Brocade FCX-2XG Data Sheet
spanning tree operations; and broadcast
and multicast packet rate limiting.
Additional security features include dynamic
ARP inspection, DHCP snooping, and IP
source guard to protect against address
spoofing and man-in-the middle attacks.
and multicast packet rate limiting.
Additional security features include dynamic
ARP inspection, DHCP snooping, and IP
source guard to protect against address
spoofing and man-in-the middle attacks.
Network Access Control (NAC)
Organizations can rely on key features
such as multi-device port authentication
and 802.1X authentication with dynamic
policy assignment to control network access
and perform targeted authorization on a
per-user level. In addition, the Brocade FCX
Series supports enhanced Media Access
Control (MAC) policies with the ability to
deny traffic to and from MAC addresses on
a per-VLAN basis. This powerful tool helps
organizations control access policies per
endpoint device.
Standards-based NAC also facilitates
best-in-class solutions for authenticating
network users and validating the security
posture of connecting devices. Support for
policy-controlled MAC-based VLANs provides
additional control of network access,
enabling policy-controlled assignment of
devices to Layer 2 VLANs.
such as multi-device port authentication
and 802.1X authentication with dynamic
policy assignment to control network access
and perform targeted authorization on a
per-user level. In addition, the Brocade FCX
Series supports enhanced Media Access
Control (MAC) policies with the ability to
deny traffic to and from MAC addresses on
a per-VLAN basis. This powerful tool helps
organizations control access policies per
endpoint device.
Standards-based NAC also facilitates
best-in-class solutions for authenticating
network users and validating the security
posture of connecting devices. Support for
policy-controlled MAC-based VLANs provides
additional control of network access,
enabling policy-controlled assignment of
devices to Layer 2 VLANs.
Traffic Monitoring and
Lawful Intercept
Organizations might need to set up lawful
traffic intercept due to today’s heightened
security environment. For example, in
the United States, the Communications
Assistance for Law Enforcement Act
(CALEA) requires organizations to be able to
intercept and replicate data traffic directed
to a particular user, subnet, port, and so
on. This capability is particularly essential
in networks implementing VoIP phones.
Brocade FCX Series switches provide the
capability to meet this requirement through
Access Control List (ACL)-based mirroring,
MAC filter-based mirroring, and VLAN-based
mirroring.
traffic intercept due to today’s heightened
security environment. For example, in
the United States, the Communications
Assistance for Law Enforcement Act
(CALEA) requires organizations to be able to
intercept and replicate data traffic directed
to a particular user, subnet, port, and so
on. This capability is particularly essential
in networks implementing VoIP phones.
Brocade FCX Series switches provide the
capability to meet this requirement through
Access Control List (ACL)-based mirroring,
MAC filter-based mirroring, and VLAN-based
mirroring.
Fiber to the Desktop for Security-
Sensitive Applications
The Brocade FCX 624S-F provides 24
SFP 100/1000 Mbps fiber-optic ports for
government and military network initiatives
or for applications requiring additional
security and resiliency. For these types
of network environments, fiber-optic cable
is the ultimate transmission medium,
SFP 100/1000 Mbps fiber-optic ports for
government and military network initiatives
or for applications requiring additional
security and resiliency. For these types
of network environments, fiber-optic cable
is the ultimate transmission medium,
because it does not emit electromagnetic
signals that can be intercepted. And, unlike
copper wires, optical fiber cannot be tapped
without detection. Fiber-optic network
links are also immune to Radio Frequency
Interference (RFI) and Electro-Magnetic
Interference (EMI).
signals that can be intercepted. And, unlike
copper wires, optical fiber cannot be tapped
without detection. Fiber-optic network
links are also immune to Radio Frequency
Interference (RFI) and Electro-Magnetic
Interference (EMI).
Threat Detection and Mitigation
The Brocade FCX Series utilizes embedded
hardware-based sFlow traffic sampling to
extend Brocade IronShield 360 security to
the network edge. This unique and powerful
closed-loop threat mitigation solution uses
best-in-class intrusion detection systems to
inspect traffic samples for possible network
attacks. In response to a detected attack,
Brocade Network Advisor can automatically
apply a security policy to the compromised
port, stopping network attacks in real time
without administrator intervention.
hardware-based sFlow traffic sampling to
extend Brocade IronShield 360 security to
the network edge. This unique and powerful
closed-loop threat mitigation solution uses
best-in-class intrusion detection systems to
inspect traffic samples for possible network
attacks. In response to a detected attack,
Brocade Network Advisor can automatically
apply a security policy to the compromised
port, stopping network attacks in real time
without administrator intervention.
Advanced Multicast Features
The Brocade FCX Series supports a rich
set of Layer 2 multicast snooping features
that enable advanced multicast services
delivery. Internet Group Management
Protocol (IGMP) snooping for IGMP version
1, 2, and 3 is supported. Support for
IGMPv3 source-based multicast snooping
improves bandwidth utilization and security
for multicast services. To enable multicast
services delivery in IPv6 networks, the
Brocade FCX Series supports Multicast
Listener Discovery (MLD) version 1 and 2
snooping——the multicast protocols used in
IPv6 environments.
set of Layer 2 multicast snooping features
that enable advanced multicast services
delivery. Internet Group Management
Protocol (IGMP) snooping for IGMP version
1, 2, and 3 is supported. Support for
IGMPv3 source-based multicast snooping
improves bandwidth utilization and security
for multicast services. To enable multicast
services delivery in IPv6 networks, the
Brocade FCX Series supports Multicast
Listener Discovery (MLD) version 1 and 2
snooping——the multicast protocols used in
IPv6 environments.
NETWORK RESILIENCY THROUGH
FAULT DETECTION
Software features such as Virtual Switch
Redundancy Protocol (VSRP), Brocade
Metro-Ring Protocol (MRP) v1 and v2, Rapid
Spanning Tree Protocol (RSTP), protected
link groups, 802.3ad Link Aggregation,
and trunk groups provide alternate paths
for traffic in the event of a link failure.
Sub-second fault detection utilizing Link
Fault Signaling (LFS) and Remote Fault
Notification (RFN) helps ensure fast fault
detection and recovery.
Redundancy Protocol (VSRP), Brocade
Metro-Ring Protocol (MRP) v1 and v2, Rapid
Spanning Tree Protocol (RSTP), protected
link groups, 802.3ad Link Aggregation,
and trunk groups provide alternate paths
for traffic in the event of a link failure.
Sub-second fault detection utilizing Link
Fault Signaling (LFS) and Remote Fault
Notification (RFN) helps ensure fast fault
detection and recovery.
Enhanced spanning tree features such
as Root Guard and BPDU Guard prevent
rogue hijacking of a spanning tree root
and maintain a contention- and loop-free
environment, especially during dynamic
as Root Guard and BPDU Guard prevent
rogue hijacking of a spanning tree root
and maintain a contention- and loop-free
environment, especially during dynamic
network deployments. In addition, the
Brocade FCX Series supports port-loop
detection on edge ports that do not have
spanning tree enabled. This capability
protects the network from broadcast storms
and other anomalies that can result from
Layer 1 or Layer 2 loopbacks on Ethernet
cables or endpoints.
Brocade FCX Series supports port-loop
detection on edge ports that do not have
spanning tree enabled. This capability
protects the network from broadcast storms
and other anomalies that can result from
Layer 1 or Layer 2 loopbacks on Ethernet
cables or endpoints.
Protected link groups minimize disruption
to the network by protecting critical links
from loss of data and power. In a protected
link group, one port in the group acts as
the primary or active link, and the other
ports act as secondary or standby links. The
active link carries the traffic and, if it goes
down, one of the standby links takes over.
to the network by protecting critical links
from loss of data and power. In a protected
link group, one port in the group acts as
the primary or active link, and the other
ports act as secondary or standby links. The
active link carries the traffic and, if it goes
down, one of the standby links takes over.
UniDirectional Link Detection (UDLD)
monitors a link between two Brocade FCX
Series switches and brings down the ports
on both ends of the link if the link fails at
any point between the two devices.
monitors a link between two Brocade FCX
Series switches and brings down the ports
on both ends of the link if the link fails at
any point between the two devices.
The Brocade FCX Series also supports
stability features such as port flap
dampening, single-link Link Aggregation
Control Protocol (LACP), and port
loop detection.
stability features such as port flap
dampening, single-link Link Aggregation
Control Protocol (LACP), and port
loop detection.
ADVANCED CAPABILITIES
To meet a wide range of requirements, the
Brocade FCX Series provides full Layer 3
capabilities, along with metro features for
connecting buildings and campuses.
Brocade FCX Series provides full Layer 3
capabilities, along with metro features for
connecting buildings and campuses.
Full Layer 3 Capabilities
All Brocade FCX switches come standard
with powerful Layer 3 switching capabilities.
Organizations can use Layer 3 features such
as IPv4 OSPF and RIP routing, policy-based
routing, VRRP, and Protocol-Independent
Multicast (PIM) to reduce complexity and
enhance the reliability of large enterprise
networks by bringing Layer 3 capabilities
to the network edge.
with powerful Layer 3 switching capabilities.
Organizations can use Layer 3 features such
as IPv4 OSPF and RIP routing, policy-based
routing, VRRP, and Protocol-Independent
Multicast (PIM) to reduce complexity and
enhance the reliability of large enterprise
networks by bringing Layer 3 capabilities
to the network edge.
Advanced (-ADV) models include BGP
routing capabilities, enabling remote
offices to connect Brocade FCX Series
switches to service provider networks.
BGP routing can also be added to any
Brocade FCX Series switch model through
software key-based activation.
routing capabilities, enabling remote
offices to connect Brocade FCX Series
switches to service provider networks.
BGP routing can also be added to any
Brocade FCX Series switch model through
software key-based activation.