Summit X450å Series

• Modular ExtremeXOS operating system
• Ethernet Automatic Protection Switching (EAPS) resiliency protocol
• SummitStack™ and SummitStack-V—highly available, highspeed stacking support

• High bandwidth, non-blocking architecture for demanding edge applications
• Exceptional Quality of Service (QoS) with advanced traffic management capabilities for converged applications
• Convergence-ready connectivity with Voice-over-IP (VoIP) automatic provisioning
• Efficient management to handle convergence-driven network changes with Power over Gigabit Ethernet

• User policy and host integrity enforcement and Identity Management
• Universal Port dynamic security profile to provide fine granular security policy in the network
• Threat detection and response instrumentation to react to network intrusion with CLEAR-Flow Security Rules Engine

• PoE and non-PoE edge switches providing intelligent 10/100/1000BASE-T connectivity to the desktop in a network running ExtremeXOS from the core to the edge.

Voice-Class Availability

• Preemptive Multitasking and Protected Memory
  Summit X450e switches allow each of many applications—such as Open Shortest Path First (OSPF) and Spanning Tree Protocol (STP)—to run as separate Operating System (OS) processes that are protected from each other. This drives increased system integrity and inherently protects against Denial of Service (DoS) attacks.


• Process Monitoring and Restart
  The ExtremeXOS modular OS increases network availability using process monitoring and restart. Each independent OS process is monitored in real time. If a process becomes unresponsive or stops running, it can be automatically restarted.


• Loadable Software Modules
  The modular design of ExtremeXOS allows the upgrading of individual software modules, should this be necessary, leading to higher availability in the network (see Figure 1).

Figure 1: ExtremeXOS Modular Design

• Ethernet Automatic Protection Switching (EAPS)
  EAPS allows the IP network to provide the level of resiliency and uptime that users expect from their traditional voice network. EAPS is more adaptable than Spanning Tree or Rapid Spanning Tree protocols and offers sub-second (less than 50 milliseconds) recovery that delivers consistent failover regardless of the number of VLANs, network nodes or network topology. Since EAPS allows the network to recover almost transparently, VoIP calls will not drop and digital video feeds will not freeze or pixelize in most situations.


• Spanning Tree/Rapid Spanning Tree Protocols
  Summit X450e switches support Spanning Tree (802.1D), Per VLAN Spanning Tree (PVST+), Rapid Spanning Tree (802.1w) and Multiple Instances of Spanning Tree (802.1s) protocols for Layer 2 resiliency.


• Software-Enhanced Availability
  Software-enhanced availability allows users to remain connected to the network even if part of the network infrastructure is down. Summit X450e switches continuously check for problems in the uplink connections using advanced Layer 3 protocols such as OSPF, VRRP and Extreme Standby Router Protocol™ (ESRP, supported in Layer 2 or Layer 3), and dynamically route traffic around the problem.


• Equal Cost Multipath
  Equal Cost Multipath (ECMP) routing allows uplinks to be load balanced for performance and cost savings while also supporting redundant failover. If an uplink fails, traffic is automatically routed to the remaining uplinks and connectivity is maintained.


• Link Aggregation (802.3ad)
  Link aggregation allows trunking of up to eight links on a single logical connection, for up to 20 gigabits per second (Gbps) of redundant bandwidth per logical connection.


• Multi-Switch LAG (Ì-LAG)
  M-LAG can address bandwidth limitations and improve network resiliency, in part by routing network traffic around bottlenecks, reducing the risks of a single point of failure, and allowing load balancing across multiple switches.

Figure 2: SummitStack Stacking Architecture

Designed for Converged Network Applications

• Universal Port—Voice-over-IP Auto-Provisioning
  PoE enabled Summit X450e switches set the stage for convergence applications by allowing enterprises to add new access devices in a plug-and-play fashion. Voice and wireless services can be easily implemented without major network upgrades. Summit X450e supports automatic provisioning of VoIP using LLDP and event-based command scripting capability. It allows dynamic configuration of voice VLANs and QoS. This auto-configuration capability allows you to configure VoIP phone settings such as voice VLAN settings, call server IP address configuration, etc. This level of simplicity in managing network changes can greatly reduce operating expenses.



Figure 3: Universal Port Voice-over-IP Provisioning



• Power over Gigabit Ethernet (PoE)
  Deployments of IP Telephony depend on reliable, consistent power from the Ethernet jack. Summit X450e-24p/48p is the basis for a reliable LAN telephony infrastructure with fully redundant 15.4 watts per port, and QoS and resiliency to match the failover requirements for latency-sensitive services like VoIP phones. With Summit X450e, deployment of powered LAN devices is quick and easy with its support of the IEEE 802.3af standard and full Class 3 power availability on all ports, backed up 100% by the optional EPS-500 redundant power supply (Summit X450e-24p). Summit X450e-48p can provide up to 370W of PoE power and can be increased up to 740W of PoE power to support full 15.4W Class 3 devices on all 48 ports by adding the External Power System (EPS-C and EPS-600LS).


• Voice-Grade Connections
  Summit X450e supports a range of QoS technologies that can prioritize and predictably handle high-priority traffic policing or rate limiting on ingress, 802.1q tagging and DiffServ marking, and shaping on egress with eight queues per port. The Extreme Networks tradition of building products with low latency and jitter continues with Summit X450e.


• Universal Connectivity
  Summit X450e-24p/48p switches offer universal connectivity with high-performance gigabit to the desktop, PoE and wireless support from every RJ-45 port. Installing universal services ports everywhere for data and device power greatly simplifies installations and moves, and helps to future-proof your edge network. Summit X450e-24p/48p provides universal attachment at any desktop Ethernet speed, and any power level from none to full 15.4 Watts.

• Edge OSPF for much greater extensibility than RIP can provide
• Edge PIM sparse modes for routing of multicast streams
• Policy-based routing
• sFlow® hardware sampling

Comprehensive Security Management

• Network Login and Dynamic Security Profile
  Network Login capability implemented in ExtremeXOS enforces user admission and usage policies. Summit X450e series switches support a comprehensive range of Network Login options by providing an 802.1x agent-based approach, a Webbased (agent-less) login capability for guests, and a MAC-based authentication model for devices. With these modes of Network Login, only authorized users and devices can connect to the network and be assigned to the appropriate VLAN. The Universal Port scripting framework available in Summit X450e lets you implement Dynamic Security Profiles, which in sync with Network Login allows you to implement fine-grained and robust security policies. Upon authentication, the switch can load dynamic ACLs/QoS profiles for a user or group of users, to deny/allow the access to the application servers or segments within the network.
  
  
• Multiple Supplicant Support
  Shared ports represent a potential vulnerability in a network. Multiple supplicant capability on a switch allows it to uniquely authenticate and apply the appropriate policies and VLANs for each user or device on a shared port. Multiple supplicant support secures IP Telephony and wireless access. Converged network designs often involve the use of shared ports.


• Media Access Control (MAC) Lockdown
  MAC lockdown secures printers, wireless APs and servers. The MAC address security/lockdown feature allows Summit X450e to block access to any Ethernet port when the MAC address of a station attempting to access the port is different from the configured MAC address. This feature is used to “lock down” any device to a specific port.


• Host Integrity Checking
  Host integrity checking helps keep infected or non-compliant machines off the network. Summit X450e series switches support a host integrity or endpoint integrity solution that is based on the model from the Trusted Computing Group. Summit X450e interfaces with Sentriant AG200 endpoint security appliance from Extreme Networks to verify that each endpoint meets the security policies that have been set and to quarantine those that are not in compliance.


• Identity Manager
  Identity Manager allows network managers to track users who access their network. User identity is captured based on NetLogin authentication, LLDP discovery and Kerberos snooping. ExtremeXOS uses the information to then report on the MAC, VLAN, computer hostname, and port location of the user. Further, Identity Manager can create both roles and policies, and then bind them together to create role-based profiles based on organizational structure or other logical groupings, and apply them across multiple users to allow appropriate access to network resources. In addition, support for Wide Key ACLs further improves security by going beyond the typical source/ destination and MAC address as identification criteria access mechanism to provide filtering capabilities.

• CLEAR-Flow Security Rules Engine
  CLEAR-Flow Security Rules Engine provides first order threat detection and mitigation, and mirrors traffic to appliances for further analysis of suspicious traffic in the network.


• Hardware-based sFlow Sampling
  sFlow is a sampling technology that provides the ability to continuously monitor application-level traffic flows on all interfaces simultaneously. The sFlow agent is a software process that runs on Summit X450e and packages data into sFlow datagrams that are sent over the network to an sFlow collector. The collector gives an up-to-the-minute view of traffic across the entire network, providing the ability to troubleshoot network problems, control congestion and detect network security threats.


• Port Mirroring
  To allow threat detection and prevention, Summit X450e switches support many-to-one and one-to-many port mirroring. This allows the mirroring of traffic to an external network appliance such as an intrusion detection device for trend analysis or for utilization by a network administrator for diagnostic purposes. Port mirroring can also be enabled across switches in a stack.


• Line-Rate ACLs
  ACLs are one of the most powerful components used in controlling network resource utilization as well as protecting the network. Summit X450e switches support 1,024 centralized ACLs per 24-port block based on Layer 2, 3 or 4 header information such as the MAC or IP source/destination address. ACLs are used for filtering the traffic, as well as classifying the traffic flow to control bandwidth, priority, mirroring, and policybased routing/switching.


• Denial of Service Protection
  Summit X450e switches effectively handle DoS attacks. If the switch detects an unusually large number of packets in the CPU input queue, it will assemble ACLs that automatically stop these packets from reaching the CPU. After a period of time, these ACLs are removed, and reinstalled if the attack continues. ASIC-based LPM routing eliminates the need for control plane software to learn new flows, allowing more network resilience against DoS attacks.

Target Applications