RG-S2600G-I series is intelligent security devices introduced by Ruijie Networks to construct secure and stable networks that including RG-S2628G-I and RG-S2652G-I. Based on the new generation hardware architecture, these switches fully combine the high performance, high security, multi-service, and easy availability required in network development and incorporate IPv6 features to provide users with brand new technical features and solutions.S2652G-I is 48 port FE switch.
What’s Special? – Check out here:
RGOS – Ruijie General Operating System
RGOS means – Ruijie General Operational System. Ruijie shares same operational system across all Switch, Router, Wireless & Security products providing Unified Configuration & Management, Unified IPv4 & IPv4/v6 Stack, Unified Authentication & logging as well Unified User Access Control.
Unified OS, specifically designed for IP Networking, is shared across all Ruijie product portfolio. Unified OS allows more efficient development of Products, Technology and new features. Same time it’s modular structure improves system stability, fault isolation – troubleshooting & bug fixes are made simple. Unified interface also reduces learning curve.
RGOS Operating System has full range of all advanced IP Networking features, all advanced features are supported out of the box without any additional licensing. It is stable, reliable because of it’s modular structure and it is based on Open RFC standards, with means no problems of interoperability.
Integration of 802.1x and WEB Authentication
In order to implement NAC (Network Access Control) in ISP, Corporate and Campus networks, main possible ways are 802.1x RADIUS server based port security or WEB Portal based authentication. Ruijie access switch can perform both on each access switch port basis. Web authentication is easy to deploy and access and it’ s convenient to use in areas with lot of private/guest devices – providing immediate access to various network services according user classification.
Some ports can be used only with 802.1x authentication, some with WEB and some with unified authentication mode. It’ s recommended to use RG-SAM (Ruijie Security Management Platform) – it provides fixed/mobile ePortal for unified user authentication and access control on both – wired and wireless networks and supports 802.1x integration with 3rd party RADIUS Servers.
VSU – Virtual Switch Unit
Traditional redundancy topology is usually realized by using MSTP (Multiple Spanning Tree Protocol) with main function is to block all but one alternate connection paths in order to avoid network loops. In case of distribution layer switch system failure MSTP is unblocking alternate paths, and communication is resumed. Downsides of such architecture are relatively long recovery time – up to 3.2 sec and fact that bandwidth of redundant links are not utilized.
In case of VSU technology links connecting Virtual Switch Unit members are called VSL (Virtual Switching Link) and redundant links to lower network layer is configured as VSU Access Ports with link aggregation. In such case even if one of VSU member switch has total system failure, switch-over of full bandwidth to another member is done in milliseconds.
VSU Technology main advantage over traditional MSTP+VRRP (Virtual Router Redundancy Protocol) technologies are very simple configuration, much faster switch-over/convergence times and usage of available bandwidth in redundant links.
VSU Technology is available without no additional licensing “out of the box” on all Ruijie switches – supporting 8to1 VSU technology on Access and Distribution layer products and 2to1 on Core Layer products.
CPP – CPU Protection Policy
CPP – CPU Protection Policy ! Malicious attacks often occur in networks. By forging a large number of different management and protocol packets, these attacks make the switch too busy to deal with normal management and protocol packets, and thus affecting the security and the switch and the stability of the network at a large extent. CPP feature is enabled by default on all Ruijie switch products and provides smooth network forwarding through CPU and Control Plane protection, protecting switch from common network attack/virus (ARP attack, ICMP attack, IP scanning attack and DHCP exhaustion attacks). CPP feature is realized on Hardware level (separate chip used), as different from many other vendors with using software protection solution.
CPP provides CPU usage rate below 30% under any attacking environment;
CPU Protection policy is done in hardware level and it based on 4 steps process – Identification of packet (all most common protocols – it’ s default bandwidth and priority queue configuration you can find in each switch configuration manual), configuration of allowed bandwidth, priority queue mapping, queue scheduling configuration.
NFPP – Network Foundation Protection Policy
NFPP – Network Foundation Protection Policy. NFPP can automatically detect attacks at network layer. When detecting an attack such as ARP attack or scanning which exceeds the security threshold, a switch automatically delivers a security policy immediately to isolate the packets sent from the attack source, and meanwhile guarantees that the normal access of other users to the network is not restricted.
CPP is focused on filtering abnormal rates of protocol packets, but not on isolation of network level attacks. NFPP provides host/port based attack & rate-limit threshold configuration, and its possible to protect following attacks:
- ARP (Address Resolution Protocol) – Against ARP DoS attacks
- IP Guard – Scanning of Dest. IP Address and Sending the IP packets to the inexistent destination IP address at the high-rate
- ICMP (Internet Control Message Protocol) – Against ICMP Flood attacks
- DHCP/DHCPv6 – Against DHCP exhaustion attacks (obtaining all DHCP address fields with pool of fake MAC’ s)
- ND (Neighbor Discovery) – Against High number of ND requests
- User Defined based on various protocols (s OSPF, BGP, RIP and etc.)