beautypg.com

Features, Ruggedswitch, Rsg2100 – RuggedCom RSG2100 User Manual

Page 3

background image

www.RuggedCom.com

3

RuggedSwitch

®

RSG2100

RuggedSwitch

®

RSG2100

19-Port Modular Managed Ethernet Switch with Gigabit Uplink Ports, 128-bit Encryption

Cyber Security

Cyber security is an urgent issue in many industries where
advanced automation and communications networks play a
crucial role in mission critical applications and where high reliability
is of paramount importance. Key ROS

®

features that address

security issues at the local area network level include:

„

„ Passwords - Multi-level user passwords secures switch

against unauthorized configuration

„

„ „

SSH/SSL - Extends capability of password protection to add

encryption of passwords and data as they cross the network

„

„ „

Enable/Disable Ports - Capability to disable ports so that

traffic can not pass

„

„ „

802.1Q VLAN - Provides the ability to logically segregate

traffic between predefined ports on switches

„

„ „

MAC Based Port Security - The ability to secure ports

on a switch so only specific Devices / MAC addresses can
communicate via that port

„

„ „

802.1X Port Based Network Access Control - The ability to

lock down ports on a switch so that only authorized clients can
communicate via this port

„

„ RADIUS - authentication service using MD5 hash and

providing centralized password management

„

„ SNMPv3 - encrypted authentication access security and data

encryption (CBC-DES with 56-bit encryption key)

„

„ Secure Socket Layer - Web-based management using SSL

with data encryption (128-bit encryption key)

„

„ RSA – 1024 bit key for key management and key exchange

„

„ TACACS+ - Terminal Access Control and Accounting Services

Client provides encrypted authentication and authorization

„

„ Point to Point (PPP) - using CHAP (MD5 Hash)

authentication service

„

„ SFTP - Secure File Transfer Protocol using SSH encryption

The ROS

®

cyber security features are included to help

address the various industry specific security standards such

as NERC CIP, ISA S99, AGA 12, IEC 62443, ISO 17799:2005

and PCSRF SPP-ICS.

Enhanced Rapid Spanning Tree Protocol (eRSTP™)

RuggedCom eRSTP™ allows the creation of fault-tolerant

ring and mesh Ethernet networks that incorporate redundant

links that are ‘pruned’ to prevent loops. eRSTP™ yields worst-

case fault recovery of 5ms times the ‘bridge diameter’ and

allows rings of up to 160 switches. For example, a ring of ten

switches will have fault recovery times under 50ms. eRSTP™

implements both STP and RSTP to ensure interoperability with

commercial switches unlike other proprietary ‘ring’ solutions.

Note: eRSTP™ fault recovery times may be approximated as follows:

For 100 Mbps, fault recovery performance is <5ms/hop

For 1,000 Mbps, fault recovery performance is <5ms/hop + 20ms

Quality of Service (IEEE 802.1p)

Some networking applications such as real-time control or VoIP

(voice over IP) require predictable arrival times for
Ethernet frames. Switches can introduce latency in
times of heavy network traffic due to the internal queues that buffer
frames and then transmit on a first come first serve basis. ROS

®

supports ‘Class of Service’ in accordance with IEEE 802.1p that
allows time critical traffic to jump ahead to the front of the queue
thus minimizing latency and reducing jitter to allow such demanding
applications to operate correctly. ROS

®

allows priority classification

by port, tags, MAC address, and IP type of service (ToS). A
configurable “weighted fair queuing” algorithm controls how
frames are emptied from the queues.

VLAN (IEEE 802.1Q)

Virtual local area networks (VLAN) allow the segregation of a
physical network into separate logical networks with independent
broadcast domains. A measure of security is provided since hosts
can only access other hosts on the same VLAN and traffic storms
are isolated. ROS

®

supports 802.1Q tagged Ethernet frames and

VLAN trunks. Port based classification allows legacy devices to be
assigned to the correct VLAN. GVRP support is also provided to
simplify the configuration of the switches on the VLAN.

Link Aggregation (802.3ad)

The link aggregation feature provides the ability to aggregate

several Ethernet ports into one logical link (port trunk) with

higher bandwidth. This provides an inexpensive way to set up

a high speed backbone to improve network bandwidth. This

feature is also known as “port trunking”, “port bundling”, “port

teaming”, and “Ethernet trunk”.

IGMP Snooping

ROS

®

uses IGMP snooping (Internet Group Management

Protocol v1&v2) to intelligently forward or filter multicast traffic

streams (e.g. MPEG video) to or from hosts on the network.

This reduces the load on network trunks and prevents packets

from being received on hosts that are not involved. ROS

®

has

a very powerful implementation of IGMP snooping that:

„

„ „

Can be enabled on a per VLAN basis.

„

„ „

Detects and filters all multicast streams regardless of whether
subscribers exist.

„

„ „

Supports “router-less” operation by supporting an “active” mode.

„

„ „

Restores traffic streams immediately after an RSTP
topology change.

SNMP (Simple Network Management Protocol)

SNMP provides a standardized method for network

management stations the ability to interrogate devices from

different vendors. SNMP versions supported by ROS

®

are v1,

v2c, and v3. SNMPv3 in particular provides security features

such as authentication, privacy with data encryption (CBC-DES
with 56-bit encryption key) and access control not present in
earlier SNMP versions.

ROS

®

also supports numerous standard

MIBs (Management Information Base) allowing for easy

integration with any network management system (NMS).

ROS

®

Features

See also other documents in the category RuggedCom Computer Accessories: