S5720-HI Series Agile Fixed Switches

S5720-HI Series Agile Fixed Switches

Product overview

Huawei S5720-HI series switches are advanced Gigabit Ethernet switches that provide various agile features. The switches are developed based on the Huawei Versatile Routing Platform (VRP) to implement software definition and service change on demand. With services and network convergence as the core, the switches provide the free mobility function to ensure consistent user experience. The Super Virtual Fabric (SVF) function virtualizes the entire network into a single device. In addition, the switches support flexible Ethernet networking, comprehensive VPN tunnel solutions, various security control methods, intelligent deployment, and simple Operations & Maintenance (O&M). The S5720-HI series switches are the best choices for the branches of high-quality medium to large campus networks, the core layer of small campus networks, and the access layer of data center networks.

Models and appearances

Models and Appearances Description

S5720-32C-HI-24S-AC
  • 24 x Gig SFP ports, 8 of which are dual-purpose 10/100/1,000 or SFP, 4 x 10 Gig SFP+
  • Two expansion slots (one is reserved for future use)
  • Dual pluggable AC or DC power supplies, one 600W AC power supply equipped by default
  • Forwarding performance: 168 Mpps
  • Switching capacity: 598 Gbit/s

S5720-56C-HI-AC
  • 48 x Ethernet 10/100/1,000 Base-T ports, 4 x 10 Gig SFP+
  • Two expansion slots (one is reserved for future use)
  • Dual pluggable AC or DC power supplies, one 600W AC power supply equipped by default
  • Forwarding performance: 192 Mpps
  • Switching Capacity: 598 Gbit/s

S5720-56C-PWR-HI-AC
  • 48 x Ethernet 10/100/1,000 Base-T ports, 4 x 10 Gig SFP+
  • Two expansion slots (one is reserved for future use)
  • Dual pluggable AC power supplies, one 1,150W AC power supply equipped by default
  • PoE+
  • Forwarding performance: 192 Mpps
  • Switching Capacity: 598 Gbit/s

S5720-56C-PWR-HI-AC1
  • 48 x Ethernet 10/100/1,000 Base-T ports, 4 x 10 Gig SFP+
  • Two expansion slots (one is reserved for future use)
  • Dual pluggable AC power supplies, one 580W AC power supply equipped by default
  • PoE+
  • Forwarding performance: 192 Mpps
  • Switching Capacity: 598 Gbit/s

Features and highlights

Enabling networks to be more agile for services

  • The S5720-HI’s flexible packet processing and traffic control capabilities can meet current and future service requirements, helping build a highly scalable network.
  • In addition to capabilities of traditional switches, the S5720-HI provides open interfaces and supports user-defined forwarding behaviors. Enterprises can use the open interfaces to develop new protocols and functions independently or jointly with equipment vendors to build campus networks meeting their own needs.
  • The S5720-HI series switches can define their own forwarding models, forwarding behaviors, and lookup algorithms. Microcode programmability makes it possible to provide new services within six months, without the need to replace the hardware.

Delivering abundant services more agilely

  • The S5720-HI provides the integrated WLAN AC function that can manage 1,000 APs, reducing the costs of purchasing additional WLAN AC hardware. The wireless forwarding performance reaches up to 260 Gbit/s (calculated based on 1024-byte packets), breaking the forwarding performance bottleneck of an external WLAN AC. With this switch series, customers can stay ahead in the high-speed wireless era.
  • With the unified user management function, the S5720-HI authenticates both wired and wireless users, ensuring a consistent user experience regardless of whether they are connected to the network through wired or wireless access devices. The unified user management function supports various authentication methods, including 802.1X, MAC address, and Portal authentication, and is capable of managing users based on user groups, domains, and time ranges. These functions visualize user and service management and boost the transformation from device-centric management to user-centric management.
  • The S5720-HI provides excellent QoS capabilities and supports queue scheduling and congestion control algorithms. Additionally, it adopts innovative priority queuing and multi-level scheduling mechanisms to implement fine-grained scheduling of data flows, meeting service quality requirements of different user terminals and services.

Providing fine granular network management more agilely

  • The S5720-HI uses the Packet Conservation Algorithm for Internet (iPCA) technology that changes the traditional method of using simulated traffic for fault location. iPCA technology can monitor network quality for any service flow anywhere and anytime, without extra costs. It can detect temporary service interruptions in a very short time and can identify faulty ports accurately. This cutting-edge fault detection technology turns “extensive management” to “fine granular management.”
  • The S5720-HI supports Two-Way Active Measurement Protocol (TWAMP) to accurately check any IP link and obtain the entire network’s IP performance. This protocol eliminates the need to use a dedicated probe or a proprietary protocol.
  • The S5720-HI supports SVF and functions as a parent switch. With this virtualization technology, a physical network with the “Small-sized core/aggregation switches + Access switches + APs” structure can be virtualized into a “super switch”, offering the industry’s simplest network management solution.
  • With the Easy Deploy function, the S5720-HI manages access switches in a similar way an AC manages APs. In deployment, access switches and APs can go online with zero-touch configuration. In the Easy Deploy solution, the Commander collects topology information about the connected clients and stores the clients’ startup information based on the topology. Clients can be replaced with zero-touch configuration. The Commander can deliver configurations and scripts to clients in batches and query the delivery results. In addition, the Commander can collect and display information about power consumption on the entire network.

Intelligent O&M

  • The S5720-HI provides telemetry technology to collect device data in real time and send the data to Huawei campus network analyzer CampusInsight. The CampusInsight analyzes network data based on the intelligent fault identification algorithm, accurately displays the real-time network status, effectively demarcates and locates faults in a timely manner, and identifies network problems that affect user experience, accurately guaranteeing user experience.
  • The S5720-HI supports a variety of intelligent O&M features for audio and video services, including the enhanced Media Delivery Index (eMDI). With this eDMI function, the switch can function as a monitored node to periodically conduct statistics and report audio and video service indicators to the CampusInsight platform. In this way, the CampusInsight platform can quickly demarcate audio and video service quality faults based on the results of multiple monitored nodes.

Comprehensive VPN technologies

  • The S5720-HI supports the MPLS function, and can be used as access devices of high-quality enterprise leased line.
  • The S5720-HI allows users in different VPNs to connect to the same switch and isolates users through multi-instance routing. Users in multiple VPNs connect to a Provider Edge (PE) device through the same physical port on the switch, which reduces the cost on VPN network deployment.

Flexible Ethernet networking

  • In addition to traditional Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP), the S5720-HI supports Huawei-developed Smart Ethernet Protection (SEP) technology and the latest Ethernet Ring Protection Switching (ERPS) standard. SEP is a ring protection protocol specific to the Ethernet link layer, and applies to various ring network topologies, such as open ring topology, closed ring topology, and cascading ring topology. This protocol is reliable and easy to maintain, and implements fast protection switching within 50 milliseconds. ERPS is defined in ITU-T G.8032. It implements millisecond-level protection switching based on traditional Ethernet MAC and bridging functions.
  • The S5720-HI supports Smart Link and Virtual Router Redundancy Protocol (VRRP), which implement backup of uplinks. One S5720-HI switch can connect to multiple aggregation switches through multiple links, significantly improving reliability of access devices.
  • The S5720-HI has large entry sizes and buffers, coping with the fast growth of data volume in the big data era. With the support for 128K MAC addresses, 1M FIB entries, and 200-millisecond buffer on each port, the S5720-HI meets the requirements of educational networks and metro area networks and allows the access of a large number of terminals. The S5720-HI is the best choice in the cloud computing era.

Various security control methods

  • The S5720-HI supports 802.1X authentication, MAC address authentication, Portal authentication, and hybrid authentication, and can dynamically delivery user policies such as VLANs, QoS policies, and Access Control Lists (ACL). It also supports user management based on user groups.
  • The S5720-HI provides a series of mechanisms to defend against DoS and user-targeted attacks. DoS attacks are targeted at switches and include SYN flood, Land, Smurf, and ICMP flood attacks. User-targeted attacks include bogus DHCP server attacks, IP/MAC address spoofing, DHCP request flood, and change of the DHCP CHADDR value.
  • The S5720-HI sets up and maintains a DHCP snooping binding table, and discards the packets that do not match the table entries. You can specify DHCP snooping trusted and untrusted ports to ensure that users connect only to the authorized DHCP server.
  • The S5720-HI supports strict ARP learning, which prevents ARP spoofing attackers from exhausting ARP entries.

Big Data security collaboration

  • Agile switches use NetStream to collect campus network data and then report such data to the Huawei Cybersecurity Intelligence System (CIS). The purposes of doing so are to detect network security threats, display the security posture across the entire network, and enable automated or manual response to security threats. The CIS delivers the security policies to the Agile Controller. The Agile Controller then delivers such policies to agile switches that will handle security events accordingly. All these ensure campus network security.
  • The S5720-HI supports Encrypted Communication Analytics (ECA). It uses built-in ECA probes to extract characteristics of encrypted streams based on NetStream sampling and Service Awareness (SA), generates metadata, and reports the metadata to Huawei Cybersecurity Intelligence System (CIS). It uses the AI algorithm to train the traffic model and compare characteristics of extracted encrypted traffic to identify malicious traffic. The CIS displays detection results on the GUI, provides threat handling suggestions, and automatically isolates threats with the Agile Controller to ensure campus network security.
  • The S5720-HI supports deception. It functions as a sensor to detect threats such as IP address scanning and port scanning on a network and lures threat traffic to the honeypot for further checks. The honeypot performs in-depth interaction with the initiator of the threat traffic, records various application-layer attack methods of the initiator, and reports security logs to the CIS. The CIS analyzes security logs. If the CIS determines that the suspicious traffic is an attack, it generates an alarm and provides handling suggestions. After the administrator confirms the alarm, the CIS delivers a policy to the Agile Controller. The Agile Controller delivers the policy to the switch for security event processing, ensuring campus network security.

Mature IPv6 features

  • The S5720-HI is developed based on the mature, stable VRP and supports IPv4/IPv6 dual stacks, IPv6 routing protocols (RIPng, OSPFv3, BGP4+, and IS-IS for IPv6). With these IPv6 features, the S5720-HI can be deployed on a pure IPv4 network, a pure IPv6 network, or a shared IPv4/IPv6 network, helping achieve IPv4-to-IPv6 transition.

Intelligent stack (iStack)

  • The S5720-HI supports the iStack function that combines multiple switches into a logical switch. Member switches in a stack implement redundancy backup to improve device reliability and use inter-device link aggregation to improve link reliability.
  • iStack provides high network scalability. You can increase a stack’s ports, bandwidth, and processing capacity by simply adding member switches.
  • iStack also simplifies device configuration and management. After a stack is set up, up to nine physical switches can be virtualized into one logical device. You can log in to any member switch in the stack to manage all the member switches in the stack.

VXLAN features

  • VXLAN is used to construct a Unified Virtual Fabric (UVF). As such, multiple service networks or tenant networks can be deployed on the same physical network, and service and tenant networks are isolated from each other. This capability truly achieves ‘one network for multiple purposes’. The resulting benefits include enabling data transmission of different services or customers, reducing the network construction costs, and improving network resource utilization.
  • The S5720-HI series switches are VXLAN-capable and allow centralized and distributed VXLAN gateway deployment modes. These switches also support the BGP EVPN protocol for dynamically establishing VXLAN tunnels and can be configured using NETCONF/YANG.

OPS

  • Open Programmability System (OPS) is an open programmable system based on the Python language. IT administrators can program the O&M functions of a switch through Python scripts to quickly innovate functions and implement intelligent O&M.

Perpetual PoE

  • When a PoE switch is rebooted after the software version is upgraded, the power supply to PDs is not interrupted. This capability ensures that PDs are not powered off during the switch reboot.

Product specifications

Item S5720-32C-HI-24S-AC S5720-56C-HI-AC S5720-56C-PWR-HI-AC S5720-56C-PWR-HI-AC1
Fixed Ports 24 x Gig SFP, 8 x Combo (10/100/1,000 Base-T or 100/1,000 Base-X), and 4 x 10 Gig SFP+ 48 x 10/100/1,000 Base-T, 4 x 10 Gig SFP+ 48 x 10/100/1,000 Base-T, 4 x 10 Gig SFP+ 48 x 10/100/1,000 Base-T, 4 x 10 Gig SFP+
Dimensions (W x D x H) 442 mm x 420 mm x 44.4 mm 442 mm x 420 mm x 44.4 mm 442 mm x 420 mm x 44.4 mm 442 mm x 420 mm x 44.4 mm
Extended Slots Two expansion slots (one is reserved for future use) are used to support the following card:
  • 4-port 10 GE SFP+ interface card
Two expansion slots (one is reserved for future use) are used to support the following card:
  • 4-port 10 GE SFP+ interface card
Two expansion slots (one is reserved for future use) are used to support the following card:
  • 4-port 10 GE SFP+ interface card
Two expansion slots (one is reserved for future use) are used to support the following card:
  • 4-port 10 GE SFP+ interface card
Input Voltage AC:
  • Rated AC voltage: 100V to 240V; 50/60 Hz
  • Maximum AC voltage: 90V to 264V; 47 Hz to 63 Hz
DC:
  • Rated DC power: -48V to -60V
  • Max DC voltage: -38.4V to -72V
AC:
  • Rated AC voltage: 100V to 240V; 50/60 Hz
  • Maximum AC voltage: 90V to 264V; 47 Hz to 63 Hz
DC:
  • Rated DC power: -48V to -60V
  • Maximum DC voltage: -38.4V to -72V
AC:
  • Rated AC voltage: 100V to 240V; 50/60 Hz
  • Maximum AC voltage: 90V to 264V; 47 Hz to 63 Hz
AC:
  • Rated AC voltage: 100V to 240V; 50/60 Hz
  • Maximum AC voltage: 90V to 264V; 47 Hz to 63 Hz
Maximum Power Consumption 172.7W 183.3W
  • PoE not used: 188.74W
  • PoE used: 1,739W (PoE: 1,440W)
  • PoE not used: 188.74W
  • PoE used: 1,036W (PoE: 740W)
Typical Power Consumption (without PoE) 122.12W 128.93W 132.35W 137.8W
Operating Temperature
  • 0m to 1,800m altitude: 0°C to 45°C
  • 1,800m to 5,000m altitude: The operating temperature reduces by 1°C for each 220m increase in altitude.
  • 0m to 1,800m altitude: 0°C to 45°C
  • 1,800m to 5,000m altitude: The operating temperature reduces by 1°C for each 220m increase in altitude.
  • 0m to 1,800m altitude: 0°C to 45°C
  • 1,800m to 5,000m altitude: The operating temperature reduces by 1°C for each 220m increase in altitude.
  • 0m to 1,800m altitude: 0°C to 45°C
  • 1,800m to 5,000m altitude: The operating temperature reduces by 1°C for each 220m increase in altitude.
Relative Humidity 5% to 95% (non-condensing) 5% to 95% (non-condensing) 5% to 95% (non-condensing) 5% to 95% (non-condensing)
Heat Dissipation Heat dissipation with fan, intelligent fan speed adjustment Heat dissipation with fan, intelligent fan speed adjustment Heat dissipation with fan, intelligent fan speed adjustment Heat dissipation with fan, intelligent fan speed adjustment

Service features

Item Description
MAC Address Table IEEE 802.1d standards compliance
128K MAC address entries
MAC address learning and aging
Static, dynamic, and blackhole MAC address entries
Packet filtering based on source MAC addresses
VLAN 4094 VLANs
Guest VLAN and voice VLAN
GVRP
MUX VLAN
VLAN assignment based on MAC addresses, protocols, IP subnets, policies, and ports
VLAN mapping
Wireless Service AP access control, AP domain management, and AP configuration template management
Radio management, unified static configuration, and dynamic centralized management
WLAN basic services, QoS, security, and user management
CAPWAP, tag/terminal location, and spectrum analysis
Ethernet Loop Protection RRPP ring topology and RRPP multi-instance
Smart Link tree topology and Smart Link multi-instance, providing millisecond-level protection switching
SEP
ERPS (G.8032)
BFD for OSPF, BFD for IS-IS, BFD for VRRP, and BFD for PIM
STP (IEEE 802.1d), RSTP (IEEE 802.1w), and MSTP (IEEE 802.1s)
BPDU protection, root protection, and loop protection
MPLS MPLS L3VPN
MPLS L2VPN (VPWS/VPLS)
MPLS-TE
MPLS QoS
IP Routing Static routes, RIP v1/2, RIPng, OSPF, OSPFv3, IS-IS, IS-ISv6, BGP, BGP4+, ECMP, and routing policy
Interoperability VLAN-Based Spanning Tree (VBST), working with PVST, PVST+, and RPVST
Link-type Negotiation Protocol (LNP), similar to DTP
VLAN Central Management Protocol (VCMP), similar to VTP
IPv6 Features Neighbor Discovery (ND)
PMTU
IPv6 Ping, IPv6 Tracert, and IPv6 Telnet
ACLs based on source IPv6 addresses, destination IPv6 addresses, Layer 4 ports, or protocol types
Multicast Listener Discovery snooping (MLDv1/v2)
IPv6 addresses configured for sub-interfaces, VRRP6, DHCPv6, and L3VPN
Multicast IGMP v1/v2/v3 snooping and IGMP fast leave
Multicast forwarding in a VLAN and multicast replication between VLANs
Multicast load balancing among member ports of a trunk
Controllable multicast
Port-based multicast traffic statistics
IGMP v1/v2/v3, PIM-SM, PIM-DM, and PIM-SSM
MSDP
MVPN
QoS/ACL Rate limiting in the inbound and outbound directions of a port
Packet redirection
Port-based traffic policing and two-rate three-color CAR
HQoS
Eight queues on each port
DRR, SP and DRR + SP queue scheduling algorithms
WRED
Re-marking of the 802.1p and DSCP fields of packets
Packet filtering at Layer 2 to Layer 4, filtering out invalid frames based on the source MAC address, destination MAC address, source IP address, destination IP address, TCP/UDP port number, protocol type, and VLAN ID
Queue-based rate limiting and shaping on ports
Security Hierarchical user management and password protection
DoS attack defense, ARP attack defense, and ICMP attack defense
Binding of the IP address, MAC address, port number, and VLAN ID
Port isolation, port security, and sticky MAC
MAC Forced Forwarding (MFF)
Blackhole MAC address entries
Limit on the number of learned MAC addresses
IEEE 802.1x authentication and limit on the number of users on a port
AAA authentication, RADIUS authentication, and HWTACACS authentication
NAC
SSH V2.0
HTTPS
CPU protection
Blacklist and whitelist
Attack source tracing and punishment for IPv6 packets such as ND, DHCPv6, and MLD packets
MACsec
IPSec
ECA
Deception
Reliability LACP
E-trunk
Ethernet OAM (IEEE 802.3ah and IEEE 802.1ag)
ITU-Y.1731
DLDP
LLDP
BFD for BGP, BFD for IS-IS, BFD for OSPF, BFD for static route
VxLAN Supports the VxLAN function, supports VxLAN L2 and L3 gateways
Configured through the NETCONF protocol
Super Virtual Fabric (SVF) The S5720-HI can work as the parent node to vertically virtualize downlink switches and APs as one device for management.
A two-layer client architecture is supported.
IGMP snooping can be enabled on Access Switches (ASs) and the maximum number of access users on a port can be configured.
ASs can be independently configured. Services that are not supported by templates can be configured on the parent.
Third-party devices are allowed between the SVF parent and clients.
iPCA Directly coloring service packets to collect real-time statistics on the number of lost packets and packet loss ratio
Collection of statistics on the number of lost packets and packet loss ratio at network and device levels
TWAMP Two-way IP link performance measurement
Measurement on two-way packet delay, one-way packet loss rate, and one-way packet jitter
Management and Maintenance iStack
Virtual cable test
SNMP v1/v2c/v3
RMON
Web-based NMS
System logs and alarms of different levels
GVRP
MUX VLAN
802.3az Energy Efficient Ethernet (EEE)
NetStream
Dying gasp upon power-off

Networking and applications

Enterprise campus networks

  • Huawei S5720-HI is the industry’s first fixed agile switch. The S5720-HI has large table sizes and buffers, avoiding packet loss in burst traffic. It supports wired and wireless convergence and unified management on devices, users, and services. The S5720-HI can be used as the core device on an enterprise branch network or a small to medium-sized campus network or as the aggregation device on a large campus network, to achieve a manageable and reliable enterprise campus network with scalable services.
  • Position of the S5720-HI on an enterprise campus network

Ordering information

The following table lists ordering information of the S5720-HI series switches.
Model Product Description
S5720-32C-HI-24S-AC S5720-32C-HI-24S-AC (24 x Gig SFP, 8 of which are dual-purpose 10/100/1,000 or SFP, 4 x 10 Gig SFP+, with 2 interface slots, with 600W AC power supply)
S5720-56C-HI-AC S5720-56C-HI-AC (48 x Ethernet 10/100/1,000 ports, 4 x 10 Gig SFP+, with 2 interface slots, with 600W AC power supply)
S5720-56C-PWR-HI-AC S5720-56C-PWR-HI-AC (48 x Ethernet 10/100/1,000 PoE+ ports, 4 x 10 Gig SFP+, with 2 interface slots, with 1,150W AC power supply)
S5720-56C-PWR-HI-AC1 S5720-56C-PWR-HI-AC1 (48 x Ethernet 10/100/1,000 PoE+ ports, 4 x 10 Gig SFP+, with 2 interface slots, with 580W AC power supply)
ES5D21X04S01 4 x 10 Gig SFP+ Interface Card (used in S5720-HI series)
PDC-350WA-B 350W DC Power Module
W2PSA0580 580W AC Power Module
PAC-600WA-B 600W AC Power Module
W2PSA1150 1,150W AC PoE Power Module
License Resource-ES1SWL512AP0-WLAN Access Controller AP Resource License-512AP (used in S5720-HI series)
License Resource-ES1SWL128AP0-WLAN Access Controller AP Resource License-128AP (used in S5720-HI series)
License Resource-ES1SWL64AP00-WLAN Access Controller AP Resource License-64AP (used in S5720-HI series)
License Resource-ES1SWL16AP00-WLAN Access Controller AP Resource License-16AP (used in S5720-HI series)
License Resource-ES5SF4512K00-FIBv4 Resource License-128K (used in S5720-HI series)
License Resource-ES5SF4128K00-FIBv4 Resource License-512K (used in S5720-HI series)
License Function-S5700-ES5FEA1-ES5SSVFF0000-SVF Function License (used in S5720-HI series)