CloudEngine S5732-H Series Switches

CloudEngine S5732-H Series Switches

Product Overview

Huawei's CloudEngine S5732-H series enhanced gigabit switches provide GE optical access ports and 40 GE uplink ports. They deliver gigabit connectivity at the aggregation or access layer in large and midsize campuses, at the core layer in branches and small campuses, and at the access layer in data centers. Integrating native WLAN AC capabilities to support up to 1024 WLAN APs, CloudEngine S5732-H enables you to converge your wired and wireless networks for simplified operations.

These switches leverage Huawei's unified Versatile Routing Platform (VRP) and provide various Intent-Driven Network (IDN) features. They also offer free mobility to deliver consistent user experience and VXLAN-based virtualization to create a multi-purpose network. With built-in security probes, CloudEngine S5732-H supports abnormal traffic detection, Encrypted Communications Analytics (ECA), and network-wide threat deception.

Models and Appearances

Models and Appearances Description

CloudEngine S5732-H24S6Q

  • 20 × GE SFP ports, 4 × 10 GE SFP+ ports, 6 × 40 GE QSFP+ ports
  • 1+1 power backup
  • Forwarding performance: 360 Mpps
  • Switching capacity: 2.4 Tbit/s

CloudEngine S5732-H48S6Q

  • 44 × GE SFP ports, 4 × 10 GE SFP+ ports, 6 × 40 GE QSFP+ ports
  • 1+1 power backup
  • Forwarding performance: 420 Mpps
  • Switching capacity: 2.4 Tbit/s

Features and Highlights

Agile Networking for Service Agility

Create campus networks that meet your exact requirements. CloudEngine S5732-H provides open interfaces and supports user-defined forwarding behavior, enabling you to develop new protocols and functions as your business expands. With a high-speed chip that delivers flexible packet processing and traffic control capabilities, you can define your own forwarding models, forwarding behavior, and lookup algorithms.

In addition to the capabilities of traditional switches, CloudEngine S5732-H offers microcode programmability to facilitate rapid (within months) provisioning of new services without the need to replace existing hardware. In contrast, traditional ASIC-based switches, which use a fixed forwarding architecture and follow a fixed forwarding process, delay service rollout by up to three years because new hardware must be developed to support the new services. CloudEngine S5732-H enables you to meet service requirements now and in the future.

Agile Delivery of Abundant Services

Converge your wired and wireless networks to simplify operations. CloudEngine S5732-H integrates native WLAN AC functionality to support up to 1024 WLAN APs. This not only avoids the costs of purchasing additional WLAN AC hardware, but also overcomes the bottleneck associated with the forwarding performance of external WLAN ACs.

Through its unified user management interface, CloudEngine S5732-H delivers a consistent user experience for both wired and wireless users. It authenticates wired and wireless users using 802.1x, MAC address, Portal, and other authentication methods, and can manage users based on user groups, domains, and time ranges. These capabilities enable you to visualize the management of users and services and transform from device-centric to user-centric management.

CloudEngine S5732-H also provides strong quality of service (QoS) capabilities and efficient algorithms for queue scheduling and congestion control. Adopting innovative priority queuing and multi-level scheduling mechanisms, CloudEngine S5732-H implements fine-grained scheduling of data flows to meet the various service quality requirements of different users and services.

Agile, Fine-Grained Network Management

Increase your network management capabilities while simplifying how you manage your networks. CloudEngine S5732-H uses the Packet Conservation Algorithm for Internet (iPCA) technology, which transforms the fault locating process that traditionally relied on using simulated traffic. This cutting-edge fault detection technology monitors network quality for any service flow anywhere and anytime, without incurring additional costs. It rapidly detects temporary service interruptions and accurately identifies faulty ports, delivering fine-grained management capabilities for your network.

In addition, CloudEngine S5732-H supports Two-Way Active Measurement Protocol (TWAMP) to accurately check any IP link and obtain the entire network's IP performance, eliminating the need to use dedicated probes or proprietary protocols. It also supports SVF and functions as a parent switch. The SVF technology offers the innovative network management solution, enabling you to virtualize a physical network (comprised of small core or aggregation switches, access switches, and APs) into a "super switch".

CloudEngine S5732-H also supports the Easy Deploy function, which manages access switches similar to how an AC manages APs. Access switches and APs can go online with zero-touch configuration. In the Easy Deploy solution, a Commander collects topology information about connected clients, delivers configurations and scripts to clients, and collects and displays information about power consumption on the entire network.

Comprehensive VPN Technologies

Reduce the cost of deploying VPNs with MPLS. CloudEngine S5732-H supports MPLS and allows users in different VPNs to connect to the same switch. Users connect to a provider edge (PE) device through the same physical port on the switch, and are isolated through multi-instance routing. In addition, CloudEngine S5732-H can be used as an access device for high-quality enterprise leased lines.

Flexible Ethernet Networking

Increase the reliability and flexibility of your networks. CloudEngine S5732-H supports the traditional spanning tree protocols (STP, RSTP, and MSTP), as well as the latest Ethernet Ring Protection Switching (ERPS) standard that implements millisecond-level protection switching based on traditional Ethernet MAC and bridging functions. In addition, it supports Huawei's Smart Ethernet Protection (SEP) protocol. SEP delivers fast protection switching within 50 ms for ring network topologies, such as open ring, closed ring, and cascading ring topologies. Huawei designed this protocol specifically for the Ethernet link layer and is both reliable and easy to maintain.

To further improve reliability of access devices, CloudEngine S5732-H also supports Smart Link and the Virtual Router Redundancy Protocol (VRRP), which implement backup of uplinks. One CloudEngine S5732-H switch can connect to multiple aggregation switches through multiple links to significantly improve reliability of access devices.

Powerful Security Control

Secure your networks against malicious activities. CloudEngine S5732-H supports 802.1x, MAC address, Portal, and hybrid authentication, and can dynamically deliver user policies such as VLANs, QoS policies, and access control lists (ACLs). With a DHCP snooping binding table, CloudEngine S5732-H discards packets that do not match entries in the table — you can specify DHCP snooping trusted and untrusted ports to ensure that users connect only to the authorized DHCP server.

CloudEngine S5732-H also provides a series of mechanisms to defend against DoS and user-targeted attacks, and supports strict ARP learning to prevent attacks from exhausting ARP entries.

Mature IPv6 Features

Transition your networks towards IPv6. CloudEngine S5732-H supports IPv4/IPv6 dual stacks and IPv6 routing protocols (RIPng, OSPFv3, BGP4+, and IS-IS for IPv6). With these IPv6 features, you can deploy CloudEngine S5732-H switches on a pure IPv4 network, a pure IPv6 network, or a hybrid IPv4/IPv6 network, allowing you to upgrade your networks to IPv6 at your own pace.

Intelligent Stack (iStack)

Combine multiple switches into one logical switch to increase device reliability and network scalability. With iStack, you can virtualize up to nine physical switches into one logical switch to increase a stack's ports, bandwidth, and processing capacity. Member switches in a stack implement redundancy backup to improve device reliability and use inter-device link aggregation to improve link reliability. iStack simplifies device configuration and management, and you can log in to any member switch to manage all members in the stack.

PoE Power Supply

Power your devices flexibly. PoE-capable CloudEngine S5732-H series switches support both perpetual PoE and fast PoE. With perpetual PoE, you can reboot the switch after a software upgrade without interrupting power to PDs. And with fast PoE, the switch delivers power to PDs within 10 seconds after startup, much faster than the usual 1 to 3 minutes required by common switches. In addition, if a power failure occurs and a PoE-capable CloudEngine S5732-H series switch reboots, the switch immediately supplies power to PDs without waiting for the reboot process to complete, reducing the downtime of PDs.

VXLAN Features

Automate the deployment of virtual networks and transform a single-purpose network into a multi-purpose one. CloudEngine S5732-H supports VXLAN, with which you can construct a Unified Virtual Fabric (UVF). This enables you to not only deploy multiple service networks and tenant networks on the same physical network while isolating the service and tenant networks from each other, but also reduce network construction costs and improve resource utilization.

Because CloudEngine S5732-H switches support VXLAN, you can deploy them as centralized and distributed VXLAN gateways. These switches also support BGP EVPN for dynamically establishing VXLAN tunnels and can be configured using NETCONF/YANG.

Security with Big Data

Secure your networks with the power of big data. Through NetStream and collaboration with the Huawei Cybersecurity Intelligence System (CIS), CloudEngine S5732-H detects network security threats and displays the security posture across the entire network, enabling you to respond to security threats manually or through automation. The CIS delivers security policies to the Agile Controller, which then delivers them to switches so that the switches can take appropriate security measures.

In addition, CloudEngine S5732-H supports Encrypted Communication Analytics (ECA) for threat analysis in encrypted traffic. It extracts characteristics of encrypted streams based on NetStream sampling and Service Awareness (SA) and collaborates with the CIS, which uses AI to train traffic models and identify malicious traffic. The CIS displays detection results on a GUI, provides suggestions for handling threats, and automatically isolates threats with the Agile Controller.

CloudEngine S5732-H also supports network-wide threat deception for comprehensive, accurate, and efficient detection of attacks such as IP address scanning and port scanning. Interworking with the CIS to analyze threat traffic and with the Agile Controller to deliver security policies, CloudEngine S5732-H helps ensure your networks remain secure.

Open Programmability System (OPS)

Achieve rapid innovation of new functions, program O&M functions, and implement intelligent O&M through OPS. CloudEngine S5732-H supports OPS, which is an open, Python-based platform that provides RESTful APIs to realize flexible programmability. With OPS, you can implement rapid service expansion, automatic function deployment, and intelligent device management, driving down the cost of network operation and maintenance and facilitating network operations.

Intelligent Upgrade

Ensure your switching devices always remain up to date. CloudEngine S5732-H obtains the version upgrade path and downloads the latest upgrades from the Huawei Online Upgrade Platform (HOUP) through a highly automated process. CloudEngine S5732-H also supports preloading of versions, shortening both the upgrade time and the service interruption time. The HOUP standardizes the upgrade operations, reducing the risk of upgrade failures. With the intelligent upgrade feature, you can simplify the upgrade operations and perform independent upgrades, thereby reducing your maintenance costs.

Intelligent O&M

Realize intelligent O&M to deliver optimal user experience. Through Telemetry technology, CloudEngine S5732-H learns about the network in real time. Huawei's campus network analyzer, CampusInsight, in collaboration with CloudEngine S5732-H, analyzes network data using an intelligent fault identification algorithm. CampusInsight displays the real-time network status, demarcates and locates faults, and identifies network problems that affect user experience, enabling you to take remedial measures to ensure user experience.

CloudEngine S5732-H also supports a variety of intelligent O&M features for audio and video services, including the enhanced Media Delivery Index (eMDI). With eMDI, CloudEngine S5732-H can function as a monitored node, enabling CampusInsight to quickly and accurately demarcate faults that affect the quality of audio and video services.

Product Specifications

Item CloudEngine S5732-H24S6Q CloudEngine S5732-H48S6Q
Fixed ports 20 × GE SFP ports, 4 × 10 GE SFP+ ports, 6 × 40 GE QSFP+ ports
44 × GE SFP ports, 4 × 10 GE SFP+ ports, 6 × 40 GE QSFP+ ports
Dimensions (W x D x H) 442 mm × 420 mm × 43.6 mm 442 mm × 420 mm × 43.6 mm
Chassis height 1 U
1 U
Chassis weight (full configuration weight) 6.95 kg
7.25 kg
Input voltage
  • Rated: 100 V AC to 240 V AC; 50/60 Hz
  • Max AC input: 90 V AC to 290 V AC; 45-65 Hz
  • Max High-Voltage DC input: 190 V DC to 290 V DC
  • Rated: 100 V AC to 240 V AC; 50/60 Hz
  • Max AC input: 90 V AC to 290 V AC; 45-65 Hz
  • Max High-Voltage DC input: 190 V DC to 290 V DC
Maximum power consumption 231 W 274 W
Operating temperature
  • 0–1800 m altitude: –5°C to +45°C
  • 1800–5000 m altitude: The operating temperature reduces by 1°C for each 220 m increase in altitude.
  • 0–1800 m altitude: –5°C to +45°C
  • 1800–5000 m altitude: The operating temperature reduces by 1°C for each 220 m increase in altitude.
Relative humidity 5% to 95% (non-condensing) 5% to 95% (non-condensing)
Heat dissipation Air cooled, intelligent speed adjustment, and pluggable fans
Air cooled, intelligent speed adjustment, and pluggable fans

Service Features

Feature Description
MAC address table IEEE 802.1d standards compliance
128,000 MAC address entries
MAC address learning and aging
Static, dynamic, and blackhole MAC address entries
Packet filtering based on source MAC addresses
Guest VLAN and voice VLAN
VLAN assignment based on MAC addresses, protocols, IP subnets, policies, and ports
VLAN mapping
Wireless service AP access control, AP domain management, and AP configuration template management
Radio management, unified static configuration, and dynamic centralized management
WLAN basic services, QoS, security, and user management
CAPWAP, tag/terminal location, and spectrum analysis
Ethernet loop protection RRPP ring topology and RRPP multi-instance
Smart Link tree topology and Smart Link multi-instance, providing millisecond-level protection switching
ERPS (ITU-T G.8032)
BFD for OSPF, BFD for IS-IS, BFD for VRRP, and BFD for PIM
STP (IEEE 802.1d), RSTP (IEEE 802.1w), and MSTP (IEEE 802.1s)
BPDU protection, root protection, and loop protection
IP routing Static routes, RIP v1 and v2, RIPng, OSPF, OSPFv3, IS-IS, IS-ISv6, BGP, BGP4+, ECMP, and routing policies
Up to 192,000 FIBv4 entries
Up to 64,000 FIBv6 entries
Interoperability VLAN-Based Spanning Tree (VBST), working with PVST, PVST+, and RPVST
Link-type Negotiation Protocol (LNP), similar to DTP
VLAN Central Management Protocol (VCMP), similar to VTP
IPv6 features Up to 80,000 ND entries
IPv6 Ping, IPv6 Tracert, and IPv6 Telnet
ACLs based on source IPv6 addresses, destination IPv6 addresses, Layer 4 ports, or protocol types
Multicast Listener Discovery snooping (MLD v1 and v2)
IPv6 addresses configured for sub-interfaces, VRRP6, DHCPv6, and L3VPN
Multicast IGMP v1, v2, and v3 snooping and IGMP fast leave
Multicast forwarding in a VLAN and multicast replication between VLANs
Multicast load balancing among member ports of a trunk
Controllable multicast
Port-based multicast traffic statistics
IGMP v1, v2, and v3, PIM-SM, PIM-DM, and PIM-SSM
QoS/ACL Rate limiting in the inbound and outbound directions of a port
Packet redirection
Port-based traffic policing and two-rate three-color CAR
Eight queues per port
DRR, SP and DRR+SP queue scheduling algorithms
Re-marking of the 802.1p and DSCP fields of packets
Packet filtering at Layer 2 to Layer 4, filtering out invalid frames based on the source MAC address, destination MAC address, source IP address, destination IP address, TCP/UDP port number, protocol type, and VLAN ID
Queue-based rate limiting and shaping on ports
Security Hierarchical user management and password protection
DoS attack defense, ARP attack defense, and ICMP attack defense
Binding of the IP address, MAC address, port number, and VLAN ID
Port isolation, port security, and sticky MAC
MAC Forced Forwarding (MFF)
Blackhole MAC address entries
Limit on the number of learned MAC addresses
IEEE 802.1x authentication and limit on the number of users on a port
AAA authentication, RADIUS authentication, and HWTACACS authentication
SSH v2.0
CPU protection
Blacklist and whitelist
Attack source tracing and punishment for IPv6 packets such as ND, DHCPv6, and MLD packets
Secure Boot
Reliability LACP
Ethernet OAM (IEEE 802.3ah and IEEE 802.1ag)
BFD for BGP, BFD for IS-IS, BFD for OSPF, and BFD for static route
VXLAN VXLAN L2 and L3 gateways
Centralized and distributed gateway
Configured through the NETCONF protocol
Super Virtual Fabric (SVF) Functions as the parent node to virtualize downstream switches and APs vertically as one device for simpler management
Supports a two-layer client architecture
Supports IGMP snooping on access switches (ASs), and the maximum number of access users on a port can be configured
Supports independent configuration of ASs, services unsupported by templates can be configured on the parent
Supports third-party devices between SVF parent and clients
Functions as an SVF client for plug-and-play with zero configuration
iPCA Collection of real-time statistics on the number of lost packets and packet loss ratio at network and device levels
TWAMP Two-way IP link performance measurement
Measurement on two-way packet delay, one-way packet loss rate, and one-way packet jitter
Management and maintenance iStack, with up to 9 member switches in a stack
SNMP v1, v2c, and v3
Web-based NMS
System logs and alarms of different levels
Intelligent O&M

Networking and Applications

Large campuses and branch/small campuses

Huawei's CloudEngine S5732-H series enhanced gigabit switches deliver gigabit connectivity at the aggregation or access layer in large campuses, and at the core layer in branches and small campuses. These switches support wired and wireless convergence and unified management on devices, users, and services, and offer large table sizes and buffers to avoid packet loss when traffic bursts occur. CloudEngine S5732-H enables you to implement manageable and reliable campus networks with scalable services.

Ordering Information

Model Product Description
CloudEngine S5732-H24S6Q CloudEngine S5732-H24S6Q (20 × GE SFP ports,4 × 10 GE SFP+ ports, 6 × 40 GE QSFP ports) [power module sold separately]
CloudEngine S5732-H48S6Q CloudEngine S5732- H48S6Q (44× GE SFP ports,4 × 10 GE SFP+ ports, 6 × 40 GE QSFP ports) [power module sold separately]
PAC600S12-CB 600 W AC power module
FAN-031A-B Fan module

For more information, visit or contact the local Huawei sales office.