Parameter differences between a security switch and other switches

As the name suggests, security is the biggest feature of a security switch. Next we will mainly explain the parameter table in the security switch to understand its internal differences with a common switch. When you select a vswitch, you can view its function list. However, the list of functions of security Switches of different brands is put together for comparison, like a pile of identical triplets, which look exactly the same.

In fact, they still have nothing to do with the community. When testing a security product, a colleague wants to mirror the traffic of two vswitch ports, but the security switch can only mirror one port at the same time. In the "Support Port image" section of the function list, this security switch is filled with "support ".

I used Spanning Tree Load Balancing for the user group network. When I got another switch, its "Weapon spectrum" also indicated that Multiple Spanning Tree groups are supported. It was later found that although many spanning trees can be created, Trunk ports carrying multiple VLAN information can only be placed in one spanning tree. What can be done with the Spanning Tree is redundancy.

Currently, none of the common layer-3 switches raise their hands and say "I don't support VRRP ". However, some can only put the ports of the two switches in the same VLAN, because VRRP packets are broadcast packets. Some support non-VLAN redundancy. VRRP information can be transmitted between two routing ports. The former provides fewer options, but it is not reflected in the menu.

If a security switch says it is helpless against DoS attacks, the current situation is that it must crash in the warehouse. So how much does a "security switch" provide for security? Some switches discard the stream forwarding mechanism, which makes a variety of DoS attacks not worth mentioning, but their hardware costs also increase. Some switches receive traffic from a valid address through the ACL, and all others are lost. This method sounds like it will affect the flexibility of the network, and it is troublesome to configure. Compared with the previous "Security Switch", it is simply another extreme. Another vswitch can speed up certain traffic, Reverse Address Resolution, limit the number of MAC addresses learned from a port, and set the threshold for scanning certain IP network segments, the manufacturer has paid a lot of attention. In addition, you certainly do not like the "Security Switch" that does not allow you to view CPU utilization or send email alerts ". Therefore, the word "security" should be carefully identified by the user.

Some users buy a vendor's network solution to view the company's network management. Someone who buys a layer-3 switch will like its Web management interface. You can see the switch panel and perform common operations on the panel. This method is often based on Java. Different vendors have different practices, and some are not suitable for use during peak network hours.

No layer-3 switch is willing to admit that it does not support "QoS". This is also true and is supported by everyone. However, the intensity is different. However, this difference may make your QoS plan messy. The fewer queues are supported, the more rough the difference between QoS implementation. The fewer queuing algorithms, the more QoS scenarios are supported. When "DiffServ is supported" is shown in the table, you need to take a closer look.

The price of machines that have done a good job in all projects is generally superior. When selecting a security switch, it is best to meet the current requirements and adapt to the future. However, I think we should abandon what we don't need. I think IPv6 and BGP are ignored. In a small network, OSPF seems redundant. QoS may not be required too much. If you have a video conference, it is a common practice to set port speed limits for multicast sources to ensure bandwidth. Although this configuration will cause idle bandwidth when the multicast source is "Resting", after all, this demand for security switches is reduced and the network may not be affected.

It is not recommended that you buy a switch that is the most "thin" or "strong", but want to tell you which items you should pay attention to when everyone looks alike, you don't have to pay for the unused features, but you want to buy the part to see if it gets a discount.