Specifications – ZyXEL Communications EXTRASMART ES-1528 User Manual

Specifications

Standard Compliance

• IEEE 802.3 10Base-T Ethernet

• IEEE 802.3u 100Base-TX Ethernet

• IEEE 802.ab 1000Base-T Ethernet

• IEEE 802.3x Flow control

• IEEE 802.1p Class of service, priority protocols

• IEEE 802.1Q VLAN tagging

• IEEE 802.3ad static port aggregation

Performance

ES-1528/ES-1552

• 12.8/17.6 Gbps non-blocking switching fabric

• Switching Forwarding Rate 9.6/13.1 Mpps

(1488000 pps/1000Base-T/1000Base-X, 148800

pps/100Base-TX)

• Wire-speed performance

MAC and Packet Buffer

• 8 K MAC entries

• 512 KB Packet Buffer

Traffic Management and QoS

• Rate Limiting: Port-based bandwidth control

with 7 grades (64 kbps, 256 kbps, 1 Mbps,

10 Mbps, 64 Mbps, 100 Mbps, 1 Gbps)

• Port-based egress traffic shaping

• Broadcast Storm Control

• Congestion control on all ports

• IEEE 802.1p with 4 priority queues per port for

different types of traffic

• WRR (Weighted Round Robin)/SPQ scheduling

algorithm

Auto VoIP

Auto VoIP module matches VoIP streams and

assign the highest priority for following VoIP

packets

• SIP — Session Initiation Protocol

• MGCP — Media Gateway Control Protocol

• SCCP — Skinny Client Control Protocol

Link Aggregation

• IEEE 802.3ad static port aggregation

• Up to 6 aggregation groups, per group supports

up to 8 ports

User Security and Authentication

• Specific MAC forwarding per port: only specified

MAC addresses can access the network (Port

Security)

• IEEE 802.1Q tagged VLAN

• 256 static VLAN, up to 4 K dynamic VLAN

• Dynamic ARP

Auto DoS Attack Prevention

Denial of Service (DoS) attacks try to disable a

device or network so users no longer have access

to network resources. Auto DoS Attack Prevention

module matches attack types in switches and

prevent network outage

Types of DoS Attacks can be prevented

• Land Attacks — These attacks result from

sending a specially crafted packet to a machine

where the source host IP address is the same as

the destination host IP address. The system

attempts to reply to itself, resulting in system

lockup.

• Blat Attack — These switch result from sending

a specially crafted packet to a machine where the

source host port is the same as the destination

host port. The system attempts to reply to itself,

resulting in system lockup.

• SYNFIN Scans — SYNchronization (SYN,

ACKnowledgement (ACK) and FINish (FIN)

packets are used to initiate, acknowledge and

conclude TCP/IP communication sessions. The

following scans exploit weakness in the TCP/IP

specification and try to illicit a response from a

host to identify ports for an attack:

- Scan SYNFIN — SYN and FIN bits are set in the

packet.

- Xmascan — TCP sequence number is zero and

the FIN, URG and PSH bits are set.

- NULL scan — TCP sequence number is zero and all

control bits are zeros.

- SYN with port <1024 — SYN packets with source

port less than 1024.

• Smurf Attacks — This attack uses Internet Control

Message Protocol (ICMP) echo requests packets

(pings) to cause network congestion or outrages.

• Ping Flooding — This attack floods the target

network with ICMP packets.

• SYN/SYN-ACK Flooding — This attack floods the

target network with SYN or SYN/ACK packets.

Network Administration Security

• Password required for administrators

Network Management

• Web-based management

• SNMP v1, v2

• IP management: static IP

• RMON

• Port mirroring: supports Source/Destination/Both

port mirroring

• Cable Diagnostic

MIB Information

• RFC1213 MIB II (System, Interface)

• RFC1398 (Ether-like)