Enabling networks to be more agile for services

The high-speed ethernet network processor embedded in the S5720-HI, S5730-HI, CloudEngine S5731-S, CloudEngine S5731S-S, CloudEngine S5731-H, CloudEngine S5731S-H, and CloudEngine S5732-H is tailored for Ethernet.

• The flexible packet processing and traffic control capabilities of processor can meet current and future service requirements, helping build a highly scalable network.

• The processor has a fully programmable architecture, on which enterprises can define their own forwarding models, forwarding behaviors, and lookup algorithms. Microcode programmability makes it possible to provide new services within six months, without the need of replacing the hardware. In contrast, traditional devices use a fixed forwarding architecture and follow a fixed forwarding process. For this reason, new services cannot be provisioned until new hardware is developed to support the services one to three years later.
• In addition to capabilities of traditional switches, they provide fully programmable open interfaces and support user-defined forwarding behavior. Enterprises can use the open interfaces to develop new protocols and functions independently or jointly with equipment vendors to build campus networks meeting their own needs.

Delivering abundant services more agilely

• The S5720-HI, S5730-HI, CloudEngine S5731-H, CloudEngine S5731S-H, and CloudEngine S5732-H integrate the AC function, so customers do not need to buy independent AC devices or hardware components.
• With the unified user management function, the S5720-HI, S5730-HI, CloudEngine S5731-H, CloudEngine S5731S-H, and CloudEngine S5732-H can authenticate both wired and wireless users, ensuring a consistent user experience no matter whether they are connected to the network through wired or wireless access devices. The unified user management function supports various authentication methods, including 802.1X, MAC address, and Portal authentication, and is capable of managing users based on user groups, domains, and time ranges. These functions visualize user and service management and boost the transformation from device-centric management to user-centric management.
• The S5700 provides excellent quality of service (QoS) capabilities and support queue scheduling and congestion control algorithms. Additionally, it adopts innovative priority queuing and multi-level scheduling mechanisms to implement fine-grained scheduling of data flows, meeting service quality requirements of different user terminals and services.

Providing fine granular network management more agilely

• The S5720-HI, S5730-HI, CloudEngine S5731-S, CloudEngine S5731S-S, CloudEngine S5731-H, CloudEngine S5731S-H, and CloudEngine S5732-H use the Packet Conservation Algorithm for Internet (iPCA) technology that changes the traditional method of using simulated traffic for fault location. iPCA technology can monitor network quality for any service flow anywhere and anytime, without extra costs. It can detect temporary service interruptions in a very short time and can identify faulty ports accurately. This cutting-edge fault detection technology turns "extensive management" to "fine granular management."
• The S5720-EI, S5720-HI, S5730-HI, CloudEngine S5731-S, CloudEngine S5731S-S, CloudEngine S5731-H, CloudEngine S5731S-H, and CloudEngine S5732-H support a simple structure of Two-Way Active Measurement Protocol (TWAMP Light) to accurately check any IP link and obtain the entire network's IP performance. This protocol eliminates the need of using a dedicated probe or a proprietary protocol.
• With the Super Virtual Fabric (SVF), a physical network with the "Small-sized core/aggregation switches + Access switches + APs" structure can be virtualized into a "super switch", offering the industry's simplest network management solution.
• With the Easy Deploy function, a similar way an AC manages APs, access switches and APs can go online with zero-touch configuration. In the Easy Deploy solution, the Commander collects topology information about the connected clients and stores the clients' startup information based on the topology. Clients can be replaced with zero-touch configuration. The Commander can deliver configurations and scripts to clients in batches and query the delivery results. In addition, the Commander can collect and display information about power consumption on the entire network.

Intelligent Stack

The intelligent stack (iStack) technology combines multiple stacking-capable switches into a logical switch. The entire stack works as a single entity to the network.

• Member switches in a stack back up each other to improve device reliability and establish inter-device link aggregation to improve link reliability.
• iStack provides high network scalability and allows for flexible expansion of ports, bandwidth, and processing capacity by simply adding member switches to the stack.
• iStack also simplifies device configuration and management by virtualizing multiple physical switches into one logical device. You can log in to any member switch to manage all the stack member switches.

Cloud-based Management

In Huawei CloudCampus Solution, some switches can be managed by the management and control system (CloudCampus@AC-Campus for switches running V200R019C00 and earlier versions; iMaster NCE-Campus for switches running V200R019C10 and later versions).

• The switches are plug-and-play.
• The switches can automatically connect to the management and control system and use bidirectional certificate authentication to ensure management channel security.
• The switches provide the NETCONF and YANG interfaces, through which the management and control system delivers configurations to them.
• Remote maintenance and fault diagnosis can be performed on the switches using the management and control system.

VXLAN Features

The S5720-HI, S5730-HI, CloudEngine S5731-S, CloudEngine S5731S-S, CloudEngine S5731-H, CloudEngine S5731S-H, and CloudEngine S5732-H support VXLAN L2 gateway, VXLAN L3 gateway, and BGP EVPN functions, which can be configured using NETCONF/YANG. Based on this feature, multiple service networks or tenant networks can be deployed together on the same physical network. Service networks or tenant networks are isolated from each other, achieving one network for multiple purposes. This helps meet data bearing requirements of different services or customers while reducing network construction costs and improving network resource utilization efficiency.

Big Data Security Collaboration

• S5720-HI, S5730-HI, CloudEngine S5731-S, CloudEngine S5731S-S, CloudEngine S5731-H, CloudEngine S5731S-H, and CloudEngine S5732-H support Encrypted Communication Analytics (ECA). It is a traffic identification and detection technology that identifies encrypted traffic and non-encrypted traffic on the network, and extracts and sends encrypted traffic characteristics to the Cybersecurity Intelligence System (CIS). The CIS uses the AI algorithm to train traffic models based on enormous data, compares the encrypted traffic characteristics sent by switches with the traffic models to identify malicious traffic, and automatically isolates threats by collaborating with Agile Controller-Campus, ensuring campus network security.
• S5720-HI, S5730-HI, CloudEngine S5731-S, CloudEngine S5731S-S, CloudEngine S5731-H, CloudEngine S5731S-H, and CloudEngine S5732-H support the deception technology. By responding to scanning requests for nonexistent IP addresses and unopened ports, the switches lure attackers to attack a fake target (Decoy, that is, CIS). Through interaction with attackers, the CIS obtains their attack behavior, extracts attack tools, analyzes suspicious traffic by means of traffic diversion to form a defense policy, and automatically isolates threats by collaborating with the Agile Controller-Campus to block the spread of attack behavior, ensuring campus network security.

Comprehensive VPN Technologies

The S5700 supports the multi-VPN-instance CE (MCE) function, which allows users in different VPNs to connect to the same switch and isolates users through multi-instance routing. These users connect to a PE device through the same physical uplink port, which reduces the network deployment costs.

The S5710-EI, S5700-HI, S5710-EI, S5700-HI, S5710-HI, S5720-EI, S5720-HI, S5730-HI, CloudEngine S5731-H, CloudEngine S5731S-H, and CloudEngine S5732-H support Multiprotocol Label Switching (MPLS) QoS, MPLS traffic engineering (TE), virtual leased line (VLL), virtual private LAN service (VPLS), and Layer 3 virtual private network (L3VPN). They provide high-quality private line access services for enterprises and are cost-effective fixed MPLS switches.

Easy Operations and Maintenance

The S5700 supports EasyDeploy, USB-based deployment, batch remote upgrade and is a plug-and-play product. These functions facilitate device deployment, upgrade, service provisioning, and other management and maintenance operations. They also greatly reduce operations and maintenance costs. The S5700 can be managed and maintained using Simple Network Management Protocol (SNMP) V1, V2c, and V3, command line interface (CLI), web system, Telnet, or Secure Shell (SSH) V2.0. Additionally, it supports remote network monitoring (RMON), multiple log hosts, interface traffic statistics collection, and network quality analysis that help in network consolidation and reconstruction.

The S5700 can use the GARP VLAN Registration Protocol (GVRP) to dynamically distribute, register, and propagate VLAN attributes, reducing manual configuration workload and ensuring correct VLAN configuration. Moreover, the S5700 supports the MUX VLAN function, which involves a principal VLAN and multiple subordinate VLANs. Subordinate VLANs are classified as group and separate VLANs. Ports in the principal VLAN can communicate with ports in subordinate VLANs. Ports in a subordinate group VLAN can communicate with each other, whereas ports in a subordinate separate VLAN can communicate only with ports in the principal VLAN.

Excellent Network Traffic Analysis

The S5700 supports NetStream and can function as a NetStream data exporter. It periodically collects data traffic statistics, encapsulates the statistics in standard V5, V8, or V9 packets, and sends the packets to the NetStream data collector depending on how NetStream is configured. The collected statistics are then processed to dynamically generate reports, analyze traffic attributes, and generate alarms on abnormal traffic. NetStream helps you optimize network structure and adjust resource deployment on-demand.

The S5700 also supports sFlow. Using a method defined in the sFlow standard, the switch samples traffic passing through it and sends sampled traffic to the collector in real time. The collected traffic statistics are used to generate statistical reports, helping enterprises maintain their networks.

Flexible Ethernet Networking

In addition to traditional Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP), the S5700 supports Huawei-developed Smart Ethernet Protection (SEP) technology and the latest Ethernet Ring Protection Switching (ERPS) standard.

SEP is a ring protection protocol specific to the Ethernet link layer, and applies to various ring network topologies, such as open ring, closed ring, and cascading ring. This protocol is reliable and easy to maintain.

ERPS is defined in ITU-T G.8032. It provides millisecond-level protection switching based on traditional Ethernet MAC and bridging functions.

The S5700 supports Smart Link and Virtual Router Redundancy Protocol (VRRP) for uplink backup. One S5700 switch can connect to multiple aggregation switches with multiple links, significantly improving access device reliability. In addition, the S5700 provides multiple connection fault detection mechanisms, including Ethernet OAM (IEEE 802.3ah/802.1ag /ITU Y.1731) and Bidirectional Forwarding Detection (BFD).

Diversified Security Control

The S5700 supports MAC address and 802.1X authentication and can dynamically deliver policies (VLAN, QoS, and ACL) for users.

The S5700 collects and maintains information about access users, such as IP addresses, MAC addresses, IP address leases, VLAN IDs, and access interfaces in a DHCP snooping binding table. With this information, it can defend against DHCP attacks on the network. You can specify trusted and untrusted interfaces to ensure that users connect only to the authorized DHCP server.

The S5700 supports strict ARP learning. This feature prevents ARP spoofing attackers from exhausting ARP entries so that users can connect to the Internet normally.

Mature IPv6 Technologies

The S5700 uses the Versatile Routing Platform (VRP) and supports IPv4/IPv6 dual-stack, IPv6 routing protocols (RIPng, OSPFv3, BGP4+, and IS-IS for IPv6), and IPv6 over IPv4 tunnels (manual, 6-to-4, and ISATAP tunnels). With these IPv6 features, the S5700 can be deployed on a pure IPv4 network, a pure IPv6 network, or a shared IPv4/IPv6 network, supporting a smooth evolution from IPv4 to IPv6.

Innovative Built-in Battery

The S5700-LI-BAT series (S5700-28P-LI-BAT and S5700-28P-LI-24S-BAT) is the industry's first switch model that has a built-in lithium battery as a backup power supply. It ensures uninterrupted services when power failures occur frequently at the access layer. The S5700-LI-BAT has the following advantages:

• Once a mains power outage occurs, the battery can power the switch to ensure nonstop services.
• The switch saves space in an equipment room and is easy to install.
• Intelligent power management ensures a long standby time.
• Battery LAN switches on the entire network can be managed centrally using a web system, facilitating network operations and maintenance. As the battery lifetime is predictable, there are no costs on unnecessary battery replacement.
• The built-in battery provides alarm and protection functions. It will trigger overtemperature protection when the temperature is beyond the operating temperature range.

Ground-Free Design

The S5720-12TP-LI-AC uses a ground-free design. Only the 220 V power module in the switch needs to be grounded. This design facilitates switch deployment in a place where grounding is difficult, such as corridor.

Suitable for outdoor extreme environment

The S5720I-SI and S5735-S-I series switches support broad operating temperature range. Some models can be working in the outdoor cabinet in the very cold (low to -40°C) and very hot (up to +75°C) environments. The typical scenario is the access of the camera for outdoor video surveillance and ETTx.

The S5720I-SI and S5735-S-I series switches support ±6kV lightning protection, suitable for outdoor extreme environment.

High-Density Access and Increased Bandwidth on CSFP Ports

The S5700 CSFP models support CSFP modules on downlink ports. Each downlink port with a CSFP GE optical module and a pair of fibers can provide 2 Gbit/s bidirectional bandwidth, which is twice the bandwidth of a standard SFP optical module. The 24 CSFP downlink ports can provide 48 Gbit/s bidirectional bandwidth, allowing for high-density access (equivalent to 48 standard SFP ports) and saving costs of fibers and optical modules.

PoE++ power supply

The S5720-LI, S5720I-SI, and S5730-HI provide a maximum of 90 W, 60 W, or 30 W PoE output power on a single PoE++ interface, and can provide power for high-power terminals such as APs and surveillance cameras. This solves the problem of power supply in specific scenarios.

Open Programmability System (OPS)

Open Programmability System (OPS) is an open programmable system based on the Python language. IT administrators can program the O&M functions of a switch through Python scripts to quickly innovate functions and implement intelligent O&M.

Large-Scale Enterprise Campus Network

As shown in Figure 1, S5700 switches are deployed at the access layer of a campus network to build a high-performance and highly reliable enterprise network.

Figure 1 S5700 in a large-scale enterprise campus network

The S5700 switches provide various terminal security management features, and support PoE, voice VLAN, and QoS functions. They can provide gigabit-to-the-desktop access capability in the campus.

The S5700 switches ensure secure access of user terminals using security features such as ARP security, IP security, IP source guard, and access control policies (NAC and ACLs).

The S5700 switches support the Eth-Trunk feature and Link Aggregation Control Protocol (LACP) to provide multiple links for access of servers, improving link bandwidth and achieving link backup.

The Easy-Operation and USB-based deployment features facilitate deployment and management of the switches.

Small- or Medium-scale Enterprise Campus Network

As shown in Figure 1, the S5700 switches are deployed at the aggregation layer of a campus network to build a high-performance, multi-service, and highly reliable enterprise network.

Figure 1 S5700 in a small- or medium-scale enterprise campus network

On the enterprise campus network, the S5700 switches connect to access switches through 100M/1000M interfaces for high-performance switching and to the core switches through 10GE optical interfaces. The S5700 aggregation switches, together with the core and access switches, provide an enterprise network solution with 10 Gbit/s backbone and 100M-to-the-desktop capabilities, meeting requirements for high bandwidth and multi-service operation.

The S5700 switches support SEP and RRPP for millisecond-level protection switching. Two or more S5700 switches set up a stack using iStack technology to create a distributed forwarding structure and provide fast fault recovery. iStack technology increases the number of user interfaces and improves the packet processing capability. The stacked S5700 switches can be managed as one device to facilitate network management and maintenance.

Small-scale Enterprise Campus Network

With powerful aggregation and routing capabilities of S5700 switches make them suitable for use as core switches in a small-scale enterprise network, as shown in Figure 1. Two or more S5700 switches use iStack technology to ensure high reliability. They provide a variety of access control policies to achieve centralized management and simplify configuration.

Figure 1 S5700 in a small-scale enterprise network

Parent Topic: Usage Scenarios

 

 

Chassis

 

 

Chassis Overview

Naming Conventions

Port Numbering Conventions

S2720-EI

S5720-LI

S5720S-LI

S5720-SI

S5720S-SI

S5720I-SI

S5730-SI

S5720-EI

S5730S-EI

S5720-HI

S5730-HI

S5731-S

S5731S-S

S5731-H

S5731S-H

S5732-H

S5735-L

S5735S-L

S5735S-L-M

S5735-S

S5735-S-I

S5735S-S

S6720-LI

S6720S-LI

S6720-SI

S6720S-SI

S6720-EI

S6720S-EI

S6720-HI

S6730-H

S6730-S

S6730S-S

S6730S-H

 

Power Modules

 

• All power modules (except the 870 W PoE power module) are hot swappable, but it is highly recommended that you power off a switch before removing or installing a power module in the switch to protect personal and equipment safety.
• Before replacing a power module in a switch, make sure that the switch can be powered by the other power module after the power module is removed. Otherwise, services on the switches will be interrupted by a power failure when the power module is removed.
• Before powering off a switch, shut down all of its power supply units.
• A switch can only use power modules matching its chassis model. Using unsupported power modules will cause unexpected risks.
• If a switch has two power modules for 1+1 power redundancy and one of them is powered off, the indicator of this power module will not turn off immediately. This is a normal situation.
• If the total power of powered devices (PDs) connected to a PoE switch exceeds the rated PoE power of a single power module in the switch, the switch does not support 1+1 redundancy of the PoE power modules. If you need to power off one power module, limit the total power of PDs within the PoE power that one power module can provide.

60 W AC Power Module (PAC-60WA-L)

60 W AC Power Module (PAC60S12-AR)

150 W AC Power Module

150 W AC Power Module (PAC150S12-R)

150 W DC Power Module

170 W AC Power Module

170 W DC Power Module

240 W AC Power Module

260 W AC Power Module

350 W DC power module

600 W AC Power Module (PAC-600WA-B)

600 W AC Power Module (PAC600S12-CB)

500 W AC PoE Power Module

580 W AC PoE Power Module

650 W DC PoE Power Module

1000 W AC PoE Power Module (PAC1000D5412)

1000 W AC PoE Power Module (PAC1000S56-CB)

1000 W DC Power Module (PDC1000S12-DB)

1150 W AC PoE Power Module

RPS1800 Power Supply

870 W PoE Power Module (Rectifier 15 A)

 

Cards

 

 

Card Classification

Card Structure and Dimensions

ES5D21Q02Q00 (2-Port 40 Gig QSFP+ Rear Interface Card)

ES5D21Q04Q01 (4-Port 40 Gig QSFP+ Rear Interface Card)

ES5D21X04S01 (4-Port 10 GE SFP+ Rear Interface Card)

ES5D21X02S01 (2-Port 10 Gig SFP+ Rear Interface Card, Used in S5720-EI Series)

ES5D21X02T01 (2-Port 10 Gig RJ45 Rear Interface Card, Used in S5720-EI Series)

ES5D21X08S00 (8-Port 10GE SFP+ Rear Optical Interface Card)

ES5D21X08T00 (8-Port 10GBASE-T RJ45 Rear Interface Card)

S7X08000 (8-Port 10GE SFP+ Optical Interface Card)

S7Y08000 (8-Port 25GE SFP28 Optical Interface Card)

ES5D21VST000 (Dedicated Stack Card with 2*QSFP+ Interface)