Brocade FastIron FGS624XGP FGS624XGP Scheda Tecnica
Codici prodotto
FGS624XGP
Traffic Monitoring and
Lawful Intercept
Organizations may need to set up lawful
traffic intercept due to today’s heightened
security environment. For example, in
the United States, the Communications
Assistance for Law Enforcement Act
(CALEA) requires businesses be able to
intercept and replicate data traffic directed
to a particular user, subnet, port, etc. This
capability is particularly essential in networks
implementing IP phones. The FastIron
GS provides the capability necessary to
support this requirement through ACL-
Based Mirroring, MAC filter-Based Mirroring,
and VLAN-Based Mirroring. Network
managers can apply a “mirror ACL” on a
port and mirror a traffic stream based on
IP source/destination address, TCP/UDP
source/destination ports, and IP protocols
such as ICMP, IGMP, TCP, and UDP. A MAC
filter can be applied on a port and mirror a
traffic stream based on a source/destination
MAC address. VLAN-Based mirroring is
another option for CALEA compliance. Many
enterprises have service-specific VLANs,
such as voice VLANs. With VLAN mirroring, all
traffic on an entire VLAN within a switch can
be mirrored to a remote server.
traffic intercept due to today’s heightened
security environment. For example, in
the United States, the Communications
Assistance for Law Enforcement Act
(CALEA) requires businesses be able to
intercept and replicate data traffic directed
to a particular user, subnet, port, etc. This
capability is particularly essential in networks
implementing IP phones. The FastIron
GS provides the capability necessary to
support this requirement through ACL-
Based Mirroring, MAC filter-Based Mirroring,
and VLAN-Based Mirroring. Network
managers can apply a “mirror ACL” on a
port and mirror a traffic stream based on
IP source/destination address, TCP/UDP
source/destination ports, and IP protocols
such as ICMP, IGMP, TCP, and UDP. A MAC
filter can be applied on a port and mirror a
traffic stream based on a source/destination
MAC address. VLAN-Based mirroring is
another option for CALEA compliance. Many
enterprises have service-specific VLANs,
such as voice VLANs. With VLAN mirroring, all
traffic on an entire VLAN within a switch can
be mirrored to a remote server.
Threat detection and Mitigation
Support for embedded, hardware-based
sFlow traffic sampling extends the Brocade
IronShield 360 security shield to the
network edge. This unique and powerful
closed loop threat mitigation solution
uses best-of-breed intrusion detection
sFlow traffic sampling extends the Brocade
IronShield 360 security shield to the
network edge. This unique and powerful
closed loop threat mitigation solution
uses best-of-breed intrusion detection
systems to inspect sFlow traffic samples
for possible network attacks. In response
to a detected attack, IronView
for possible network attacks. In response
to a detected attack, IronView
®
Network
Manager (INM) can apply a security policy
to the compromised port. This automated
threat detection and mitigation stops
network attacks in real time, without
human intervention. This advanced security
capability provides a network-wide security
umbrella without the added complexity and
cost of ancillary sensors.
to the compromised port. This automated
threat detection and mitigation stops
network attacks in real time, without
human intervention. This advanced security
capability provides a network-wide security
umbrella without the added complexity and
cost of ancillary sensors.
advanced Multicast Features
FastIron GS switches support a rich set
of Layer 2 multicast snooping features
that enable advanced multicast services
delivery. Internet Group Management
Protocol (IGMP) snooping for IGMP version
1, 2, and 3 is supported. Support for
IGMPv3 source-based multicast snooping
improves bandwidth utilization and security
for multicast services.
of Layer 2 multicast snooping features
that enable advanced multicast services
delivery. Internet Group Management
Protocol (IGMP) snooping for IGMP version
1, 2, and 3 is supported. Support for
IGMPv3 source-based multicast snooping
improves bandwidth utilization and security
for multicast services.
To enable multicast service delivery in
IPv6 networks, the FastIron GS supports
Multicast Listener Discovery (MLD) version
1 and 2 snooping, the multicast protocols
used in IPv6 environments.
IPv6 networks, the FastIron GS supports
Multicast Listener Discovery (MLD) version
1 and 2 snooping, the multicast protocols
used in IPv6 environments.
Building Resilient Networks with
advanced Layer 2 and Layer 3 Protocols
Software features such as Virtual Switch
Redundancy Protocol (VSRP), the Brocade
Metro Ring Protocol (MRP I and II), Rapid
Spanning Tree Protocol (RSTP), protected
link groups, 802.3ad Link Aggregation, and
trunk groups provide alternate paths for
traffic in the event of a link failure. Sub-
Redundancy Protocol (VSRP), the Brocade
Metro Ring Protocol (MRP I and II), Rapid
Spanning Tree Protocol (RSTP), protected
link groups, 802.3ad Link Aggregation, and
trunk groups provide alternate paths for
traffic in the event of a link failure. Sub-
second fault detection utilizing Link Fault
Signaling and Remote Fault Notification
ensures rapid fault detection and recovery.
Signaling and Remote Fault Notification
ensures rapid fault detection and recovery.
Enhanced Spanning Tree features such
as Root Guard and BPDU Guard prevent
rogue hijacking of a spanning tree root
and maintain a contention and loop free
environment especially during dynamic
network deployments. Additionally, the
FastIron GS supports Port Loop Detection on
edge ports that do not have spanning tree
enabled. This capability protects the network
from broadcast storms and other anomalies
that can result from layer 1 or layer 2
loopbacks on Ethernet cables or endpoints.
as Root Guard and BPDU Guard prevent
rogue hijacking of a spanning tree root
and maintain a contention and loop free
environment especially during dynamic
network deployments. Additionally, the
FastIron GS supports Port Loop Detection on
edge ports that do not have spanning tree
enabled. This capability protects the network
from broadcast storms and other anomalies
that can result from layer 1 or layer 2
loopbacks on Ethernet cables or endpoints.
Base Layer 3 functionality enhances the
capability of the FastIron GS as an edge
platform. Base Layer 3 allows enterprises
to use simple Layer 3 features such as
IPv4 static routes, routing between directly
connected subnets, RIPv1/v2 announce,
VRRP, and DHCP Relay. Network managers
can remove complexity from an end-to-end
Layer 3 network design and eliminate the
cost required for a full Layer 3 edge switch.
capability of the FastIron GS as an edge
platform. Base Layer 3 allows enterprises
to use simple Layer 3 features such as
IPv4 static routes, routing between directly
connected subnets, RIPv1/v2 announce,
VRRP, and DHCP Relay. Network managers
can remove complexity from an end-to-end
Layer 3 network design and eliminate the
cost required for a full Layer 3 edge switch.
In addition, in non-stacking configurations,
the FastIron GS models support an optional
Edge Layer 3 feature set (EPREM).* These
edge Layer 3 features enable full dynamic
routing via OSFP and RIPv1/v2 in addition
to the Base Layer 3 features. With FastIron
GS Base Layer 3 and the optional EPREM
upgrade, network managers can deploy end-
to-end Layer 3 networks utilizing the same
routing policies from edge to core, thereby
simplifying network design and operation.
the FastIron GS models support an optional
Edge Layer 3 feature set (EPREM).* These
edge Layer 3 features enable full dynamic
routing via OSFP and RIPv1/v2 in addition
to the Base Layer 3 features. With FastIron
GS Base Layer 3 and the optional EPREM
upgrade, network managers can deploy end-
to-end Layer 3 networks utilizing the same
routing policies from edge to core, thereby
simplifying network design and operation.
*Available only on the standalone FastIron GS. This feature is not available on the IronStack enabled FastIron GS.