such as Open View and iMC intelligent management center. Supports CLI command line, Web network management, and TELNET to make device management more convenient, and supports SSH2.0 and other encryption methods to make management more secure.
KNPB-48 series switches support SPAN/RSPAN mirroring and multiple mirroring observation ports, which can analyze network traffic to take corresponding management and maintenance measures, so that the originally invisible network service application traffic becomes clear at a glance, and can provide users with a variety of network Flow analysis reports help users optimize network structure and adjust resource deployment in a timely manner.