Huawei S5700-HI Series Switches Data Sheet

Huawei S5700-HI Series Switches Data Sheet

Product overview

The S5700-HI series (hereafter referred to as S5700-HI) are advanced gigabit Ethernet switches developed by Huawei, providing flexible gigabit access and 10G/40G uplink ports. Based on next-generation, high-performance hardware and Huawei Versatile Routing Platform (VRP), the S5700-HI provides excellent NetStream function, flexible Ethernet networking, comprehensive VPN tunneling technologies, diversified security mechanisms, mature IPv6 features, and are easy to manage and maintain. All these features make the S5700-HI the best choice as an access switch on large and medium-sized campus networks or data centers and aggregation switch on small campus networks.

Note: S5700-HI mentioned in this document refers to the whole S5700-HI series including S5710-HI, and descriptions about S5710-HI are unique features of S5710-HI.

Product appearance

Appearance Description

S5700-28C-HI

  • 24 x 10/100/1,000 Base-T ports
  • Subcards supported: 4 x 1,000 Base-X SFP subcard, 2 x 10 GE SFP+ subcard, and 4 x 10 GE SFP+ subcard
  • Double swappable AC/DC power supplies
  • Forwarding performance: 96 Mpps
  • Switching capacity: 256 Gbit/s

S5700-28C-HI-24S

  • 24 x 100/1,000 Base-X ports
  • Subcards supported: 4 x 1,000 Base-X SFP subcard, 2 x 10 GE SFP+ subcard, and 4 x 10 GE SFP+ subcard
  • Double swappable AC/DC power supplies
  • Forwarding performance: 96 Mpps
  • Switching capacity: 256 Gbit/s

S5710-108C-PWR-HI (front)

S5710-108C-PWR-HI (back)

  • 48 x 10/100/1,000 Base-T ports and 8 x 10 GE SFP+ ports
  • Three slots on the front panel: support 16 x 1,000 Base-X SFP subcard and 16 x 10/100/1,000 Base-T subcard
  • One slot at the real panel: supports 4 x 40 GE QSFP+ subcard and 4 x 10 GE SFP+ subcard
  • Double swappable AC power supplies
  • Forwarding performance: 504 Mpps
  • Switching capacity: 1,024 Gbit/s

Product characteristics

Various combinations of ports

  • The S5710-HI has four subcard slots that can accommodate various extended subcards to provide high-density 10 GE/40 GE uplink ports. With its eight fixed 10 GE SFP+ ports, the S5710-HI can have different subcards installed to provide flexible combination of ports, including 48 x GE + 8 x 10 GE, 96 x GE + 8 x 10 GE, 96 x GE + 12 x 10 GE, and 96 x GE + 8 x 10 GE + 4 x 40 GE. In addition, the S5710-HI provides both optical and electrical ports for flexible access and supports PoE+. The flexible port combinations meet different bandwidth upgrading requirements and protect customers’ investment.

Comprehensive VPN technologies

  • The S5700-HI allows users in different VPNs to connect to the same switch and isolates users through multi-instance routing. The S5700-HI supports Multi-Protocol Label Switching (MPLS) QoS, MPLS Traffic Engineering (TE), Virtual Leased Line (VLL), Virtual Private LAN Service (VPLS), and Layer 3 Virtual Private Network (L3VPN). They can provide high-quality private line access services for enterprises and are cost-effective case-shaped MPLS switches.

Flexible Ethernet networking

  • In addition to traditional Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP), the S5700-HI supports Huawei-developed Smart Ethernet Protection (SEP) technology and the latest Ethernet Ring Protection Switching (ERPS) standard. SEP is a ring protection protocol specific to the Ethernet link layer, and applies to various ring network topologies, such as open ring topology, closed ring topology, and cascading ring topology. This protocol is reliable, easy to maintain, and implements fast protection switching within 50 ms. ERPS is defined in ITU-T G.8032. It implements millisecond-level protection switching based on traditional Ethernet MAC and bridging functions.        
  • The S5700-HI supports Smart Link and Virtual Router Redundancy Protocol (VRRP), which implement backup of uplinks. One S5700-HI switch can connect to multiple aggregation switches through multiple links, significantly improving reliability of access devices. In addition, the S5700-HI provides multiple connection fault detection mechanisms, including Ethernet OAM (IEEE 802.3ah/802.1ag/ITU Y.1731) and Bi-directional Forwarding Detection (BFD). The S5700-HI (except S5710-HI) provides hardware-based 3.3 ms Ethernet OAM detection cycle and 10 ms BFD detection cycle.

Diversified security control

  • The S5700-HI supports 802.1x authentication, MAC address authentication, and combined authentication on a per-port basis, as well as Portal authentication on a per VLANIF interface basis and implements dynamic delivery of policies (VLAN, QoS, and ACL) to users.
  • The S5700-HI provides a series of mechanisms to defend against DoS attacks and user-targeted attacks. DoS attacks are targeted at switches and include SYN flood, Land, Smurf, and ICMP flood attacks. User-targeted attacks include bogus DHCP server attacks, IP/MAC address spoofing, DHCP request flood, and change of the DHCP CHADDR value. You can specify DHCP snooping trusted and untrusted ports to ensure that users connect only to the authorized DHCP server.
  • The S5700-HI supports strict ARP learning. This feature prevents ARP spoofing attackers from exhausting ARP entries so that users can connect to the Internet normally.

Easy-Operation

  • The S5700 supports Easy-Operation, a solution that provides auto-configuration, plug-and-play, USB-based deployment, and batch remote upgrade. The Easy-Operation solution facilitates device deployment, upgrade, service provisioning, and other management and maintenance operations, and also greatly reduces costs of operation and maintenance.
  • The S5700 can be managed and maintained using Simple Network Management Protocol (SNMP) V1, V2, and V3, Command Line Interface (CLI), web-based network management system, or Secure Shell (SSH) V2.0. Additionally, it supports remote network monitoring (RMON), multiple log hosts, port traffic statistics collection, and network quality analysis that help in network consolidation and reconstruction.
  • The S5700-HI can use the GARP VLAN Registration Protocol (GVRP) to implement dynamic distribution, registration, and propagation of VLAN attributes. GVRP reduces manual configuration workload and ensures correct configuration. Besides, the S5700-HI supports the MUX VLAN function, which involves a principal VLAN and multiple subordinate VLANs. Subordinate VLANs are classified into group VLANs and separate VLANs. Ports in the principal VLAN can communicate with ports in subordinate VLANs. Ports in a subordinate group VLAN can communicate with each other, whereas ports in a subordinate separate VLAN can communicate only with ports in the principal VLAN.
  • EasyDeploy: The Commander collects information about the topology of the client connecting to the Commander and saves client startup information based on the topology. The client can be replaced without configuration. Configuration and scripts can be delivered to the client in batches. In addition, the configuration delivery result can be queried.
  • The Commander can collect and display power consumption on the entire network.

Mature IPv6 technologies

  • The S5700-HI uses the mature, stable Versatile Routing Platform (VRP) and supports IPv4/IPv6 dual stacks, IPv6 routing protocols (RIPng, OSPFv3, BGP4+, and IS-IS for IPv6), and IPv6 over IPv4 tunnels including manual, 6-to-4, and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnels. With these IPv6 features, the S5700-HI can be deployed on a pure IPv4 network, a pure IPv6 network, or a shared IPv4/IPv6 network, helping realize IPv4-to-IPv6 transition.

Excellent network traffic analysis

  • The S5700-HI provides the NetStream function and can function as a NetStream data exporter. It periodically collects data traffic statistics, encapsulates the statistics in standard V5, V8, or V9 packets, and sends the packets to the NetStream data collector according to NetStream configuration. The collected statistics are then processed to dynamically generate reports, analyze traffic attributes, and generate alarms on abnormal traffic. The NetStream function helps you optimize network structure and adjust resource deployment in a timely manner.
  • The S5700-HI supports the sFlow function. It uses a method defined in the sFlow standard to sample traffic passing through it and sends sampled traffic to the collector in real time. The collected traffic statistics are used to generate statistical reports, helping enterprises maintain their networks.

Product specifications

Item S5700-28C-HI S5700-28C-HI-24S S5710-108C-PWR-HI
Fixed ports 24 x 10/100/1,000 Base-T 24 x 100/1,000 Base-X 48 x 10/100/1,000 Base-T, 8 x 10 GE SFP+
Extended slots 1 extended slot:
Optional subcard 1: 2 x 10 GE SFP+
Optional subcard 2: 4 x 10 GE SFP+
Optional subcard 3: 4 x 1,000 Base-X
3 front extended slots:
Optional subcard 1:
16 x 10/100/1,000 Base-T
Optional subcard 2:
16 x 1,000 Base-X
1 rear extended slot:
Optional subcard 1: 4 x 10 GE SFP+ (no GE auto adaption)
Optional subcard 2: 4 x 40 GE QSFP+
MAC address table IEEE 802.1d compliance
32K MAC address entries
MAC address learning and aging
Static, dynamic, and blackhole MAC address entries
Packet filtering based on source MAC addresses
IEEE 802.1d compliance
456K MAC address entries
MAC address learning and aging
Static, dynamic, and blackhole MAC address entries
Packet filtering based on source MAC addresses
VLAN 4K VLANs
Guest VLAN and voice VLAN
GVRP
MUX VLAN
VLAN assignment based on MAC addresses, protocols, IP subnets, policies, and ports
1:1 and N:1 VLAN Mapping
Reliability RRPP ring topology and RRPP multi-instance
Smart Link tree topology and Smart Link multi-instance, providing the millisecond-level protection switchover
SEP
ERPS(G.8032)
BFD for OSPF, BFD for IS-IS, BFD for VRRP, and BFD for PIM
STP(IEEE 802.1d), RSTP(IEEE 802.1w), and MSTP(IEEE 802.1s)
BPDU protection, root protection, and loop protection
MPLS features MPLS L3VPN
MPLS L2VPN(VPWS/VPLS)
MPLS-TE
MPLS QoS
IP routing Static routing, RIPv1/v2, OSPF, IS-IS, BGP, and ECMP
IPv6 features Neighbor Discovery (ND)
Path MTU (PMTU)
IPv6 ping, IPv6 tracert
6to4 tunnel, ISATAP tunnel, and manually configured tunnel
ACLs based on the source IPv6 address, destination IPv6 address, Layer 4 ports, or protocol type
IPv6 Static routing, RIPng, OSPFv3, IS-ISv6, BGP4+, and ECMP
Multicast IGMP v1/v2/v3 snooping and IGMP fast leave
MLD v1/v2 snooping
Multicast forwarding in a VLAN and multicast replication between VLANs
Multicast load balancing among member ports of a trunk
Controllable multicast
Port-based multicast traffic statistics
IGMPv1/v2/v3, MLDv1/v2, PIM-SM, PIM-DM, PIM-SSM, and MSDP
QoS/ACL Rate limiting on packets sent and received by an interface
Packet redirection
Port-based traffic policing and two-rate three-color CAR
Eight queues on each port
WRR, DRR, PQ, WRR + PQ, and DRR + PQ queue scheduling algorithms
WRED
Re-marking of the 802.1p priority and DSCP priority
Packet filtering at Layer 2 to Layer 4, filtering out invalid frames based on the source MAC address, destination MAC address, source IP address, destination IP address, TCP/UDP port number, protocol type, and VLAN ID
Rate limiting in each queue and traffic shaping on ports
Security User privilege management and password protection
DoS attack defense, ARP attack defense, and ICMP attack defense
Binding of the IP address, MAC address, interface, and VLAN
Port isolation, port security, and sticky MAC
Blackhole MAC address entries
Limit on the number of learned MAC addresses
802.1x authentication and limit on the number of users on an interface
AAA authentication, RADIUS authentication, HWTACACS+ authentication, and NAC
SSH v2.0
Hypertext Transfer Protocol Secure (HTTPS)
CPU defense
Blacklist and whitelist
OAM Hardware OAM:
EFM OAM
CFM OAM
Y.1731 performance test (hardware-level delay and jitter detection)
Software OAM:
EFM OAM
CFM OAM
Y.1731 performance test
Management and maintenance iStack
MAC Forced Forwarding (MFF)
Virtual cable test
SNMP v1/v2c/v3
RMON
Web-based NMS
System logs and alarms of different levels
802.3az EEE
sFlow
NetStream
Dying gasp
Operating environment Operating temperature: 0℃ to 50℃
Relative humidity: 5% to 95% (non-condensing)
Input voltage AC:
Rated voltage range: 100V to 240V AC, 50/60 Hz
Maximum voltage range: 90V to 264V AC, 50/60 Hz
DC:
Rated voltage range: –48V to –60V, DC
Maximum voltage range: –36V to –72V, DC
Dimensions
(W x D x H)
442 mm x 220 mm x 43.6 mm 442 mm x 470 mm x 87.2 mm
Power consumption < 76W < 80W < 1,680W
(Device: 240W, PoE: 1,440W)

Networking and applications

On medium-sized enterprise networks

    The S5710-HI can function as a core switch on a medium-sized enterprise network. With four extended slots, the S5710-HI can have various subcards installed to provide more interfaces and bandwidth for fast increasing services.

On large-sized enterprise networks

    The S5700-HI can function as an access device on a large-sized enterprise network or an aggregation device on a small-sized or medium-sized campus network. It supports link aggregation and dual-homing to improve network reliability.

In data centers

    The S5700-HI can be used in a data center. It connects to gigabit servers and aggregates traffic from the servers to uplink devices through trunk links. If multiple servers are available, an S5700 stack can be used to facilitate network maintenance and improve network reliability.





Ordering information

Product Description
S5700-28C-HI-24S (24 x Gig SFP, with 1 interface slot)
S5700-28C-HI (24 x Ethernet 10/100/1,000 ports, with 1 interface slot)
S5710-108C-PWR-HI (48 x Ethernet 10/100/1,000 ports, 8 x 10 Gig SFP+, PoE+, with 4 interface slots)
2 x 10 Gig SFP+ interface card (used in S5700-HI series)
4 x 10 Gig SFP+ interface card (used in S5700-HI series)
4 x Gig SFP interface card (used in S5700-HI series)
16 x Gig SFP Interface Card (used in S5710-HI series)
16 x Ethernet 10/100/1,000 ports Interface Card (used in S5710-HI series)
4 x 40 Gig QSFP+ Interface Card (used in S5710-HI series)
4 x 10 Gig SFP+ Interface Card (used in S5710-HI series)
170W DC Power Module (used in S5700-HI series)
170W AC Power Module (used in S5700-HI series)
350W AC Power Module (used in S5710-HI series)
1,150W AC PoE Power Module