CloudEngine S5731-H Series Switches

Product Overview

Huawei's CloudEngine S5731-H series enhanced gigabit switches provide all-GE access, fixed 10 GE uplinks, and one extended slot. They deliver gigabit connectivity at the aggregation or access layer in large and midsize campuses, at the core layer in branches and small campuses, and at the access layer in data centers. Integrating native WLAN AC capabilities to support up to 1024 WLAN APs, CloudEngine S5731-H enables you to converge your wired and wireless networks for simplified operations.

These switches leverage Huawei's unified Versatile Routing Platform (VRP) and provide various Intent-Driven Network (IDN) features. They also offer free mobility to deliver consistent user experience and VXLAN-based virtualization to create a multi-purpose network. With built-in security probes, CloudEngine S5731-H supports abnormal traffic detection, Encrypted Communications Analytics (ECA), and network-wide threat deception.

Models and Appearances

The following models are available in the CloudEngine S5731-H series.

Models and Appearances Description

CloudEngine S5731-H24T4XC

  • 24 × 10/100/1000Base-T Ethernet ports, 4 × 10 Gig SFP+ ports
  • One extended slot (for future use)
  • 1+1 power backup
  • Forwarding performance: 100 Mpps
  • Switching capacity: 672 Gbit/s

CloudEngine S5731-H24P4XC

  • 24 × 10/100/1000Base-T Ethernet ports, 4 × 10 Gig SFP+ ports
  • One extended slot (for future use)
  • 1+1 power backup
  • PoE+
  • Forwarding performance: 100 Mpps
  • Switching capacity: 672 Gbit/s

CloudEngine S5731-H48T4XC

  • 48 × 10/100/1000Base-T Ethernet ports, 4 × 10 Gig SFP+ ports
  • One extended slot (for future use)
  • 1+1 power backup
  • Forwarding performance: 125 Mpps
  • Switching capacity: 672 Gbit/s

CloudEngine S5731-H48P4XC

  • 48 × 10/100/1000Base-T Ethernet ports, 4 × 10 Gig SFP+ ports
  • One extended slot (for future use)
  • 1+1 power backup
  • PoE+
  • Forwarding performance: 125 Mpps
  • Switching capacity: 672 Gbit/s

Features and Highlights

Agile Networking for Service Agility

Create campus networks that meet your exact requirements. CloudEngine S5731-H provides open interfaces and supports user-defined forwarding behavior, enabling you to develop new protocols and functions as your business expands. With a high-speed chip that delivers flexible packet processing and traffic control capabilities, you can define your own forwarding models, forwarding behavior, and lookup algorithms.

In addition to the capabilities of traditional switches, CloudEngine S5731-H offers microcode programmability to facilitate rapid (within months) provisioning of new services without the need to replace existing hardware. In contrast, traditional ASIC-based switches, which use a fixed forwarding architecture and follow a fixed forwarding process, delay service rollout by up to three years because new hardware must be developed to support the new services. CloudEngine S5731-H enables you to meet service requirements now and in the future.

Agile Delivery of Abundant Services

Converge your wired and wireless networks to simplify operations. CloudEngine S5731-H integrates native WLAN AC functionality to support up to 1024 WLAN APs. This not only avoids the costs of purchasing additional WLAN AC hardware, but also overcomes the bottleneck associated with the forwarding performance of external WLAN ACs.

Through its unified user management interface, CloudEngine S5731-H delivers a consistent user experience for both wired and wireless users. It authenticates wired and wireless users using 802.1x, MAC address, Portal, and other authentication methods, and can manage users based on user groups, domains, and time ranges. These capabilities enable you to visualize the management of users and services and transform from device-centric to user-centric management.

CloudEngine S5731-H also provides strong quality of service (QoS) capabilities and efficient algorithms for queue scheduling and congestion control. Adopting innovative priority queuing and multi-level scheduling mechanisms, CloudEngine S5731-H implements fine-grained scheduling of data flows to meet the various service quality requirements of different users and services.

Agile, Fine-Grained Network Management

Increase your network management capabilities while simplifying how you manage your networks. CloudEngine S5731-H uses the Packet Conservation Algorithm for Internet (iPCA) technology, which transforms the fault locating process that traditionally relied on using simulated traffic. This cutting-edge fault detection technology monitors network quality for any service flow anywhere and anytime, without incurring additional costs. It rapidly detects temporary service interruptions and accurately identifies faulty ports, delivering fine-grained management capabilities for your network.

In addition, CloudEngine S5731-H supports Two-Way Active Measurement Protocol (TWAMP) to accurately check any IP link and obtain the entire network's IP performance, eliminating the need to use dedicated probes or proprietary protocols. It also supports SVF and functions as a parent switch. The SVF technology offers the innovative network management solution, enabling you to virtualize a physical network (comprised of small core or aggregation switches, access switches, and APs) into a "super switch".

CloudEngine S5731-H also supports the Easy Deploy function, which manages access switches similar to how an AC manages APs. Access switches and APs can go online with zero-touch configuration. In the Easy Deploy solution, a Commander collects topology information about connected clients, delivers configurations and scripts to clients, and collects and displays information about power consumption on the entire network.

Comprehensive VPN Technologies

Reduce the cost of deploying VPNs with MPLS. CloudEngine S5731-H supports MPLS and allows users in different VPNs to connect to the same switch. Users connect to a provider edge (PE) device through the same physical port on the switch, and are isolated through multi-instance routing. In addition, CloudEngine S5731-H can be used as an access device for high-quality enterprise leased lines.

Flexible Ethernet Networking

Increase the reliability and flexibility of your networks. CloudEngine S5731-H supports the traditional spanning tree protocols (STP, RSTP, and MSTP), as well as the latest Ethernet Ring Protection Switching (ERPS) standard that implements millisecond-level protection switching based on traditional Ethernet MAC and bridging functions. In addition, it supports Huawei's Smart Ethernet Protection (SEP) protocol. SEP delivers fast protection switching within 50 ms for ring network topologies, such as open ring, closed ring, and cascading ring topologies. Huawei designed this protocol specifically for the Ethernet link layer and is both reliable and easy to maintain.

To further improve reliability of access devices, CloudEngine S5731-H also supports Smart Link and the Virtual Router Redundancy Protocol (VRRP), which implement backup of uplinks. One CloudEngine S5731-H switch can connect to multiple aggregation switches through multiple links to significantly improve reliability of access devices.

Powerful Security Control

Secure your networks against malicious activities. CloudEngine S5731-H supports 802.1x, MAC address, Portal, and hybrid authentication, and can dynamically deliver user policies such as VLANs, QoS policies, and access control lists (ACLs). With a DHCP snooping binding table, CloudEngine S5731-H discards packets that do not match entries in the table — you can specify DHCP snooping trusted and untrusted ports to ensure that users connect only to the authorized DHCP server.

CloudEngine S5731-H also provides a series of mechanisms to defend against DoS and user-targeted attacks, and supports strict ARP learning to prevent attacks from exhausting ARP entries.

Mature IPv6 Features

Transition your networks towards IPv6. CloudEngine S5731-H supports IPv4/IPv6 dual stacks and IPv6 routing protocols (RIPng, OSPFv3, BGP4+, and IS-IS for IPv6). With these IPv6 features, you can deploy CloudEngine S5731-H switches on a pure IPv4 network, a pure IPv6 network, or a hybrid IPv4/IPv6 network, allowing you to upgrade your networks to IPv6 at your own pace.

Intelligent Stack (iStack)

Combine multiple switches into one logical switch to increase device reliability and network scalability. With iStack, you can virtualize up to nine physical switches into one logical switch to increase a stack's ports, bandwidth, and processing capacity. Member switches in a stack implement redundancy backup to improve device reliability and use inter-device link aggregation to improve link reliability. iStack simplifies device configuration and management, and you can log in to any member switch to manage all members in the stack.

PoE Power Supply

Power your devices flexibly. PoE-capable CloudEngine S5731-H series switches support both perpetual PoE and fast PoE. With perpetual PoE, you can reboot the switch after a software upgrade without interrupting power to PDs. And with fast PoE, the switch delivers power to PDs within 10 seconds after startup, much faster than the usual 1 to 3 minutes required by common switches. In addition, if a power failure occurs and a PoE-capable CloudEngine S5731-H series switch reboots, the switch immediately supplies power to PDs without waiting for the reboot process to complete, reducing the downtime of PDs.

VXLAN Features

Automate the deployment of virtual networks and transform a single-purpose network into a multi-purpose one. CloudEngine S5731-H supports VXLAN, with which you can construct a Unified Virtual Fabric (UVF). This enables you to not only deploy multiple service networks and tenant networks on the same physical network while isolating the service and tenant networks from each other, but also reduce network construction costs and improve resource utilization.

Because CloudEngine S5731-H switches support VXLAN, you can deploy them as centralized and distributed VXLAN gateways. These switches also support BGP EVPN for dynamically establishing VXLAN tunnels and can be configured using NETCONF/YANG.

Security with Big Data

Secure your networks with the power of big data. Through NetStream and collaboration with the Huawei Cybersecurity Intelligence System (CIS), CloudEngine S5731-H detects network security threats and displays the security posture across the entire network, enabling you to respond to security threats manually or through automation. The CIS delivers security policies to the Agile Controller, which then delivers them to switches so that the switches can take appropriate security measures.

In addition, CloudEngine S5731-H supports Encrypted Communication Analytics (ECA) for threat analysis in encrypted traffic. It extracts characteristics of encrypted streams based on NetStream sampling and Service Awareness (SA) and collaborates with the CIS, which uses AI to train traffic models and identify malicious traffic. The CIS displays detection results on a GUI, provides suggestions for handling threats, and automatically isolates threats with the Agile Controller.

CloudEngine S5731-H also supports network-wide threat deception for comprehensive, accurate, and efficient detection of attacks such as IP address scanning and port scanning. Interworking with the CIS to analyze threat traffic and with the Agile Controller to deliver security policies, CloudEngine S5731-H helps ensure your networks remain secure.

Open Programmability System (OPS)

Achieve rapid innovation of new functions, program O&M functions, and implement intelligent O&M through OPS. CloudEngine S5731-H supports OPS, which is an open, Python-based platform that provides RESTful APIs to realize flexible programmability. With OPS, you can implement rapid service expansion, automatic function deployment, and intelligent device management, driving down the cost of network operation and maintenance and facilitating network operations.

Intelligent Upgrade

Ensure your switching devices always remain up to date. CloudEngine S5731-H obtains the version upgrade path and downloads the latest upgrades from the Huawei Online Upgrade Platform (HOUP) through a highly automated process. CloudEngine S5731-H also supports preloading of versions, shortening both the upgrade time and the service interruption time. The HOUP standardizes the upgrade operations, reducing the risk of upgrade failures. With the intelligent upgrade feature, you can simplify the upgrade operations and perform independent upgrades, thereby reducing your maintenance costs.

Intelligent O&M

Realize intelligent O&M to deliver optimal user experience. Through Telemetry technology, CloudEngine S5731-H learns about the network in real time. Huawei's campus network analyzer, CampusInsight, in collaboration with CloudEngine S5731-H, analyzes network data using an intelligent fault identification algorithm. CampusInsight displays the real-time network status, demarcates and locates faults, and identifies network problems that affect user experience, enabling you to take remedial measures to ensure user experience.

CloudEngine S5731-H also supports a variety of intelligent O&M features for audio and video services, including the enhanced Media Delivery Index (eMDI). With eMDI, CloudEngine S5731-H can function as a monitored node, enabling CampusInsight to quickly and accurately demarcate faults that affect the quality of audio and video services.

Product Specifications

Item CloudEngine S5731-H24T4XC CloudEngine S5731-H24P4XC CloudEngine S5731-H48T4XC CloudEngine S5731-H48P4XC
Fixed ports 24 × 10/100/1000Base-T Ethernet ports, 4 × 10 Gig SFP+
24 × 10/100/1000Base-T PoE+ ports, 4 × 10 Gig SFP+
48 × 10/100/1000Base-T Ethernet ports, 4 × 10 Gig SFP+
48 × 10/100/1000Base-T PoE+ ports, 4 × 10 Gig SFP+
Dimensions (W x D x H) 442 mm x 420 mm x 43.6 mm 442 mm x 420 mm x 43.6 mm 442 mm x 420 mm x 43.6 mm 442 mm x 420 mm x 43.6 mm
Extended slots 1 (for future use)
1 (for future use)
1 (for future use)
1 (for future use)
Input voltage
  • Rated: 100 V AC to 240 V AC; 50/60 Hz
  • Max AC input: 90 V AC to 290 V AC; 45–65 Hz
  • Max DC input: 190 V AC to 290 V DC
  • Rated: 100 V AC to 240 V AC; 50/60 Hz
  • Max AC input: 90 V AC to 290 V AC; 45–65 Hz
  • Max DC input: 190 V AC to 290 V DC
  • Rated: 100 V AC to 240 V AC; 50/60 Hz
  • Max AC input: 90 V AC to 290 V AC; 45–65 Hz
  • Max DC input: 190 V AC to 290 V DC
  • Rated: 100 V AC to 240 V AC; 50/60 Hz
  • Max AC input: 90 V AC to 290 V AC; 45–65 Hz
  • Max DC input: 190 V AC to 290 V DC
Maximum power consumption 114 W
  • Without PDs: 121 W
  • With PDs: 977 W (740 W available for PDs)
124 W
  • Without PDs: 132 W
  • With PDs: 1750 W (1440 W available for PDs)
Operating temperature
  • 0–1800 m altitude: –5°C to +45°C
  • 1800–5000 m altitude: The operating temperature reduces by 1°C for each 220 m increase in altitude.
  • 0–1800 m altitude: –5°C to +45°C
  • 1800–5000 m altitude: The operating temperature reduces by 1°C for each 220 m increase in altitude.
  • 0–1800 m altitude: –5°C to +45°C
  • 1800–5000 m altitude: The operating temperature reduces by 1°C for each 220 m increase in altitude.
  • 0–1800 m altitude: –5°C to +45°C
  • 1800–5000 m altitude: The operating temperature reduces by 1°C for each 220 m increase in altitude.
Relative humidity 5% to 95% (non-condensing) 5% to 95% (non-condensing) 5% to 95% (non-condensing) 5% to 95% (non-condensing)
Heat dissipation Air cooled, intelligent speed adjustment, and pluggable fans
Air cooled, intelligent speed adjustment, and pluggable fans Air cooled, intelligent speed adjustment, and pluggable fans Air cooled, intelligent speed adjustment, and pluggable fans

Service Features

Feature Description
MAC address table IEEE 802.1d standards compliance
288,000 MAC address entries
MAC address learning and aging
Static, dynamic, and blackhole MAC address entries
Packet filtering based on source MAC addresses
VLAN 4094 VLANs
Guest VLAN and voice VLAN
GVRP
MUX VLAN
VLAN assignment based on MAC addresses, protocols, IP subnets, policies, and ports
VLAN mapping
Wireless service AP access control, AP domain management, and AP configuration template management
Radio management, unified static configuration, and dynamic centralized management
WLAN basic services, QoS, security, and user management
CAPWAP, tag/terminal location, and spectrum analysis
Ethernet loop protection RRPP ring topology and RRPP multi-instance
Smart Link tree topology and Smart Link multi-instance, providing millisecond-level protection switching
SEP
ERPS (ITU-T G.8032)
BFD for OSPF, BFD for IS-IS, BFD for VRRP, and BFD for PIM
STP (IEEE 802.1d), RSTP (IEEE 802.1w), and MSTP (IEEE 802.1s)
BPDU protection, root protection, and loop protection
MPLS MPLS L3VPN
MPLS L2VPN (VPWS/VPLS)
MPLS-TE
MPLS QoS
IP routing Static routes, RIP v1 and v2, RIPng, OSPF, OSPFv3, IS-IS, IS-ISv6, BGP, BGP4+, ECMP, and routing policies
Up to 512,000 FIBv4 entries
Up to 64,000 FIBv6 entries
Interoperability VLAN-Based Spanning Tree (VBST), working with PVST, PVST+, and RPVST
Link-type Negotiation Protocol (LNP), similar to DTP
VLAN Central Management Protocol (VCMP), similar to VTP
IPv6 features Up to 64,000 ND entries
PMTU
IPv6 Ping, IPv6 Tracert, and IPv6 Telnet
ACLs based on source IPv6 addresses, destination IPv6 addresses, Layer 4 ports, or protocol types
Multicast Listener Discovery snooping (MLD v1 and v2)
IPv6 addresses configured for sub-interfaces, VRRP6, DHCPv6, and L3VPN
Multicast IGMP v1, v2, and v3 snooping and IGMP fast leave
Multicast forwarding in a VLAN and multicast replication between VLANs
Multicast load balancing among member ports of a trunk
Controllable multicast
Port-based multicast traffic statistics
IGMP v1, v2, and v3, PIM-SM, PIM-DM, and PIM-SSM
MSDP
MVPN
QoS/ACL Rate limiting in the inbound and outbound directions of a port
Packet redirection
Port-based traffic policing and two-rate three-color CAR
Eight queues per port
DRR, SP and DRR+SP queue scheduling algorithms
WRED
Re-marking of the 802.1p and DSCP fields of packets
Packet filtering at Layer 2 to Layer 4, filtering out invalid frames based on the source MAC address, destination MAC address, source IP address, destination IP address, TCP/UDP port number, protocol type, and VLAN ID
Queue-based rate limiting and shaping on ports
Security Hierarchical user management and password protection
DoS attack defense, ARP attack defense, and ICMP attack defense
Binding of the IP address, MAC address, port number, and VLAN ID
Port isolation, port security, and sticky MAC
MAC Forced Forwarding (MFF)
Blackhole MAC address entries
Limit on the number of learned MAC addresses
IEEE 802.1x authentication and limit on the number of users on a port
AAA authentication, RADIUS authentication, and HWTACACS authentication
NAC
SSH v2.0
HTTPS
CPU protection
Blacklist and whitelist
Attack source tracing and punishment for IPv6 packets such as ND, DHCPv6, and MLD packets
Secure Boot
IPsec
ECA
Deception
Reliability LACP
E-trunk
Ethernet OAM (IEEE 802.3ah and IEEE 802.1ag)
ITU-Y.1731
DLDP
LLDP
BFD for BGP, BFD for IS-IS, BFD for OSPF, and BFD for static route
VXLAN VXLAN L2 and L3 gateways
Centralized and distributed gateway
BGP-EVPN
Configured through the NETCONF protocol
Super Virtual Fabric (SVF) Functions as the parent node to virtualize downstream switches and APs vertically as one device for simpler management
Supports a two-layer client architecture
Supports IGMP snooping on access switches (ASs), and the maximum number of access users on a port can be configured
Supports independent configuration of ASs, services unsupported by templates can be configured on the parent
Supports third-party devices between SVF parent and clients
Functions as an SVF client for plug-and-play with zero configuration
iPCA Collection of real-time statistics on the number of lost packets and packet loss ratio at network and device levels
TWAMP Two-way IP link performance measurement
Measurement on two-way packet delay, one-way packet loss rate, and one-way packet jitter
Management and maintenance iStack, with up to 9 member switches in a stack
SNMP v1, v2c, and v3
RMON
Web-based NMS
System logs and alarms of different levels
GVRP
MUX VLAN
NetStream
Intelligent O&M

Networking and Applications

Large campuses and branch/small campuses

Huawei's CloudEngine S5731-H series enhanced gigabit switches deliver gigabit connectivity at the aggregation or access layer in large and midsize campuses, and at the core layer in branches and small campuses. These switches support wired and wireless convergence and unified management on devices, users, and services, and offer large table sizes and buffers to avoid packet loss when traffic bursts occur. CloudEngine S5731-H enables you to implement manageable and reliable campus networks with scalable services.

Ordering Information

Model Product Description
CloudEngine S5731-H24T4XC CloudEngine S5731-H24T4XC (24*10/100/1000BASE-T ports, 4*10GE SFP+ ports, 1*expansion slot, without power module)
CloudEngine S5731-H24P4XC CloudEngine S5731-H24P4XC (24*10/100/1000BASE-T ports, 4*10GE SFP+ ports, 1*expansion slot, PoE+, without power module)
CloudEngine S5731-H48T4XC CloudEngine S5731-H48T4XC (48*10/100/1000BASE-T ports, 4*10GE SFP+ ports, 1*expansion slot, without power module)
CloudEngine S5731-H48P4XC CloudEngine S5731-H48P4XC (48*10/100/1000BASE-T ports, 4*10GE SFP+ ports, 1*expansion slot, PoE+, without power module)
PAC600S12-CB 600 W AC power module
PAC1000S56-CB 1000 W AC PoE power module
FAN-023A-B Fan module

For more information, visit https://e.huawei.com/en/ or contact the local Huawei sales office.