Huawei S3700-52P-PWR-SI 02354132 User Manual
Product codes
02354132
l
When a queue is shorter than the minimum threshold, the device does not discard packets.
l
When the length of a queue is between the low threshold and the high threshold, WRED
begins to discard packets randomly.
begins to discard packets randomly.
l
When a queue is longer than the high threshold, the device discards all incoming packets.
4.5.6 Rate Limit on an Interface
Rate limit on an interface is used to adjust the rate of traffic on an outbound interface or inbound
interface to prevent burst traffic. The S3700 uses the token bucket and a buffer to limit the traffic
rate on an outbound interface, implementing traffic shaping. When the rate of packets exceeds
the rate limit, the S3700 buffers excessive packets and sends them when the traffic rate falls
below the limit. In this manner, the transmission rate is smoothed.
interface to prevent burst traffic. The S3700 uses the token bucket and a buffer to limit the traffic
rate on an outbound interface, implementing traffic shaping. When the rate of packets exceeds
the rate limit, the S3700 buffers excessive packets and sends them when the traffic rate falls
below the limit. In this manner, the transmission rate is smoothed.
4.5.7 Aggregate CAR
Aggregate CAR is the CAR applied to multiple interfaces to implement traffic policing for
service flows on the interfaces. The sum of rate limits on the interfaces must be equal to or
smaller than the aggregate CAR.
service flows on the interfaces. The sum of rate limits on the interfaces must be equal to or
smaller than the aggregate CAR.
4.6 Security
The S3700 guarantees both device security and service security.
4.6.1 Device Security
Hierarchical Command Protection
When a user logs in to the S3700 from an Ethernet interface through Telnet, the S3700
authenticates the user to ensure security. The user can configure and maintain the S3700 only
after passing the authentication.
authenticates the user to ensure security. The user can configure and maintain the S3700 only
after passing the authentication.
The S3700 adopts a hierarchical protection mode for commands. Commands are classified into
the visit level, monitoring level, configuration level, and management level, with their levels in
ascending order. Login users are also classified into four levels, corresponding to the four levels
of commands. After logging in to the S3700, a user can run only the commands at the same or
lower level. This mode effectively controls the user authority.
the visit level, monitoring level, configuration level, and management level, with their levels in
ascending order. Login users are also classified into four levels, corresponding to the four levels
of commands. After logging in to the S3700, a user can run only the commands at the same or
lower level. This mode effectively controls the user authority.
The S3700 extends command levels and user levels to 16 levels so that users are managed more
refinedly.
refinedly.
Remote SSH Login
The S3700 supports the Secure Shell (SSH). On an insecure network, SSH provides powerful
security guarantee and authentication for login users and can defend against various attacks.
security guarantee and authentication for login users and can defend against various attacks.
Encrypted Authentication Through SNMPv3
The S3700 supports encrypted authentication through SNMPv3. When S3700 is managed by an
NMS workstation through SNMP, it adopts the encrypted authentication mode in user-based
security mode (USM) to ensure security.
NMS workstation through SNMP, it adopts the encrypted authentication mode in user-based
security mode (USM) to ensure security.
S3700HI Ethernet Switches
Product Description
Product Description
4 Service Features
Issue 05 (2012-10-20)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
26