16-Port 10G Stackable Managed Switch CISCO SG550XG-8F8T-K9-EU
– 8x 10 Gigabit Ethernet 10GBase-T copper port + 8x 10 Gigabit Ethernet SFP+ (dedicated) + 1 x Gigabit Ethernet management port.
– Performance: Switching capacity 320 Gbps, Forwarding rate 238.08 mpps wire-speed performance.
– Layer 2: Port grouping up to 32 groups, up to 8 ports per group with 16 candidate ports for each (dynamic) 802.3ad link aggregation.
– Layer 3: IPv4 routing Wirespeed routing of IPv4 packets up to 7K static routes and up to 256 IPv6 interfaces, Classless Interdomain Routing (CIDR) Support for CIDR.
– QoS (Quality of Service): Priority levels 8 hardware queues, Scheduling Strict priority and weighted round-robin (WRR) Queue assignment based on DSCP and class of service (802.1p/CoS).
Đặc tính kỹ thuật
|Switching capacity and forwarding rate
|Capacity in Millions of Packets per Second (mpps) (64-byte packets): 238.08
|All switches are wire speed and nonblocking
|Switching Capacity in Gigabits per Second (Gbps): 320
|Total System Ports
|8 10G copper + 8 10G SFP+ plus 1 GE OOB management
|Up link port
|8 10GE SFP+ (dedicated)
|Frame sizes up to 9K bytes. The default MTU is 2K
|Layer 2 Switching
|Spanning Tree Protocol
|Standard 802.1d Spanning Tree support
Fast convergence using 802.1w (Rapid Spanning Tree [RSTP]), enabled by default
8 instances are supported
Multiple Spanning Tree instances using 802.1s (MSTP)
|Support for IEEE 802.3ad Link Aggregation Control Protocol (LACP): Up to 32 groups, Up to 8 ports per group with 16 candidate ports for each (dynamic) 802.3ad link aggregation
|Support for up to 4096 VLANs simultaneously
Port-based and 802.1Q tag-based VLANs
Private VLAN Edge (PVE), also known as protected ports, with multiple uplinks
Dynamic VLAN assignment via RADIUS server along with 802.1x client authentication
|Voice traffic is automatically assigned to a voice-specific VLAN and treated with appropriate levels of QoS
Auto voice capabilities deliver networkwide zero-touch deployment of voice endpoints and call control devices
|Multicast TV VLAN
|Multicast TV VLAN allows the single multicast VLAN to be shared in the network while subscribers remain in separate VLANs (also known as MVR)
|VLANs transparently cross a service provider network while isolating traffic among customers
|Generic VLAN Registration Protocol (GVRP)/Generic Attribute Registration Protocol (GARP)
|Protocols for automatically propagating and configuring VLANs in a bridged domain
|Unidirectional Link Detection (UDLD)
|UDLD monitors physical connection to detect unidirectional links caused by incorrect wiring or cable/port faults to prevent forwarding loops and blackholing of traffic in switched networks
|Dynamic Host Configuration Protocol (DHCP) Relay at Layer 2
|Relay of DHCP traffic to DHCP server in different VLAN; works with DHCP Option 82
|Internet Group Management Protocol (IGMP) versions 1, 2, and 3 snooping
|IGMP limits bandwidth-intensive multicast traffic to only the requesters; supports 4K multicast groups (source-specific multicasting is also supported)
|IGMP querier is used to support a Layer 2 multicast domain of snooping switches in the absence of a multicast router
|Head-Of-Line (HOL) blocking
|HOL blocking prevention
|Loopback detection provides protection against loops by transmitting loop protocol packets out of ports on which loop protection has been enabled. It operates independently of STP
|Wirespeed routing of IPv4 packets
Up to 7K routes and up to 256 IP interfaces
|Wirespeed IPv6 static routing
|Up to 7K routes and up to 256 IPv6 interfaces
|Layer 3 interface
|Configuration of Layer 3 interface on physical port, LAG, VLAN interface, or loopback interface
|Support for classless interdomain routing
|Support for Routing Information Protocol version 2 for dynamic routing
|Virtual Router Redundancy Protocol (VRRP) delivers improved availability in a Layer 3 network by providing redundancy of the default gateway servicing hosts on the network. VRRP versions 2 and 3 are supported. Up to 255 virtual routers are supported
|Policy-based routing (PBR)
|Flexible routing control to direct packets to different next hop based on IPv4 or IPv6 ACL
|Switch functions as an IPv4 DHCP server serving IP addresses for multiple DHCP pools/scopes.
Support for DHCP options
|DHCP relay at Layer 3
|Relay of DHCP traffic across IP domains
|User Datagram Protocol (UDP) relay
|Relay of broadcast information across Layer 3 domains for application discovery or relaying of BOOTP/DHCP packets
|SSH is a secure replacement for Telnet traffic. SCP also uses SSH. SSH versions 1 and 2 are supported.
|Secure Sockets Layer (SSL) encrypts all HTTPS traffic, allowing secure access to the browser-based management GUI in the switch.
|IEEE 802.1X (authenticator role)
|RADIUS authentication and accounting, MD5 hash, guest VLAN, unauthenticated VLAN, single/multiple host mode, and single/multiple sessions.
Supports time-based 802.1X dynamic VLAN assignment.
|Web-based authentication provides network admission control through web browser to any host devices and operating systems.
|STP BPDU Guard
|A security mechanism to protect the networks from invalid configurations. A port enabled for Bridge Protocol Data Unit (BPDU) Guard is shut down if a BPDU message is received on that port. This avoids accidental topology loops.
|STP Root Guard
|This prevents edge devices not in the network administrator’s control from becoming Spanning Tree Protocol root nodes.
|Filters out DHCP messages with unregistered IP addresses and/or from unexpected or untrusted interfaces. This prevents rogue devices from behaving as a DHCP server.
|IP Source Guard (IPSG)
|When IP Source Guard is enabled at a port, the switch filters out IP packets received from the port if the source IP addresses of the packets have not been statically configured or dynamically learned from DHCP snooping. This prevents IP address spoofing.
|Dynamic ARP Inspection (DAI)
|The switch discards ARP packets from a port if there are no static or dynamic IP/MAC bindings or if there is a discrepancy between the source or destination address in the ARP packet. This prevents man-in-the-middle attacks.
|IP/MAC/Port Binding (IPMB)
|The preceding features (DHCP Snooping, IP Source Guard, and Dynamic ARP Inspection) work together to prevent DoS attacks in the network, thereby increasing network availability.
|Secure Core Technology (SCT)
|Makes sure that the switch will receive and process management and protocol traffic no matter how much traffic is received.
|Secure Sensitive Data (SSD)
|A mechanism to manage sensitive data (such as passwords, keys, and so on) securely on the switch, populating this data to other devices, and secure autoconfig. Access to view the sensitive data as plaintext or encrypted is provided according to the user-configured access level and the access method of the user.
|Private VLAN provides security and isolation between switch ports, which helps ensure that users cannot snoop on other users’ traffic; supports multiple uplinks.
|Ability to lock source MAC addresses to ports and limit the number of learned MAC addresses.
|Supports RADIUS and TACACS authentication. Switch functions as a client.
|The RADIUS accounting functions allow data to be sent at the start and end of services, indicating the amount of resources (such as time, packets, bytes, and so on) used during the session.
|Broadcast, multicast, and unknown unicast.
|Denial-of-service (DoS) attack prevention.
|Multiple user privilege levels in CLI
|Level 1, 7, and 15 privilege levels.
|Support for up to 2K entries on SG550XG models.
Support for up to 3K entries on all other models.
Drop or rate limit based on source and destination MAC, VLAN ID or IP address, protocol, port, DSCP/IP precedence, TCP/User Datagram Protocol (UDP) source and destination ports, 802.1p priority, Ethernet type, Internet Control Message Protocol (ICMP) packets, Internet Group Management Protocol (IGMP) packets, TCP flag; ACL can be applied on both ingress and egress sides.
Time-based ACLs supported.
|Quality of Service
|8 hardware queues
|Strict priority and Weighted Round-Robin (WRR)Queue assignment based on DSCP and class of service (802.1p/CoS)
|Class of service
|Port based; 802.1p VLAN priority based; IPv4/v6 IP precedence/Type of Service (ToS)/DSCP based; Differentiated Services (DiffServ); classification and remarking ACLs, trusted QoS
|Ingress policer; egress shaping and rate control; per VLAN, per port, and flow based
|A TCP congestion avoidance algorithm is required to minimize and prevent global TCP loss synchronization.
|440 x 44 x 350 mm