Guide to mainstream smart switch products

Nowadays, many mainstream smart switches adopt the anti-attack technology in firewalls and IDS systems to completely ensure network security. It should be said that the effect is still very obvious. For Smart Community broadband access applications, each user is divided into individual VLANs, which can also implement user-level authentication and access control. However, this method is only applicable to fixed access users, and cannot realize billing.

Currently, in broadband access networks and enterprise networks, AAA Technology (authorization, authentication, and billing) used in telecom operation networks, such as traditional RADIUS, PPPoE, and new user authentication functions such as 802.1x are integrated into smart switches to work with the authentication server to implement user-based authentication and access control.

For enterprise networks, user authentication, access control, and service authentication are usually performed when users access different network service resources, rather than access authentication on user access ports. Therefore, access control lists or RADIUS Authentication servers are commonly used to set different access permissions for related application service resources and implement authentication and authorization for users. For broadband access networks, user authentication is required to control the port connection status. Generally, access authentication is implemented through "PPPoE + RADIUS" or "802.1x + RADIUS.

PPPoE is a mature authentication method. It encapsulates Ethernet frames through the PPP protocol and provides point-to-point connections over unconnected Ethernet networks. PPPoE is similar to the traditional dial-up access method. A user uses a dialing software to initiate a PPP connection request. The request passes through a smart switch or DSL device and ends on the Access Gateway device of the centralized control management layer. The Access Gateway device is responsible for terminating the PPP connection and working with RADIUS to implement user management and policy control. 802.1x originated from the EAPOL 802.11 Protocol and is a recent Ethernet authentication technology. 802.1x is a standard defined by IEEE to address port-based access control.

802.1x authentication controls user access by enabling or disabling user access ports before and after authentication. Port-based network access control is used to authenticate and control access devices at the physical access level of LAN devices. User devices connected to physical ports can access resources in the LAN if they can pass authentication. If they cannot pass authentication, they cannot access resources in the LAN, which is equivalent to physically disconnecting. When the authentication is passed, the Remote Authentication Server can transmit information from users, such as VLAN, CAR parameters, priority, and user access control lists. After the authentication is passed, the user's traffic will be monitored by the above parameters.

802.1x requires access to the smart switch to support the EAPOL Protocol. At least the passthrough of the message is supported, but most of the existing network devices do not. Although more and more vendors are beginning to provide smart switch products that support 802.1x, the development of the Protocol is limited to a certain extent because the protocol standards are not yet mature and the implementation methods of different vendors are different.

Prevent Network Attacks

To ensure that the core smart switch is not affected by DoS attacks, some vendors adopt the anti-attack technology in the firewall and IDS System in the core smart switch, to ensure that the core switch is more stable and strong. This can especially defend against attacks from inside the network and improve system security. However, this technology is rarely used in edge switches.

3Com SuperStack 3 Switch 4400 easy to use

3Com's SuperStack 3 Switch 4400 smart Switch is easy to use and has rich functions. This product has a higher port density and is capable of assigning a higher priority service level for important business applications during data transmission over the network. In addition, the performance-price ratio of this product is the highest. It has twice the port density of the original solution, reducing the total cost of the product for the customer. Through the combination of SuperStack 3 Switch 4400 and other Gigabit Ethernet Switching Products, 3Com provides users with a complete set of advanced enterprise-level LAN Solutions.

Cisco Catalyst 3550 features

Cisco Catalyst 3550 smart Ethernet switch is a stack-able smart switch product that improves network health through high availability, quality of service (QoS), and security. With a series of Fast Ethernet and Gigabit Ethernet configurations, Cisco Catalyst 3550 is suitable for enterprise and Metro access applications, enabling users to deploy smart network services with the simplicity of traditional LAN switching. The built-in Cisco Cluster Management Suite simplifies the deployment of the access layer and small backbone networks, and provides powerful Gigabit Ethernet connections with a full set of GBIC devices.

D-Link DES-6300 high speed switching and Routing

D-Link's DES-6300 is a smart switch for high-speed switching and routing. This product adopts a chassis design and integrates with features such as line rate data packet routing, packet switching, multi-port aggregation, and multi-level data service quality (QoS, it is particularly suitable for high-speed, high-port density, and department-level, backbone-level, and enterprise-level large backbone networks with multiple port types. This product has a wide range of ports to meet business expansion needs. At the same time, the fully modular design enables the product to support Ethernet/fast Ethernet, Copper Twisted Pair wires/optical fiber and other rich port options, and provides 7 expansion slots, traditional Ethernet can be smoothly transplanted to Fast Ethernet or Gigabit Ethernet. In addition, the module hot swapping feature allows the network to install and uninstall the port module at the same time, without affecting the performance of the smart switch.