FINAL LINKED IN
120
Data Communications Design Project By Gerardo Sehr & Andrew StClair. 1
-
Upload
gerardo-sehr -
Category
Documents
-
view
16 -
download
1
Transcript of FINAL LINKED IN
Data Communications Design Project
By Gerardo Sehr & Andrew StClair.
1
Network Design Project
Prepared for
Dr. David Wierschem
Fundamentals of Data Communication
Texas State University
Prepared by
Gerardo Sehr and Andrew StClair
Computer Information Systems Students
Texas State University
December 7, 2016
2
Memorandum
Date: December 7, 2016
TO: Dr. David Wierschem
FROM: Gerardo Sehr, Andrew StClair
SUBJECT: Submitting CIS 4348 Network Design Project
Dr. Wierschem requested the attached report at the midpoint of the fall semester of 2015, in his fundamentals of data communications class. This report outlines the projected growth, costs, and requirements to build a functioning network for ABC company. The proposal is based on the required specifications given in our assignment. The goal of the task is to prepare students for future endeavors in network design and the computer information field in general.
This project was assigned to compel students to examine the following:
The challenges faced when given partial information to build a network The multitude of solutions to the design request and ways to justify the answer chosen Potential questions that arise during the design process and are necessary to create a solution
thoroughly.
Primary research was conducted through informal conversations and emails with Dr. Wierschem. Secondary research was carried out by visiting websites of Cisco System, Netgear, HP, along with other product associated websites discussed below. Other used sources include Business Data Communications & Networking(Fitzgerald, Dennis, & Dircikova, 2012). Results of this research provided insight into additional problems we face have allowed us to design the network, and enable us to make recommendations for the future.
We would be happy to meet with you to discuss anything you think we may have missed that will benefit us in the future. We also welcome any insights you may have as to how we can better use the information we have found in the future. It has been a pleasure studying data communication as your students.
3
TABLE OF CONTENTS
Table of ContentsExecutive Summary 6
Introduction 7
Projected Growth 7
Table 1 VP’s Employee Growth 8
Table 2 Departmental Employee Growth 9
Table 3 Departmental Host Growth 10
Table 4 Throughput Projections by Department 11
Table 5 interdepartmental Throughput Projections Year 5 12
Figure 1 ABC Company Campus Layout 13
Departmental Space Requirements 14
Figure 2 Building A Employees 15
Figure 3 Building B Employees 16
Figure 4 Building C Employees 17
Figure 5 Building D Employees 18
Employee Buildings by floor 19
First Floor Physical Layout 20
Network Topology 24
LAN By floor 25
Table 8 Host Count by Floor 25
Figure 6 Building A Lan 26
Figure 7 Building B Lan 28
Figure 8 Building C Lan 29
Figure 9 Building D Lan 30
Back Bone Network 31
Security 32
Physical Security 32
Technical Security 33
Social Engineering Security 33
IP Address Allocation34
4
NAT 34
Table 9 Internal IP Addresses 35
Network Costs 35-38
Recommendations 38
Appendix A: Calculations 39
Appendix B: Secondary Source Communication 45
Appendix C: Data Sheets 49
References 97
5
EXECUTIVE SUMMARY
This report outlines the proposed network design plan for ABC Company and our additional recommendations. Our team is composed of Gerardo sehr and Andrew StClair, computer information systems students at McCoy College of Business at Texas State University. The purpose of this report is to examine the possible network architecture solutions for ABC Company and outline the expenses involved. We will incorporate any additional questions we had, and recommendations for the design.
We used both primary and secondary sources of information gathering emphasizing on the security aspects. Secondary research was conducted by visiting websites of the product vendors and secondary sites with additional information. Some sources of security professionals such as Kevin Mitnick were used to guide some decisions.
The research conducted provided the following insights:
1. Security is a priority for the company due to their research. These unique requirements led to the proposal of effective security measures for the enterprise.
2. Should the company grow at the rate suggested by the department head, additional office space will be needed by the end of year five; therefore, network and building layouts should be reevaluated yearly for possible changes in growth rate.
3. Additional components to the security of the system will be required for a marginal increase to costs.
Based on our research findings, we have included: growth projections for the company and throughput; building layout proposals; network topology diagrams; security recommendations; implementation by ABC company
The recommendation is that the management team at ABC Company carefully evaluate our proposed design and recommendations before beginning the project. By making small changes onsite of the building process, the network will be better prepared for the company’s future growth and data requirements
6
Introduction
ABC company is a growing, entrepreneurial business operating in the [REDACTED] industry. A new campus is being built to house the various departments as the company grows and works toward their goal of [REDACTED]. The purpose of this report is to design the network infrastructure that will accommodate the data and security needs of this growing company. The importance of this report is to help us identify potential plans and questions or recommendations that could improve the network infrastructure.
To do so we analyzed the following:
The company’s projected growth: Employee, host, and throughput numbers for the next five years were predicted based on both the administration and department-level predications.
The physical layout of the buildings: Based on the projected growth, the employee population was dispersed in the vacant buildings by departmental requirements.
The topology of the network: Network topology was designed to provide connectivity for all hosts, redundancy in the form of outsourcing an offsite data storage from IBM.
Security: The security needs of the company are high. We decided to put our emphasis in security. Our security plan will segment the task into: Physical Security, Technical Security, and lastly Social Engineering security.
IP address allocation: To provide an additional layer of security, a NAT will be used to access information external to the company. Internally the department will assign IP addresses
BACKGROUND: PREPARING FOR EXCELLENCE IN THE COMPUTER INFORMATION FIELD
The need for this report is to build a network to meet the growth anticipated by ABC company.
Dr. David Wierschem authorized this report.
Primary research was conducted through informal conversations and emails with Dr. Wierschem. Secondary research was carried out by visiting websites of Cisco System, Netgear, HP, along with other product associated websites discussed below. Other used sources include Business Data Communications & Networking(Fitzgerald, Dennis, & Dircikova, 2012). Results of this research provided insight into additional problems we face have allowed us to design the network, and enable us to make recommendations for the future.
7
NETWORK DESIGN
VP’s EMPLOYEE GROWTH:
ABC Company has experienced significant growth over the past five years. They have grown from 20 employees to 348, and they expect to continue to grow at the rate of 12% a year until year 4 when they expect 9% growth.
The departmental managers were also asked the projected growth rate of individual departments, which varied from the VP of ABC Company’s projections. This growth rate also took into account the total hosts, and throughput by each department. There are 389 hosts across nine departments, including administration. Employee count was extrapolated using a fixed ratio of the current employees to hosts. True values, and adjusted values for rounding are both shown below.
8
12% a year until year 4 when they expect 9% growth.
Actual AdjustedTotal Starting 348 34812% growth 1st year 389.76 39012% growth 2nd year 436.5312 43712% growth 3rd year 488.9149 4899% growth 4th year 532.9172 5339% growth 5th year 580.8797 581
TABLE 2 Departmental Employee Growth:
Dept. Dept. Name # Employees
Annual growth rate
Year 1 Year 2 Year 3 Year 4 Year 5
1 Marketing 56 12% 62.72 70.2464 78.67597 88.11708 98.691132 Customer Support 64 22% 78.08 95.2576 116.2143 141.7814 172.97333 Engineering 29 8% 31.32 33.8256 36.53165 39.45418 42.61051
4 Direct/Corporate Sales 27 10% 29.7 32.67 35.937 39.5307 43.48377
5 IT 9 18% 10.62 12.5316 14.78729 17.449 20.58982
6 Cold Call Sales Center 97 25% 121.25 151.5625 189.4531 236.8164 296.0205
7 Accounting 36 5% 37.8 39.69 41.6745 43.75823 45.946148 Finance 18 3% 18.54 19.0962 19.66909 20.25916 20.86693A Administration 12 8% 12.96 13.9968 15.11654 16.32587 17.63194
Actual
Adjusted
Dept. Dept. Name # Employees
Annual growth rate
Adjusted Y1
Adjusted Y2
Adjusted Y3
Adjusted Y4
Adjusted Y5
1 Marketing 56 12% 63 71 79 89 992 Customer Support 64 22% 79 96 117 142 1733 Engineering 29 8% 32 34 37 40 43
4 Direct/Corporate Sales 27 10% 30 33 36 40 44
5 IT 9 18% 11 13 15 18 21
6 Cold Call Sales Center 97 25% 122 152 190 237 297
7 Accounting 36 5% 38 40 42 44 468 Finance 18 3% 19 20 20 21 21A Administration 12 8% 13 14 16 17 18
Departmental Growth rate was essential for building the growth figures for the design
The host growth count and maximum throughput projections by department are as follows:
9
Table 3 Departmental host growth:
Actual
Adjusted
10
Dept. Dept. Name #ofHostsActu
al
Annual growth rate
Year 1 Year 2 Year 3 Year 4 Year 5
1 Marketing 62.5977 12% 62.597778.5225
687.9452
698.4986
9110.318
5
2 Customer Support 71.54023 22% 71.5402
3106.480
5129.906
2158.485
5193.352
4
3 Engineering 32.41667 8% 32.41667 37.8108
40.83566
44.10252
47.63072
4 Direct/Corporate Sales 30.18103 10% 30.1810
336.5190
540.1709
644.1880
548.6068
6
5 IT 10.06034 18% 10.06034
14.00802
16.52947
19.50477
23.01563
6 Cold Call Sales Center 108.4282 25% 108.428
2 169.419211.773
8264.717
2330.896
5
7 Accounting 40.24138 5% 40.24138
44.36612
46.58443
48.91365
51.35933
8 Finance 20.12069 3% 20.12069
21.34604
21.98642
22.64601
23.32539
A Administration 13.41379 8% 13.41379
15.73856
16.21072
17.50758
18.90819
Dept. Dept. Name #ofHostsAdjust
ed
Annual growth rate
Adjusted Y1
Adjusted Y2
Adjusted Y3
Adjusted Y4
Adjusted Y5
1 Marketing 63 12% 71 79 88 99 111
2 Customer Support 72 22% 88 107 130 159 194
3 Engineering 33 8% 36 38 41 45 48
4 Direct/Corporate Sales 31 10% 34 37 41 45 49
5 IT 11 18% 12 15 17 20 24
6 Cold Call Sales Center 109 25% 136 170 212 265 331
7 Accounting 41 5% 43 45 47 49 528 Finance 21 3% 21 22 22 23 24A Administration 14 8% 15 16 17 18 19
Table 4 Throughput Projections by Department:
Actual
Dept. Dept. Name
Max throughput Mbps
Annual growth rate
Year 1 Year 2 Year 3 Year 4 Year 5
1 Marketing 1037.88 12% 1162.426
1301.917
1458.147
1633.124
1829.099
2 Customer Support 3492.72 22% 4261.11
85198.56
46342.24
97737.54
39439.80
3
3 Engineering 192.08 8% 207.4464
224.0421
241.9655
261.3227
282.2285
4 Direct/Corporate Sales 21.6 10% 23.76 26.136 28.7496
31.62456
34.78702
5 IT 1228.8 18% 1449.984
1710.981
2018.958 2382.37
2811.197
6 Cold Call Sales Center 1299.6 25% 1624.5
2030.625
2538.281
3172.852
3966.064
7 Accounting 61.25 5% 64.312567.5281
370.9045
374.4497
678.1722
5
8 Finance 5.07 3% 5.22215.37876
35.54012
6 5.70633 5.87752
A Administration 72.9 8% 78.73285.0305
6 91.83399.1796
5 107.114Adjusted
Dept. Dept. Name
Max throughput Mbps
Annual growth rate
Adjusted Y1
Adjusted Y2
Adjusted Y3
Adjusted Y4
Adjusted Y5
1 Marketing 1037.88 12% 1163 1302 1459 1634 1830
2 Customer Support 3492.72 22% 4262 5199 6343 7738 9440
3 Engineering 192.08 8% 208 225 242 262 283
4 Direct/Corporate Sales 21.6 10% 24 27 29 32 35
5 IT 1228.8 18% 1450 1711 2019 2383 2812
6 Cold Call Sales Center 1299.6 25% 1625 2031 2539 3173 3967
7 Accounting 61.25 5% 65 68 71 75 798 Finance 5.07 3% 6 6 6 6 6A Administration 72.9 8% 79 86 92 100 108
11
Interdepartmental throughput Projections year 5:
Projected Throughput Year 5
Department Number 1 2 3 4 5 6 7 8 A
1 640.185 146.328 18.291 0 18.291 9.14550
1 0 0 0
2 615.5369
61.55369
30.77683
61.55369 0 615.536
9 0 615.5369
3 270.8087
6.770215
3.385108 0 0 0 3.38510
8
4 26.64662
0.190333
0.190333
0.190333
0.190333
0.190333
5 649.67 433.1133
216.5566 0 216.556
6
6 229.0339 0 0 0
7 10.79435
10.79435
10.79435
8 1.787016 1.59555
A 32.11869
12
Building Physical Layout
Each building is in the shape of a square 125ft by 150ft
Elevators are located in the center of each building.
Wiring closets are also located in the same spot on each floor and located on the wall closest to the main road.
Overhead view of location
13
A
B C
E
D
Buildings are located 100 ft from the street and 200 ft from each other. Building A has been designated by management as the location for the
Administrative offices.
The streets are 25ft across.
Department Space Requirements – Year Five
Dept. Dept. Name Adjusted Y5
Employees/admin
Employee SqFt
Support
Suport SqFt
Adm SqFt
Floors Req
1 Marketing 99 89 16020 10 10001.2967
62
2 Customer Support 173 155 27900 18 1800
2.262857
3 Engineering 43 38 6840 5 5000.5592
38
4Direct/Corporate Sales
4439 7020 5 500
0.572952
5 IT 21 18 3240 3 3000.2697
14
6 Cold Call Sales Center 297 267 48060 30 3000
3.890286
7 Accounting 46 41 7380 5 5000.6003
81
8 Finance 21 18 3240 3 3000.2697
14
A Administration 18 16 2 200 4800
0.380952
TOTAL 762 681 119700 81 8100 4800
10.10286
14
Based on the table above, we decided that only 4 buildings would be needed to save costs. Building E will more than likely be used past year 5 if the company continues to grow. “Security intensive departments (engineering, finance, accounting, administration) should not be located with the call center or customer service.” It was important to compartmentalize the security intensive departments within building A
Building A Employee Layout
15
Building B Employee Layout
16
Building C Employee Layout
17
Building D Employee Layout
18
Employees by building and Floor
19
FLOOR
Employees per floor
A1 67A2 66A3 18B1 73B2 72B3 72C1 60C2 59C3 60D1 73D2 72D3 72
20
ALL BUILDING FIRST FLOOR Physical Layout
21
For the Physical Layout of the first floor of every building we wanted to focus on security. The positioning of the security staff along with the cameras, and metal detector are key to prevent un authorized access to any of the buildings via “piggy backing” or other social engineering methods.
The logic behind 2 guards is the angle of entry for the building so that a person can’t hide behind another one using angles. The metal detector is to prevent long range RFID or packet injection wireless cards or other computer devices to smuggled into the buildings without authorization. The two POE security cameras will be on a wired network. Again, there is no Wireless access point on any of the first floors for security. The security cameras are to prevent pick pocketing or other methods of stealing employee authentication tokens such as Magnetic strips or personal identification.
Magnetic Cards will be used for employee and guest authentication. The metal detector, also prevents against weapons such as fire arms or knives.
22
Building A Third Floor
The wireless Access points should be focused towards the center with minimal outside overlap. Conference room will host VOIP
23
Buildings B C D Floor 2 and 3
The 2nd and 3rd floors of building B C and D will be identical.
24
NETWORK TOPOLOGY
LAN BY FLOOR
A physical Local Area network will be set up on each floor, with all the wiring running to the wirining closet at the front of the building closest to the street. The topology used will be star. Wiring length from each host on the floor was determined by finding the longest straight line on the floor, corner to corner, then dividing that number by half as the average length that would be needed to accommodate. Based on the calculations detailed in Appendix A, we concluded that we would need 97.62812 Feet of UTP cable per host.
The recommended switched for ABC company are the “Cisco ME 2400 24 port Ethernet switch 10/100”. The switches work at layer 2. Each switch has 24 ports per switch. Meaning the system is scalable. All the products selects from the security cameras to the switches feature Power Over Ethernet (POE). These switches are currently sold and supported by Cisco. The size of Cisco will make it unlikely the products will go obsolete any time soon.
ABC company has expressed an interest in having the ability to host teleconferences from the VP’s conference room in building A. We chose the “Cisco TelePresence MX200” based off the dimensions of the building we concluded that a 42” monitor would suffice for the conference room.
Below are the LAN Diagrams describing the above.
25
HOST COUNT BY FLOOR
Fixed Ratio was used to calculate the Hosts per floor
FLOOR
Employees per floor
Hosts per floor
UTP NEEDED
SWITCHES NEEDED
A1 67 757322.10
9 4
A2 66 747224.48
1 4
A3 18 212050.19
1 2
B1 73 828005.50
6 4
B2 72 817907.87
8 4
B3 72 817907.87
8 4
C1 60 686638.71
2 3
C2 59 666443.45
6 3
C3 60 686638.71
2 3
D1 73 828005.50
6 4
D2 72 817907.87
8 4
D3 72 817907.87
8 4
For security reasons WIFI will only be installed on the second to third floor of every building, except Building A. Building A will only have 1 wireless Access point on the third floor. The wireless access points will be in the wiring cabinet on the same floor. As mentioned before the WiFi access point will use POE.
26
BUILDING A LAN
27
Building A will also house the Onsite Core management Servers along with the VOIP servers
28
B29
C30
D
Building D will house the VOIP and internet access points behind the selected firewall.
31
BACK BONE NETWORK
The backbone network will use a Bus topology. Due to the small space requirements we decided to not include a physical redundancy. Instead we suggest that ABC Corporation purchase offsite data center for the event of catastrophic data loss. According to a study conducted at the University of Texas in Austin, 44% of all business go bankrupt due to data loss. Depending on the total data stored and used by ABC Corp we specifically would recommend IBMs “Disaster Recovery as a ServiceIBM Resiliency Disaster Recovery as a ServiceContinuous replication of critical data, applications, and systems
The benefits of an offsite disaster Recovery
Near Continuous Replication of physical and virtual servers using the company’s choice of private, public, or hybrid clouds to keep the business continuous
By eliminating the need for redundancy it reduces the costs drastically Fast Cost effective Disaster recovery workflow is automated which reduces the
amount of staff ABC company would need
Due to the price difference of the outsourced service the costs of it will not be factored into the system costs but should it should be used.
32
SECURITYPHYSICAL SECURITY
For the Physical security of our system we implemented
Metal detectors Magnetic Strip readers Security cameras Removed WIFI from the 1st floor of every building Security guard to prevent piggy backing through the door
The metal Detectors are essential to prevent unwanted hardware that could potentially damage company data, property, or employees. Secondary benefit of the metal detector is safety for employees.
the security cameras outside the entrance is to prevent employees from getting pick pocketed either virtually or through long range electronic pickpocketing devices
Employees will be trained to be vigilant when entering the building
Dumpsters will be locked, all physical paper must be shredded before being disposed.
USB drives and CD drives should be removed from all computers on Floor one of all buildings
Fire walls are implemented in two locations for compartmentalization
Technical SECURITY
For the Technical security plan
Updates unsecure programs Third party Pen test for application vulnerability’s
Possible Technical Exploits
Buffer Overflow: any application could be susceptible to a Buffer overflow
Hackers will input information until they fill the NOOP sled. “While a NOP slide will function if it consists of a list of canonical NOP instructions, the presence of such code is suspicious and easy to automatically detect. For this reason, practical NOP slides are often composed of non-canonical NOP instructions (such as moving a register to itself or adding zero, for example 0x0c0c0c0c [1]), or of instructions that affect program state only inconsequentially, which makes them much more difficult to identify.
33
The entropy of a NOP sled is dependent upon the constraints placed on it. If it can be determined that certain registers are not in use (that is to say, they will be set to a known value before their next use), instructions which manipulate them arbitrarily may be used in the NOP slide. Additionally, if the alignment of both the NOP slide and the instruction pointer are deterministic, multi-byte instructions can be used in a NOP slide without regard to the results of unaligned execution. If the input providing the attack vector into which the NOP slide and payload are to be introduced are filtered (such as accepting only printable characters), the field of possible instructions for inclusion is limited. While instructions that are part of an architecture extension (such as SSE) may frequently be irrelevant to program state, they cannot be used in a NOP slide targeting a computer on which the extension is not supported.”(Corelan) This means the possibility of previously undiscovered 0 day exploits will be a constant threat.“
Social Engineering SECURITY
Employee passwords should contain
16 character minimum Upper case Numbers symbols
Threats
By far the most common, and likely method of attack. Employees should be given regular evaluations on their Phishing scam awareness.
Social engineering attack can come from anyoneHackers can spoof or hack non computer savvy relatives of ABC company employees, then masquerade as them to gain information from the employee he wouldn’t normally be able to attain.
Hackers can also attack employee or employee relatives smart phones and attempt to social engineer the target
Social engineering is not limited to digital medias hackers can also manipulate employees and security personnel.
All employees should never make exceptions for implanted security rules.
Two-Factor Authentication for employee emails using Google Authenticator. The use of two different prime numbers with an arbitrary increase to each starting prime number. A prime number multiplied by another prime number makes a semi-prime. A semi-prime can only be divisible by itself, and either prime number used to create it.
34
IP ALLOCATION
NAT
The network has been designed so that ABC company can hide the company’s Individual IP addresses behind the NAT(Network Address Translation). Use of a NAT provides an added layer of security. IP addresses are translated by the NAT using internal IPs with corresponding ports. A NAT proxy server will then translate the outbound packet to its IP address of 147.54.33.1
The NAT will change the source port number to a unique member that is indistinguishable from other messages relayed from the NAT to the outside. For packets that come into the company it will reverse the process to send the packets to the appropriate user. The features do not hinder the users in any way and make it more difficult for outside forces to gain access or cause harm.
INTERNAL IP TABLE ASSIGNMENTS
We wanted to avoid 192.168.0/24 and 192.168.1/24 because these are defaults for many consumer-grade home devices, and should ABC Company ever have to get into VPN access it will cause problems if your users home networks conflict with the "corporate" one. We decided to use a similar IP structure as the example of the 10.0 internal IP set up.
DepartmentInternal IP
Admin 10.1.1.xxxAdmin -Sup 10.2.1.xxx
Marketing10.1.11.xxx
Marketing Support10.2.11.xxx
Customer Support10.1.12.xxx
Customer Support - Support
10.2.12.xxx
Engineering10.1.13.xxx
Engineering Support10.2.13.xxx
IT10.1.14.xxx
IT - Support10.2.14.xxx
Sales 10.1.15.xx
35
x
Sales - Support10.2.15.xxx
Call Center #110.1.16.xxx
Call Center #210.1.26.xxx
Call Center - Support10.2.16.xxx
Accounting10.1.17.xxx
Accounting - Support10.2.17.xxx
Finance10.1.18.xxx
Finance Support10.2.18.xxx
Like the example the IP addresses are not arbitrary. The first 8 bits are consistently going to be 10 instead of the 192(due to reasons discussed above) for internal traffic. After that the next 8 bits are to determine if its department or support staff. The following number “1” indicates except for admin staff they are default at 1. If departmental growth exceeds the allotted 254 IP address within a subnet, a two can be used to procede the department number to indicate the second section of the department.
NETWORK COSTS
Material and Installation Costs:
Fiber Optic Cable - $5.00 / ft
Installation cost in building $20/ft
Installation cost in ground $100/ft
UTP $.80 / ft
Installation cost in building $2/ft
36
Installation cost in ground $50/ft
Wired installation under a road $15,000/road (assumes 90⁰ angle)
HP 5830 layer 3 switch $8,300 each
Cisco ME 2400 24 port Ethernet switch 10/100 $327 each
Netgear WNDAP620 access point $434 each
HP 5830AF-48G Switch with 1 Interface Slot#JC691AList Price: $11,990.00Our Price: $8,411.00
GARRETT MAGNASCANNER MS3500 $4,395.00
Cisco CTS-MX200-K9.Alternative Views:Cisco TelePresence MX200 G2.List Price: $17,900.00.
Magnetic Cards $172 per 500
Magnetic reader writer $128.00
FI8905E(POE Security Cam) $34.95
37
HP FIREWALL $18,089.99
BACK BONE COST NETWORK COST
From toCross Road?
Underground Cable Length
Through Building Length
Under-Road cost
Total cost
A B Yes 225 125$15,000.0
0 $40,000 B C no 200 125 0 $22,500 C D no 200 125 0 $22,500 Totals 625 $85,000
Per Floor Costs Indoor
FLOOR UTP NEEDED
SWITCHES NEEDED
Outgoing Switch UTP Cost Switch
CostWireless AP Cost
TOTAL COST
Teleconf
A1 7322.109 4 1 14644.22 11320 0 $25964.22A2 7224.481 4 14448.96 11320 0 $25768.96A3 2050.191 2 4100.382 5660 434 $10194.38 17,900B1 8005.506 4 1 16011.01 11320 0 $27331.01B2 7907.878 4 15815.76 11320 434 $27569.76B3 7907.878 4 15815.76 11320 434 $27569.76C1 6638.712 3 1 13277.42 8490 $21767.42C2 6443.456 3 12886.91 8490 434 $21810.91C3 6638.712 3 13277.42 8490 434 $22201.42D1 8005.506 4 1 16011.01 11320 0 $27331.01D2 7907.878 4 15815.76 11320 434 $27569.76D3 7907.878 4 15815.76 11320 434 $27569.76TOTAL 167920.4 121690 3038 $310548.4
38
Security Cost
SECURITY COST Unit Cost
Quantity
Total Cost
Metal Detector 4395 4 17580POE Security cam 34.99 8 279.92Magnetic Strip reader writter 128 4 512Fire wall
$18,089.99 2
36179.98
Total Sec Cost38729.
9
RECOMMENDATIONS
This proposal is to be used as a guide when building the Network for ABC Company’s new campus. Additional security, data and equipment information is needed to provide a complete solution
Based on the proposal we have presented, we have the following recommendations before the network is approved.
39
1. The growth rates for the company should be monitored in real time. By doing so ABC company would allow for optimization during new employee hires. It would also make the system easier to maintain.
2. While the security topics covered above are relatively long, there are many possible ways of exploiting the network. No system is hacker proof, the design can just reduce the likely hood based on a time to effort ratio.
3. As explained in the example, the IP PBX and IP phones chosen must be compatible with the switches used in the design. Each
This report has detailed a comprehensive plan for the network of ABC company. As noted some additional information must be considered before moving forward with the implementation of the network. We feel that the network design as a whole meets all the needs of the company: security, data, and size. Further Growth in the organization is manageable as a system presented is scalable easy to manage thanks to the selected “smart” devices.
APPENDIX A: CALCULATIONS
Employee to Host Ratio
348/389=0.8946015424164524
Host to Employee Ratio
389/348=1.117816091954023
Wiring Calculations
125^2 + 150^2 = (38125) SqRt( 38125) = (195.256241)/2 = 97.62812
THROUGHPUT CALCULATIONS
40
INITIAL INTER DEPARTMENTAL THROUGHPUT Department Number 1 2 3 4 5 6 7 8 A
1 363.258 83.0304 10.3788 0 10.3788 5.1894 0 0 02 349.272 34.9272 17.4636 34.9272 0 349.272 0 349.2723 153.664 3.8416 1.9208 0 0 0 1.92084 15.12 0.108 0.108 0.108 0.108 0.1085 368.64 245.76 122.88 0 122.886 129.96 0 0 07 6.125 6.125 6.1258 1.014 1.014A 18.225
Projected Throughput Year 1
Department Number
1 2 3 4 5 6 7 8 A
1 406.849
92.99406
11.62426 0 11.6242
65.81212
9 0 0 0
2 391.184
739.1184
719.5592
339.1184
7 0 391.1847 0 391.184
7
3 172.103
74.30259
22.15129
6 0 0 0 2.151296
4 16.9344 0.12096 0.12096 0.12096 0.12096 0.12096
5 412.876
8275.251
2137.625
6 0 137.6256
6 145.555
2 0 0 0
7 6.86000
16.86000
16.86000
18 1.13568 1.13568A 20.412
Projected Throughput Year 2 Department Number
1 2 3 4 5 6 7 8 A
1 455.6709 104.1534 13.01917 0 13.01917 6.509585 0 0 02 438.1269 43.81269 21.90634 43.81269 0 438.1269 0 438.12693 192.7562 4.818904 2.409452 0 0 0 2.4094524 18.96653 0.135475 0.135475 0.135475 0.135475 0.1354755 462.4221 308.2814 154.1407 0 154.14076 163.0218 0 0 07 7.683202 7.683202 7.6832028 1.271962 1.271962A 22.86144
41
Projected Throughput Year 5 Department Number 1 2 3 4 5 6 7 8 A
1 640.185 146.328 18.291 0 18.291 9.145501 0 0 02 615.5369 61.55369 30.77683 61.55369 0 615.5369 0 615.53693 270.8087 6.770215 3.385108 0 0 0 3.3851084 26.64662 0.190333 0.190333 0.190333 0.190333 0.1903335 649.67 433.1133 216.5566 0 216.55666 229.0339 0 0 07 10.79435 10.79435 10.794358 1.787016 1.59555A 32.11869
42
Projected Throughput Year 3Department number 1 2 3 4 5 6 7 8 A
1 510.3515 116.6518 14.58147 0 14.58147 7.290736 0 0 02 490.7022 49.07022 24.5351 49.07022 0 490.7022 0 490.70223 215.887 5.397173 2.698587 0 0 0 2.6985874 21.24252 0.151732 0.151732 0.151732 0.151732 0.1517325 517.9128 345.2752 172.6376 0 172.63766 182.5844 0 0 07 8.605187 8.605187 8.6051878 1.424598 1.424598A 25.60482
Projected Throughput Year 4 Department Number 1 2 3 4 5 6 7 8 A
1 571.5937 130.65 16.3312
5 0 16.33125
8.165625 0 0 0
2 549.5865
54.95865
27.47931
54.95865 0 549.586
5 0 549.5865
3 241.7935
6.044834
3.022418 0 0 0 3.02241
8
4 23.79162 0.16994 0.16994 0.16994 0.1699
4 0.16994
5 580.0624
386.7083
193.3541 0 193.354
1
6 204.4945 0 0 0
7 9.63781 9.63781 9.63781
8 1.59555 1.59555
A 28.6774
VOIP THROUGHPUT
VOIP YEAR ONE VOIP YEAR Two Department Number VOIP
Department Number VOIP
1 633.5223 1 709.5448
2 2989.768 2 3774.652
3 26.73752 3 21.64809
4 6.2208 4 6.492095
5 486.6048 5 631.9961
6 1478.945 6 1867.603
7 43.7325 7 44.47852
8 2.95074 8 2.834839
A 58.32 A 62.16912
VOIP YEAR Three VOIP YEAR Four Department Number VOIP
Department Number VOIP
1 794.69 1 890.0522
2 4747.467 2 5951.387
3 15.28415 3 7.43953
4 6.74842 4 6.98324
5 810.4948 5 1028.891
43
6 2355.697 6 2968.358
7 45.08897 7 45.53633
8 2.69093 8 2.51523
A 66.22818 A 70.50225
VOIP YEAR Five Department Number VOIP
1 996.8585
2 7439.308
3 0.492612
4 7.188735
5 1295.301
6 3737.03
7 45.7892
8 2.494954
A 74.99531
Employee Department Layout
Building A
44
Dept.# Employees
Max throughput Mbps
Annual growth rate
Dept. Name y5
Y5 Adjusted
A 12 72.9 8% Administration 17.63194 18
3 29 192.08 8% Engineering 42.61051 43
5 9 1228.8 18% IT 20.58982 21
7 36 61.25 5% Accounting 45.94614 46
8 18 5.07 3% Finance
20.86693 21
BUILDING B
Dept.# Employees
Max throughput Mbps
Annual growth rate
Dept. Name y5
Y5 Adjusted
2 64 3492.72 22% Customer Support 172.9733 173
4 27 21.6 10% Direct/Corporate Sales 43.48377 44
Building C
Dept.# Employees
Max throughput Mbps
Annual growth rate
Dept. Name y5
Y5 Adjusted
1 56 1037.88 12% Marketing 98.69113 99
6 97 1299.6 25% Cold Call Sales Center
80 80
Building D
Dept.# Employees
Max throughput Mbps
Annual growth rate
Dept. Name y5
Y5 Adjusted
6 97 1299.6 25% Cold Call Sales Center
216.0205 217
45
Employee Space
TOTAL EMPLOYEE SPACE
102074.6
total people 348
Total Working Area After 196,875
total hosts 389
Required space for MISC 30%Total Working SqFt 281,250Building SqFt 56,250 39375 30%Per Floor SQFt 18,750 13125 30%
shape125 x 150
currentSpace per unit Value Actual
180 SQFT5400 SqFt
total Normal employees 302.4
300 SQFT3300 SqFt total admin 10.8
100 SQFT3500 Sqft support 34.8
total space required 12,200
APPENDIX B: SECONDARY SOURCE COMMUNICATION
“ To:
Sehr, Gerardo D
Sunday, December 04, 2016 1:26 PMGerardo, It’s your decision. Youi just have to costs and justify it. Dr. W
46
Dr. David WierschemAssociate ProfessorDepartment of CISQMMcCoy College of BusinessTexas State UniversityE-mail: [email protected]
Sehr, Gerardo DSent Items
Sunday, December 04, 2016 11:53 AMDear Professor Wierschem,
This is Gerardo Sehr from your CIS 4348F class. I was wondering if outsourcing an offsite data storage for redundancy of possible data breach or natural disaster. Justification for the offsite data storage is that a large portion of companies declare bankruptcy after a major data breach or data loss.
The provider i was leaning towards for the offsite recovery was IBM https://www.ibm.com/marketplace/cloud/managed-backup-services/us/en-us#product-header-tophttps://www.ibm.com/marketplace/cloud/managed-backup-services/us/en-us#product-header-top
Sincerely,Gerardo SehrCIS 4348F“
“Gerardo,
Height of the buildings is 10’ per floor. Between floors is concrete. 10” floors. Dr. W Dr. David WierschemAssociate ProfessorDepartment of CISQMMcCoy College of BusinessTexas State UniversityE-mail: [email protected]
47
Sehr, Gerardo DActions
To: Wierschem, David C Sent Items
Sunday, December 04, 2016 1:56 AMhello Dr. Wierschem, i was wondering what the height of the buildings are. also the material of the ceiling dividing each floor along with the thickness. Any input would be appreciated.“
“Project 2 walls
Wierschem, David C
Thursday, December 01, 2016 10:24 AMInside walls are standard thickness. Outside walls are 10 inches. Dr. W Dr. David WierschemAssociate ProfessorDepartment of CISQMMcCoy College of BusinessTexas State UniversityE-mail: [email protected]
Sehr, Gerardo DSent Items
Thursday, December 01, 2016 10:18 AMDo we know the wall thickness ?
Sent from my iPhone
Wierschem, David C
Thursday, December 01, 2016 9:40 AM
48
Gerardo. Interior walls. Steel bracing with drywall. Exterior walls. Concrete with drywall along the inside. Dr. W Dr. David WierschemDepartment of CIS & QMSTMcCoy College of Business AdministrationTexas State University-San Marcos601 University DriveSan Marcos, Texas 78666512-245-3223512-245-1452 (fax)[email protected]
Sehr, Gerardo DActions
To: Wierschem, David C Sent Items
Thursday, December 01, 2016 12:46 AMHello Dr. Wierschem, I was wondering what the building wall material, and thickness are for project 2.
Glass panelsGlass window panels with regular clear glass were tested. Low-E windows have a very thin metallic film on the glass, which should provide some shielding, but this type of window was not tested in this study.
DrywallDrywall consists of 85-95% gypsum. The rest is mainly paper and various chemical additives. Drywall has no shielding effect.
Glass panels 500 MHz1 GHz2 GHz 5 GHz8 GHz
6 mm (1/4”) 0 0.8 1.4 1 1.5
13 mm (1/2”)1.2 2.2
3.4
0
1.6
49
Drywall 500 MHz1 GHz2 GHz 5 GHz8 GHz
6 mm (1/4”) 0.1 0.3 0.6 0 0.4
13 mm (1/2”)0.1 0.3 0.6 0 0.4
Sent from my iPhone“
APPENDIX C: DATA SHEETS
HP 5830 Switch Series:(core)
50
Key features• Stackable, high-port density for high scalability• HP IRF technology for simpler two-tier networks• Ultra deep (1 GB and 3 GB) packet buffers• Full L2/L3 features, IPv4 and IPv6 dual stack• Lower OpEx and greener data centersProduct overviewHP 5830AF Switch Series is a family of high-density 1 GbE top-of-rack data center and campusswitches that are a part of HP FlexNetwork Architecture’s HP FlexFabric solution module.The two models, HP 5830AF-48G and HP 5830AF-96G Switches Series, are ideally suited fordeployments at the server access layer in medium-sized and large enterprise data centers andcampus networks. The HP 5830AF-48G switches deliver 48 1GbE ports and up to four 10GbEports in a space-saving 1RU package, while the HP 5830AF-96G switches provide an industryleading96 1GbE ports and up to 10 10GbE uplink ports in a 2RU form factor.Features and benefitsQuality of Service (QoS)• Traffic policingSupports Committed Access Rate (CAR) and line rate• Powerful QoS featureCreates traffic classes based on access control lists (ACLs), IEEE 802.1p precedence, IP, DSCP,or Type of Service (ToS) precedence; supports filter, redirect, mirror, or remark; supportsthe following congestion actions: strict priority (SP) queuing, weighted round robin (WRR),weighted fair queuing (WFQ), weighted random early discard (WRED), SP+WRR, and SP+WFQData sheet
HP 5830 Switch Series2Data sheet | HP 5830 Switch SeriesManagement• sFlow (RFC 3176)Provides scalable ASIC-based wire-speed network monitoring and accounting with no impacton network performance; this allows network operators to gather a variety of sophisticatednetwork statistics and information for capacity planning and real-time network monitoringpurposes• Remote configuration and managementEnables configuration and management through a secure Web browser or a CLI located on aremote device• Manager and operator privilege levels
51
Provides read-only (operator) and read/write (manager) access on CLI and Web browsermanagement interfaces• Management VLANSegments traffic to and from management interfaces, including CLI/telnet, a Web browserinterface, and SNMP• Multiple configuration filesStores easily to the flash image• Secure Web GUIProvides a secure, easy-to-use graphical interface for configuring the module via HTTPS• SNMPv1, v2c, and v3Facilitates centralized discovery, monitoring, and secure management of networking devices• Remote monitoring (RMON)Uses standard SNMP to monitor essential network functions; supports events, alarm, history,and statistics group plus a private alarm extension group• Network Time Protocol (NTP)Synchronizes timekeeping among distributed time servers and clients; keeps timekeepingconsistent among all clock-dependent devices within the network so that the devices canprovide diverse applications based on the consistent time• Out-of-band interfaceIsolates management traffic from user data plane traffic for complete isolation and totalreachability, no matter what happens in the data plane• Remote intelligent mirroringMirrors ingress/egress ACL-selected traffic from a switch port or VLAN to a local or remoteswitch port anywhere on the network3Data sheet | HP 5830 Switch SeriesConnectivity• Jumbo framesOn Gigabit Ethernet and 10 Gigabit Ethernet ports, jumbo frames allow high-performanceremote backup and disaster-recovery services• Auto-MDIXAdjusts automatically for straight-through or crossover cables on all 10/100/1000 ports• IPv6 native support––IPv6 hostEnables switches to be managed and deployed at the IPv6 network’s edge––Dual stack (IPv4 & IPv6)Transitions from IPv4 to IPv6, supporting connectivity for both protocols––Multicast Listener Discovery (MLD) snoopingIPv6 multicast traffic to the appropriate interface––IPv6 ACL/QoSSupports ACL and QoS for IPv6 network traffic, preventing traffic flooding––IPv6 routingSupports IPv6 static routes, RIP, BGP4+v6, IS-ISv6, and OSPF routing protocolsPerformance• Extraordinarily high port densityHP 5830AF-96G switches are single box-type that can provide 96 1GbE ports and 10 10GbEports simultaneously with full line-rate switching and forwarding• Ultra deep packet bufferingProvides up to a 3 GB packet buffer to help eliminate network congestion at the I/O associatedwith heavy use of server virtualization, as well as bursty multimedia, storage applications, andother critical services• Hardware-based wire-speed access control lists (ACLs)Helps provide high levels of security and ease of administration without impacting networkperformance with a feature-rich TCAM-based ACL implementation• Local Address Resolution Protocol (ARP)ARP fast reply feature provides an outstanding utilization of air-interface resources by firstissuing an ARP request locally before the AP broadcasts over the radio interface4Data sheet | HP 5830 Switch SeriesResiliency and high availability• Device Link Detection Protocol (DLDP)Monitors link connectivity and shuts down ports at both ends if unidirectional traffic is
52
detected, preventing loops in STP-based networks• Virtual Router Redundancy Protocol (VRRP)Allows groups of two routers to dynamically back each other up to create highly availablerouted environments• Intelligent Resilient Framework (IRF)Creates virtual resilient switching fabrics, where two or more switches perform as a singleL2 switch and L3 router; switches do not have to be co-located and can be part of a disasterrecoverysystem; servers or switches can be attached using standard LACP for automatic loadbalancing and high availability; can help eliminate the need for complex protocols such asSpanning Tree Protocol, Equal-Cost Multipath (ECMP), or VRRP, thereby simplifying networkoperation• Rapid Ring Protection Protocol (RRPP)Connects multiple switches in a high-performance ring using standard Ethernet technology;traffic can be rerouted around the ring in less than 200 ms, reducing the impact on traffic andapplications• Smart linkAllows 200 ms failover between links• Data center-optimized designSupports front-to-back or back-to-front airflow for hot/cold aisles, rear rackmounts, andredundant hot-swappable AC or DC power and fansManageability• TroubleshootingIngress and egress port monitoring enable network problem solvingLayer 2 switching• Spanning Tree/MSTP and RSTPPrevents network loops• Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) protocolsnoopingControls and manages the flooding of multicast packets in a Layer 2 network• 32K MAC addressesProvides access to many Layer 2 devices• IEEE 802.1ad QinQ and selective QinQIncreases the scalability of an Ethernet network by providing a hierarchical structure; connectsmultiple LANs on a high-speed campus or metro network5Data sheet | HP 5830 Switch Series• 10GbE port aggregationAllows grouping of ports to increase overall data throughput to a remote device• Port isolationIncreases security by isolating ports within a VLAN while still allowing them to communicatewith other VLANs• Per-VLAN Spanning Tree Plus (PVST+)Allows each VLAN to build a separate spanning tree to improve link bandwidth usage innetwork environments with multiple VLANs• GVRP VLAN Registration ProtocolAllows automatic learning and dynamic assignment of VLANsLayer 3 services• Loopback interface addressDefines an address in Routing Information Protocol (RIP) and Open Standard Path First (OSPF),improving diagnostic capability• User Datagram Protocol (UDP) helper functionAllows UDP broadcasts to be directed across router interfaces to specific IP unicast or subnetbroadcast addresses and prevents server spoofing for UDP services such as DHCP• Route mapsProvides more control during route redistribution; allows filtering and altering of route metrics• Dynamic Host Configuration Protocol (DHCP)Simplifies the management of large IP networks and supports client and server; DHCP Relayenables DHCP operation across subnetsLayer 3 routing• IPv6 tunnelingAllows IPv6 packets to traverse IPv4-only networks by encapsulating the IPv6 packet into astandard IPv4 packet; supports manually configured, 6 to 4, and Intra-Site Automatic Tunnel
53
Addressing Protocol (ISATAP) tunnels; is an important element for the transition from IPv4 toIPv6• Bidirectional Forwarding Detection (BFD)Enables link connectivity monitoring and reduces network convergence time for RIP, OSPF,BGP, IS-IS, VRRP, and IRF• Policy-based routingMakes routing decisions based on policies set by the network administrator• IGMPv1, v2, and v3Allows individual hosts to be registered on a particular VLAN6Data sheet | HP 5830 Switch Series• PIM-SSM, PIM-DM, and PIM-SM (for IPv4 and IPv6)Supports IP Multicast address management and inhibition of DoS attacks• Layer 3 IPv4 routingProvides routing of IPv4 at media speed; supports static routes, RIP and RIPv2, OSPF, IS-IS, andBGP• Equal-Cost Multipath (ECMP)Enables multiple equal-cost links in a routing environment to increase link redundancy andscale bandwidth• Layer 3 IPv6 routingProvides routing of IPv6 at media speed; supports static routes, RIPng, OSPFv3, IS-ISv6, andMP-BGPSecurity• Access control lists (ACLs)Provides IP Layer 3 filtering based on source/destination IP address/subnet, and source/destination TCP/UDP port number• Secure shellEncrypts all transmitted data for secure remote CLI access over IP networks• Port securityAllows access only to specified MAC addresses, which can be learned or specified by theadministrator• Secure FTPAllows secure file transfer to and from the switch; protects against unwanted file downloads orunauthorized copying of a switch configuration file• Secure management accessDelivers secure encryption of all access methods (CLI, GUI, or MIB) through SSHv2, SSL, and/orSNMPv3• Identity-driven security and access control––Per-user ACLsPermits or denies user access to specific network resources based on user identity, location,and time of day, allowing multiple types of users on the same network to access specificnetwork services without risk to network security or unauthorized access to sensitive data––Automatic VLAN assignmentAssigns users automatically to the appropriate VLAN based on their identity and location,and the time of day• STP BPDU port protectionBlocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventingforged BPDU attacks7Data sheet | HP 5830 Switch Series• DHCP protectionBlocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks• Dynamic ARP protectionBlocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft ofnetwork data• STP root guardProtects the root bridge from malicious attacks or configuration mistakes• Guest VLANProvides a browser-based environment to authenticated clients that is similar to IEEE 802.1X• MAC-based authenticationAllows or denies access to the switch based on a client MAC address• IP source guard
54
Helps prevent IP spoofing attacks• Endpoint Admission Defense (EAD)Provides security policies to users accessing a network• RADIUS/HWTACACSEases switch management security administration by using a password authentication serverConvergence• IP multicast snooping (data-driven IGMP)Prevents flooding of IP multicast traffic• IEEE 802.1AB Link Layer Discovery Protocol (LLDP)Facilitates easy mapping using network management applications with LLDP automateddevice discovery protocol• Internet Group Management Protocol (IGMP)Utilizes Any-Source Multicast (ASM) or Source-Specific Multicast (SSM) to manage IPv4multicast networks; supports IGMPv1, v2, and v3• Protocol Independent Multicast (PIM)Defines modes of Internet IPv4 and IPv6 multicasting to allow one-to-many and many-tomanytransmission of information; supports PIM Dense Mode (DM), Sparse Mode (SM), andSource-Specific Multicast (SSM)• Multicast Source Discovery Protocol (MSDP)Allows multiple PIM-SM domains to interoperate; is used for inter-domain multicastapplications• Multicast Border Gateway Protocol (MBGP)Allows multicast traffic to be forwarded across BGP networks and kept separate from unicasttraffic8Data sheet | HP 5830 Switch Series• Multicast VLANAllows multiple VLANs to receive the same IPv4 or IPv6 multicast traffic, lessening networkbandwidth demand by reducing or helping eliminate multiple streams to each VLAN• LLDP-MEDIs a standard extension that automatically configures network devices, including LLDPcapableIP phones• LLDP-CDP compatibilityReceives and recognizes CDP packets from Cisco’s IP phones for seamless interoperationMonitor and diagnostics• Port mirroringEnables traffic on a port to be simultaneously sent to a network analyzer for monitoring• OAM (IEEE 802.3ah)Operations, administration, and maintenance (OAM) management capability detects data linklayer problems that occur in the “last mile”; monitors the status of the link between the twodevices• CFD (IEEE 802.1ag)Connectivity fault detection (CFD) provides a Layer 2 link OAM mechanism used for linkconnectivity detection and fault locatingAdditional information• Green initiative supportProvides support for RoHS and WEEE regulations• Green IT and powerImproves energy efficiency through the use of the latest advances in silicon development;shuts off unused ports and utilizes variable-speed fans, reducing energy costsWarranty and support• 1-year warrantyAdvance hardware replacement with next-business-day delivery (available in most countries)• Electronic and telephone supportLimited electronic and business-hours telephone support is available from HP for the entirewarranty period; to reach our support centers, refer to hp.com/networking/contact-support;for details on the duration of support provided with your product purchase, refer to hp.com/networking/warrantysummary• Software releasesTo find software for your product, refer to hp.com/networking/support; for details on thesoftware releases available with your product purchase, refer to hp.com/networking/warrantysummary
55
9Data sheet | HP 5830 Switch SeriesHP 5830 Switch SeriesSpecificationsHP 5830AF-48G Switch with 1 Interface Slot (JC691A)
HP 5830AF-96G Switch (JC694A)
I/O ports and slots 48 RJ-45 autosensing 10/100/1000 ports (IEEE 802.3 Type10BASE-T, IEEE 802.3u Type 100BASE-TX, IEEE 802.3ab Type1000BASE-T); Duplex: 10BASE-T/100BASE-TX: half or full;1000BASE-T: full only2 dual-personality ports; auto-sensing 10/100/1000Base-Tor SFP2 fixed 1000/10000 SFP+ ports1 extended module slot96 RJ-45 autosensing 10/100/1000 ports (IEEE 802.3 Type10BASE-T, IEEE 802.3u Type 100BASE-TX, IEEE 802.3ab Type1000BASE-T); Duplex: 10BASE-T/100BASE-TX: half or full;1000BASE-T: full only10 fixed 1000/10000 SFP+ portsAdditional ports and slots 1 RJ-45 serial console port1 RJ-45 out-of-band management port1 RJ-45 serial console port1 RJ-45 out-of-band management portPower supplies 2 power supply slots1 minimum power supply required (ordered separately)2 power supply slots1 minimum power supply required (ordered separately)Fan tray 1 fan tray slotBase product does not include fan tray.1 fan tray slotBase product does not include fan tray.Physical characteristicsDimensionsWeight17.32(w) x 18.11(d) x 1.72(h) in (43.99 x 46 x 4.37 cm)
56
(1U height)14.53 lb (6.59 kg)17.32(w) x 25.98(d) x 3.39(h) in (43.99 x 65.99 x8.61 cm)31.75 lb (14.4 kg)Memory and processor 64 MB flash, 1 GB SDRAM; packet buffer size: 1 GB 64 MB flash, 1 GB SDRAM; packet buffer size: 3 GBPerformanceThroughputSwitching capacityRouting table sizeMAC address table size119 Mpps (64-byte packets)160 Gbps12000 entries (IPv4)32000 entries291.6 Mpps (64-byte packets)392 Gbps12000 entries (IPv4)32000 entriesEnvironmentOperating temperatureOperating relative humidityAcoustic32°F to 113°F (0°C to 45°C)5% to 95%Low-speed fan: 58 dB, High-speed fan: 65 dB32°F to 113°F (0°C to 45°C)5% to 95%Low-speed fan: 58 dB, High-speed fan: 65 dBElectrical characteristicsFrequencyMaximum heat dissipationAC voltageDC voltage50/60 Hz440 BTU/hr (464.2 kJ/hr)100 - 240 VAC-40 to -60 VDC50/60 Hz1209 BTU/hr (1275.49 kJ/hr)100 - 240 VAC-40 to -60 VDC10Data sheet | HP 5830 Switch SeriesHP 5830AF-48G Switch with 1 Interface Slot (JC691A) HP 5830AF-96G Switch (JC694A)Safety UL 60950-1; EN 60825-1 Safety of Laser Products-Part 1;EN 60825-2 Safety of Laser Products-Part 2; IEC 60950-1;CAN/CSA-C22.2 No. 60950-1; Anatel; ULAR; GOST; EN 60950-1/A11; FDA 21 CFR Subchapter J; NOM; ROHS ComplianceUL 60950-1; EN 60825-1 Safety of Laser Products-Part 1;EN 60825-2 Safety of Laser Products-Part 2; IEC 60950-1;CAN/CSA-C22.2 No. 60950-1; Anatel; ULAR; GOST; EN 60950-1/A11; FDA 21 CFR Subchapter J; NOM; ROHS ComplianceEmissions VCCI Class A; EN 55022 Class A; ICES-003 Class A; ETSI EN 300386 V1.3.3; AS/NZS CISPR 22 Class A; EMC Directive 2004/108/EC; EN 55024:1998+ A1:2001 + A2:2003; FCC (CFR 47, Part 15)Subpart B Class AVCCI Class A; EN 55022 Class A; ICES-003 Class A; ETSI EN300 386 V1.3.3; AS/NZS CISPR 22 Class A; EMC Directive2004/108/EC; EN 55024:1998+ A1:2001 + A2:2003; FCC(CFR 47, Part 15) Subpart B Class AImmunityGenericENESDRadiatedEFT/BurstSurgeConductedPower frequency magnetic fieldVoltage dips and interruptionsHarmonicsFlickerETSI EN 300 386 V1.3.3EN 55024:1998+ A1:2001 + A2:2003EN 61000-4-2; IEC 61000-4-2EN 61000-4-3; IEC 61000-4-3EN 61000-4-4; IEC 61000-4-4EN 61000-4-5; IEC 61000-4-5
57
EN 61000-4-6; IEC 61000-4-6IEC 61000-4-8; IEC 61000-4-8EN 61000-4-11; IEC 61000-4-11EN 61000-3-2, IEC 61000-3-2EN 61000-3-3, IEC 61000-3-3ETSI EN 300 386 V1.3.3EN 55024:1998+ A1:2001 + A2:2003EN 61000-4-2; IEC 61000-4-2EN 61000-4-3; IEC 61000-4-3EN 61000-4-4; IEC 61000-4-4EN 61000-4-5; IEC 61000-4-5EN 61000-4-6; IEC 61000-4-6IEC 61000-4-8; IEC 61000-4-8EN 61000-4-11; IEC 61000-4-11EN 61000-3-2, IEC 61000-3-2EN 61000-3-3, IEC 61000-3-3Management IMC—Intelligent Management Center; command-line interface;Web browser; out-of-band management; SNMP Manager;Telnet; RMON1; FTP; IEEE 802.3 Ethernet MIBIMC—Intelligent Management Center; command-lineinterface; Web browser; out-of-band management; SNMPManager; Telnet; RMON1; FTP; IEEE 802.3 Ethernet MIBNotes Additional specifications• Static MAC table: 5120• Max VLAN interface: 1,000• Multicast L2 entries for IPv4: 2,000• Multicast L2 entries for IPv6: 1,000• Multicast L3 entries for IPv4: 2,000• Multicast L3 entries for IPv6: 1,000• VLAN table: 4,000• QoS forward queue number: 8• Static ARP number: 1,000• Dynamic ARP number: 8,000• MAX number in one link group: 8• Link group number: 128• ACL number: 4,000 (ingress); 512 (egress)Additional specifications• Static MAC table: 5120• Max VLAN interface: 1,000• Multicast L2 entries for IPv4: 2,000• Multicast L2 entries for IPv6: 1,000• Multicast L3 entries for IPv4: 2,000• Multicast L3 entries for IPv6: 1,000• VLAN table: 4,000• QoS forward queue number: 8• Static ARP number: 1,000• Dynamic ARP number: 8,000• MAX number in one link group: 8• Link group number: 128• ACL number (GbE ports): 8,000 (ingress); 1,000 (egress)• ACL number (10GbE ports): 2,000 (ingress); 512 (egress)Services Refer to the HP website at hp.com/networking/services fordetails on the service-level descriptions and product numbers.For details about services and response times in your area,please contact your local HP sales office.Refer to the HP website at hp.com/networking/servicesfor details on the service-level descriptions and productnumbers. For details about services and response times inyour area, please contact your local HP sales office.11Data sheet | HP 5830 Switch SeriesStandards and Protocols(applies to all products in series)BGP RFC 1771 BGPv4RFC 1772 Application of the BGPRFC 1997 BGP Communities AttributeRFC 1998 An Application of the BGPCommunity Attribute in Multi-home RoutingRFC 2385 BGP Session Protection via TCPMD5RFC 2439 BGP Route Flap DampingRFC 2796 BGP Route ReflectionRFC 2858 BGP-4 Multi-Protocol ExtensionsRFC 2918 Route Refresh CapabilityRFC 3065 Autonomous SystemConfederations for BGPRFC 3392 Capabilities Advertisement withBGP-4RFC 4271 A Border Gateway Protocol 4 (BGP-4)
58
RFC 4272 BGP Security VulnerabilitiesAnalysisRFC 4273 Definitions of Managed Objectsfor BGP-4RFC 4274 BGP-4 Protocol AnalysisRFC 4275 BGP-4 MIB Implementation SurveyRFC 4276 BGP-4 Implementation ReportRFC 4277 Experience with the BGP-4Protocol RFC 4360 BGP Extended CommunitiesAttributeRFC 4456 BGP Route Reflection: AnAlternative to Full Mesh Internal BGP (IBGP)RFC 5291 Outbound Route FilteringCapability for BGP-4RFC 5292 Address-Prefix-Based OutboundRoute Filter for BGP-4Denial of service protection RFC 2267 Network Ingress Filtering Automatic filtering of well-knowndenial-of-service packetsCPU DoS ProtectionRate Limiting by ACLsDevice management RFC 1157 SNMPv1/v2cRFC 1305 NTPv3RFC 1902 (SNMPv2)RFC 2579 (SMIv2 Text Conventions)RFC 2580 (SMIv2 Conformance)RFC 2819 (RMON groups Alarm, Event,History and Statistics only)HTTP, SSHv1, and TelnetMultiple Configuration FilesMultiple Software ImagesSSHv1/SSHv2 Secure ShellTACACS/TACACS+Web UIGeneral protocols IEEE 802.1ad Q-in-QIEEE 802.1ag Service Layer OAMIEEE 802.1p PriorityIEEE 802.1Q VLANsIEEE 802.1s Multiple Spanning TreesIEEE 802.1w Rapid Reconfiguration ofSpanning TreeIEEE 802.1X PAEIEEE 802.3ab 1000BASE-TIEEE 802.3ac (VLAN Tagging Extension)IEEE 802.3ad Link Aggregation ControlProtocol (LACP)IEEE 802.3ae 10-Gigabit EthernetIEEE 802.3atIEEE 802.3u 100BASE-XIEEE 802.3z 1000BASE-XRFC 768 UDPRFC 783 TFTP Protocol (revision 2)RFC 791 IPRFC 792 ICMPRFC 793 TCPRFC 826 ARPRFC 854 TELNETRFC 894 IP over EthernetRFC 903 RARPRFC 906 TFTP BootstrapRFC 925 Multi-LAN Address ResolutionRFC 950 Internet Standard SubnettingProcedureRFC 951 BOOTPRFC 959 File Transfer Protocol (FTP)RFC 1027 Proxy ARPRFC 1035 Domain Implementation andSpecificationRFC 1042 IP DatagramsRFC 1058 RIPv1RFC 1142 OSI IS-IS Intra-domain RoutingProtocolRFC 1213 Management Information Basefor Network Management of TCP/IP-basedinternetsRFC 1256 ICMP Router Discovery Protocol(IRDP)RFC 1293 Inverse Address ResolutionProtocol
59
RFC 1305 NTPv3RFC 1350 TFTP Protocol (revision 2)RFC 1393 Traceroute Using an IP OptionRFC 1519 CIDRRFC 1531 Dynamic Host ConfigurationProtocolRFC 1533 DHCP Options and BOOTP VendorExtensionsRFC 1591 DNS (client only)RFC 1624 Incremental Internet ChecksumRFC 1701 Generic Routing EncapsulationRFC 1721 RIP-2 AnalysisRFC 1723 RIP v2RFC 1812 IPv4 RoutingRFC 2091 Trigger RIPRFC 2131 DHCPRFC 2138 Remote Authentication Dial In UserService (RADIUS)RFC 2453 RIPv2RFC 2644 Directed Broadcast ControlRFC 2763 Dynamic Name-to-System IDmappingRFC 2784 Generic Routing Encapsulation(GRE)RFC 2865 Remote Authentication Dial InUser Service (RADIUS)RFC 2966 Domain-wide Prefix Distributionwith Two-Level IS-ISRFC 2973 IS-IS Mesh GroupsRFC 3277 IS-IS Transient BlackholeAvoidanceRFC 3567 Intermediate System toIntermediate System (IS-IS) CryptographicAuthenticationRFC 3719 Recommendations forInteroperable Networks using IntermediateSystem to Intermediate System (IS-IS)RFC 3784 ISIS TE supportRFC 3786 Extending the Number of IS-ISLSP Fragments Beyond the 256 LimitRFC 3787 Recommendations forInteroperable IP Networks usingIntermediate System to IntermediateSystem (IS-IS)RFC 3847 Restart signaling for IS-ISRFC 4251 The Secure Shell (SSH) ProtocolArchitectureRFC 5130 A Policy Control Mechanism inIS-IS Using Administrative Tags12Data sheet | HP 5830 Switch SeriesStandards and Protocols(applies to all products in series)IP multicast RFC 2236 IGMPv2RFC 2283 Multiprotocol Extensions forBGP-4RFC 2362 PIM Sparse Mode (Premium EdgeLicense)RFC 3376 IGMPv3RFC 3446 Anycast Rendezvous Point (RP)mechanism using Protocol IndependentMulticast (PIM) and Multicast SourceDiscovery Protocol (MSDP)RFC 3618 Multicast Source DiscoveryProtocol (MSDP)RFC 3973 PIM Dense ModeRFC 4541 Considerations for Internet GroupManagement Protocol (IGMP) and MulticastListener Discovery (MLD) Snooping SwitchesRFC 4601 Draft 10 PIM Sparse ModeRFC 4604 Using Internet Group ManagementProtocol Version 3 (IGMPv3) and MulticastListener Discovery Protocol Version 2(MLDv2) for Source-Specific MulticastRFC 4605 IGMP/MLD ProxyingRFC 4607 Source-Specific Multicast for IPRFC 4610 Anycast-RP Using ProtocolIndependent Multicast (PIM)RFC 5059 Bootstrap Router (BSR)
60
Mechanism for Protocol IndependentMulticast (PIM)IPv6 RFC 1886 DNS Extension for IPv6RFC 1887 IPv6 Unicast Address AllocationArchitectureRFC 1981 IPv6 Path MTU DiscoveryRFC 2080 RIPng for IPv6RFC 2081 RIPng Protocol ApplicabilityStatementRFC 2292 Advanced Sockets API for IPv6RFC 2373 IPv6 Addressing ArchitectureRFC 2375 IPv6 Multicast AddressAssignmentsRFC 2460 IPv6 SpecificationRFC 2461 IPv6 Neighbor DiscoveryRFC 2462 IPv6 Stateless Address AutoconfigurationRFC 2463 ICMPv6RFC 2464 Transmission of IPv6 overEthernet NetworksRFC 2473 Generic Packet Tunneling in IPv6RFC 2526 Reserved IPv6 Subnet AnycastAddressesRFC 2529 Transmission of IPv6 Packetsover IPv4RFC 2545 Use of MP-BGP-4 for IPv6RFC 2553 Basic Socket Interface Extensionsfor IPv6RFC 2710 Multicast Listener Discovery (MLD)for IPv6RFC 2740 OSPFv3 for IPv6RFC 2767 Dual stacks IPv4 & IPv6RFC 2893 Transition Mechanisms for IPv6Hosts and RoutersRFC 3056 Connection of IPv6 Domains viaIPv4 CloudsRFC 3307 IPv6 Multicast Address AllocationRFC 3315 DHCPv6 (client and relay)RFC 3484 Default Address Selection for IPv6RFC 3513 IPv6 Addressing ArchitectureRFC 3736 Stateless Dynamic HostConfiguration Protocol (DHCP) Service forIPv6RFC 3810 MLDv2 for IPv6RFC 4214 Intra-Site Automatic TunnelAddressing Protocol (ISATAP)MIBs RFC 1156 (TCP/IP MIB)RFC 1157 A Simple Network ManagementProtocol (SNMP)RFC 1213 MIB IIRFC 1215 A Convention for Defining Traps foruse with the SNMPRFC 1229 Interface MIB ExtensionsRFC 1493 Bridge MIBRFC 1573 SNMP MIB IIRFC 1643 Ethernet MIBRFC 1657 BGP-4 MIBRFC 1724 RIPv2 MIBRFC 1757 Remote Network Monitoring MIBRFC 1850 OSPFv2 MIBRFC 1907 SNMPv2 MIBRFC 2011 SNMPv2 MIB for IPRFC 2012 SNMPv2 MIB for TCPRFC 2013 SNMPv2 MIB for UDPRFC 2096 IP Forwarding Table MIBRFC 2233 Interface MIBRFC 2452 IPV6-TCP-MIBRFC 2454 IPV6-UDP-MIBRFC 2465 IPv6 MIBRFC 2466 ICMPv6 MIBRFC 2571 SNMP Framework MIBRFC 2572 SNMP-MPD MIBRFC 2573 SNMP-Target MIBRFC 2578 Structure of ManagementInformation Version 2 (SMIv2)RFC 2580 Conformance Statements forSMIv2RFC 2618 RADIUS Client MIBRFC 2620 RADIUS Accounting MIBRFC 2665 Ethernet-Like-MIB
61
RFC 2668 802.3 MAU MIBRFC 2674 802.1p and IEEE 802.1Q Bridge MIBRFC 2787 VRRP MIBRFC 2819 RMON MIBRFC 2925 Ping MIBRFC 2932IP (Multicast Routing MIB)RFC 2933 IGMP MIBRFC 2934 Protocol Independent MulticastMIB for IPv4RFC 3414 SNMP-User based-SM MIBRFC 3415 SNMP-View based-ACM MIBRFC 3417 Simple Network ManagementProtocol (SNMP) over IEEE 802 NetworksRFC 3418 MIB for SNMPv3RFC 3595 Textual Conventions for IPv6 FlowLabelRFC 3826 AES for SNMP’s USM MIBRFC 4133 Entity MIB (Version 3)RFC 4444 Management Information Basefor Intermediate System to IntermediateSystem (IS-IS)13Data sheet | HP 5830 Switch SeriesStandards and Protocols(applies to all products in series)Network management IEEE 802.1AB Link Layer Discovery Protocol(LLDP)RFC 1155 Structure of ManagementInformationRFC 1157 SNMPv1RFC 1448 Protocol Operations for version2 of the Simple Network ManagementProtocol (SNMPv2)RFC 2211 Controlled-Load NetworkRFC 2819 Four groups of RMON: 1(statistics), 2 (history), 3 (alarm) and 9(events)RFC 3176 sFlowRFC 3411 SNMP Management FrameworksRFC 3412 SNMPv3 Message ProcessingRFC 3414 SNMPv3 User-based SecurityModel (USM)RFC 3415 SNMPv3 View-based AccessControl Model VACM)ANSI/TIA-1057 LLDP Media EndpointDiscovery (LLDP-MED)OSPF RFC 1245 OSPF protocol analysisRFC 1246 Experience with OSPFRFC 1765 OSPF Database OverflowRFC 1850 OSPFv2 Management InformationBase (MIB), trapsRFC 2154 OSPF w/ Digital Signatures(Password, MD-5)RFC 2328 OSPFv2RFC 2370 OSPF Opaque LSA OptionRFC 3101 OSPF NSSARFC 3137 OSPF Stub Router AdvertisementRFC 3630 Traffic Engineering Extensions toOSPF Version 2RFC 4061 Benchmarking Basic OSPF SingleRouter Control Plane ConvergenceRFC 4062 OSPF Benchmarking Terminologyand ConceptsRFC 4063 Considerations When Using BasicOSPF Convergence BenchmarksRFC 4222 Prioritized Treatment of SpecificOSPF Version 2 Packets and CongestionAvoidanceRFC 4811 OSPF Out-of-Band LSDBResynchronizationRFC 4812 OSPF Restart SignalingRFC 4813 OSPF Link-Local SignalingRFC 4940 IANA Considerations for OSPFQoS/CoS IEEE 802.1P (CoS)RFC 1349 Type of Service in the InternetProtocol SuiteRFC 2211 Specification of the Controlled-Load Network Element ServiceRFC 2212 Guaranteed Quality of Service
62
RFC 2474 DSCP DiffServRFC 2475 DiffServ ArchitectureRFC 2597 DiffServ Assured Forwarding (AF)RFC 2598 DiffServ Expedited Forwarding(EF)Security IEEE 802.1X Port Based Network AccessControlRFC 1321 The MD5 Message-DigestAlgorithmRFC 1334 PPP Authentication Protocols(PAP)RFC 1492 An Access Control Protocol,Sometimes Called TACACSRFC 1994 PPP Challenge HandshakeAuthentication Protocol (CHAP)RFC 2082 RIP-2 MD5 AuthenticationRFC 2104 Keyed-Hashing for MessageAuthenticationRFC 2408 Internet Security Association andKey Management Protocol (ISAKMP)RFC 2409 The Internet Key Exchange (IKE)RFC 2716 PPP EAP TLS AuthenticationProtocolRFC 2865 RADIUS AuthenticationRFC 2866 RADIUS AccountingRFC 2867 RADIUS Accounting Modificationsfor Tunnel Protocol SupportRFC 2868 RADIUS Attributes for TunnelProtocol SupportRFC 2869 RADIUS ExtensionsAccess Control Lists (ACLs)Guest VLAN for 802.1xMAC AuthenticationPort SecuritySSHv1/SSHv2 Secure Shell14Data sheet | HP 5830 Switch SeriesHP 5830 Switch Series accessoriesModules HP 5500/5120 2-port 10GbE SFP+ Module (JD368B)Transceivers HP X110 100M SFP LC LH40 Transceiver (JD090A)HP X110 100M SFP LC LH80 Transceiver (JD091A)HP X110 100M SFP LC FX Transceiver (JD102B)HP X110 100M SFP LC LX Transceiver (JD120B)HP X125 1G SFP LC LH40 1310nm Transceiver (JD061A)HP X120 1G SFP LC LH40 1550nm Transceiver (JD062A)HP X125 1G SFP LC LH70 Transceiver (JD063B)HP X120 1G SFP LC SX Transceiver (JD118B)HP X120 1G SFP LC LX Transceiver (JD119B)HP X120 1G SFP RJ45 T Transceiver (JD089B)HP X170 1G SFP LC LH70 1550 Transceiver (JD109A)HP X170 1G SFP LC LH70 1570 Transceiver (JD110A)HP X170 1G SFP LC LH70 1590 Transceiver (JD111A)HP X170 1G SFP LC LH70 1610 Transceiver (JD112A)HP X170 1G SFP LC LH70 1470 Transceiver (JD113A)HP X170 1G SFP LC LH70 1490 Transceiver (JD114A)HP X170 1G SFP LC LH70 1510 Transceiver (JD115A)HP X170 1G SFP LC LH70 1530 Transceiver (JD116A)HP X130 10G SFP+ LC SR Transceiver (JD092B)HP X130 10G SFP+ LC LRM Transceiver (JD093B)HP X130 10G SFP+ LC LR Transceiver (JD094B)HP X130 10G SFP+ LC ER 40km Transceiver (JG234A)HP X240 10G SFP+ to SFP+ 0.65m Direct Attach Copper Cable (JD095C)HP X240 10G SFP+ to SFP+ 1.2m Direct Attach Copper Cable (JD096C)HP X240 10G SFP+ to SFP+ 3m Direct Attach Copper Cable (JD097C)HP X240 10G SFP+ to SFP+ 5m Direct Attach Copper Cable (JG081C)HP X240 10G SFP+ SFP+ 7m Direct Attach Copper Cable (JC784C)Power Supply HP 58x0AF 650W AC Power Supply (JC680A)HP 58x0AF 650W DC Power Supply (JC681A)15Data sheet | HP 5830 Switch SeriesHP 5830AF-48G Switch with 1 Interface Slot (JC691A) HP 5500/5120 2-port 10GbE SFP+ Module (JD368B)HP 5830AF-48G Back (power side) to Front (port side) Airflow Fan Tray (JC692A)HP 5830AF-48G Front (port side) to Back (power side) Airflow Fan Tray (JC693A)HP 5830AF-96G Switch (JC694A) HP 5830AF-96G back (power side) to front (port side) airflow Fan Tray (JC695A)HP 5830AF-96G front (port side) to back (power side) airflow Fan Tray (JC696A)Learn more athp.com/networking
63
HP 5830 Switch Series accessories (continued)Share with colleagues Rate this documentSign up for updateshp.com/go/getupdatedData sheet | HP 5830 Switch Series© Copyright 2011-2012, 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Theonly warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing hereinshould be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.4AA3-6200ENW, December 2014, Rev. 5
Cisco ME 2400 24 port Ethernet switch 10/100(Dist)
Updated:Sep 15, 2006
Product OverviewQ. What are the Cisco ® ME 3400 Series Ethernet Access Switches?A. Cisco ME 3400 Series Ethernet Access Switches are a series of next-generation Layer 2 and Layer 3
customer-located devices for service providers. Their design is based on the experience learned from today's most widely deployed access switches, the Cisco Catalyst ® 2950 and 3550 Series. The Cisco ME 3400 Series is the first access switch optimized for both Ethernet-to-the-Home (ETTH) converged data, voice, and video (triple-play) services and Ethernet-to-the-Business (ETTB) VPN services. It provides a comprehensive security solution for Metro Ethernet access that includes subscriber, switch, and network protection. The Cisco ME 3400 Series supports multiple software images for added flexibility in your deployment model.
Q. Is the Cisco ME 3400 Series certified to support industry-standard services?A. Yes, the Cisco ME 3400 Series has Metro Ethernet Forum (MEF) 9 and 14 certification to support
standard Layer 2 services and quality of service (QoS).
Q. Who should buy the Cisco ME 3400 Series?A. The Cisco ME 3400 Series is intended as the customer-located equipment (CLE) for both the ETTH
and ETTB markets. It is the successor for the Cisco Catalyst 2950 and 3550 Series in the Metro Ethernet access market.
Q. How is the Cisco ME 3400G-2CS Switch, as an intelligent Ethernet demarcation device, different from a network interface device (NID)?
A. A NID is a simple device designed to provide media conversation or distance extension function. However, as a carrier-grade Ethernet demarcation device, it lacks much essential functionality. The Cisco ME 3400G-2CS Switch supports industry-standard operations, administration, maintenance, and provisioning (OAM&P) functions for end-to-end network monitoring and troubleshooting. In addition, the Cisco ME 3400G-2CS offers advanced functions such as Flex-Links for link redundancy, QoS for differentiated services, and Layer 3 routing for advanced IP services.
Q. How is the Cisco ME 3400G-12CS Switch positioned?
64
A. The primary positioning of the Cisco ME 3400G-12CS Switch is for Gigabit Ethernet access. With both enterprise and residential applications demanding higher bandwidth, service providers are planning services above 100 Mbps. With advanced QoS functionalities, the Cisco ME 3400G-12CS allows service providers to offer bandwidth from 1 to 1000 Mbps on a single platform. The Cisco ME 3400G-12CS is also positioned as an in-building aggregator for high-density buildings where multiple access devices are needed.
Q. Are the Cisco Catalyst 3750, 3560, 2970, and 2960 Series also positioned for the Metro Ethernet market?
A. No, the Cisco ME 2400 and ME 3400 Series and the Cisco Catalyst 3750 Metro Series are the only products positioned for the Metro Ethernet market, and only they are planned to have new Metro Ethernet features in the future.
Q. How does the market positioning of the Cisco ME 3400 Series differ from that of the Cisco Catalyst 3750 Metro Series and the Cisco ME 2400 Series?
A. The Cisco Catalyst 3750 Metro Series will continue to be the premier access product for premium services. The Cisco ME 3400 Series is the successor product for the Cisco Catalyst 2950 and 3550 Series in both ETTH and ETTB markets. The Cisco ME 2400 Series is the non-upgradeable, ETTH-only solution in cost-sensitive markets.
Q. Will the Cisco Catalyst 3750 Metro Series be replaced by the Cisco ME 3400 Series?A. No, the Cisco Catalyst 3750 Metro Series, with Cisco Hierarchical Queuing Framework (HQF) and
Multiprotocol Label Switching (MPLS) access, will continue to be the premier access product for service providers that deploy premium services. It will continue to receive new Metro Ethernet features.
Q. Does the Cisco ME 3400 Series support HQF or MPLS features?A. No; however, those features are supported on the Cisco Catalyst 3750 Metro Series Switches.
Q. What configuration options are available for the Cisco ME 3400 Series?A. Table 1 shows the complete list of Cisco ME 3400 Series Ethernet Access Switches and options.
Table 1. Cisco ME 3400 Series Ethernet Access Switches
Product Name (Part Number) Description
Cisco ME 3400-24FS AC Ethernet Access Switch(ME-3400-24FS-A)
• 24 Ethernet 100-Mbps Small Form-Factor Pluggable (SFP) ports
• 2 SFP-based Gigabit Ethernet and 100BASE-X ports• AC power supplies• 6.5-mpps forwarding rate• 1-rack unit (RU) multilayer switch• Ethernet access switch for lowdensity FTTH
deployments• 3 Cisco IOS ® Software feature image options
(METROBASE, METROACCESS, and METROIPACCESS)
Cisco ME 3400G-12CS AC Ethernet Access Switch(ME-3400G-12CS-A)
• 12 dual-purpose (10/100/1000 and SFP) ports• 4 SFP-based Gigabit Ethernet and 100BASE-X ports• Dual fixed redundant AC power supplies• 26-mpps forwarding rate• 1-RU multilayer switch
65
• Gigabit Ethernet access switch for the Metro Ethernet market
• 3 Cisco IOS Software feature image options (METROBASE, METROACCESS, and METROIPACCESS)
Cisco ME 3400G-12CS DC Ethernet Access Switch(ME-3400G-12CS-D)
• 12 dual-purpose (10/100/1000 and SFP) ports• 4 SFP-based Gigabit Ethernet and 100BASE-X ports• Dual fixed redundant DC power supplies• 26-mpps forwarding rate• 1-RU multilayer switch• Gigabit Ethernet access switch for the Metro Ethernet
market• 3 Cisco IOS Software feature image options
(METROBASE, METROACCESS, and METROIPACCESS)
Cisco ME 3400G-2CS AC Ethernet Access Switch(ME-3400G-2CS-A)
• 2 dual-purpose (10/100/1000 and SFP) ports• 2 SFP-based Gigabit Ethernet and 100BASE-X ports• AC power supplies• 6.5-mpps forwarding rate• 1-RU small-form factor multilayer switch• Intelligent Ethernet demarcation switch• 3 Cisco IOS Software feature image options
(METROBASE, METROACCESS, and METROIPACCESS)
Cisco ME 3400-24TS AC Ethernet Access Switch(ME-3400-24-TS-A)
• 24 Ethernet 10/100 ports• 2 SFP-based Gigabit Ethernet and 100BASE-X ports• AC power supply• 6.5-mpps forwarding rate• 1-RU multilayer switch• Ethernet access switch for the Metro Ethernet market• 3 Cisco IOS Software feature image options
(METROBASE, METROACCESS, and METROIPACCESS)
Cisco ME 3400-24TS DC Ethernet Access Switch(ME-3400-24-TS-D)
• 24 Ethernet 10/100 ports• 2 SFP-based Gigabit Ethernet and 100BASE-X ports• DC power supply• 6.5-mpps forwarding rate• 1-RU multilayer switch• Ethernet access switch for the Metro Ethernet market• 3 Cisco IOS Software feature image options
(METROBASE, METROACCESS, and METROIPACCESS)
66
Cisco ME 3400 Series METROBASE Software Feature Image(S340XB-12237SE)
• Standard Layer 2 feature image targeted for triple-play services
• Advanced QoS: Ingress policing and egress shaping• Robust multicast: IGMP filtering and throttling, and
Multicast VLAN Registration (MVR)• Complete security solution: UNI/NNI, Control Plane
Security, and Configuration File Security
Cisco ME 3400 Series METROACCESS Software Feature Image(S340XA-12237SE)
• Enhanced Layer 2 feature images targeted for premium triple-play services and Layer 2 VPN services
• Advanced Layer 2 Tunneling: 802.1q tunneling and Layer 2 Protocol Tunneling (L2PT)
• Industry-standard Layer 2 management: 802.1ag (CFM) and E-LMI
• Fast convergence: Flex-Link, Link-State Tracking, Resilient Ethernet Protocol (REP)
Cisco ME 3400 Series METROIPACCESS Software Feature Image(S340XI-12237SE)
• Layer 3 feature images targeted for Layer 3 VPN services
• IP routing (RIP versions 1 and 2, EIGRP, OSFP, IS-IS, and BGPv4)
• Secured Layer 3: Multi-VRF CE• Enhanced routing: Policy Based Routing
Upgrade Kit for METROACCESS from METROBASE(CD-ME3400-B2A=)
METROACCESS image upgrade kit from METROBASE image
Upgrade Kit for METROIPACCESS from METROBASE(CD-ME3400-B2I=)
METROIPACCESS image upgrade kit from METROBASE image
Upgrade Kit for METROIPACCESS from METROACCESS(CD-ME3400-A2I=)
METROIPACCESS image upgrade kit from METROACCESS image
Q. What Cisco IOS Software feature images does the Cisco ME 3400 Series support?A. The Cisco ME 3400 Series supports three different Cisco IOS Software feature images:
METROBASE, METROACCESS, and METROIPACCESS. The METROBASE feature image includes features for converged triple-play services. The METROACCESS includes these, plus features for premium triple-play services or Layer 2 VPN services. The METROIPACCESS image contains all the preceding plus features for Layer 3 VPN services. Upgrade options are also available for future service requirements.
Q. Do I have options to select the software version?A. The Cisco ME 3400 Series supports the Assemble To Order (ATO) fulfillment process. This enables
you to select the version of software you want to be loaded on the switch. In addition, you can select the type of accessories that come with the switch.
67
Technology OverviewQ. What hardware features are available on the Cisco ME 3400 Series?A. Cisco ME 3400 Series hardware is designed to simplify deployment and troubleshooting in the field. It
features a compact design and flexible mounting options for deployment where space is limited. The Cisco ME 3400 Series also has all connectors in the front of the chassis for easier cable access. In addition, the switch operates reliably at temperatures up to 122ºF (50ºC).
Q. What certifications has the Cisco ME 3400 Series obtained?A. The Cisco ME 3400-24TS switches has obtained both the Network Equipment Building Systems
Level 3 (NEBS3) certification and European Telecommunications Standards Institute (ETSI) certifications. The Cisco ME 3400G switches also have NEBS3 certification. These certifications ensure that the Cisco ME 3400 Series conforms to telecommunications industry standards.
Q. What are the key features in each software feature image?A. The key features in each software feature image are listed in Table 2.
Table 2. Key Features for Each Software Feature Image
METROBASE METROACCESS METROIPACCESS
UNI/NNIAll METROBASE features All METROACCESS features
Internet Group Management Protocol (IGMP) Filtering and Throttling
802.1Q Tunneling, L2PT Static routing
Multicast VLAN Registration (MVR)
Ethernet OAM (802.1ag, 802.3ah, E-LMI) Multi-VRF CE (VRF-lite)
Advanced QoSConfigurable per VLAN MAC Learning PBR
Control Plane Security Flex-Link RIP versions 1 and 2
Configuration File Security
Dynamic ARP Inspection, IP Source Guard EIGRP, OSPF, and IS-IS
DHCP SnoopingPer Port Per VLAN Ingress Policing BGPv4
Private VLAN Link-State Tracking NNI Configurable on All Ports
Configuration RollbackResilient Ethernet Protocol Source Specific Multicast
MAC address learning and aging notifications Ethernet IP SLA Multicast support for VRF (mVRF-Lite)
68
Embedded Event Manager
VRF-aware Services (ARP, Ping, SNMP, HSRP, uRPF Syslog, Traceroute, FTP, and TFTP)
IGMP Proxy
Q. What is UNI/NNI?A. UNI/NNI is the classification of port types designed for the Metro Ethernet market to simplify
deployment, management, and troubleshooting. UNI, User Network Interface, is the interface that faces the subscriber, and NNI, Network Node Interface, is the interface that faces the service provider network. By labeling each port as UNI or NNI, the software can optimize each port for the role. Table 3 lists some default behaviors for each port type and the benefits.
Table 3. UNI/NNI Default Behaviors and Benefits
Default Behaviors Benefits
UNI Default: Down
Ports are activated only when the service provider configures all the parameters and turns on the port, helping prevent unauthorized access to services.
UNI Default: No Local Switching
Creates circuit-like behavior to separate customers' traffic from each other.
UNI Default: Control Plane Security Enabled
Control plane packet ingresses from UNI are dropped in hardware to protect against denial-of-service (DoS) attacks.
NNI Default: UpHelps enable automated configuration of the switch through the Dynamic Host Configuration Protocol (DHCP)/BOOTP server.
Q. What is the Control Plane Security feature?A. This feature protects the switch CPU by dropping control protocols on UNI interfaces. It is enabled on
the UNI by default. Some of the control protocols dropped are bridge protocol data unit (BPDU), Cisco Discovery Protocol, VLAN Trunking Protocol (VTP), Unidirectional Link Detection Protocol (UDLD), and Link Aggregation Protocol (LACP). Users can turn on L2PT for those features on a per-port basis. Users can also rate-limit ingress on the UNI for some of the control protocols.
Q. What multicast features are supported on the Cisco ME 3400 Series?A. The Cisco ME 3400 Series offers both granular IGMP control features and efficient multicast
distribution features to support robust video services. For fine control of IGMP messages, the Cisco ME 3400 Series supports the IGMP Fast Leaves feature for quick channel changing, IGMP filtering for control of which groups users can access, and IGMP throttling for control of how many groups users can access. The Cisco ME 3400 Series provides efficient multicast distribution features such as Multicast VLAN Registration (MVR) and Protocol Independent Multicast (PIM) routing. The MVR feature reduces duplication of multicast traffic across multiple VLANs in Layer 2 ring networks by centralizing the distribution of multicast traffic in a single video VLAN. PIM routing provides intelligent multicast routing by building a distribution tree base on Layer 3 information.
Q. What QoS features are available on the Cisco ME 3400 Series?A. The Cisco ME 3400 Series provides advanced QoS features to provide differentiated services and
the ability to police ingress and shape egress traffic. Each packet that is transmitted through the switch goes through four stages of QoS:
69
• Stage 1, Ingress classification: Each packet is classified based on Layer 2-4 information, including 802.1p Class of Service (CoS), differentiated services code point (DSCP), MAC address, IP address, and Layer 4 socket information.• Stage 2, Ingress policing: Classified packets are rate-limited to the peak information rate (PIR). In-
profile traffic is transmitted while out-of-profile traffic is either dropped or re-marked.• Stage 3, Egress queuing: Classified packets are placed in one of the four queues available on
each port (three user-configurable queues and one default queue).• Stage 4, Shaping and sharing: Queues are serviced by the Shaped Round Robin (SRR)
algorithm. They can be shared by the weight configured on the queue or shaped by the bandwidth configured on the queue. One of the queues can be configured as the low-latency queue (LLQ) to provide the shortest delay possible. The LLQ can also have an optional rate-limiting parameter to control the amount of traffic allowed into the queue. This feature provides queue starvation protections in case of misconfiguration.
Q. What Ethernet OAM&P features are supported on the Cisco ME 3400 Series?A. The Cisco ME 3400 Series supports both 802.1ag Connectivity Fault Management and Ethernet
Local Management Interface (E-LMI) with the S340XA-12225SEG1 software release. The 802.1ag feature provides the tools to monitor and troubleshoot end-to-end Ethernet networks. It allows service providers to check for end-to-end connectivity, isolate network issues, and identify customers affected by network issues. E-LMI enables service providers to automatically configure customer-edge devices to match the subscribed service. This automatic provisioning not only reduces the effort to set up the service, but also reduces the amount of coordination required between the service provider and enterprise customer.
Q. What security features are available on the Cisco ME 3400 Series?A. The Cisco ME 3400 Series provides a comprehensive security solution for Ethernet access products.
By dividing security into three areas - subscriber security, switch security, and network security - and providing features for each, the Cisco ME 3400 Series can deliver a highly secure solution at the edge of the service provider network.
Subscriber security helps prevent one user from affecting another one on their shared network. The Cisco ME 3400 Series provides the UNI/NNI feature to create a circuit-like behavior to separate users' traffic streams. It also provides DHCP Snooping, Dynamic ARP Inspection, and IP Source Guard to help service providers identify each user's MAC address, IP address, and port information, thereby preventing malicious users from unauthorized access.
Switch security is about protecting the switch from attacks. The Cisco ME 3400 Series offers features to protect the CPU and configuration files from DoS attacks, when dropped process control protocol packets could result in network outage. Features such as Control Plane Security and Storm Control help protect the CPU against malicious attacks. Port Security allows service providers to control how many MAC addresses are allowed from each subscriber. This protects switch memory from being overwhelmed.
Network security consists of features that filter all incoming traffic to ensure that only valid traffic is allowed through the switch. The Cisco ME 3400 Series uses features such as access control lists (ACLs) and IEEE 802.1x to identify users that are allowed to transmit traffic through the switch.
Q. Can the Cisco ME 3400G-12CS Switch run on one power supply?A. The Cisco ME 3400G-12CS Switch supports two fixed-configuration power supplies. Only one power
supply is needed for operation of the switch. When both power supplies are used, power redundancy and load sharing are also available.
Q. What SFP modules are supported on the Cisco ME 3400 Series?A. Cisco ME 3400 Series Switches support both 100- and 1000-Mbps SFP modules. The options
include Cisco 100BASE-LX, 100BASE-FX, 100BASE-BX, 1000BASE-LX, 1000BASE-SX, 1000BASE-ZX, and 1000BASE-T SFP modules plus coarse wavelength-division multiplexing (CWDM) SFP modules.
70
Q. What is a dual-purpose port?A. A dual-purpose port is a combination of one 10/100/1000-TX copper port and one SFP-based Gigabit
Ethernet port. One of these two ports can be used at a time. This added flexibility allows cost-effective use of interfaces to customers at various distances.
Q. What is 802.1Q Tunneling? Is it an IEEE standard?A. With 802.1Q Tunneling, a service provider's switch can tag on a second 802.1Q tag on top of the
customer's 802.1Q tag. This feature is sometimes referred to as "Q-in-Q." The Cisco implementation is proprietary and does not interoperate with other implementations. There is currently no effort to make this into a standard.
Q. Is there a way to integrate Metro Ethernet Layer 2 service with an existing Frame Relay/ATM network?
A. Yes, by using Cisco 7600 Series and Cisco Catalyst 6500 Series equipment, service providers can integrate Frame Relay/ATM networks with Cisco Metro Ethernet switching.
Management OverviewQ. What are the management capabilities of the Cisco ME 3400 Series?A. The Cisco ME 3400 Series supports numerous management features. Support for Simple Network
Management Protocol (SNMP) versions 1, 2c, and 3 and Telnet interface support deliver comprehensive in-band management, and a command-line-based management console provides detailed out-of-band management. The Cisco ME 3400 Series also supports the Cisco CNS 2100 Series Intelligence Engine, a hardware appliance supporting a suite of Cisco CNS products (intelligent agents) that function with device agents to create a programmable network. Cisco CNS extends the management plane of Cisco devices to a shared "programmable network" composed of three functional areas:
• Cisco CNS Intelligent Peer: Network provisioning and monitoring• Cisco CNS Intelligent Engines: Fault, configuration, accounting, performance, and security
(FCAPS) engines and a subscriber policy server tightly coupled with the device agents• Cisco CNS Integration Bus: A single open, programmatic interface to the entire networkCiscoWorks network management software provides management capabilities to the Cisco ME 3400 Series on a per-port and per-switch basis, providing a common management interface for Cisco routers, switches, and hubs.
Warranty and ServiceQ. What is the warranty for the Cisco ME 3400 Series?A. The Cisco ME 3400 Series includes the Cisco 90-Day Limited Warranty.
Q. What types of services and support packages are available for the Cisco ME 3400 Series?A. A full complement of lifecycle services and support is available for the Cisco ME 3400 Series. From
implementation to operation and optimization, Cisco offers technical support services and advanced services delivered either directly or through one of its partners.
Cisco SP Base support, offered for service providers as part of Cisco Technical Support Services, is designed to provide enhancement and maintenance support resources during the operational lifetime of your Cisco network. It extends and enhances the operational lifetime of your Cisco networking devices and Cisco IOS Software, and it protects your network investment with Cisco Technical Support Services. Cisco SP Base support helps improve productivity and increase your operational efficiency by complementing your in-house resources with Cisco networking expertise. Cisco SP Base support can also help maximize availability and minimize risks for systems running mission-critical applications by delivering:
• Ongoing Cisco IOS Software updates
71
• Rapid technical problem resolution with 24-hour global access to expert technical engineers, online or on the telephone• Knowledge transfer of Cisco expertise, enhancing in-house technical skills• Advance hardware replacement, reducing the risk of network downtime• Registered access to an array of powerful online tools, allowing you to more quickly address
common network problems• 24-hour access to comprehensive technical information and a collection of configuration,
installation, troubleshooting, and service request management tools• A broad base of expertise in networking technology, including data, voice, and video
communicationsFor more information about Cisco SP Base support, visit: http://www.cisco.com/en/US/products/svcs/ps3034/ps2827/ps2960/serv_datasheet09186a0080234131.html
For More InformationFor detailed product information about the Cisco ME 3400 Series Ethernet Access Switches, refer to the product data sheets at:http://www.cisco.com/en/US/prod/collateral/switches/ps6568/ps6580/product_data_sheet0900aecd8034fef3.html.
Netgear WNDAP620 access point(ACCESS)
Product Number
WNDAP620
Product Thumbnail
72
Standards
IEEE 802.11a 5GHz IEEE 802.11g, IEEE 802.11b, 2.4GHz IEEE 802.11n standard, 2.4GHz and 5GHz WMM - Wireless MultiMedia prioritization WDS - Wireless Distribution System Power over Ethernet (PoE) IEEE 802.3af and 802.3at
System Requirements
2.4GHz/5GHz 802.11n specification or 2.4GHz 802.11b/g wireless adapter or 5GHz 802.11a wireless adapter
Microsoft® Windows® Vista™, XP, 2000, 98, Me, Mac® OS, UNIX®, or Linux®
Internet Explorer® 6.0 or Mozilla Firefox® 1.5 We recommend using this product with N600 Wireless Dual Band USB
Adapter (WNDA3100)Physical Specifications
Physical Dimensions (W x D x H): 253.75 x 253.76 x 54.76 mm (10.0 x 10.0 x 2.16 in)
Weight: 1.5 kg (3.31 lb)Physical Interfaces
One (1) 10/100/1000BASE-T Gigabit Ethernet (RJ-45) port with Auto Uplink™ (Auto MDI-X) with IEEE 802.3af Power over Ethernet (PoE) support
Power adapter: 12V DC, 1.5A; plug is localized to country of sale73
One (1) console port with RJ45 Interface Three (3) reverse SMA antenna connectors Five (5) LED: Power, Link/ACT, LAN, 2.4GHz, 5GHz
Security
Wi-Fi Protected Access (WPA, WPA2) Wired Equivalent Privacy (WEP) 64-bit, 128-bit, and 152-bit encryption IEEE 802.1x RADIUS authentication with EAP TLS, TTLS, PEAP Wireless access control to identify authorized wireless network devices MAC address authentication VPN pass-through support Secure SSH telnet Security Sockets Layer (SSL) remote management login
Network Management
Remote configuration and management through Web browser, SNMP or telnet with command line interface (CLI)
SNMP management supports SNMP MIB I, MIB II, 802.11 MIB and proprietary configuration MIB
Advanced Wireless Features
Wireless Distribution System (WDS) Bridge mode: Point-to-point wireless WDS mode Bridge mode: Point-to-multipoint wireless WDS mode Repeater mode Adjustable Transmit Power Control (TPC) from 100 mW down to 0 mW
Package Contents
ProSAFE® Premium Dual Band Wireless-N Access Point (WNDAP620) Ethernet cable Wall-mount kit Installation guide Resource CD 12V, 1A power supply Warranty/support information card
Product Diagram
74
NETGEAR Warranty This product is backed by a NETGEAR ProSAFE® Limited Lifetime
Hardware Warranty. Lifetime Next Business Day Hardware Replacement. Click here for
coverage, availability and terms and conditions. ProSUPPORT 24x7 Advanced Technical Support via phone for 90 days
(Remote diagnostics performed by our technical experts for prompt resolution of technical issues). ProSUPPORT coverage can be extended by purchasing one, three, or five year contracts.
ProSUPPORT Lifetime 24x7 Advanced Technical Support via chat. (Remote diagnostics performed by our technical experts for prompt resolution of technical issues).
TELE CONFERENCING
MX200 and MX300 Multipurpose Value Line
Product OverviewThe Cisco TelePresence® MX Series makes telepresence more accessible to teams everywhere with the MX200 and MX300 value line, featuring ready-to-use simplicity and high quality at value pricing. The 42-inch Cisco TelePresence MX200 and 55-inch Cisco TelePresence MX300 endpoints represent the highly-integrated value line within Cisco’s MX Series multipurpose telepresence family. The MX200 and MX300 systems are as easy to install as a television and priced for large-scale deployment, so you can quickly and easily transform any meeting space into a telepresence-enabled team room. Whether you are just getting started with video communications or are planning to video-enable your entire organization, the Cisco TelePresence MX200 and MX300 can meet your needs, delivering 1080p high-definition performance in a simple, intuitive design (Figure 1).
75
Figure 1. Cisco TelePresence MX300 and MX200 on Floor Stand
Installed in approximately 15 minutes, the Cisco TelePresence MX200 and MX300 endpoints reinvent the team meeting room experience. The systems offer the high-quality, easy-to-use telepresence experience that you have come to expect from Cisco, combined with simple installation, global service, and a price performance that makes broad deployment easier and more affordable than ever.
The Cisco TelePresence portfolio creates an immersive, in-person experience over the network - bridging time and space to facilitate team collaboration like never before. Through a powerful combination of technologies and design innovations, the Cisco TelePresence experience allows you and remote participants to feel like you are all in the same room. The Cisco TelePresence portfolio also offers significant opportunity for productivity gains and process improvements that can transform your business. Many organizations are already using it to manage costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market.
Features and BenefitsFigure 2. Cisco TelePresence MX200 in Small Team Room Environment
Figure 3. Cisco TelePresence MX300 in Medium Team Room Environment
76
● The Cisco TelePresence MX200 and MX300 endpoints are easy to install. The installation includes one piece plus your choice of configuration (floor stand or wall mount) MX200 also offers table stand option.
● The systems are self-configuring; with Cisco® Unified Communications Manager (UCM), Cisco TelePresence Video Communication Server (VCS), or Cisco WebEx Telepresence network provisioning, all you need to configure your system is to authenticate your endpoint to the network.
● Cisco TelePresence PrecisionHD Camera with pan, tilt, and 4x optical zoom helps ensure optimal framing and video clarity.
● Dedicated camera presets provide flexibility and easy viewing for any meeting scenario.● An eight-inch Cisco TelePresence Touch interface offers simple control.● Simple “one-button-to-push” calling integrates with common calendaring programs.● Video resolutions of 1080p30 and 720p60 bring the Cisco TelePresence experience to any team
meeting room or office.● The high-quality, 42-inch (MX200) and 55-inch (MX300) displays with clear 1920 x 1080 resolution
offer crisp, clear images.● Collaboration is natural with wide-extended-graphics-array (WXGA), 720p30 content sharing, and
transparent one-touch sharing of HD content.● The systems support H.323 and Session Initiation Protocol (SIP) with bandwidth up to six Mbps
point-to-point.● Two front speakers provide superior, optimized audio.● The systems are standards-based for immediate connectivity to anyone regardless of system -
from PC video or immersive telepresence, to a meeting room around the globe.● The scalable and transparent multipoint capabilities of Cisco TelePresence Multiway feature
provide capabilities for large conferences, efficient bandwidth usage, transparent escalation from point-to-point to multipoint (ad-hoc) calls, and a virtual meeting space for scheduled or ad-hoc multipoint conferences.
● Connect and share your PC content at high resolution and frame rate with a touch of your finger.● Search for your contacts in directories; create and store your own favorites; manually dial out to
other Cisco Unified Communications devices; and connect through the network or through firewalls to any device (video or voice) or protocol.
Product SpecificationsTable 1 lists the physical specifications. Table 2 lists video and audio specifications. Table 3 lists network, security, and management specifications. Table 4 provides ordering information for the Cisco TelePresence MX Series.
Table 1. Product Specifications
Product Fully compatible with standards-compliant telepresence and video systems
77
compatibility
Software compatibility
Cisco TelePresence MX200Cisco TelePresence Software Version TC 4.2 or later
Cisco TelePresence MX300Cisco TelePresence Software Version TC 5.0 or later
Components
Fully integrated unit including:● Codec
● Display
● Camera
● Integrated microphone and loudspeakers
● Cisco TelePresence MX200 comes standard with one Cisco TelePresence Table Microphone 20; Cisco TelePresence MX300 comes standard with two microphones
● Cables including: VGA-to-DVI-I cable, 3.5-mm jack audio cable, LAN cable, and powercable
Display
Cisco TelePresence MX200
• 42-inch LCD monitor
● Resolution: 1920 x 1200 (16:9)
● Contrast ratio: 2500:1
● Viewing angle: 178°
● Response time: 8 ms
● Brightness: 550cd/m2
Cisco TelePresence MX300
• 55-inch LCD monitor
• Resolution: 1920 x 1200 (16:9)
• Contrast ratio: 5000:1
• Viewing angle: 178 °
• Response time: 10 ms
• Brightness: 450cd/m2
PC and second-source video input DVI-I
Supported PC input resolutions SVGA (800 x 600) to 1080p (1920 x 1080)
Camera • Cisco TelePresence PrecisionHD Camera: 1080p HDx4
• Resolutions: 1080p30 and 720p60
• Auto-focus
78
• Wide-angle 72-degree horizontal field of view 4x optical zoom
• Pan +/-100 degrees
• Tilt +/-25 degrees
Audio system
● Integrated full-range speaker and bass
● Integrated full-range microphone
● Bluetooth-ready
● Support for two Cisco TelePresence Table Microphone 20
● RCA PC audio input
● RCA audio output
User interface
Eight-inch Cisco TelePresence Touch interface● Eight-inch projected capacitive touch screen
● Resolution: 800 x 480
Language support English
Physical dimensions(H x W x D)
Cisco TelePresence MX200 main unit with:
● Floor stand: 56.3 x 40.4 x 23.7 in (1429 x 1026 x 602 mm)
● Table stand: 30.7 x 40.4 x 10.2 in (781 x 1026 x 259 mm)
● Wall-mount: 29.8 x 40.4 x 6.7 in (757 x 1026 x 169 mm)
Cisco TelePresence MX300 main unit with:
• Floor stand: 60.0 x 50.4 x 26.4 in (1523 x 1280 x 671 mm)
• Table stand: NA
• Wall-mount: 37.1 x 50.4 8.5 in (942 x 1280 x 217 mm)
Weight Cisco TelePresence MX200 main unit (all weight without packaging):
● Floor stand configuration - 89 lb (40.2 kg)
● Table stand configuration - 69 lb (31.5 kg)
● Wall-mount configuration - 66 lb (30 kg)
Cisco TelePresence MX300 main unit (all weight without packaging):
• Floor stand configuration - 113 lb (51.3 kg)
• Table stand configuration - NA
• Wall-mount configuration -
79
● Main unit only - 57 lb (26 kg)
76 lb (34.4 kg)
• Main unit only - 66 lb (30.1 kg)
Power
Autosensing power supply100-240 VAC, 50/60 HzMX200:Power consumption: 160W at maximum and 130W at nominal standardized configurationMX300:Power consumption: 250W at maximum and 200W at nominal standardized configuration
Temperature range
Operating temperature and humidity:● Ambient temperature: 32 to 95°F (0 to 35°C)
● Relative humidity (RH): 10 to 90 percent
● Storage and transport temperature at RH 10-90% (noncondensing): -4 to 140°F (-20 to 60°C)
Approvals and compliance
● Directive 2006/95/EC (Low-Voltage Directive) - Standard EN 60950-1
● Directive 2004/108/EC (EMC Directive) - Standard EN 55022, Class A - Standard EN 55024 - Standard EN61000-3-2/-3-3
● Approved according to UL 60950-1 and CSA 60950-1-07
● Compliance with FCC15B Class A
Table 2. Video and Audio Specifications
Bandwidth H.323 and SIP up to 6 Mbps point-to-point
Video standards
● H.261
● H.263
● H.263+
● H.264
Video features
● Widescreen: 16:9
● Advanced screen layouts
● Intelligent video management
● Local auto-layout
80
Live video resolutions (encode/decode)
• 176 x 144 @ 30 fps (QCIF)
• 352 x 288 @ 30 fps (CIF)
• 512 x 288 @ 30 fps (w288p)
• 576 x 448 @ 30 fps (448p)
• 768 x 448 @ 30 fps (w448p)
• 704 x 576 @ 30 fps (4CIF)
• 1024 x 576 @ 30 fps (w576p)
• 640 x 480 @ 30 fps (VGA)
• 800 x 600 @ 30 fps (SVGA)
• 1024 x 768 @ 30 fps (XGA)
• 1280 x 1024 @ 30 fps (SXGA)
• 1280 x 720 @ 30 fps (720p30)
• 1280 x 768 @ 30 fps (WXGA)
• 1920 x 1080 @ 30 fps (1080p30) *
• 1440 x 900 @ 30 fps (WXGA+) *
• 1680 x 1050 @ 30 fps (WSXGA+) *
• 1600 x 1200 @ 30 fps (UXGA) *
• 512 x 288 @ 60 fps (w288p60) *
• 768 x 448 @ 60 fps (w448p60) *
• 1024 x 576 @ 60 fps (w576p60) *
• 1280 x 720 @ 60 fps (720p60)
* Requires premium resolution option
Audio standards
● G.711
● G.722
● G.722.1
● 64/128 kbps MPEG4 AAC-LD
Audio features
● CD-quality 20-kHz stereo
● Acoustic echo canceling
● Automatic gain control
● Automatic noise reduction
● Active lip synchronization
81
Dual stream
● H.239 (H.323) dual stream
● BFCP (SIP) dual stream
● Support for resolutions up to 720p30 in both main stream and dual stream simultaneously
Table 3. Network, Security, and Management Specifications
Protocols
● H.323
● SIP
• ISDN (requires Cisco TelePresence ISDN Link)
Network interfaces
● One LAN or Ethernet (RJ-45) 10/100/1000 Mbps for LAN
Other interfaces
● Bluetooth for future applications
● RJ-45 for service
IP network features
● Domain Name System (DNS) lookup for service configuration
● Differentiated Services (quality of service [QoS])
● IP adaptive bandwidth management (including flow control)
● Auto-gatekeeper discovery
● Dynamic playout and lip-sync buffering
● H.245 dual-tone multifrequency (DTMF) tones in H.323
● Date and time support with Network Time Protocol (NTP)
● Packet loss-based downspeeding
● DNS-based URI dialing
● TCP/IP
● Dynamic Host Configuration Protocol (DHCP)
● IEEE 802.1x network authentication
● IEEE 802.1q VLAN
• Medianet: Mediatrace and Metadata
Firewall traversal ● Cisco TelePresence VCS Expressway technology
82
● H.460.18 and H.460.19 firewall traversal
Embedded encryption
● H.323 and SIP point-to-point
● Standards-based: H.235v3 and Advanced Encryption Standard (AES)
● Automatic key generation and exchange
● Support in dual stream
Security features
• Management through Secure HTTP (HTTPS) and Secure Shell (SSH) Protocol
• IP administration password
• Menu administration password
• Disable IP services
• Network settings protection
Cisco TelePresence Multiway™
● Multiway conferencing helps enable video endpoint users to introduce a third party into an existing call utilizing a Cisco TelePresence MCU
System management
● Support for the Cisco TelePresence Management Suite (TMS) and Cisco TelePresence Multipoint Switch (with software release TC 5.0 or later)
● Total management through embedded Simple Network Management Protocol (SNMP), Telnet, SSH, XML, and Simple Object Access Protocol (SOAP)
● Remote software upload: Through web server, Secure Copy Protocol, HTTP, and HTTPS
Directory services ● Support for local directories (My Contacts)
● Corporate directory
● Unlimited entries using server directory supporting
● Lightweight Directory Access Protocol (LDAP) and H.350
● Unlimited number for corporate directory (available with Cisco TelePresence Management Suite)
● Local directory: 200 numbers
● Received calls
83
● Placed calls
● Missed calls with date and time
Ordering InformationTo place an order, please contact your local Cisco representative and refer to Table 4.
Table 4. Ordering Information
Product Name Part NumberCompliance Model Number
Cisco TelePresence MX300CTS-MX300-55-K9 TTC60-16
MX300 Premium Resolution Option
LIC-MX300-55-PR
Cisco TelePresence MX200CTS-MX200-42-K9 TTC60-15
MX200 Premium Resolution Option
LIC-MX200-42-PR
Cisco Service and SupportCisco and our partners provide a broad portfolio of smart, personalized services and support that can help you realize the full business value of your Cisco TelePresence investment by increasing business agility and network availability. This portfolio of services accelerates business innovation by harnessing the network as a powerful business platform. For more information about these services, please visit: http://www.cisco.com/go/telepresenceservices.
For More InformationFor more information about the Cisco TelePresence MX Series, visit http://www.cisco.com/go/telepresence or contact your local Cisco account representative.
Metal Detector
GARRETT MAGNASCANNER MS 3500™
Walk-Through Metal DetectorThis heavyweight champ is built to withstandoutside weather conditions or roughhandling anywhere. And yet give reliablescreening at all times.The Magnascanner MS 3500 was designed
84
specifically to stand up to the everydaydemands of jails, prisons, and other facilitiesrequiring maximum security with minimummaintenance. Or, for any outdoor venuewhere weather is a factor.Built with 3/32” aluminum armor sheetsand assembled with tamper-proof screws,this unit is designed to be both weathertightand abuse-resistant.Microprocessors are used in both thedetection and control circuitry to givemore sensitivity to weapons screening.The uniform coverage—from head to toe—provides for precise target evaluation.The detector also features excellentsensitivity, stability and noise rejection.
Built for Maximum Securitywith Minimum MaintenanceOverhead Cap Assembly: This one-piece assembly houses all thedetection electronics, protecting them not only from weather, but alsofrom tampering. It is weatherproof and has a hinged door that lockswith a key. Located on the face of the Overhead, the LED indicatoris protected by a clear Plexiglas window, allowing the READY LIGHT,the ALARM LIGHT and the BAR GRAPH LED to be easily read.The green READY LIGHT appears when full power has beenturned on and the unit is ready to detect. The ALARM LIGHT is red,and appears when the unit detects a target amount of metal on anindividual passing through the panels. The LED bar graph indicatesthe detection intensity, based on the size of the metallic objectspassing through the unit and upon the specific Program andSensitivity settings being used.Movable Display Keypad: This KEYPAD control unit can be locatedinside the locked and weatherproof Overhead Cap Assembly,or can be attached to the exteriorof the unit. When the STANDBYtouchpad is pressed, the unitgoes into a low power mode,ready to be returned to fulloperation instantly when theOPERATE pad is touched. Whenthis is activated, full detectionpower of the unit is turned on.This also initiates an automaticand comprehensive self-test anddiagnostic program for instantfault detection. If faults arefound, they will be immediately reported to the LCD DISPLAY. Whenthe VOLUME touchpad is pressed, the volume level of the unit’saudio alarm will be displayed on the LCD also. By using the + and– controls, operators can raise or lower the volume. These controlscan also be used to increase or decrease various numerical settingsand for certain On/Off functions. When the PROGRAM touchpadis pressed, the settings for Program and Sensitivity will appear on theLCD display. The ACCESS touchpad will be used only by supervisorymanagement personnel with two levels of access codes. It permitschanging the Program and Sensitivity and to control such functionsas synchronization of multiple units, video filtering and tone adjustment.
85
The unit further protects security of control settings by maintaininga non-resettable sequence code that indicates any attemptat seeking access to the settings.Weatherproofing: There are several features of the MS 3500that make it weatherproof:• The Overhead Cap Assembly: Housing all electronics,its one-piece design seals off the unit, leaving no openingsthrough which moisture can penetrate.• Damage-Proof Materials: All the materials used to assemble theunit were selected because of their non-reaction to weathercapabilities.Construction: Rugged, heavy-duty 3/32” armor aluminum plates withresilient corner caps for protection against maximum physical abuse.Construction design provides unit with maximum installation stabilityas well as weathertight operation.Electronics: Digital-controlled pulse induction metal detector withmicroprocessors utilized in both detection and control circuitry.Designed for tailoring specific programs to fulfill various securityapplications. Electronics are modular and designed for easy plug-inand change.Self-Diagnostic: Whenever the unit is turned on, a self-test ofall systems takes place automatically with any failures or problemsreported on the LCD display.Ankle Boost: Multiple coil design provides three intensity levels ofankle boost sensitivity to ensure uniformity of screening in all securityapplications.Program Levels: Ultimate versatility, 20 standard programs.Designed for tailoring specific programs to fulfill various securityapplications.Sensitivity: 1-200 in incremental steps per program for precisetarget selection.LCD Display: Large backlit alpha-numeric display on the ControlPanel reports (in words) all regulating, controlling andself-prompting functions of the unit. Backlighting makes it easierto read in all lighting conditions.Self-Prompting: Because the unit is designed to be user friendly, allregulation and control functions are self-prompting with necessarycommands shown on the LCD display.Memory: All program selections and settings are maintainedin electrically erasable non-volatile memory. The unit will maintainall settings even when disconnected from power. No battery isrequired for memory retention.Control Outputs: Solid state switches (low voltage AC or DC) foroperating external alarms and control devices.Indicators: Ready light indicates unit is operational; Alarm light andaudible alarm are activated when target amount of metal isdetected; LED bar graph indicates amplitude of alarm signal.TECHNICAL SPECIFICATIONSREGULATING AND OPERATING DISPLAYS
GARRETT MAGNASCANNER MS 3500™
Walk-Through Metal DetectorTamperproof: All detection electronics can be secured behind a
86
key-lock door in the Overhead Cap Assembly. Dual-level accesscodes required to set or change all sensitivity settings and detectionprograms; one level for use by supervisors in selecting programs andsensitivity and the other for initial set-up and overall control; nonresettablesequence code logs all changes made whenever sensitivitycodes are accessed. Audible alarm reports any unauthorized attemptat access. All connectors are keyed to ensure proper connections.Regulatory Information: Meets or exceeds the requirements of:Performance:• Federal Aviation Administration of the United Statesrequirements for certification of walk through metal detectors.Public Safety:• Institute of Electrical and Electronics Engineers: “A standard ofSafety Levels with Respect to Human Exposure in RadioFrequency Electromagnetic Fields, 3 kHz to 300 GHz” IEEEC95.1 – 1991 section 4.12.• Occupational and Safety Health Administration: RadiationProtection Guide, CFR 1910.97 section (2)i.• National Institute of Law Enforcement and Criminal Justice:Standards for Walk-Through Metal Detectors for use inWeapons Detection, NILECJ-STD-0601.00 section 4.11.PASSAGEWAY INTERIOR:Width 30” (0.76m)Height 80” (2m)Depth 20” (0.5m)OVERALL EXTERIOR:Width 50” (1.3m)Height 89” (2.3m)Depth 20” (0.5m)SHIPPING WEIGHT:242 lbs. (119.7kg)SHIPPING:Top BoxWidth 25” (64cm)Height 55” (140cm)Depth 7.5” (19cm)Side Panels, 2 boxesWidth 25” (64cm)Height 92.5” (235cm)Depth 11” (28cm)
PROVEN DEPENDABILITY FOR OVER 35 YEARS• Canada Health and Welfare Radiaion Protection Bureau SafetyCode, RPB-SC-18 section 3.2.2 which addressesthe issue of electromagnetic effects on cardiac pacemakers.• International Commission for Non Ionizing Radiation Protection(ICNIRP) “Reference levels for general public exposure”.• Extensive research has found no information that wouldindicate Garrett products have adverse effects on pregnancy ormedical implants.Magnetic Recording Media:• United States Department of Commerce: “Care and Handlingof Computer Magnetic Storage Media”, NBS SpecialPublication 500-101. The peak magnetic field of less than oneGauss will not affect magnetic recording media, includingmagnetic tape, diskettes and cards.Weatherproofing/Foreign Object Protection:
87
• International Electrotechnical Commission IEC 60529 “Degrees of Protection provided by Enclosure”, IP Class 55Electrical Safety:• Power supply meets UL, CSA, TUV, and VDE standards.Interference Rejection: 100% sensor coil Faraday shielding; specialGarrett built-in circuitry for noise suppression and ignoringx-ray monitor horizontal sync.Masking: Microprocessor programming designed to eliminate theproblem of detection signals from two or more targets cancelingeach other.Synchronization: Multiple frequencies permit several Magnascanners tooperate simultaneously and in close proximity.Electrical: Fully automatic input –100 to 240 VAC.50-60 Hz, 5 watts.Operating Temperatures: -4F (-20C) to 158F (70C).Humidity: To 95% noncondensing.Throughput Rate: Not limited by electronics.Weight: 189 lbs. (93.5kg).Model Number: 1167200Warranty: 24 months, parts and labor.DIMENSIONSWith standard 50 ft. length of cable(300 ft. maximum). Contains LEDindicators, LCD readout andtouchpads for easy operation.DESKTOP REMOTE CONTROL #2225600Designed to simulate in size, shapeand composition the smallest forbiddenobject for testing and verifying calibrationsettings of walk-through detectors. Madeto the specifications of the FAA.OPERATIONAL TEST PIECE (OTP) #1600600Provides excellent stability for theGarrett Magnascanner MS 3500under all operating conditions.Easy to set up in just a few seconds.FLOOR ANCHORING KIT #1604000Allows convenient 12v battery operation.Operates up to 20 hours on one charge.BATTERY MODULE #2225700Makers ofthe famedSuper Scanner™
and other quality products,Garrett is the world’slargest manufacturer ofmetal detectors.User friendly: The Magnascanner MS 3500 isdesigned for easy set-up and operation.Adjustments are minimal. The full-function displaykeypad is designed to be mounted on the interiorof the unit for maximum security. All the controlsand wiring are secured and tamper-proof, locatedbehind a key-lock door. The supervisor has precisecontrol of the program/sensitivity settings (and theseare protected by computerized access codes). Ifpreferred, this display keypad can also be locatedon the exterior of the unit. Here, it is also secured
88
by tamper-proof access codes. There is an optionaldesktop control unit for remote operations. Allelectronics are modularized for serviceability. Thereis an optional battery pack so that the unit may beused in any location.Weapons unfriendly: This no-nonsensewalkthrough will detect the full range of restrictedweapons, including the Glock 17, as well as anytype of ferrous/nonferrous small-caliber weapons.It also offers three levels of ankle-boost sensitivity.Garrett Metal Detectors1881 W. State Street • Garland, Texas 75042-6797Phone: 800-234-6151 (In USA)Phone: 972-494-6151 (Outside USA)Fax: 972-494-1881 • E-mail: [email protected]: www.garrett.com
Optional AccessoriesAvailable for the Magnascanner MS 3500™®1543000 6/01
Magnetic Strip Reader/Writer
MSR605
89
Product Information MSR605 HiCo Magnetic Stripe Card Reader Writer Encoder MSR206 MSR606Come with full-version reading writing software. Work on Windows system (Doesn't work on Mac). Read, Write, Erase 3 Tracks (Track 1, 2 & 3), High & Low Coercivity (300~4000 Oe) USB Interface. With 20 blank white cards, software disc, AC/DC power adapter (Input 100~240V; Output 9V, 2A). MSR605, compatible with MSR206 completely. It is ideal for access control, time keeping, banking, ID recognition, credit verification and related applications. In fact, wherever a magnetic stripe ID or transaction card is used, one can find a related use for the versatile, user-friendly MSR605 reader/writer. The MSR605 is designed to offer a reading and writing solution of high and/or low coercivity cards that will attractively complement an existing system. The MSR605 series is designed to read and/or write high or low coercivity magnetic cards. It can encode and verify up to 3 tracks of data simultaneously. It communicates with a host computer or other terminal using a usb interface. Application:Financial Banking: Credit Card, Debit Card, Bank CardRetail: Gift Card, Customer ID, Store IDGovernment: Driver Licence, Health Card, Government IDAny movable data collection Trade shows, Racing events Employee's Time / Attendance data collectionExhibition visitors' data collectionConference attendants data collectionCard Verification: Age verificationPoint of Sales: Payment collection, Credit card data collection Law Enforcement: DMV card Attendance: Student ID, Membership Card, Club ID
Features- Reading/Writing magnetic stripe card complied with ISO formats- Program software for Windows XP/Vista/7/8/10( 32 or 64 bit systems)- Programming software for various read/write performance
90
- Sequential write function, up to 12 digits (1 up)- All 3 tracks can set to 75/210 BPI- Manual Swipe to read and/or write card with USB output- Writing and verifying data on single, dual, or triple track in one swipe- Comes with USB connection to computer and laptops - Read and Write High & Low Coercive force of magnetic stripe (300~4000Oe) - High/Low Coercivity encoding circuitry selectable on screen - Programmable leading bit, raw data, DMV/AAMVA, and user defined format- Works with Windows 95/98/Me/2000/NT/XP/VISTA/Windows 7/8/10- DC+9V, 2A Max high reliable external power adapter attached - Dimensions: 212(L) x 64(W) x 63(H) mm- Weight: 1.2kg- CE, FCC, UL, cUL,ROHS certified- One year warranty Performance Read card Track1 Track2 Track3 Bit per density 75/210bpi 75/210bpi 75/210bpi Coercive force Read/write 300-4000 oe Mag.card Card thickness 0.76-1.2mm Read speed STD card Jitter +/-15% Amp. 60% 5-55ips 5-50ips 5-50ips Write speed 5-30ips Write jitter Interval < +/- 10%, Sub-interval < +/- 12% Error rate Read < 0.5% Write < 0.8% Head life Min. 1000K swipes for both read/write head
Magnetic Cards
91
Composite 60/40 Blank White HiCo Mag Stripe CR-80 30Mil PVC Cards
Composite 60/40 Blank White HiCo Mag Stripe CR-80 30Mil PVC CardsManufacturer:ID Badge StuffPart #:CR8030CompHiCo-WhiteUnits:500Availability:In-StockCondition:NewList Price:$ 195.00( 13% Off )
$ 170.00Price per unit: $ 0.34
92
Composite 60/40 PVC/Polyester Blank White 30mil CR-80 Cards with 1/2" Hi-Co (High Coercivity) Magnetic Stripe. Bundles of 500 Blank White CR80 Composite PVC/Poyester with 1/2" HiCo Mag Stripe Cards
FIRE WALLHP Firewall SeriesHP advanced, high-performance security platforms safeguard an enterprise's network and data center from attacks and misuse while simultaneously delivering policy-based multisite connectivity for real-time, business-critical applications.Contact us
Share
Click to enlarge or download images
Overview Features Models Accessories Service & Support Resources
HP Firewall Series
Firewall Virtual private network (VPN) Management
93
1 Add To Cart
Layer 3 routing Security Warranty and support
Firewall
High performance — up to 40 Gbps throughput secures traffic without compromising network performance; a maximum of 4 million concurrent connections and 180,000 new connections per second enables high-volume networks to remain secure under peak traffic
Application Specific Packet Filter (ASPF) — dynamically determines whether to forward or drop a packet by checking its application layer protocol information (such as FTP, HTTP, SMTP, RTSP, and other application layer protocols based on TCP/UDP) and monitoring the connection-based application layer protocol status
Zone-based access policies — groups virtual LANs (VLANs) logically into zones that share common security policies; allows both unicast and multicast policy settings by zones instead of by individual VLANs
Virtualization — multicore architecture enables both multiple zones and multiple separate firewall instances to be created on the same device; support for 256/512 security zones, 256 virtual firewalls, and 4,094 VLANs offers robust protection to all corners of the network; centralized deployment of a single device offering multiple virtual firewalls lowers total cost of ownership through streamlined training, simplified deployment and management, and reduced power consumption
Application-level gateway (ALG) — discovers the IP address and service port information embedded in the application data using deep packet inspection in the firewall; firewall then dynamically opens appropriate connections for specific applications
NAT — fully support NAT applications, including many-to-one, many-to-many, static NAT, dual translation, easy IP, and DNS mapping; supports NAT traversal with multiple protocols, and delivers NAT ALG functions such as DNS, FTP, H.323, and NBT
Back to top
Virtual private network (VPN)
IPSec — provides secure tunneling over an untrusted network such as the Internet or a wireless network; offers data confidentiality, authenticity, and integrity between two network endpoints
Layer 2 Tunneling Protocol (L2TP) — an industry standard-based traffic encapsulation mechanism supported by many common operating systems; will tunnel the Point-to-Point Protocol (PPP) traffic over the IP and non-IP networks; may use the IP/UDP transport mechanism in IP networks
94
Generic Routing Encapsulation (GRE) — transports Layer 2 connectivity over a Layer 3 path in a secured way; enables the segregation of traffic from site to site
Manual or automatic Internet Key Exchange (IKE) — provides both manual or automatic key exchange required for the algorithms used in encryption or authentication; auto-IKE allows automated management of the public key exchange, providing the highest levels of encryption
Back to top
Management
Complete session logging — provides detailed information for problem identification and resolution
Manager and operator privilege levels — provides read-only (operator) and read/write (manager) access on CLI and Web browser management interfaces
Secure Web GUI — provides a secure, easy-to-use graphical interface for configuring the module via HTTPS
Command-line interface (CLI) — provides a secure, easy-to-use CLI for configuring the module via SSH or a switch console; provides direct real-time session visibility
SNMPv1, v2c, and v3 — facilitate centralized discovery, monitoring, and secure management of networking devices
Remote monitoring (RMON) — uses standard SNMP to monitor essential network functions; supports events, alarm, history, and statistics group plus a private alarm extension group
FTP, TFTP, and SFTP support — offers different mechanisms for configuration updates; FTP allows bidirectional transfers over a TCP/IP network; trivial FTP (TFTP) is a simpler method using User Datagram Protocol (UDP); Secure File Transfer Protocol (SFTP) runs over an SSH tunnel to provide additional security
Back to top
Layer 3 routing
Static IP routing — provides manually configured routing; includes ECMP capability Routing Information Protocol (RIP) — provides RIPv1 and RIPv2 routing OSPF — includes host-based ECMP to provide link redundancy/scalable bandwidth and NSSA Border Gateway Protocol 4 (BGP-4) — delivers an implementation of the Exterior Gateway
Protocol (EGP) utilizing path vectors; uses TCP for enhanced reliability for the route discovery process; reduces bandwidth consumption by advertising only incremental updates; supports extensive policies for increased flexibility; scales to very large networks
Dual IP stack — maintains separate stacks for IPv4 and IPv6 to ease the transition from an IPv4-only network to an IPv6-only network design
95
Policy routing — allows custom filters for increased performance and security; supports ACLs, IP prefix, AS paths, community lists, and aggregate policies
Layer 3 IPv6 routing — provides routing of IPv6 at media speed; supports static routes, RIPng, OSPFv3, BGP+, policy route, and PIM-SM/DM
Back to top
Security
Defense against attacks — provides defense against various attacks, such as DoS/DDoS, ARP spoofing, large ICMP packet, address/port scanning, Tracert, IP packets with the Record Route option, and static and dynamic blacklists; also supports binding of MAC address and IP addresses, as well as intelligent defense of worm viruses
Application layer content filtering — supports mail filtering based on SMTP mail address, titles, attachments, and content; supports Web page filtering, including HTTP URL and content filtering
Multiple security authentication services — support RADIUS and HWTACACS authentications, certificate-based (x.509 format) PKI/CA authentication, user identity management (different users own different rights to execute commands), and levels of user views (users of different levels have different management rights)
Centralized management and auditing — provide logging, traffic statistics and analysis, events monitoring and statistics, and mail notification of alarms
Back to top
Warranty and support
1-year warranty — advance hardware replacement with 30-calendar-day delivery (available in most countries)
Electronic and telephone support — limited electronic and business-hours telephone support is available from HP for the entire warranty period; to reach our support centers, refer to www.hp.com/networking/contact-support; for details on the duration of support provided with your product purchase, refer to www.hp.com/networking/warrantysummary
Software releases — to find software for your product, refer to www.hp.com/networking/support; for details on the software releases available with your product purchase, refer to www.hp.com/networking/warrantysummary
96
FI8905E
Features★ Simple to setup, Friendly GUI, DIY installation★ Water-proof structure best for outdoor installation★ Auto IR-LED illumination for 30-meter IR range★ Allow remote viewing & record from anywhere anytime★ Support IE browser or any other standard browsers★ Support POE★ Motion detection alert via email or upload image to FTP★ Multi-level users management with password protection
WebCam
Citations and URLS
Card Writer(http://www.card-device.com/products_info.asp?Nid=80)
Magnetic Cards(https://www.idbadgestuff.com/composite-
97
60-40-blank-white-hico-mag-stripe-cr-80-30mil-pvc-cards?gclid=CjwKEAiAvZTCBRDvnoOaoa2j3xISJABxPjN9K4DCsQftytjDW7Rl9ivzRLQIxqK5tBX7uTtzn7svthoCFOjw_wcB)
WebCam(http://foscam.com/product/15.html)
IBM DISASTER(https://www.ibm.com/marketplace/cloud/disaster-recovery-as-a-service/us/en-us)
SECURITYSOURCES(https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/#0x0c0c0c0c)
98
