2. 2
Network Design Project
Prepared for
Dr. David Wierschem
Fundamentals of Data Communication
Texas State University
Prepared by
Gerardo Sehr and Andrew StClair
Computer Information Systems Students
Texas State University
December 7, 2016
3. 3
Memorandum
Date: December7,2016
TO: Dr. DavidWierschem
FROM: Gerardo Sehr,AndrewStClair
SUBJECT: SubmittingCIS4348 NetworkDesignProject
Dr. Wierschemrequestedthe attachedreportatthe midpointof the fall semesterof 2015, inhis
fundamentalsof datacommunicationsclass.Thisreportoutlinesthe projectedgrowth,costs,and
requirementstobuildafunctioningnetworkforABCcompany.The proposal isbasedonthe required
specificationsgiveninourassignment.The goal of the taskis to prepare studentsforfuture endeavors
innetworkdesignandthe computerinformationfieldingeneral.
Thisprojectwas assignedtocompel studentstoexamine the following:
The challengesfacedwhengivenpartial informationtobuildanetwork
The multitude of solutionstothe designrequestandwaystojustifythe answerchosen
Potential questionsthatarise duringthe designprocessandare necessarytocreate a solution
thoroughly.
Primaryresearchwas conductedthroughinformal conversationsandemailswithDr.Wierschem.
Secondaryresearchwascarriedout byvisitingwebsitesof CiscoSystem,Netgear,HP,alongwithother
productassociatedwebsitesdiscussedbelow.Otherusedsourcesinclude BusinessData
Communications&Networking(Fitzgerald,Dennis,&Dircikova,2012). Resultsof thisresearchprovided
insightintoadditionalproblemswe face have allowedustodesignthe network,andenableustomake
recommendationsforthe future.
We wouldbe happytomeetwithyouto discussanythingyouthinkwe mayhave missedthatwill
benefitusinthe future.We alsowelcome anyinsightsyoumayhave as to how we can betteruse the
informationwe have foundinthe future.Ithasbeenapleasure studyingdatacommunicationasyour
students.
4. 4
TABLE OF CONTENTS
Table of Contents
Executive Summary............................................................................................................................6
Introduction ...................................................................................................................................7
Projected Growth........................................................................................................................7
Table 1 VP’s Employee Growth...........................................................................................................8
Table 2 Departmental Employee Growth.........................................................................................9
Table 3 Departmental Host Growth........................................................................................... 10
Table 4 Throughput Projections by Department................................................................................ 11
Table 5 interdepartmental Throughput Projections Year 5............................................................. 12
Figure 1 ABC Company Campus Layout...................................................................................... 13
Departmental Space Requirements..................................................................................................14
Figure 2 Building A Employees.......................................................................................................... 15
Figure 3 Building B Employees.......................................................................................................16
Figure 4 Building C Employees.......................................................................................................... 17
Figure 5 Building D Employees.......................................................................................................... 18
Employee Buildings by floor.......................................................................................................... 19
First Floor Physical Layout......................................................................................................... 20
Network Topology........................................................................................................................... 24
LAN By floor.....................................................................................................................................25
Table 8 Host Count by Floor.............................................................................................................. 25
Figure 6 Building A Lan.................................................................................................................. 26
Figure 7 Building B Lan.............................................................................................................. 28
Figure 8 Building C Lan ..................................................................................................................... 29
Figure 9 Building D Lan ................................................................................................................. 30
Back Bone Network.......................................................................................................................... 31
Security .......................................................................................................................................... 32
Physical Security........................................................................................................................... 32
Technical Security............................................................................................................................ 33
Social Engineering Security .............................................................................................................. 33
IP Address Allocation.................................................................................................................... 34
6. 6
EXECUTIVE SUMMARY
Thisreportoutlinesthe proposednetwork designplanforABCCompanyandour additional
recommendations.Ourteamiscomposedof Gerardosehrand Andrew StClair,computerinformation
systemsstudentsatMcCoy College of BusinessatTexasState University.The purposeof thisreportisto
examine the possiblenetworkarchitecture solutionsforABCCompany andoutline the expenses
involved.We will incorporateanyadditionalquestionswe had,andrecommendationsforthe design.
We usedbothprimaryand secondarysourcesof informationgatheringemphasizingonthe security
aspects. Secondaryresearchwasconductedbyvisitingwebsitesof the productvendorsandsecondary
siteswithadditionalinformation.Some sources of securityprofessionalssuchasKevinMitnickwere
usedto guide some decisions.
The researchconductedprovidedthe followinginsights:
1. Securityisa priorityforthe companydue to theirresearch.These unique requirementsledto
the proposal of effective securitymeasuresfor the enterprise.
2. Shouldthe companygrowat the rate suggestedbythe departmenthead,additional officespace
will be neededbythe endof yearfive;therefore,networkandbuildinglayoutsshouldbe
reevaluatedyearlyforpossible changesingrowthrate.
3. Additional componentstothe securityof the system will be requiredforamarginal increase to
costs.
Basedon our researchfindings,we have included:growthprojectionsforthe companyandthroughput;
buildinglayoutproposals;networktopologydiagrams;securityrecommendations;implementationby
ABC company
The recommendationisthatthe managementteamatABCCompanycarefullyevaluateourproposed
designandrecommendationsbefore beginningthe project.Bymakingsmall changesonsite of the
buildingprocess,the networkwill be betterpreparedforthe company’sfuture growthanddata
requirements
7. 7
Introduction
ABC companyisa growing,entrepreneurial businessoperatinginthe [REDACTED] industry.A new
campusis beingbuilttohouse the variousdepartmentsas the companygrowsand workstowardtheir
goal of [REDACTED].The purpose of thisreportis to designthe networkinfrastructure thatwill
accommodate the data and securityneedsof thisgrowingcompany.The importance of thisreport isto
helpusidentifypotentialplansandquestionsorrecommendationsthatcouldimprove the network
infrastructure.
To do so we analyzedthe following:
The company’sprojectedgrowth:Employee,host,andthroughputnumbersforthe next
five yearswere predictedbasedonboththe administrationanddepartment-level
predications.
The physical layoutof the buildings:Basedonthe projectedgrowth,the employee
populationwasdispersedinthe vacantbuildingsbydepartmental requirements.
The topologyof the network:Networktopologywasdesignedtoprovide connectivity
for all hosts,redundancyinthe formof outsourcinganoffsite datastorage fromIBM.
Security:The securityneedsof the companyare high.We decidedtoputour emphasis
insecurity.Oursecurityplanwill segmentthe taskinto:Physical Security,Technical
Security,andlastlySocial Engineeringsecurity.
IP addressallocation:Toprovide anadditionallayerof security,aNATwill be usedto
access informationexternal tothe company.Internallythe departmentwillassignIP
addresses
BACKGROUND:PREPARING FOR EXCELLENCE IN THE COMPUTERINFORMATION FIELD
The needforthis reportisto builda networktomeetthe growthanticipatedbyABCcompany.
Dr. DavidWierschemauthorizedthisreport.
Primaryresearchwasconductedthroughinformal conversationsandemailswithDr.Wierschem.
Secondaryresearchwascarriedout byvisitingwebsitesof CiscoSystem,Netgear,HP,alongwithother
productassociatedwebsitesdiscussedbelow.Otherusedsourcesinclude BusinessData
Communications&Networking(Fitzgerald,Dennis,&Dircikova,2012). Resultsof thisresearchprovided
insightintoadditionalproblemswe face have allowedustodesignthe network,andenableustomake
recommendationsforthe future.
8. 8
NETWORK DESIGN
VP’sEMPLOYEE GROWTH:
ABC Company has experienced significant growth over the past five years. They
have grown from20 employees to 348, and they expect to continue to grow at
the rate of 12% a year until year 4 when they expect 9% growth.
The departmental managerswere alsoaskedthe projectedgrowthrate of individual departments,
whichvariedfromthe VPof ABCCompany’sprojections.Thisgrowthrate alsotookintoaccount the
total hosts,and throughputbyeach department.There are 389 hostsacross nine departments,
includingadministration.Employee countwasextrapolatedusingafixedratioof the currentemployees
to hosts.True values,andadjustedvaluesforroundingare bothshownbelow.
12% a yearuntil year4 whentheyexpect9% growth.
Actual Adjusted
Total Starting 348 348
12% growth 1st year 389.76 390
12% growth 2nd year 436.5312 437
12% growth 3rd year 488.9149 489
9% growth 4th year 532.9172 533
9% growth 5th year 580.8797 581
13. 13
BuildingPhysical Layout
Each building is in the shapeof a square125ftby 150ft
Elevators are located in the center of each building.
Wiring closets are also located in the same spoton each floor and located
on the wall closestto the main road.
Overheadviewof location
Buildings are located 100 ft fromthe street and 200 ft fromeach other.
Building A has been designated by management as the location for the
Administrativeoffices.
The streets are 25ftacross.
A
B C
E
D
14. 14
Department Space Requirements –Year Five
Dept. Dept.Name
Adjuste
d Y5
Employees/ad
min
Employ
ee SqFt
Suppo
rt
Suport
SqFt
Adm
SqFt
Floors
Req
1 Marketing 99
89 16020 10 1000
1.2967
62
2
Customer
Support
173
155 27900 18 1800
2.2628
57
3 Engineering 43
38 6840 5 500
0.5592
38
4
Direct/Corpor
ate Sales
44
39 7020 5 500
0.5729
52
5 IT 21
18 3240 3 300
0.2697
14
6
ColdCall Sales
Center
297
267 48060 30 3000
3.8902
86
7 Accounting 46
41 7380 5 500
0.6003
81
8 Finance 21
18 3240 3 300
0.2697
14
A
Administratio
n
18
16 2 200 4800
0.3809
52
TOTAL 762 681 119700 81 8100 4800
10.102
86
Basedon the table above,we decidedthatonly4buildingswouldbe neededtosave costs.
BuildingEwill more thanlikelybe usedpastyear5 if the companycontinuestogrow.
“Security intensive departments (engineering, finance, accounting,
administration) should not be located with the call center or customer
service.” It was important to compartmentalize the security intensive
departments within building A
21. 21
For the Physical Layout of the first floor of every building we wanted to focus on security. The
positioning of the security staff along with the cameras, and metal detector are key to prevent
un authorized access to any of the buildings via “piggy backing” or other social engineering
methods.
The logic behind 2 guards is the angle of entry for the building so that a person can’t hide
behind another one using angles. The metal detector is to prevent long range RFID or packet
injection wireless cards or other computer devices to smuggled into the buildings without
authorization. The two POE security cameras will be on a wired network. Again, there is no
Wireless access point on any of the first floors for security. The security cameras are to prevent
pick pocketing or other methods of stealing employee authentication tokens such as Magnetic
strips or personal identification.
Magnetic Cards will be used for employee and guest authentication. The metal detector, also
prevents against weapons such as fire arms or knives.
22. 22
Building A Third Floor
The wirelessAccesspointsshouldbe focusedtowardsthe centerwithminimal outside overlap.
Conference roomwill hostVOIP
23. 23
BuildingsB C D Floor 2 and 3
The 2nd
and 3rd
floorsof buildingB C and D will be identical.
24. 24
NETWORK TOPOLOGY
LAN BY FLOOR
A physical Local Areanetworkwill be setuponeach floor,withall the wiringrunningtothe wirining
closetat the frontof the buildingclosesttothe street.The topologyusedwillbe star.Wiringlength
fromeach hoston the floorwas determinedbyfindingthe longeststraightline onthe floor,cornerto
corner,thendividingthatnumberbyhalf asthe average lengththatwouldbe neededtoaccommodate.
Basedon the calculationsdetailedinAppendix A,we concludedthatwe wouldneed 97.62812 Feetof
UTP cable per host.
The recommended switched for ABC company are the “Cisco ME 2400 24 port Ethernet switch
10/100”. The switches work at layer 2. Each switch has 24 ports per switch. Meaning the system
is scalable. All the products selects from the security cameras to the switches feature Power Over
Ethernet (POE). These switches are currently sold and supported by Cisco. The size of Cisco will
make it unlikely the products will go obsolete any time soon.
ABC company has expressed an interest in having the ability to host teleconferences from the
VP’s conference room in building A. We chose the “Cisco TelePresence MX200” based off the
dimensions of the building we concluded that a 42” monitor would suffice for the conference
room.
Below are the LAN Diagrams describing the above.
25. 25
HOST COUNTBY FLOOR
FixedRatio was used to calculate the Hosts perfloor
FLOOR
Employees
perfloor
Hosts
per
floor
UTP
NEEDED
SWITCHES
NEEDED
A1 67 75 7322.109 4
A2 66 74 7224.481 4
A3 18 21 2050.191 2
B1 73 82 8005.506 4
B2 72 81 7907.878 4
B3 72 81 7907.878 4
C1 60 68 6638.712 3
C2 59 66 6443.456 3
C3 60 68 6638.712 3
D1 73 82 8005.506 4
D2 72 81 7907.878 4
D3 72 81 7907.878 4
For securityreasonsWIFIwill onlybe installedonthe secondtothirdfloorof everybuilding,except
BuildingA.BuildingA will only have 1wirelessAccesspointonthe thirdfloor.The wirelessaccesspoints
will be inthe wiringcabinetonthe same floor.Asmentionedbefore the WiFi accesspointwill use POE.
30. 30
D
Building D will house the VOIP and internet access points behind the selectedfirewall.
31. 31
BACK BONE NETWORK
The backbone network will use a Bus topology. Due to the small space requirements we decided
to not include a physical redundancy. Instead we suggest that ABC Corporation purchase offsite
data center for the event of catastrophic data loss. According to a study conducted at the
University of Texas in Austin, 44% of all business go bankrupt due to data loss. Depending on
the total data stored and used by ABC Corp we specifically would recommend IBMs “Disaster
Recovery as a Service
IBM Resiliency Disaster Recovery as a Service
Continuous replication of critical data, applications, and systems
The benefits of an offsite disaster Recovery
Near Continuous Replication of physical and virtual servers using the
company’s choice of private, public, or hybrid clouds to keepthe business
continuous
By eliminating the need for redundancy it reduces the costs drastically
Fast Cost effective Disasterrecovery workflow is automated which reduces the
amount of staff ABC company would need
Due to the price difference of the outsourced service the costs of it will not be factored into
the system costs but should it should be used.
32. 32
SECURITY
PHYSICAL SECURITY
For the Physical securityof oursystem we implemented
Metal detectors
MagneticStripreaders
Securitycameras
RemovedWIFIfromthe 1st
floorof everybuilding
Securityguardto preventpiggybackingthroughthe door
The metal Detectorsare essential topreventunwantedhardware thatcouldpotentiallydamage
companydata, property,oremployees. Secondarybenefitof the metal detectorissafetyfor
employees.
the securitycamerasoutside the entrance istopreventemployeesfromgettingpickpocketed
eithervirtuallyorthroughlongrange electronicpickpocketingdevices
Employeeswill be trainedtobe vigilantwhenenteringthe building
Dumpsterswill be locked,all physical papermustbe shreddedbefore beingdisposed.
USB drivesandCD drivesshouldbe removedfromall computersonFloorone of all buildings
Fire wallsare implementedin twolocationsforcompartmentalization
Technical SECURITY
For the Technical securityplan
Updates
unsecure programs
Thirdparty Pentestfor applicationvulnerability’s
Possible Technical Exploits
BufferOverflow:anyapplicationcouldbe susceptible toa Bufferoverflow
Hackers will input information until they fill the NOOP sled. “While a NOP slide will function if it
consists of a list of canonical NOP instructions, the presence of such code is suspicious and easy to
automatically detect. For this reason, practical NOP slides are often composed of non-canonical
NOP instructions (such as moving a register to itself or adding zero, for example 0x0c0c0c0c[1]
), or of
instructions that affect program state only inconsequentially, which makes them much more difficult
to identify.
33. 33
The entropy of a NOP sled is dependent upon the constraints placed on it. If it can be determined
that certain registers are not in use (that is to say, they will be set to a known value before their next
use), instructions which manipulate them arbitrarily may be used in the NOP slide. Additionally, if the
alignment of both the NOP slide and the instruction pointer are deterministic, multi-byte instructions
can be used in a NOP slide without regard to the results of unaligned execution. If the input
providing the attack vector into which the NOP slide and payload are to be introduced are filtered
(such as accepting only printable characters), the field of possible instructions for inclusion is limited.
While instructions that are part of an architecture extension (such as SSE) may frequently be
irrelevant to program state, they cannot be used in a NOP slide targeting a computer on which the
extension is not supported.”(Corelan) This means the possibility of previously undiscovered 0 day
exploits will be a constant threat.“
Social EngineeringSECURITY
Employee passwordsshould contain
16 character minimum
Uppercase
Numbers
symbols
Threats
By far the most common,andlikelymethodof attack.
Employeesshouldbe givenregularevaluationsontheirPhishingscamawareness.
Social engineeringattackcancome from anyone
Hackers can spoof or hack noncomputersavvyrelativesof ABCcompanyemployees,then
masquerade asthemto gaininformationfromthe employeehe wouldn’tnormallybe able to
attain.
Hackers can alsoattack employeeoremployee relativessmartphonesandattempttosocial
engineerthe target
Social engineeringisnotlimitedtodigital mediashackerscanalsomanipulate employeesand
securitypersonnel.
All employeesshouldnevermake exceptionsforimplantedsecurityrules.
Two-FactorAuthenticationforemployeeemailsusingGoogle Authenticator.The use of two
differentprime numberswithanarbitraryincrease toeachstartingprime number.A prime
numbermultipliedbyanotherprime numbermakesasemi-prime.A semi-prime canonlybe
divisible byitself,andeitherprime numberusedtocreate it.
34. 34
IP ALLOCATION
NAT
The networkhas been designed sothatABCcompanycan hide the company’sIndividualIPaddresses
behindthe NAT(NetworkAddressTranslation).Use of a NATprovidesanaddedlayerof security.IP
addressesare translatedbythe NATusinginternal IPswithcorrespondingports.A NATproxyserverwill
then translate the outbound packet to its IP address of 147.54.33.1
The NAT will change the source port number to a unique member that is indistinguishable from
other messages relayed from the NAT to the outside. For packets that come into the company it
will reverse the process to send the packets to the appropriate user. The features do not hinder the
users in any way and make it more difficult for outside forces to gain access or cause harm.
INTERNAL IP TABLE ASSIGNMENTS
We wanted to avoid 192.168.0/24 and 192.168.1/24 because these are defaults for many
consumer-grade home devices, and should ABC Company ever have to get into VPN access it
will cause problems if your users home networks conflict with the "corporate" one. We decided
to use a similar IP structure as the example of the 10.0 internal IP set up.
Department Internal IP
Admin 10.1.1.xxx
Admin-Sup 10.2.1.xxx
Marketing 10.1.11.xxx
MarketingSupport 10.2.11.xxx
CustomerSupport 10.1.12.xxx
CustomerSupport -
Support 10.2.12.xxx
Engineering 10.1.13.xxx
EngineeringSupport 10.2.13.xxx
IT 10.1.14.xxx
IT - Support 10.2.14.xxx
Sales 10.1.15.xxx
Sales- Support 10.2.15.xxx
Call Center#1 10.1.16.xxx
Call Center#2 10.1.26.xxx
35. 35
Call Center- Support 10.2.16.xxx
Accounting 10.1.17.xxx
Accounting- Support 10.2.17.xxx
Finance 10.1.18.xxx
Finance Support 10.2.18.xxx
Like the example the IP addresses are not arbitrary. The first 8 bits are consistently going to be
10 instead of the 192(due to reasons discussed above) for internal traffic. After that the next 8
bits are to determine if its department or support staff. The following number “1” indicates
except for admin staff they are default at 1. If departmental growth exceeds the allotted 254 IP
address within a subnet, a two can be used to procede the department number to indicate the
second section of the department.
NETWORK COSTS
Material andInstallationCosts:
Fiber Optic Cable - $5.00 /ft
Installation costin building $20/ft
Installation costin ground $100/ft
UTP $.80 / ft
Installation costin building $2/ft
Installation costin ground $50/ft
Wired installation under a road $15,000/road (assumes 90⁰ angle)
HP 5830 layer 3 switch $8,300 each
Cisco ME 2400 24 portEthernet switch 10/100 $327 each
36. 36
Netgear WNDAP620 access point $434 each
HP 5830AF-48G Switch with 1 Interface Slot
#JC691A
List Price: $11,990.00
Our Price: $8,411.00
GARRETT MAGNASCANNER MS3500 $4,395.00
Cisco CTS-MX200-K9.
Alternative Views:
Cisco TelePresence MX200 G2.
List Price: $17,900.00.
MagneticCards $172 per 500
Magneticreader writer $128.00
FI8905E(POESecurity Cam) $34.95
HP FIREWALL $18,089.99
37. 37
BACK BONE COST NETWORK COST
From to
Cross
Road?
Underground
Cable Length
Through
Building
Length
Under-
Road cost
Total
cost
A B Yes 225 125 $15,000.00 $40,000
B C no 200 125 0 $22,500
C D no 200 125 0 $22,500
Totals 625 $85,000
Per FloorCosts Indoor
FLOOR
UTP
NEEDED
SWITCHES
NEEDED
Outgoing
Switch
UTP Cost
Switch
Cost
Wireless
APCost
TOTAL
COST
Teleconf
A1 7322.109 4 1 14644.22 11320 0 $25964.22
A2 7224.481 4 14448.96 11320 0 $25768.96
A3 2050.191 2 4100.382 5660 434 $10194.38 17,900
B1 8005.506 4 1 16011.01 11320 0 $27331.01
B2 7907.878 4 15815.76 11320 434 $27569.76
B3 7907.878 4 15815.76 11320 434 $27569.76
C1 6638.712 3 1 13277.42 8490 $21767.42
C2 6443.456 3 12886.91 8490 434 $21810.91
C3 6638.712 3 13277.42 8490 434 $22201.42
D1 8005.506 4 1 16011.01 11320 0 $27331.01
D2 7907.878 4 15815.76 11320 434 $27569.76
D3 7907.878 4 15815.76 11320 434 $27569.76
TOTAL 167920.4 121690 3038 $310548.4
38. 38
Security Cost
SECURITY
COST Unit Cost Quantity
Total
Cost
Metal
Detector 4395 4 17580
POE
Security
cam 34.99 8 279.92
Magnetic
Strip
reader
writter 128 4 512
Fire wall $18,089.99 2 36179.98
Total SecCost 38729.9
RECOMMENDATIONS
Thisproposal isto be usedas a guide whenbuildingthe NetworkforABCCompany’snew campus.
Additional security,dataandequipmentinformationisneededtoprovide acomplete solution
Basedon the proposal we have presented,we have the followingrecommendationsbefore the network
isapproved.
1. The growth ratesfor the companyshouldbe monitoredinreal time.BydoingsoABC
companywouldallowforoptimizationduringnew employee hires.Itwouldalsomake
the systemeasiertomaintain.
2. While the securitytopicscoveredabove are relativelylong,there are manypossible
waysof exploitingthe network.Nosystemishackerproof,the designcanjustreduce
the likelyhoodbasedonatime to effortratio.
3. As explainedinthe example,the IPPBXandIP phoneschosenmustbe compatible with
the switchesusedinthe design.Each
Thisreporthas detailedacomprehensive planforthe networkof ABCcompany. Asnotedsome
additional informationmustbe consideredbeforemovingforwardwiththe implementationof the
network.We feel thatthe networkdesignasawhole meetsall the needsof the company:security,data,
and size.FurtherGrowthinthe organizationismanageable asasystempresentedisscalable easyto
manage thanksto the selected“smart”devices.
42. 42
VOIP THROUGHPUT
VOIPYEAR ONE VOIPYEAR Two
Department
Number VOIP
Department
Number VOIP
1 633.5223 1 709.5448
2 2989.768 2 3774.652
3 26.73752 3 21.64809
4 6.2208 4 6.492095
5 486.6048 5 631.9961
6 1478.945 6 1867.603
7 43.7325 7 44.47852
8 2.95074 8 2.834839
A 58.32 A 62.16912
VOIPYEAR Three VOIPYEAR Four
Department
Number VOIP
Department
Number VOIP
1 794.69 1 890.0522
2 4747.467 2 5951.387
3 15.28415 3 7.43953
4 6.74842 4 6.98324
5 810.4948 5 1028.891
6 2355.697 6 2968.358
7 45.08897 7 45.53633
8 2.69093 8 2.51523
A 66.22818 A 70.50225
VOIPYEAR Five
Department
Number VOIP
1 996.8585
2 7439.308
3 0.492612
4 7.188735
5 1295.301
6 3737.03
7 45.7892
8 2.494954
43. 43
A 74.99531
Employee DepartmentLayout
BuildingA
Dept.
#
Employees
Max
throughput
Mbps
Annual
growth
rate
Dept.
Name
y5
Y5
Adjusted
A 12 72.9 8% Administration 17.63194 18
3 29 192.08 8% Engineering 42.61051 43
5 9 1228.8 18% IT 20.58982 21
7 36 61.25 5% Accounting 45.94614 46
8 18 5.07 3% Finance 20.86693 21
BUILDING B
Dept.
#
Employees
Max
throughput
Mbps
Annual
growth
rate
Dept.
Name
y5
Y5
Adjusted
2 64 3492.72 22% CustomerSupport 172.9733 173
4 27 21.6 10% Direct/Corporate Sales 43.48377 44
BuildingC
Dept.
#
Employees
Max
throughput
Mbps
Annual
growth
rate
Dept.
Name
y5
Y5
Adjusted
1 56 1037.88 12% Marketing 98.69113 99
44. 44
6 97 1299.6 25%
ColdCall Sales
Center
80 80
BuildingD
Dept.
#
Employees
Max
throughput
Mbps
Annual
growth
rate
Dept.
Name
y5
Y5
Adjusted
6 97 1299.6 25%
ColdCall Sales
Center 216.0205 217
Employee Space
TOTAL EMPLOYEE
SPACE 102074.6
total
people 348
Total WorkingArea
After 196,875
total
hosts 389
Requiredspace for
MISC 30%
Total WorkingSqFt 281,250
BuildingSqFt 56,250 39375 30%
PerFloorSQFt 18,750 13125 30%
shape
125 x
150
current
Space per unit Value Actual
180 SQFT
5400
SqFt
total Normal
employees 302.4
300 SQFT
3300
SqFt total admin 10.8
100 SQFT
3500
Sqft support 34.8
total space required 12,200
45. 45
APPENDIX B: SECONDARY SOURCE COMMUNICATION
“ To:
Sehr, Gerardo D
Sunday, December 04, 2016 1:26 PM
Gerardo,
It’syour decision. Youi justhave tocostsand justifyit.
Dr. W
Dr. DavidWierschem
Associate Professor
Departmentof CISQM
McCoy College of Business
TexasState University
E-mail:dw50@txstate.edu
Sehr, Gerardo D
Sent Items
Sunday, December 04, 2016 11:53 AM
Dear Professor Wierschem,
This is Gerardo Sehr from your CIS 4348F class. I was wondering if outsourcing an offsite data storage
for redundancy of possible data breach or natural disaster. Justification for the offsite data storage is that
a large portion of companies declare bankruptcy after a major data breach or data loss.
The provider i was leaning towards for the offsite recovery was
IBM https://www.ibm.com/marketplace/cloud/managed-backup-services/us/en-us#product-header-
tophttps://www.ibm.com/marketplace/cloud/managed-backup-services/us/en-us#product-header-top
Sincerely,
Gerardo Sehr
CIS 4348F
“
“Gerardo,
Heightof the buildingsis10’ perfloor.
Betweenfloorsisconcrete.10”floors.
46. 46
Dr. W
Dr. DavidWierschem
Associate Professor
Departmentof CISQM
McCoy College of Business
TexasState University
E-mail:dw50@txstate.edu
Sehr, Gerardo D
Actions
To:
Wierschem, David C
Sent Items
Sunday, December 04, 2016 1:56 AM
hello Dr. Wierschem, i was wondering what the height of the buildings are. also the material of the ceiling
dividing each floor along with the thickness. Any input would be appreciated.
“
“Project 2 walls
Wierschem, David C
Thursday, December 01, 2016 10:24 AM
Inside wallsare standardthickness. Outside wallsare 10 inches.
Dr. W
Dr. DavidWierschem
Associate Professor
Departmentof CISQM
McCoy College of Business
TexasState University
E-mail:dw50@txstate.edu
47. 47
Sehr, Gerardo D
Sent Items
Thursday, December 01, 2016 10:18 AM
Do we know the wall thickness ?
Sent from my iPhone
Wierschem, David C
Thursday, December 01, 2016 9:40 AM
Gerardo.
Interiorwalls. Steel bracingwithdrywall.
Exteriorwalls. Concrete withdrywall alongthe inside.
Dr. W
Dr. DavidWierschem
Department of CIS & QMST
McCoy College of Business Administration
Texas State University-San Marcos
601 University Drive
San Marcos, Texas 78666
512-245-3223
512-245-1452 (fax)
dw50@txstate.edu
www.mccoy.txstate.edu
Sehr, Gerardo D
Actions
To:
Wierschem, David C
Sent Items
Thursday, December 01, 2016 12:46 AM
Hello Dr. Wierschem, I was wondering what the building wall material, and
thickness are for project 2.
Glass panels
48. 48
Glass window panels with regular clear glass were tested. Low-E windows have a very
thin metallic film on the glass, which should provide some shielding, but this type of
window was not tested in this study.
Drywall
Drywall consists of 85-95% gypsum. The rest is mainly paper and various chemical
additives. Drywall has no shielding effect.
Glass panels 500 MHz 1 GHz 2 GHz5 GHz 8 GHz
6 mm (1/4”) 0 0.8 1.4 1 1.5
13 mm (1/2”)1.2
2.2 3.4 0 1.6
Drywall 500 MHz 1 GHz 2 GHz5 GHz 8 GHz
6 mm (1/4”) 0.1 0.3 0.6 0 0.4
13 mm (1/2”)0.1 0.3 0.6 0 0.4
Sent from my iPhone
“
49. 49
APPENDIX C: DATA SHEETS
HP 5830 SwitchSeries:(core)
Key features
• Stackable, high-port densityfor highscalability
• HPIRF technologyfor simpler two-tier networks
• Ultra deep(1 GB and 3 GB) packet buffers
• Full L2/L3 features, IPv4 andIPv6 dual stack
• Lower OpEx andgreener data centers
Product overview
HP5830AF Switch Series is a familyof high-density1 GbE top-of-rackdata center andcampus
switches that are a part of HPFlexNetwork Architecture’s HPFlexFabric solutionmodule.
The two models, HP5830AF-48G and HP5830AF-96G Switches Series, are ideallysuitedfor
deployments at the server accesslayer inmedium-sizedandlarge enterprise data centers and
campus networks. The HP 5830AF-48G switches deliver 48 1GbE ports andupto four 10GbE
ports ina space-saving 1RU package, while the HP5830AF-96G switches provide anindustryleading
96 1GbE ports andupto 10 10GbE uplink ports in a 2RU form factor.
Features andbenefits
Quality of Service (QoS)
• Traffic policing
Supports CommittedAccess Rate (CAR)andline rate
• Powerful QoSfeature
Creates traffic classes basedonaccesscontrol lists (ACLs), IEEE 802.1p precedence, IP, DSCP,
or Type of Service (ToS) precedence; supports filter, redirect, mirror, or remark;supports
the following congestionactions:strict priority(SP) queuing, weighted roundrobin(WRR),
weighted fair queuing (WFQ), weighted random earlydiscard(WRED), SP+WRR, andSP+WFQ
Data sheet
HP 5830 Switch Series
2
Data sheet | HP 5830 Switch Series
50. 50
Management
• sFlow (RFC3176)
Provides scalable ASIC-basedwire-speednetwork monitoring and accounting withno impact
on networkperformance; this allows network operators to gather a varietyof sophisticated
network statistics andinformationfor capacityplanning and real-time network monitoring
purposes
• Remote configurationandmanagement
Enables configurationandmanagement througha secure Webbrowser or a CLI locatedon a
remote device
• Manager and operator privilege levels
Provides read-only(operator)andread/write (manager) access onCLI andWebbrowser
management interfaces
• Management VLAN
Segments traffic to and frommanagement interfaces, including CLI/telnet, a Webbrowser
interface, and SNMP
• Multiple configurationfiles
Stores easilyto the flash image
• Secure WebGUI
Provides a secure, easy-to-use graphical interface for configuring the module via HTTPS
• SNMPv1, v2c, and v3
Facilitates centralized discovery, monitoring, and secure management of networking devices
• Remote monitoring (RMON)
Uses standardSNMPto monitor essential network functions;supports events, alarm, history,
and statistics groupplus a private alarm extensiongroup
• Network Time Protocol (NTP)
Synchronizes timekeeping amongdistributedtime servers and clients;keeps timekeeping
consistent among all clock-dependent devices withinthe network so that the devices can
provide diverse applications based onthe consistent time
• Out-of-bandinterface
Isolatesmanagement traffic from user data plane traffic for complete isolationandtotal
reachability, nomatter what happens inthe data plane
• Remote intelligent mirroring
Mirrors ingress/egressACL-selectedtraffic froma switch port or VLAN to a local or remote
switchport anywhere on the network
3
Data sheet | HP 5830 Switch Series
Connectivity
• Jumbo frames
On Gigabit Ethernet and10 Gigabit Ethernet ports, jumboframes allow high-performance
remote backupanddisaster-recoveryservices
• Auto-MDIX
Adjusts automaticallyfor straight-through or crossover cables onall 10/100/1000 ports
• IPv6 native support
––IPv6 host
Enables switchesto be managed and deployed at the IPv6 network’s edge
––Dual stack (IPv4 & IPv6)
Transitions fromIPv4 to IPv6, supporting connectivityfor bothprotocols
––Multicast Listener Discovery(MLD) snooping
IPv6 multicast traffic to the appropriate interface
––IPv6 ACL/QoS
Supports ACL andQoS for IPv6 networktraffic, preventing traffic flooding
––IPv6 routing
Supports IPv6 static routes, RIP, BGP4+v6, IS-ISv6, andOSPF routing protocols
Performance
• Extraordinarilyhighport density
HP5830AF-96G switchesare single box-type that can provide 96 1GbE ports and10 10GbE
ports simultaneouslywithfull line-rate switchingand forwarding
• Ultra deeppacket buffering
Provides upto a 3 GB packet buffer to help eliminate network congestionat the I/O associated
51. 51
with heavyuse of server virtualization, as wellas burstymultimedia, storage applications, and
other critical services
• Hardware-based wire-speed access control lists (ACLs)
Helps provide highlevelsof securityandease of administrationwithout impactingnetwork
performance with a feature-rich TCAM-based ACL implementation
• Local AddressResolutionProtocol (ARP)
ARPfast replyfeature provides anoutstanding utilizationof air-interface resources byfirst
issuinganARPrequest locallybefore the APbroadcasts over the radio interface
4
Data sheet | HP 5830 Switch Series
Resiliency and high availability
• Device Link DetectionProtocol (DLDP)
Monitors link connectivityandshuts downports at both ends if unidirectional traffic is
detected, preventingloops inSTP-basednetworks
• Virtual Router RedundancyProtocol (VRRP)
Allows groups of two routers to dynamicallybackeach other up to create highlyavailable
routed environments
• Intelligent Resilient Framework (IRF)
Creates virtual resilient switching fabrics, where twoor more switchesperform as a single
L2 switchandL3 router;switches donot have to be co-locatedandcanbe part of a disasterrecovery
system;servers or switches canbe attachedusing standard LACPfor automatic load
balancing and highavailability;canhelp eliminate the needfor complex protocols suchas
Spanning Tree Protocol, Equal-Cost Multipath (ECMP), or VRRP, therebysimplifying network
operation
• RapidRingProtectionProtocol (RRPP)
Connects multiple switches ina high-performance ring usingstandardEthernet technology;
traffic canbe reroutedaroundthe ring inless than200 ms, reducingthe impact ontraffic and
applications
• Smart link
Allows 200 ms failover betweenlinks
• Data center-optimizeddesign
Supports front-to-backor back-to-front airflow for hot/coldaisles, rear rackmounts, and
redundant hot-swappable ACor DCpower andfans
Manageability
• Troubleshooting
Ingress and egress port monitoring enable networkproblem solving
Layer 2 switching
• Spanning Tree/MSTPandRSTP
Prevents networkloops
• Internet GroupManagement Protocol (IGMP) andMulticast Listener Discovery(MLD) protocol
snooping
Controls andmanages the floodingof multicast packets in a Layer 2 network
• 32K MAC addresses
Provides access to manyLayer 2 devices
• IEEE 802.1ad QinQ andselective QinQ
Increases the scalabilityof anEthernet network byproviding a hierarchical structure;connects
multiple LANs ona high-speedcampus or metro network
5
Data sheet | HP 5830 Switch Series
• 10GbE port aggregation
Allows groupingof ports to increase overall data throughput to a remote device
• Port isolation
Increases securitybyisolating ports within a VLAN while stillallowing themto communicate
with other VLANs
• Per-VLAN Spanning Tree Plus (PVST+)
Allows eachVLAN to builda separate spanning tree to improve linkbandwidth usage in
network environments with multiple VLANs
• GVRPVLAN Registration Protocol
Allows automatic learning anddynamic assignment of VLANs
52. 52
Layer 3 services
• Loopbackinterface address
Defines an address inRouting Information Protocol (RIP) andOpen StandardPathFirst (OSPF),
improvingdiagnostic capability
• User Datagram Protocol (UDP) helper function
Allows UDPbroadcasts to be directedacross router interfaces to specific IPunicast or subnet
broadcast addresses andprevents server spoofingfor UDPservices such as DHCP
• Route maps
Provides more control during route redistribution;allows filteringandaltering ofroute metrics
• Dynamic Host Configuration Protocol (DHCP)
Simplifies the management of large IPnetworks andsupports client and server;DHCPRelay
enables DHCPoperation across subnets
Layer 3 routing
• IPv6 tunneling
Allows IPv6 packets to traverse IPv4-onlynetworks byencapsulating the IPv6 packet intoa
standardIPv4 packet;supports manuallyconfigured,6 to 4, and Intra-Site Automatic Tunnel
Addressing Protocol (ISATAP) tunnels;is animportant element for the transition from IPv4 to
IPv6
• Bidirectional ForwardingDetection(BFD)
Enables link connectivitymonitoring andreduces network convergence time for RIP, OSPF,
BGP, IS-IS, VRRP, and IRF
• Policy-basedrouting
Makes routingdecisions based onpoliciesset bythe network administrator
• IGMPv1, v2, and v3
Allows individual hosts to be registeredon a particular VLAN
6
Data sheet | HP 5830 Switch Series
• PIM-SSM, PIM-DM, and PIM-SM(for IPv4 andIPv6)
Supports IPMulticast address management andinhibition ofDoSattacks
• Layer 3 IPv4 routing
Provides routing of IPv4 at media speed;supports static routes, RIPandRIPv2, OSPF, IS-IS, and
BGP
• Equal-Cost Multipath(ECMP)
Enables multiple equal-cost links ina routing environment to increase linkredundancyand
scale bandwidth
• Layer 3 IPv6 routing
Provides routing of IPv6 at media speed;supports static routes, RIPng, OSPFv3, IS-ISv6, and
MP-BGP
Security
• Access control lists (ACLs)
Provides IPLayer 3 filtering basedon source/destination IPaddress/subnet, and source/
destinationTCP/UDPport number
• Secure shell
Encrypts all transmitteddata for secure remote CLI access over IPnetworks
• Port security
Allows access onlyto specifiedMACaddresses, whichcanbe learnedor specified bythe
administrator
• Secure FTP
Allows secure file transfer to and from the switch;protects against unwanted filedownloads or
unauthorizedcopying of a switchconfigurationfile
• Secure management access
Delivers secure encryptionof all access methods (CLI, GUI, or MIB)throughSSHv2, SSL, and/or
SNMPv3
• Identity-drivensecurityandaccesscontrol
––Per-user ACLs
Permits or deniesuser accessto specific network resources based onuser identity, location,
and time of day, allowing multiple types of users onthe same networkto accessspecific
network serviceswithout riskto network securityor unauthorizedaccessto sensitive data
––Automatic VLAN assignment
53. 53
Assigns users automaticallyto the appropriate VLAN basedontheir identityand location,
and the time of day
• STPBPDU port protection
Blocks Bridge Protocol Data Units (BPDUs)on ports that donot require BPDUs, preventing
forged BPDU attacks
7
Data sheet | HP 5830 Switch Series
• DHCPprotection
Blocks DHCPpackets from unauthorized DHCPservers, preventingdenial-of-service attacks
• Dynamic ARPprotection
Blocks ARPbroadcasts from unauthorized hosts, preventing eavesdropping or theft of
network data
• STProot guard
Protects the root bridge frommalicious attacks or configurationmistakes
• Guest VLAN
Provides a browser-basedenvironment to authenticatedclients that is similar to IEEE 802.1X
• MAC-basedauthentication
Allows or denies access to the switchbasedona client MACaddress
• IPsource guard
Helps prevent IPspoofing attacks
• Endpoint AdmissionDefense (EAD)
Provides securitypoliciesto users accessing a network
• RADIUS/HWTACACS
Eases switchmanagement securityadministrationbyusing a passwordauthentication server
Convergence
• IPmulticast snooping (data-drivenIGMP)
Prevents flooding ofIPmulticast traffic
• IEEE 802.1AB Link Layer DiscoveryProtocol (LLDP)
Facilitates easymapping usingnetwork management applications with LLDPautomated
device discoveryprotocol
• Internet GroupManagement Protocol (IGMP)
UtilizesAny-Source Multicast (ASM) or Source-Specific Multicast (SSM) to manage IPv4
multicast networks;supports IGMPv1, v2, and v3
• Protocol Independent Multicast (PIM)
Defines modesof Internet IPv4 andIPv6 multicasting to allow one-to-manyandmany-tomany
transmission of information;supports PIMDense Mode (DM), Sparse Mode (SM), and
Source-Specific Multicast (SSM)
• Multicast Source DiscoveryProtocol (MSDP)
Allows multiple PIM-SMdomains to interoperate;is usedfor inter-domainmulticast
applications
• Multicast Border GatewayProtocol (MBGP)
Allows multicast traffic to be forwarded across BGPnetworks andkept separate from unicast
traffic
8
Data sheet | HP 5830 Switch Series
• Multicast VLAN
Allows multiple VLANs to receive the same IPv4 or IPv6 multicast traffic, lessening network
bandwidth demand byreducingor helpingeliminate multiple streams to each VLAN
• LLDP-MED
Is a standardextension that automaticallyconfigures network devices, includingLLDPcapable
IPphones
• LLDP-CDPcompatibility
Receives andrecognizes CDPpackets from Cisco’s IPphonesfor seamless interoperation
Monitor and diagnostics
• Port mirroring
Enables traffic on a port to be simultaneouslysent to a network analyzer for monitoring
• OAM (IEEE 802.3ah)
Operations, administration, and maintenance (OAM) management capabilitydetects data link
layer problems that occur inthe “last mile”;monitors the status of the linkbetweenthe two
54. 54
devices
• CFD (IEEE 802.1ag)
Connectivityfault detection (CFD) providesa Layer 2 link OAMmechanismused for link
connectivitydetectionandfault locating
Additional information
• Green initiative support
Provides support for RoHSandWEEE regulations
• Green IT andpower
Improves energyefficiencythroughthe use ofthe latest advancesinsilicon development;
shuts offunusedports andutilizes variable-speed fans, reducing energycosts
Warranty and support
• 1-year warranty
Advance hardware replacement with next-business-daydelivery(available inmost countries)
• Electronic andtelephone support
Limitedelectronic and business-hours telephone support is available from HPfor the entire
warrantyperiod;to reachour support centers, refer to hp.com/networking/contact-support;
for details on the durationof support providedwithyour product purchase, refer to hp.com/
networking/warrantysummary
• Software releases
To find software for your product, refer to hp.com/networking/support;for details on the
software releases available withyour product purchase, refer to hp.com/networking/
warrantysummary
9
Data sheet | HP 5830 Switch Series
HP 5830 SwitchSeries
Specifications
HP 5830AF-48G Switch with 1 Interface Slot (JC691A)
HP 5830AF-96G Switch (JC694A)
55. 55
I/O ports and slots 48 RJ-45 autosensing 10/100/1000 ports (IEEE 802.3 Type
10BASE-T, IEEE 802.3u Type 100BASE-TX, IEEE 802.3ab Type
1000BASE-T); Duplex: 10BASE-T/100BASE-TX: half or full;
1000BASE-T: full only
2 dual-personality ports; auto-sensing 10/100/1000Base-T
or SFP
2 fixed 1000/10000 SFP+ ports
1 extended module slot
96 RJ-45 autosensing 10/100/1000 ports (IEEE 802.3 Type
10BASE-T, IEEE 802.3u Type 100BASE-TX, IEEE 802.3ab Type
1000BASE-T); Duplex: 10BASE-T/100BASE-TX: half or full;
1000BASE-T: full only
10 fixed 1000/10000 SFP+ ports
Additional ports and slots 1 RJ-45 serial console port
1 RJ-45 out-of-band management port
1 RJ-45 serial console port
1 RJ-45 out-of-band management port
Power supplies 2 power supply slots
1 minimum power supply required (ordered separately)
2 power supply slots
1 minimum power supply required (ordered separately)
Fan tray 1 fan tray slot
Base product does not include fan tray.
1 fan tray slot
Base product does not include fan tray.
Physical characteristics
Dimensions
Weight
17.32(w) x 18.11(d) x 1.72(h) in (43.99 x 46 x 4.37 cm)
(1U height)
14.53 lb (6.59 kg)
17.32(w) x 25.98(d) x 3.39(h) in (43.99 x 65.99 x
8.61 cm)
31.75 lb (14.4 kg)
Memory and processor 64 MB flash, 1 GB SDRAM; packet buffer size: 1 GB 64 MB flash, 1 GB SDRAM; packet buffer size: 3 GB
Performance
Throughput
Switching capacity
Routing table size
MAC address table size
119 Mpps (64-byte packets)
160 Gbps
12000 entries (IPv4)
32000 entries
291.6 Mpps (64-byte packets)
392 Gbps
12000 entries (IPv4)
32000 entries
Environment
Operating temperature
Operating relative humidity
Acoustic
32°F to 113°F (0°C to 45°C)
5% to 95%
Low-speed fan: 58 dB, High-speed fan: 65 dB
32°F to 113°F (0°C to 45°C)
5% to 95%
Low-speed fan: 58 dB, High-speed fan: 65 dB
56. 56
Electrical characteristics
Frequency
Maximum heat dissipation
AC voltage
DC voltage
50/60 Hz
440 BTU/hr (464.2 kJ/hr)
100 - 240 VAC
-40 to -60 VDC
50/60 Hz
1209 BTU/hr (1275.49 kJ/hr)
100 - 240 VAC
-40 to -60 VDC
10
Data sheet | HP 5830 Switch Series
HP 5830AF-48G Switch with 1 Interface Slot (JC691A) HP 5830AF-96G Switch (JC694A)
Safety UL 60950-1; EN 60825-1 Safety of Laser Products-Part 1;
EN 60825-2 Safety of Laser Products-Part 2; IEC 60950-1;
CAN/CSA-C22.2 No. 60950-1; Anatel; ULAR; GOST; EN 60950-1/
A11; FDA 21 CFR Subchapter J; NOM; ROHS Compliance
UL 60950-1; EN 60825-1 Safety of Laser Products-Part 1;
EN 60825-2 Safety of Laser Products-Part 2; IEC 60950-1;
CAN/CSA-C22.2 No. 60950-1; Anatel; ULAR; GOST; EN 60950-1/
A11; FDA 21 CFR Subchapter J; NOM; ROHS Compliance
Emissions VCCI Class A; EN 55022 Class A; ICES-003 Class A; ETSI EN 300
386 V1.3.3; AS/NZS CISPR 22 Class A; EMC Directive 2004/108/
EC; EN 55024:1998+ A1:2001 + A2:2003; FCC (CFR 47, Part 15)
Subpart B Class A
VCCI Class A; EN 55022 Class A; ICES-003 Class A; ETSI EN
300 386 V1.3.3; AS/NZS CISPR 22 Class A; EMC Directive
2004/108/EC; EN 55024:1998+ A1:2001 + A2:2003; FCC
(CFR 47, Part 15) Subpart B Class A
Immunity
Generic
EN
ESD
Radiated
EFT/Burst
Surge
Conducted
Power frequency magnetic field
Voltage dips and interruptions
Harmonics
Flicker
ETSI EN 300 386 V1.3.3
EN 55024:1998+ A1:2001 + A2:2003
EN 61000-4-2; IEC 61000-4-2
EN 61000-4-3; IEC 61000-4-3
EN 61000-4-4; IEC 61000-4-4
EN 61000-4-5; IEC 61000-4-5
EN 61000-4-6; IEC 61000-4-6
IEC 61000-4-8; IEC 61000-4-8
EN 61000-4-11; IEC 61000-4-11
EN 61000-3-2, IEC 61000-3-2
EN 61000-3-3, IEC 61000-3-3
ETSI EN 300 386 V1.3.3
EN 55024:1998+ A1:2001 + A2:2003
EN 61000-4-2; IEC 61000-4-2
EN 61000-4-3; IEC 61000-4-3
EN 61000-4-4; IEC 61000-4-4
EN 61000-4-5; IEC 61000-4-5
EN 61000-4-6; IEC 61000-4-6
IEC 61000-4-8; IEC 61000-4-8
EN 61000-4-11; IEC 61000-4-11
EN 61000-3-2, IEC 61000-3-2
EN 61000-3-3, IEC 61000-3-3
Management IMC—Intelligent Management Center; command-line interface;
Web browser; out-of-band management; SNMP Manager;
Telnet; RMON1; FTP; IEEE 802.3 Ethernet MIB
IMC—Intelligent Management Center; command-line
interface; Web browser; out-of-band management; SNMP
Manager; Telnet; RMON1; FTP; IEEE 802.3 Ethernet MIB
Notes Additional specifications
• Static MAC table: 5120
• Max VLAN interface: 1,000
57. 57
• Multicast L2 entries for IPv4: 2,000
• Multicast L2 entries for IPv6: 1,000
• Multicast L3 entries for IPv4: 2,000
• Multicast L3 entries for IPv6: 1,000
• VLAN table: 4,000
• QoS forward queue number: 8
• Static ARP number: 1,000
• Dynamic ARP number: 8,000
• MAX number in one link group: 8
• Link group number: 128
• ACL number: 4,000 (ingress); 512 (egress)
Additional specifications
• Static MAC table: 5120
• Max VLAN interface: 1,000
• Multicast L2 entries for IPv4: 2,000
• Multicast L2 entries for IPv6: 1,000
• Multicast L3 entries for IPv4: 2,000
• Multicast L3 entries for IPv6: 1,000
• VLAN table: 4,000
• QoS forward queue number: 8
• Static ARP number: 1,000
• Dynamic ARP number: 8,000
• MAX number in one link group: 8
• Link group number: 128
• ACL number (GbE ports): 8,000 (ingress); 1,000 (egress)
• ACL number (10GbE ports): 2,000 (ingress); 512 (egress)
Services Refer to the HP website at hp.com/networking/services for
details on the service-level descriptions and product numbers.
For details about services and response times in your area,
please contact your local HP sales office.
Refer to the HP website at hp.com/networking/services
for details on the service-level descriptions and product
numbers. For details about services and response times in
your area, please contact your local HP sales office.
11
Data sheet | HP 5830 Switch Series
Standards and Protocols
(applies to all products in series)
BGP RFC 1771 BGPv4
RFC 1772 Application of the BGP
RFC 1997 BGP Communities Attribute
RFC 1998 An Application of the BGP
Community Attribute in Multi-home Routing
RFC 2385 BGP Session Protection via TCP
MD5
RFC 2439 BGP Route Flap Damping
RFC 2796 BGP Route Reflection
RFC 2858 BGP-4 Multi-Protocol Extensions
RFC 2918 Route Refresh Capability
RFC 3065 Autonomous System
Confederations for BGP
RFC 3392 Capabilities Advertisement with
BGP-4
RFC 4271 A Border Gateway Protocol 4 (BGP-4)
RFC 4272 BGP Security Vulnerabilities
Analysis
RFC 4273 Definitions of Managed Objects
for BGP-4
RFC 4274 BGP-4 Protocol Analysis
RFC 4275 BGP-4 MIB Implementation Survey
RFC 4276 BGP-4 Implementation Report
RFC 4277 Experience with the BGP-4
Protocol R
FC 4360 BGP Extended Communities
Attribute
RFC 4456 BGP Route Reflection: An
Alternative to Full Mesh Internal BGP (IBGP)
RFC 5291 Outbound Route Filtering
Capability for BGP-4
RFC 5292 Address-Prefix-Based Outbound
Route Filter for BGP-4
Denial of service protection RFC 2267 Network Ingress Filtering Automatic filtering of well-known
denial-of-service packets
CPU DoS Protection
Rate Limiting by ACLs
58. 58
Device management RFC 1157 SNMPv1/v2c
RFC 1305 NTPv3
RFC 1902 (SNMPv2)
RFC 2579 (SMIv2 Text Conventions)
RFC 2580 (SMIv2 Conformance)
RFC 2819 (RMON groups Alarm, Event,
History and Statistics only)
HTTP, SSHv1, and Telnet
Multiple Configuration Files
Multiple Software Images
SSHv1/SSHv2 Secure Shell
TACACS/TACACS+
Web UI
General protocols IEEE 802.1ad Q-in-Q
IEEE 802.1ag Service Layer OAM
IEEE 802.1p Priority
IEEE 802.1Q VLANs
IEEE 802.1s Multiple Spanning Trees
IEEE 802.1w Rapid Reconfiguration of
Spanning Tree
IEEE 802.1X PAE
IEEE 802.3ab 1000BASE-T
IEEE 802.3ac (VLAN Tagging Extension)
IEEE 802.3ad Link Aggregation Control
Protocol (LACP)
IEEE 802.3ae 10-Gigabit Ethernet
IEEE 802.3at
IEEE 802.3u 100BASE-X
IEEE 802.3z 1000BASE-X
RFC 768 UDP
RFC 783 TFTP Protocol (revision 2)
RFC 791 IP
RFC 792 ICMP
RFC 793 TCP
RFC 826 ARP
RFC 854 TELNET
RFC 894 IP over Ethernet
RFC 903 RARP
RFC 906 TFTP Bootstrap
RFC 925 Multi-LAN Address Resolution
RFC 950 Internet Standard Subnetting
Procedure
RFC 951 BOOTP
RFC 959 File Transfer Protocol (FTP)
RFC 1027 Proxy ARP
RFC 1035 Domain Implementation and
Specification
RFC 1042 IP Datagrams
RFC 1058 RIPv1
RFC 1142 OSI IS-IS Intra-domain Routing
Protocol
RFC 1213 Management Information Base
for Network Management of TCP/IP-based
internets
RFC 1256 ICMP Router Discovery Protocol
(IRDP)
RFC 1293 Inverse Address Resolution
Protocol
RFC 1305 NTPv3
RFC 1350 TFTP Protocol (revision 2)
RFC 1393 Traceroute Using an IP Option
RFC 1519 CIDR
RFC 1531 Dynamic Host Configuration
Protocol
RFC 1533 DHCP Options and BOOTP Vendor
Extensions
RFC 1591 DNS (client only)
RFC 1624 Incremental Internet Checksum
RFC 1701 Generic Routing Encapsulation
RFC 1721 RIP-2 Analysis
RFC 1723 RIP v2
RFC 1812 IPv4 Routing
RFC 2091 Trigger RIP
RFC 2131 DHCP
RFC 2138 Remote Authentication Dial In User
59. 59
Service (RADIUS)
RFC 2453 RIPv2
RFC 2644 Directed Broadcast Control
RFC 2763 Dynamic Name-to-System ID
mapping
RFC 2784 Generic Routing Encapsulation
(GRE)
RFC 2865 Remote Authentication Dial In
User Service (RADIUS)
RFC 2966 Domain-wide Prefix Distribution
with Two-Level IS-IS
RFC 2973 IS-IS Mesh Groups
RFC 3277 IS-IS Transient Blackhole
Avoidance
RFC 3567 Intermediate System to
Intermediate System (IS-IS) Cryptographic
Authentication
RFC 3719 Recommendations for
Interoperable Networks using Intermediate
System to Intermediate System (IS-IS)
RFC 3784 ISIS TE support
RFC 3786 Extending the Number of IS-IS
LSP Fragments Beyond the 256 Limit
RFC 3787 Recommendations for
Interoperable IP Networks using
Intermediate System to Intermediate
System (IS-IS)
RFC 3847 Restart signaling for IS-IS
RFC 4251 The Secure Shell (SSH) Protocol
Architecture
RFC 5130 A Policy Control Mechanism in
IS-IS Using Administrative Tags
12
Data sheet | HP 5830 Switch Series
Standards and Protocols
(applies to all products in series)
IP multicast RFC 2236 IGMPv2
RFC 2283 Multiprotocol Extensions for
BGP-4
RFC 2362 PIM Sparse Mode (Premium Edge
License)
RFC 3376 IGMPv3
RFC 3446 Anycast Rendezvous Point (RP)
mechanism using Protocol Independent
Multicast (PIM) and Multicast Source
Discovery Protocol (MSDP)
RFC 3618 Multicast Source Discovery
Protocol (MSDP)
RFC 3973 PIM Dense Mode
RFC 4541 Considerations for Internet Group
Management Protocol (IGMP) and Multicast
Listener Discovery (MLD) Snooping Switches
RFC 4601 Draft 10 PIM Sparse Mode
RFC 4604 Using Internet Group Management
Protocol Version 3 (IGMPv3) and Multicast
Listener Discovery Protocol Version 2
(MLDv2) for Source-Specific Multicast
RFC 4605 IGMP/MLD Proxying
RFC 4607 Source-Specific Multicast for IP
RFC 4610 Anycast-RP Using Protocol
Independent Multicast (PIM)
RFC 5059 Bootstrap Router (BSR)
Mechanism for Protocol Independent
Multicast (PIM)
IPv6 RFC 1886 DNS Extension for IPv6
RFC 1887 IPv6 Unicast Address Allocation
Architecture
RFC 1981 IPv6 Path MTU Discovery
RFC 2080 RIPng for IPv6
RFC 2081 RIPng Protocol Applicability
Statement
RFC 2292 Advanced Sockets API for IPv6
RFC 2373 IPv6 Addressing Architecture
RFC 2375 IPv6 Multicast Address
Assignments
60. 60
RFC 2460 IPv6 Specification
RFC 2461 IPv6 Neighbor Discovery
RFC 2462 IPv6 Stateless Address Autoconfiguration
RFC 2463 ICMPv6
RFC 2464 Transmission of IPv6 over
Ethernet Networks
RFC 2473 Generic Packet Tunneling in IPv6
RFC 2526 Reserved IPv6 Subnet Anycast
Addresses
RFC 2529 Transmission of IPv6 Packets
over IPv4
RFC 2545 Use of MP-BGP-4 for IPv6
RFC 2553 Basic Socket Interface Extensions
for IPv6
RFC 2710 Multicast Listener Discovery (MLD)
for IPv6
RFC 2740 OSPFv3 for IPv6
RFC 2767 Dual stacks IPv4 & IPv6
RFC 2893 Transition Mechanisms for IPv6
Hosts and Routers
RFC 3056 Connection of IPv6 Domains via
IPv4 Clouds
RFC 3307 IPv6 Multicast Address Allocation
RFC 3315 DHCPv6 (client and relay)
RFC 3484 Default Address Selection for IPv6
RFC 3513 IPv6 Addressing Architecture
RFC 3736 Stateless Dynamic Host
Configuration Protocol (DHCP) Service for
IPv6
RFC 3810 MLDv2 for IPv6
RFC 4214 Intra-Site Automatic Tunnel
Addressing Protocol (ISATAP)
MIBs RFC 1156 (TCP/IP MIB)
RFC 1157 A Simple Network Management
Protocol (SNMP)
RFC 1213 MIB II
RFC 1215 A Convention for Defining Traps for
use with the SNMP
RFC 1229 Interface MIB Extensions
RFC 1493 Bridge MIB
RFC 1573 SNMP MIB II
RFC 1643 Ethernet MIB
RFC 1657 BGP-4 MIB
RFC 1724 RIPv2 MIB
RFC 1757 Remote Network Monitoring MIB
RFC 1850 OSPFv2 MIB
RFC 1907 SNMPv2 MIB
RFC 2011 SNMPv2 MIB for IP
RFC 2012 SNMPv2 MIB for TCP
RFC 2013 SNMPv2 MIB for UDP
RFC 2096 IP Forwarding Table MIB
RFC 2233 Interface MIB
RFC 2452 IPV6-TCP-MIB
RFC 2454 IPV6-UDP-MIB
RFC 2465 IPv6 MIB
RFC 2466 ICMPv6 MIB
RFC 2571 SNMP Framework MIB
RFC 2572 SNMP-MPD MIB
RFC 2573 SNMP-Target MIB
RFC 2578 Structure of Management
Information Version 2 (SMIv2)
RFC 2580 Conformance Statements for
SMIv2
RFC 2618 RADIUS Client MIB
RFC 2620 RADIUS Accounting MIB
RFC 2665 Ethernet-Like-MIB
RFC 2668 802.3 MAU MIB
RFC 2674 802.1p and IEEE 802.1Q Bridge MIB
RFC 2787 VRRP MIB
RFC 2819 RMON MIB
RFC 2925 Ping MIB
RFC 2932IP (Multicast Routing MIB)
RFC 2933 IGMP MIB
RFC 2934 Protocol Independent Multicast
MIB for IPv4
61. 61
RFC 3414 SNMP-User based-SM MIB
RFC 3415 SNMP-View based-ACM MIB
RFC 3417 Simple Network Management
Protocol (SNMP) over IEEE 802 Networks
RFC 3418 MIB for SNMPv3
RFC 3595 Textual Conventions for IPv6 Flow
Label
RFC 3826 AES for SNMP’s USM MIB
RFC 4133 Entity MIB (Version 3)
RFC 4444 Management Information Base
for Intermediate System to Intermediate
System (IS-IS)
13
Data sheet | HP 5830 Switch Series
Standards and Protocols
(applies to all products in series)
Network management IEEE 802.1AB Link Layer Discovery Protocol
(LLDP)
RFC 1155 Structure of Management
Information
RFC 1157 SNMPv1
RFC 1448 Protocol Operations for version
2 of the Simple Network Management
Protocol (SNMPv2)
RFC 2211 Controlled-Load Network
RFC 2819 Four groups of RMON: 1
(statistics), 2 (history), 3 (alarm) and 9
(events)
RFC 3176 sFlow
RFC 3411 SNMP Management Frameworks
RFC 3412 SNMPv3 Message Processing
RFC 3414 SNMPv3 User-based Security
Model (USM)
RFC 3415 SNMPv3 View-based Access
Control Model VACM)
ANSI/TIA-1057 LLDP Media Endpoint
Discovery (LLDP-MED)
OSPF RFC 1245 OSPF protocol analysis
RFC 1246 Experience with OSPF
RFC 1765 OSPF Database Overflow
RFC 1850 OSPFv2 Management Information
Base (MIB), traps
RFC 2154 OSPF w/ Digital Signatures
(Password, MD-5)
RFC 2328 OSPFv2
RFC 2370 OSPF Opaque LSA Option
RFC 3101 OSPF NSSA
RFC 3137 OSPF Stub Router Advertisement
RFC 3630 Traffic Engineering Extensions to
OSPF Version 2
RFC 4061 Benchmarking Basic OSPF Single
Router Control Plane Convergence
RFC 4062 OSPF Benchmarking Terminology
and Concepts
RFC 4063 Considerations When Using Basic
OSPF Convergence Benchmarks
RFC 4222 Prioritized Treatment of Specific
OSPF Version 2 Packets and Congestion
Avoidance
RFC 4811 OSPF Out-of-Band LSDB
Resynchronization
RFC 4812 OSPF Restart Signaling
RFC 4813 OSPF Link-Local Signaling
RFC 4940 IANA Considerations for OSPF
QoS/CoS IEEE 802.1P (CoS)
RFC 1349 Type of Service in the Internet
Protocol Suite
RFC 2211 Specification of the Controlled-
Load Network Element Service
RFC 2212 Guaranteed Quality of Service
RFC 2474 DSCP DiffServ
RFC 2475 DiffServ Architecture
RFC 2597 DiffServ Assured Forwarding (AF)
RFC 2598 DiffServ Expedited Forwarding
(EF)
62. 62
Security IEEE 802.1X Port Based Network Access
Control
RFC 1321 The MD5 Message-Digest
Algorithm
RFC 1334 PPP Authentication Protocols
(PAP)
RFC 1492 An Access Control Protocol,
Sometimes Called TACACS
RFC 1994 PPP Challenge Handshake
Authentication Protocol (CHAP)
RFC 2082 RIP-2 MD5 Authentication
RFC 2104 Keyed-Hashing for Message
Authentication
RFC 2408 Internet Security Association and
Key Management Protocol (ISAKMP)
RFC 2409 The Internet Key Exchange (IKE)
RFC 2716 PPP EAP TLS Authentication
Protocol
RFC 2865 RADIUS Authentication
RFC 2866 RADIUS Accounting
RFC 2867 RADIUS Accounting Modifications
for Tunnel Protocol Support
RFC 2868 RADIUS Attributes for Tunnel
Protocol Support
RFC 2869 RADIUS Extensions
Access Control Lists (ACLs)
Guest VLAN for 802.1x
MAC Authentication
Port Security
SSHv1/SSHv2 Secure Shell
14
Data sheet | HP 5830 Switch Series
HP 5830 SwitchSeriesaccessories
Modules HP 5500/5120 2-port 10GbE SFP+ Module (JD368B)
Transceivers HP X110 100M SFP LC LH40 Transceiver (JD090A)
HP X110 100M SFP LC LH80 Transceiver (JD091A)
HP X110 100M SFP LC FX Transceiver (JD102B)
HP X110 100M SFP LC LX Transceiver (JD120B)
HP X125 1G SFP LC LH40 1310nm Transceiver (JD061A)
HP X120 1G SFP LC LH40 1550nm Transceiver (JD062A)
HP X125 1G SFP LC LH70 Transceiver (JD063B)
HP X120 1G SFP LC SX Transceiver (JD118B)
HP X120 1G SFP LC LX Transceiver (JD119B)
HP X120 1G SFP RJ45 T Transceiver (JD089B)
HP X170 1G SFP LC LH70 1550 Transceiver (JD109A)
HP X170 1G SFP LC LH70 1570 Transceiver (JD110A)
HP X170 1G SFP LC LH70 1590 Transceiver (JD111A)
HP X170 1G SFP LC LH70 1610 Transceiver (JD112A)
HP X170 1G SFP LC LH70 1470 Transceiver (JD113A)
HP X170 1G SFP LC LH70 1490 Transceiver (JD114A)
HP X170 1G SFP LC LH70 1510 Transceiver (JD115A)
HP X170 1G SFP LC LH70 1530 Transceiver (JD116A)
HP X130 10G SFP+ LC SR Transceiver (JD092B)
HP X130 10G SFP+ LC LRM Transceiver (JD093B)
HP X130 10G SFP+ LC LR Transceiver (JD094B)
HP X130 10G SFP+ LC ER 40km Transceiver (JG234A)
HP X240 10G SFP+ to SFP+ 0.65m Direct Attach Copper Cable (JD095C)
HP X240 10G SFP+ to SFP+ 1.2m Direct Attach Copper Cable (JD096C)
HP X240 10G SFP+ to SFP+ 3m Direct Attach Copper Cable (JD097C)
HP X240 10G SFP+ to SFP+ 5m Direct Attach Copper Cable (JG081C)
HP X240 10G SFP+ SFP+ 7m Direct Attach Copper Cable (JC784C)
Power Supply HP 58x0AF 650W AC Power Supply (JC680A)
HP 58x0AF 650W DC Power Supply (JC681A)
15
Data sheet | HP 5830 Switch Series
HP 5830AF-48G Switch with 1 Interface Slot (JC691A) HP 5500/5120 2-port 10GbE SFP+ Module (JD368B)
HP 5830AF-48G Back (power side) to Front (port side) Airflow Fan Tray (JC692A)
HP 5830AF-48G Front (port side) to Back (power side) Airflow Fan Tray (JC693A)
HP 5830AF-96G Switch (JC694A) HP 5830AF-96G back (power side) to front (port side) airflow Fan Tray (JC695A)
HP 5830AF-96G front (port side) to back (power side) airflow Fan Tray (JC696A)
Learn more at
hp.com/networking
64. 64
allows service providers to offer bandwidth from 1 to 1000 Mbps on a single platform. The Cisco ME
3400G-12CS is also positioned as an in-building aggregator for high-density buildings where multiple
access devices are needed.
Q. Are the Cisco Catalyst 3750, 3560, 2970, and 2960 Series also positioned for the Metro
Ethernet market?
A. No, the Cisco ME 2400 and ME 3400 Series and the Cisco Catalyst 3750 Metro Series are the only
products positioned for the Metro Ethernet market, and only they are planned to have new Metro
Ethernet features in the future.
Q. How does the market positioning of the Cisco ME 3400 Series differ from that of the Cisco
Catalyst 3750 Metro Series and the Cisco ME 2400 Series?
A. The Cisco Catalyst 3750 Metro Series will continue to be the premier access product for premium
services. The Cisco ME 3400 Series is the successor product for the Cisco Catalyst 2950 and 3550
Series in both ETTH and ETTB markets. The Cisco ME 2400 Series is the non-upgradeable, ETTH-
only solution in cost-sensitive markets.
Q. Will the Cisco Catalyst 3750 Metro Series be replaced by the Cisco ME 3400 Series?
A. No, the Cisco Catalyst 3750 Metro Series, with Cisco Hierarchical Queuing Framework (HQF) and
Multiprotocol Label Switching (MPLS) access, will continue to be the premier access product for
service providers that deploy premium services. It will continue to receive new Metro Ethernet
features.
Q. Does the Cisco ME 3400 Series support HQF or MPLS features?
A. No; however, those features are supported on the Cisco Catalyst 3750 Metro Series Switches.
Q. What configuration options are available for the Cisco ME 3400 Series?
A. Table 1 shows the complete list of Cisco ME 3400 Series Ethernet Access Switches and options.
Table 1. Cisco ME 3400 Series Ethernet Access Switches
Product Name (Part Number) Description
Cisco ME 3400-24FS AC Ethernet
Access Switch
(ME-3400-24FS-A)
• 24 Ethernet 100-Mbps Small Form-Factor Pluggable
(SFP) ports
• 2 SFP-based Gigabit Ethernet and 100BASE-X ports
• AC power supplies
• 6.5-mpps forwarding rate
• 1-rack unit (RU) multilayer switch
• Ethernet access switch for lowdensity FTTH
deployments
• 3 Cisco IOS ® Software feature image options
(METROBASE, METROACCESS, and
METROIPACCESS)
Cisco ME 3400G-12CS AC Ethernet
Access Switch
(ME-3400G-12CS-A)
• 12 dual-purpose (10/100/1000 and SFP) ports
• 4 SFP-based Gigabit Ethernet and 100BASE-X ports
• Dual fixed redundant AC power supplies
• 26-mpps forwarding rate
• 1-RU multilayer switch
• Gigabit Ethernet access switch for the Metro Ethernet
market
65. 65
• 3 Cisco IOS Software feature image options
(METROBASE, METROACCESS, and
METROIPACCESS)
Cisco ME 3400G-12CS DC Ethernet
Access Switch
(ME-3400G-12CS-D)
• 12 dual-purpose (10/100/1000 and SFP) ports
• 4 SFP-based Gigabit Ethernet and 100BASE-X ports
• Dual fixed redundant DC power supplies
• 26-mpps forwarding rate
• 1-RU multilayer switch
• Gigabit Ethernet access switch for the Metro Ethernet
market
• 3 Cisco IOS Software feature image options
(METROBASE, METROACCESS, and
METROIPACCESS)
Cisco ME 3400G-2CS AC Ethernet
Access Switch
(ME-3400G-2CS-A)
• 2 dual-purpose (10/100/1000 and SFP) ports
• 2 SFP-based Gigabit Ethernet and 100BASE-X ports
• AC power supplies
• 6.5-mpps forwarding rate
• 1-RU small-form factor multilayer switch
• Intelligent Ethernet demarcation switch
• 3 Cisco IOS Software feature image options
(METROBASE, METROACCESS, and
METROIPACCESS)
Cisco ME 3400-24TS AC Ethernet
Access Switch
(ME-3400-24-TS-A)
• 24 Ethernet 10/100 ports
• 2 SFP-based Gigabit Ethernet and 100BASE-X ports
• AC power supply
• 6.5-mpps forwarding rate
• 1-RU multilayer switch
• Ethernet access switch for the Metro Ethernet market
• 3 Cisco IOS Software feature image options
(METROBASE, METROACCESS, and
METROIPACCESS)
Cisco ME 3400-24TS DC Ethernet
Access Switch
(ME-3400-24-TS-D)
• 24 Ethernet 10/100 ports
• 2 SFP-based Gigabit Ethernet and 100BASE-X ports
• DC power supply
• 6.5-mpps forwarding rate
• 1-RU multilayer switch
• Ethernet access switch for the Metro Ethernet market
• 3 Cisco IOS Software feature image options
(METROBASE, METROACCESS, and
METROIPACCESS)
66. 66
Cisco ME 3400 Series METROBASE
Software Feature Image
(S340XB-12237SE)
• Standard Layer 2 feature image targeted for triple-play
services
• Advanced QoS: Ingress policing and egress shaping
• Robust multicast: IGMP filtering and throttling, and
Multicast VLAN Registration (MVR)
• Complete security solution: UNI/NNI, Control Plane
Security, and Configuration File Security
Cisco ME 3400 Series
METROACCESS Software Feature
Image
(S340XA-12237SE)
• Enhanced Layer 2 feature images targeted for
premium triple-play services and Layer 2 VPN
services
• Advanced Layer 2 Tunneling: 802.1q tunneling and
Layer 2 Protocol Tunneling (L2PT)
• Industry-standard Layer 2 management: 802.1ag
(CFM) and E-LMI
• Fast convergence: Flex-Link, Link-State Tracking,
Resilient Ethernet Protocol (REP)
Cisco ME 3400 Series
METROIPACCESS Software Feature
Image
(S340XI-12237SE)
• Layer 3 feature images targeted for Layer 3 VPN
services
• IP routing (RIP versions 1 and 2, EIGRP, OSFP, IS-IS,
and BGPv4)
• Secured Layer 3: Multi-VRF CE
• Enhanced routing: Policy Based Routing
Upgrade Kit for METROACCESS
from METROBASE
(CD-ME3400-B2A=)
METROACCESS image upgrade kit from
METROBASE image
Upgrade Kit for METROIPACCESS
from METROBASE
(CD-ME3400-B2I=)
METROIPACCESS image upgrade kit from
METROBASE image
Upgrade Kit for METROIPACCESS
from METROACCESS
(CD-ME3400-A2I=)
METROIPACCESS image upgrade kit from
METROACCESS image
Q. What Cisco IOS Software feature images does the Cisco ME 3400 Series support?
A. The Cisco ME 3400 Series supports three different Cisco IOS Software feature images:
METROBASE, METROACCESS, and METROIPACCESS. The METROBASE feature image
includes features for converged triple-play services. The METROACCESS includes these, plus
features for premium triple-play services or Layer 2 VPN services. The METROIPACCESS image
contains all the preceding plus features for Layer 3 VPN services. Upgrade options are also
available for future service requirements.
Q. Do I have options to select the software version?
A. The Cisco ME 3400 Series supports the Assemble To Order (ATO) fulfillment process. This enables
you to select the version of software you want to be loaded on the switch. In addition, you can select
the type of accessories that come with the switch.
67. 67
Technology Overview
Q. What hardware features are available on the Cisco ME 3400 Series?
A. Cisco ME 3400 Series hardware is designed to simplify deployment and troubleshooting in the field. It
features a compact design and flexible mounting options for deployment where space is limited. The
Cisco ME 3400 Series also has all connectors in the front of the chassis for easier cable access. In
addition, the switch operates reliably at temperatures up to 122ºF (50ºC).
Q. What certifications has the Cisco ME 3400 Series obtained?
A. The Cisco ME 3400-24TS switches has obtained both the Network Equipment Building Systems
Level 3 (NEBS3) certification and European Telecommunications Standards Institute (ETSI)
certifications. The Cisco ME 3400G switches also have NEBS3 certification. These certifications
ensure that the Cisco ME 3400 Series conforms to telecommunications industry standards.
Q. What are the key features in each software feature image?
A. The key features in each software feature image are listed in Table 2.
Table 2. Key Features for Each Software Feature Image
METROBASE METROACCESS METROIPACCESS
UNI/NNI
All METROBASE
features All METROACCESS features
Internet Group Management
Protocol (IGMP) Filtering
and Throttling
802.1Q Tunneling,
L2PT Static routing
Multicast VLAN Registration
(MVR)
Ethernet OAM
(802.1ag, 802.3ah, E-
LMI) Multi-VRF CE (VRF-lite)
Advanced QoS
Configurable per VLAN
MAC Learning PBR
Control Plane Security Flex-Link RIP versions 1 and 2
Configuration File Security
Dynamic ARP
Inspection, IP Source
Guard EIGRP, OSPF, and IS-IS
DHCP Snooping
Per Port Per VLAN
Ingress Policing BGPv4
Private VLAN Link-State Tracking NNI Configurable on All Ports
Configuration Rollback
Resilient Ethernet
Protocol Source Specific Multicast
MAC address learning and
aging notifications Ethernet IP SLA Multicast support for VRF (mVRF-Lite)
68. 68
Embedded Event
Manager
VRF-aware Services (ARP, Ping,
SNMP, HSRP, uRPF Syslog,
Traceroute, FTP, and TFTP)
IGMP Proxy
Q. What is UNI/NNI?
A. UNI/NNI is the classification of port types designed for the Metro Ethernet market to simplify
deployment, management, and troubleshooting. UNI, User Network Interface, is the interface that
faces the subscriber, and NNI, Network Node Interface, is the interface that faces the service
provider network. By labeling each port as UNI or NNI, the software can optimize each port for the
role. Table 3 lists some default behaviors for each port type and the benefits.
Table 3. UNI/NNI Default Behaviors and Benefits
Default Behaviors Benefits
UNI Default: Down
Ports are activated only when the service provider configures all
the parameters and turns on the port, helping prevent
unauthorized access to services.
UNI Default: No Local
Switching
Creates circuit-like behavior to separate customers' traffic from
each other.
UNI Default: Control Plane
Security Enabled
Control plane packet ingresses from UNI are dropped in
hardware to protect against denial-of-service (DoS) attacks.
NNI Default: Up
Helps enable automated configuration of the switch through the
Dynamic Host Configuration Protocol (DHCP)/BOOTP server.
Q. What is the Control Plane Security feature?
A. This feature protects the switch CPU by dropping control protocols on UNI interfaces. It is enabled on
the UNI by default. Some of the control protocols dropped are bridge protocol data unit (BPDU),
Cisco Discovery Protocol, VLAN Trunking Protocol (VTP), Unidirectional Link Detection Protocol
(UDLD), and Link Aggregation Protocol (LACP). Users can turn on L2PT for those features on a per-
port basis. Users can also rate-limit ingress on the UNI for some of the control protocols.
Q. What multicast features are supported on the Cisco ME 3400 Series?
A. The Cisco ME 3400 Series offers both granular IGMP control features and efficient multicast
distribution features to support robust video services. For fine control of IGMP messages, the Cisco
ME 3400 Series supports the IGMP Fast Leaves feature for quick channel changing, IGMP filtering
for control of which groups users can access, and IGMP throttling for control of how many groups
users can access. The Cisco ME 3400 Series provides efficient multicast distribution features such
as Multicast VLAN Registration (MVR) and Protocol Independent Multicast (PIM) routing. The MVR
feature reduces duplication of multicast traffic across multiple VLANs in Layer 2 ring networks by
centralizing the distribution of multicast traffic in a single video VLAN. PIM routing provides intelligent
multicast routing by building a distribution tree base on Layer 3 information.
Q. What QoS features are available on the Cisco ME 3400 Series?
A. The Cisco ME 3400 Series provides advanced QoS features to provide differentiated services and
the ability to police ingress and shape egress traffic. Each packet that is transmitted through the
switch goes through four stages of QoS:
69. 69
• Stage 1, Ingress classification: Each packet is classified based on Layer 2-4 information, including
802.1p Class of Service (CoS), differentiated services code point (DSCP), MAC address, IP
address, and Layer 4 socket information.
• Stage 2, Ingress policing: Classified packets are rate-limited to the peak information rate (PIR). In-
profile traffic is transmitted while out-of-profile traffic is either dropped or re-marked.
• Stage 3, Egress queuing: Classified packets are placed in one of the four queues available on
each port (three user-configurable queues and one default queue).
• Stage 4, Shaping and sharing: Queues are serviced by the Shaped Round Robin (SRR)
algorithm. They can be shared by the weight configured on the queue or shaped by the bandwidth
configured on the queue. One of the queues can be configured as the low-latency queue (LLQ) to
provide the shortest delay possible. The LLQ can also have an optional rate-limiting parameter to
control the amount of traffic allowed into the queue. This feature provides queue starvation
protections in case of misconfiguration.
Q. What Ethernet OAM&P features are supported on the Cisco ME 3400 Series?
A. The Cisco ME 3400 Series supports both 802.1ag Connectivity Fault Management and Ethernet
Local Management Interface (E-LMI) with the S340XA-12225SEG1 software release. The 802.1ag
feature provides the tools to monitor and troubleshoot end-to-end Ethernet networks. It allows
service providers to check for end-to-end connectivity, isolate network issues, and identify customers
affected by network issues. E-LMI enables service providers to automatically configure customer-
edge devices to match the subscribed service. This automatic provisioning not only reduces the
effort to set up the service, but also reduces the amount of coordination required between the
service provider and enterprise customer.
Q. What security features are available on the Cisco ME 3400 Series?
A. The Cisco ME 3400 Series provides a comprehensive security solution for Ethernet access products.
By dividing security into three areas - subscriber security, switch security, and network security - and
providing features for each, the Cisco ME 3400 Series can deliver a highly secure solution at the
edge of the service provider network.
Subscriber security helps prevent one user from affecting another one on their shared network.
The Cisco ME 3400 Series provides the UNI/NNI feature to create a circuit-like behavior to
separate users' traffic streams. It also provides DHCP Snooping, Dynamic ARP Inspection, and IP
Source Guard to help service providers identify each user's MAC address, IP address, and port
information, thereby preventing malicious users from unauthorized access.
Switch security is about protecting the switch from attacks. The Cisco ME 3400 Series offers
features to protect the CPU and configuration files from DoS attacks, when dropped process
control protocol packets could result in network outage. Features such as Control Plane Security
and Storm Control help protect the CPU against malicious attacks. Port Security allows service
providers to control how many MAC addresses are allowed from each subscriber. This protects
switch memory from being overwhelmed.
Network security consists of features that filter all incoming traffic to ensure that only valid traffic is
allowed through the switch. The Cisco ME 3400 Series uses features such as access control lists
(ACLs) and IEEE 802.1xto identify users that are allowed to transmit traffic through the switch.
Q. Can the Cisco ME 3400G-12CS Switch run on one power supply?
A. The Cisco ME 3400G-12CS Switch supports two fixed-configuration power supplies. Only one power
supply is needed for operation of the switch. When both power supplies are used, power redundancy
and load sharing are also available.
Q. What SFP modules are supported on the Cisco ME 3400 Series?
A. Cisco ME 3400 Series Switches support both 100- and 1000-Mbps SFP modules. The options
include Cisco 100BASE-LX, 100BASE-FX, 100BASE-BX, 1000BASE-LX, 1000BASE-SX,
1000BASE-ZX, and 1000BASE-T SFP modules plus coarse wavelength-division multiplexing
(CWDM) SFP modules.
70. 70
Q. What is a dual-purpose port?
A. A dual-purpose port is a combination of one 10/100/1000-TXcopper port and one SFP-based Gigabit
Ethernet port. One of these two ports can be used at a time. This added flexibility allows cost-
effective use of interfaces to customers at various distances.
Q. What is 802.1Q Tunneling? Is it an IEEE standard?
A. With 802.1Q Tunneling, a service provider's switch can tag on a second 802.1Q tag on top of the
customer's 802.1Q tag. This feature is sometimes referred to as "Q-in-Q." The Cisco implementation
is proprietary and does not interoperate with other implementations. There is currently no effort to
make this into a standard.
Q. Is there a way to integrate Metro Ethernet Layer 2 service with an existing Frame Relay/ATM
network?
A. Yes, by using Cisco 7600 Series and Cisco Catalyst 6500 Series equipment, service providers can
integrate Frame Relay/ATM networks with Cisco Metro Ethernet switching.
Management Overview
Q. What are the management capabilities of the Cisco ME 3400 Series?
A. The Cisco ME 3400 Series supports numerous management features. Support for Simple Network
Management Protocol (SNMP) versions 1, 2c, and 3 and Telnet interface support deliver
comprehensive in-band management, and a command-line-based management console provides
detailed out-of-band management. The Cisco ME 3400 Series also supports the Cisco CNS 2100
Series Intelligence Engine, a hardware appliance supporting a suite of Cisco CNS products
(intelligent agents) that function with device agents to create a programmable network. Cisco CNS
extends the management plane of Cisco devices to a shared "programmable network" composed of
three functional areas:
• Cisco CNS Intelligent Peer: Network provisioning and monitoring
• Cisco CNS Intelligent Engines: Fault, configuration, accounting, performance, and security
(FCAPS) engines and a subscriber policy server tightly coupled with the device agents
• Cisco CNS Integration Bus: A single open, programmatic interface to the entire network
CiscoWorks network management software provides management capabilities to the Cisco ME
3400 Series on a per-port and per-switch basis, providing a common management interface for
Cisco routers, switches, and hubs.
Warranty and Service
Q. What is the warranty for the Cisco ME 3400 Series?
A. The Cisco ME 3400 Series includes the Cisco 90-Day Limited Warranty.
Q. What types of services and support packages are available for the Cisco ME 3400 Series?
A. A full complement of lifecycle services and support is available for the Cisco ME 3400 Series. From
implementation to operation and optimization, Cisco offers technical support services and advanced
services delivered either directly or through one of its partners.
Cisco SP Base support, offered for service providers as part of Cisco Technical Support Services,
is designed to provide enhancement and maintenance support resources during the operational
lifetime of your Cisco network. It extends and enhances the operational lifetime of your Cisco
networking devices and Cisco IOS Software, and it protects your network investment with Cisco
Technical Support Services. Cisco SP Base support helps improve productivity and increase your
operational efficiency by complementing your in-house resources with Cisco networking expertise.
Cisco SP Base support can also help maximize availability and minimize risks for systems running
mission-critical applications by delivering:
• Ongoing Cisco IOS Software updates
71. 71
• Rapid technical problem resolution with 24-hour global access to expert technical engineers,
online or on the telephone
• Knowledge transfer of Cisco expertise, enhancing in-house technical skills
• Advance hardware replacement, reducing the risk of network downtime
• Registered access to an array of powerful online tools, allowing you to more quickly address
common network problems
• 24-hour access to comprehensive technical information and a collection of configuration,
installation, troubleshooting, and service request management tools
• A broad base of expertise in networking technology, including data, voice, and video
communications
For more information about Cisco SP Base support,
visit: http://www.cisco.com/en/US/products/svcs/ps3034/ps2827/ps2960/serv_datasheet09186a00
80234131.html
For More Information
For detailed product information about the Cisco ME 3400 Series Ethernet Access Switches, refer to
the product data sheets
at:http://www.cisco.com/en/US/prod/collateral/switches/ps6568/ps6580/product_data_sheet0900aec
d8034fef3.html.
Netgear WNDAP620access point(ACCESS)
Product Number
WNDAP620
Product Thumbnail
72. 72
Standards
IEEE 802.11a 5GHz
IEEE 802.11g, IEEE 802.11b, 2.4GHz
IEEE 802.11n standard, 2.4GHz and 5GHz
WMM - Wireless MultiMedia prioritization
WDS - Wireless Distribution System
Power over Ethernet (PoE) IEEE 802.3af and 802.3at
System Requirements
2.4GHz/5GHz 802.11n specification or 2.4GHz 802.11b/g wireless adapter or 5GHz
802.11a wireless adapter
Microsoft® Windows® Vista™, XP, 2000, 98, Me, Mac® OS, UNIX®, or Linux®
Internet Explorer® 6.0 or Mozilla Firefox® 1.5
We recommend using this product with N600 Wireless Dual Band USB Adapter
(WNDA3100)
Physical Specifications
Physical Dimensions (W x D x H): 253.75 x 253.76 x 54.76 mm (10.0 x 10.0 x 2.16 in)
Weight: 1.5 kg (3.31 lb)
Physical Interfaces
One (1) 10/100/1000BASE-T Gigabit Ethernet (RJ-45) port with Auto Uplink™ (Auto
MDI-X) with IEEE 802.3af Power over Ethernet (PoE) support
Power adapter: 12V DC, 1.5A; plug is localized to country of sale
One (1) console port with RJ45 Interface
Three (3) reverse SMA antenna connectors
73. 73
Five (5) LED: Power, Link/ACT, LAN, 2.4GHz, 5GHz
Security
Wi-Fi Protected Access (WPA, WPA2)
Wired Equivalent Privacy (WEP) 64-bit, 128-bit, and 152-bit encryption
IEEE 802.1x RADIUS authentication with EAP TLS, TTLS, PEAP
Wireless access control to identify authorized wireless network devices
MAC address authentication
VPN pass-through support
Secure SSH telnet
Security Sockets Layer (SSL) remote management login
Network Management
Remote configuration and management through Web browser, SNMP or telnet with
command line interface (CLI)
SNMP management supports SNMP MIB I, MIB II, 802.11 MIB and proprietary
configuration MIB
Advanced Wireless Features
Wireless Distribution System (WDS)
Bridge mode: Point-to-point wireless WDS mode
Bridge mode: Point-to-multipoint wireless WDS mode
Repeater mode
Adjustable Transmit Power Control (TPC) from 100 mW down to 0 mW
Package Contents
ProSAFE® Premium Dual Band Wireless-N Access Point (WNDAP620)
Ethernet cable
Wall-mount kit
Installation guide
Resource CD
12V, 1A power supply
Warranty/support information card
Product Diagram
74. 74
NETGEAR Warranty
This product is backed by a NETGEAR ProSAFE® Limited Lifetime Hardware Warranty.
Lifetime Next Business Day Hardware Replacement. Click here for coverage, availability
and terms and conditions.
ProSUPPORT 24x7 Advanced Technical Support via phone for 90 days (Remote
diagnostics performed by our technical experts for prompt resolution of technical
issues). ProSUPPORT coverage can be extended by purchasing one, three, or five year
contracts.
ProSUPPORT Lifetime 24x7 Advanced Technical Support via chat. (Remote diagnostics
performed by our technical experts for prompt resolution of technical issues).
TELE CONFERENCING
MX200 and MX300 Multipurpose Value Line
Product Overview
The Cisco TelePresence® MX Series makes telepresence more accessible to teams everywhere
with the MX200 and MX300 value line, featuring ready-to-use simplicity and high quality at value
pricing. The 42-inch Cisco TelePresence MX200 and 55-inch Cisco TelePresence MX300 endpoints
represent the highly-integrated value line within Cisco’s MX Series multipurpose telepresence family.
The MX200 and MX300 systems are as easy to install as a television and priced for large-scale
deployment, so you can quickly and easily transform any meeting space into a telepresence-enabled
team room. Whether you are just getting started with video communications or are planning to video -
enable your entire organization, the Cisco TelePresence MX200 and MX300 can meet your needs,
delivering 1080p high-definition performance in a simple, intuitive design (Figure 1).
Figure 1. Cisco TelePresence MX300 and MX200 on Floor Stand
75. 75
Installed in approximately 15 minutes, the Cisco TelePresence MX200 and MX300 endpoints
reinvent the team meeting room experience. The systems offer the high-quality, easy-to-use
telepresence experience that you have come to expect from Cisco, combined with simple
installation, global service, and a price performance that makes broad deployment easier and more
affordable than ever.
The Cisco TelePresence portfolio creates an immersive, in-person experience over the network -
bridging time and space to facilitate team collaboration like never before. Through a powerful
combination of technologies and design innovations, the Cisco TelePresence experience allows you
and remote participants to feel like you are all in the same room. The Cisco TelePresence portfolio
also offers significant opportunity for productivity gains and process improvements that can
transform your business. Many organizations are already using it to manage costs, make decisions
faster, improve customer intimacy, scale scarce resources, and speed products to market.
Features and Benefits
Figure 2. Cisco TelePresence MX200 in Small Team Room Environment
Figure 3. Cisco TelePresence MX300 in Medium Team Room Environment