Solutions | Enterprise Networking

Allied Telesis Enterprise Networking Solutions

 Solutions | Enterprise Networking

Introduction Building an optimum network

Todays offices make ever-increasing use of online resources and Determining the best design and implementation of your network
applications. When the network is down, productivity falls. Network ensures optimal reliability, availability, scalability, security, and
managers need to provide reliable, secure, fast networks that performance for your enterprise.
keep businesses running smoothly today and into the future. This
dependence on network availability is moving IT managers to A number of factors must be considered when deciding upon a
review their current facilities to decide whether there are sufficient network design:
capabilities to meet their needs and when to upgrade.
Bandwidth - the network must provide sufficient throughput now
and for a number of years to come. The exact speed
Choosing the right solution can be difficult when there are so many
of edge ports and uplinks should match the requirements of
different requirements that must be satisfied:
current and foreseeable future applications.
Bandwidth

Resilience Allied Telesis solutions have options that cover 10/100

or 10/100/1000 at the edge with Gbit, (multiple Gbit) or
Application support 10Gbit uplinks on the backbone. The core switch needs
Management system sufficient capacity to aggregate all of these connections from
the closest edge and provide for resilient server connectivity.
Security
Future proofing Resilience - down time immediately impacts on productivity, so
resilience is also vital.
Allied Telesis have been delivering innovation in this area for some The Allied Telesis solution uses split link-aggregation technology
time. This document describes our Enterprise Network Solution, in which links from core stacked switches to the edge switches
using Allied Telesis products to provide a modular, scalable, and are connected to separate units but grouped together to act as
flexible solution suitable for small to large enterprise businesses. a single link achieving both resilience and improved bandwidth
availability.
The technologies featured in this solution include:
Other resilience options are available if the design topology
Switch stacking with link-aggregation for resilience.
and scale demand it. Ethernet Protected Switched Ring (EPSR)
Layer 3 core switching. provides fast failover for ring topology for the core. RSTP or
MSTP can be used as a fall-back technology or for integration
Network Access Control (NAC) for security.
with existing legacy equipment. Here too, the use of stacked
Quality of Service (QoS) for Voice over IP (VoIP) and video switches means that uplinks can be connected to different units
streaming. in the stack.
Recovery times are another important factor. The failure of a
This document aims to help you build different bandwidth solutions stacked unit can be quickly resolved by simply exchanging the
with similar resilience, QoS, and security features, ensuring that all failed unit with a new one of the same stack ID.
your current network needs are met with future expansion and
new applications catered for.

2 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com

 NETWORK RESILIENCY SOLUTIONS | VCStack + Link aggregation

Application Support - networks are now becoming more than The Allied Telesis solution offers security for both the network
just a means for moving data from server to PC. Converged itself, via 802.1x or Network Access Control (NAC) and
networks are now becoming the norm with VoIP becoming Microsoft's Network Access Protection (NAP) compliance, and
the telephony system of choice. Multimedia services are also also for the management of the network devices themselves
being added and applications are shifting larger files with more which can also be protected with centralised authentication.
graphical content. Network managers want to install equipment
that can support PC applications and IP telephony. Power over Future Proofing - maximise the longevity of your IT investments
Ethernet (PoE) options at the edge are available for all solutions. in a world of ever-changing protocols and constantly evolving
Some may want to have dedicated PoE ports, some will want security dangers.
to be able to plug any device anywhere. In order to support
The Allied Telesis solution allows for future network growth,
all the necessary applications QoS is essential to ensure that
both in total ports supported and in the uplink speeds that
voice and multimedia pass through the network without loss
can be used. For example, allowing your current Gigabit uplink
or delay. QoS also allows critical applications to be prioritized
system to be increased to10Gbps in the future. The features
above Internet access and other background functions. Many
within the key switches also allow for flexible configuration to
standards-based VoIP systems now require LLDP-MED protocol
accommodate the bandwidth and QoS requirements of future
for auto-configuration of IP handsets. Support for this is
applications. Core L3 switches are also already capable of IPv6
available on all PoE edge switches.
in hardware.
Management - a resilient network is only as good as the
management system that informs you that a failure has Training - Allied Telesis can provide scheduled or bespoke group-
occurred and the network has healed itself. The network based training on the equipment and configuration required
manager is then able to action the repair before the failure can within the solution.
affect the network availability. The network management system
performs the following tasks:
Other documents you may be interested in:
Mapping and monitoring of network devices.
Monitoring of all resilient functions - PSU, Links, stacks etc. Solutions: Find out how Allied Telesis products and industry-leading
features create solutions to meet business needs:
Alerting of important failures by e-mail, paging etc. www.alliedtelesis.com / Resources / Library / Solutions-Market
www.alliedtelesis.com / Resources / Library / Solutions-Technology
Collection of statistics to allow reporting on key devices and
links. How To notes: Find out how to setup and configure key features on
Allied Telesis advanced switches and routers:
Security - as the dependence on the network and PCs grow, so www.alliedtelesis.com / Resources / Library / How to Notes
do the risks of attack, either malicious or from viruses being Case Studies: Find out about other customers using Allied Telesis
unknowingly brought in. superior products and features:
www.alliedtelesis.com / Resources / Library / Case Studies

3 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com

 Solutions | Enterprise Networking

Technologies Provides backup of management and configurations. If one unit

A set of advanced technologies enable Allied Telesis switches to fails, another will take over management. Configuration files are
deliver high value solutions to your network. An overview of each saved on at least two units.
of these technologies is provided - explaining what it does and how Simplifies configuration and increases resilience - all functionality
it adds value to your business. is available across the stack, such as link aggregation, VLANs, etc.
Reduces failure recovery time by simply setting the stack ID
Switch stacking - VCStackTM
of the replacement and hot-swapping in place of the failed
Switch stacking - known as VCStackTM on the AlliedWare Plus unit. As the configurations are held on another unit, no further
products, performs the following functions: reconfiguration is required.
Combines a number of switches to form a single managed
virtual chassis, reducing complexity on the management
platform, as seen in Figure 1.
Connects switches together in the stack using a high bandwidth
connection without losing front ports for connectivity to users,
servers, and uplinks.

Servers

8600

SwitchBlade x908
8000S

CORE

10 Gigabit link
1 Gigabit link x900
10/100 link
Link aggregation

EDGE

Figure 1

4 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com

 NETWORK RESILIENCY SOLUTIONS | VCStack + Link aggregation

Split link-aggregation resilience

One of the perennial problems of Spanning Tree Protocol for resilience is the fact that some links in the system remain blocked when the
system is in normal operation, only becoming active when there is a failure. With bandwidth demands increasing on the network, split link-
aggregation lets the network make use of the full bandwidth of all the links in the network but still offer failover capabilities quicker than
STP/RSTP. Switch stacking with functionality common across the stack is the key to deploying this technology.

x900-12XT/S

8000GS/48
Stack

CORE

8000GS/48
Stack
1 Gigabit link
ACCESS Link aggregation

Figure 2

As shown in Figure 2, links from ports on different switches in the core stack are connected to ports on different switches in the edge
stacks. This is a simple deployment to understand and configure. If either a unit or link fails then the remaining link is used to continue
network operations and both core and edge stacks can still be managed so the fault can be diagnosed and quickly corrected.
Another benefit of this approach is that if the core switch has L3 configurations then there is no need for further resilience protocols such
as VRRP, since there is always a L2 link back to the core which will be acting as the gateway for the subnets attached.

5 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com

 Solutions | Enterprise Networking

Storm control The second option, (available on x series switches only), is

The most common reason for outages in an Enterprise LAN is a to use web-based authentication whereby the LAN switch
packet storm caused by an inadvertent loop. Although resiliency presents users with a web page into which they can enter a
protocols like STP are very effective in protecting networks username/password. Based on the credentials entered into that
from loops, they are still vulnerable to misconfigurations, and web page, the RADIUS server will be able to inform the switch
implementation problems. whether or not to give the user access to the network.

Therefore, Allied Telesis switches implement a range of loop For non-interactive peripheral devices, like printers and scanners,
detection and storm protection mechanisms to contain and which do not contain 802.1x clients, there is a third authentication
suppress storms if loops do occur. method. The switch will fall back to MAC-based authentication. The
Rate limiting of flooded packets - broadcast, multicast, and MAC address of the peripheral device will have to be registered
destination-lookup failures - ensure that the switch does with the RADIUS server, so only peripherals that have been so
not spread the effects of a local storm to other parts of the registered will be allowed to access the network.
network.
Authentication opens the door to identity-based networking. The
Loop detection uses probe packets to detect packets returned
switch can place authenticated users into a VLAN handed out by
to the originator by loops, and takes evasive action when loops
the RADIUS server, based on the user's identity. Doing this protects
are detected. (Available on AT-x series switches only)
the network, not only from rogue users but also ensures that users
MAC thrash protection detects cases where one or more MAC can be placed into the correct VLAN with access rights relevant
addresses are being learnt on different ports in quick succession to their job. This removes management overheads associated with
(indicating that packets from those sources are being looped) moves and changes or hot-desking so users can just plug in and
and takes evasive action. (Available on AT-x series switches start working. Moreover, web-authenticated users are able to roam
only) within the network without needing to re-authenticate.

Tri-authentication, identity-based networking and NAC Network Access Control (NAC) takes the 802.1x with
A key to a secure LAN is to ensure that devices connecting to the dynamic VLAN concept another level up the scale. Allied Telesis
network undergo an authentication process. The level of access implementation supports Microsoft (NAP), Symantec (SNAC) and
that a device is given to the network can then be determined from Sophos Advanced NAC network access control solutions.
its response to the authentication challenge. Allied Telesis switches
implement a number of options for authenticating devices attaching In these solutions a NAC server (as shown in Figure 3) will handle
to the network. the authentication process and will additionally check the PC client
has the appropriate firewall, anti-virus, and software patches running
For guest users who have no 802.1x client in their PC, or who to adhere to an enterprise-wide policy, before it grants access in the
have an 802.1x client, but whose credentials are not known to the appropriate VLAN for that user.
RADIUS server, there are two options:
Users not meeting the policy requirements can be placed into a
The first option is to place these users into a Guest VLAN for
'remediation' VLAN so that the appropriate services can be installed
Internet access or basic server functionality.
and enabled. In this way the network can protect itself from attack.

6 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com

 NETWORK RESILIENCY SOLUTIONS | VCStack + Link aggregation

Figure 3

Quality of Service (QoS) other traffic, then they will be unaffected by all but the most serious
Whilst LAN networks are typically not limited by bandwidth these network congestion events.
days, it is still sensible to ensure that even temporary network Allied Telesis switches provide a very feature-rich QoS
bottlenecks do not adversely affect those network services that are implementation. All switches are able to prioritise traffic based on
very loss and delay sensitive. 802.1p and DSCP marking. Multiple egress queues on all ports
provide the ability to give multiple different levels of service to
VoIP and video transmission within LANs are proving very effective different traffic types. In addition, AT-x series switches can perform
in increasing the capability, and lowering the cost of business fine-grained classification of traffic types, and marking of packets with
communications. These services, however, do require very good QoS values that designate their level of prioritisation.
packet-delivery performance. The key to ensuring they receive the
performance they require lies in QoS. If all switches throughout All this QoS activity is performed at wire-speed, with no CPU
the network are configured to prioritise VoIP and video above all impact.

7 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com

 Solutions | Enterprise Networking

Layer 3 core switching The IGMP querier and snooping feature-sets on the switches are
As networks become larger the need for segmentation increases. right at the fore-front of industry best-practice (which has moved
Allied Telesis core L3 switches have state of the art performance well ahead of the published standards). Per-VLAN snooping, query
and features for L3 networking. All forwarding is at full wire-speed solicitation, fast-leave, and group filtering all combine to provide a
in hardware, including IPv6. Key features required for enterprise multicast handling capability that matches any requirements.
networking to meet today's needs are:
Standards-based protocols such as RIP, OSPF, and BGP4 for
interoperability with other key network devices. The PIM implementation supports both Sparse-Mode and Dense-
Mode, and has been well field-hardened to provide extremely
Equal cost multi-path routing support in hardware to guarantee reliable, high-performance L3 multicasting.
the most efficient use of all network links.
Flexible wire-speed hardware filtering via ACLs and QoS for Network Designs and Scaling
traffic control and security. The feature-set available on the Allied Telesis LAN switch range
supports the requirements of a broad range of business networks.
Future proofing with IPv6 routing already supported in
Different networks, of course, are going to need networks at
hardware.
different price and performance points. In addition, networks have a
Using L3 for larger network designs protects these networks from variety of physical connectivity requirements - Copper vs Fibre, PoE
the effects of broadcast storms and aids in rapid location and vs non-PoE.
resolution of problems. L2 resilience is also aided by reducing the
size of broadcast domains and the risk of CPU overload causing Allied Telesis are well aware of these varying requirements, and
problems with L2 resilience. so offer a range of products and solutions that can satisfy these
different needs.
Multicasting
Reliable and effective video transmission on a LAN requires the In this section, a set of product and design combinations are
LAN switches to provide a good set of IP multicasting features. presented, which provide an illustration of the range of requirement
combinations that can be satisfied by the Allied Telesis LAN switches.
Allied Telesis switches offer an excellent implementation of L2 and
L3 multicasting.

8 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com

 NETWORK RESILIENCY SOLUTIONS | VCStack + Link aggregation

1. Medium speed core, Gigabit to edge and 10/100 edge switching

This design (shown in Figure 5) comprises an x900 stack in the core going out to stacks of 8000s switches, including PoE for IP phones.

x900-12XT/S

8000S24/POE
Stack

CORE

8000S24/POE
Stack
1 Gigabit link
ACCESS Link aggregation

Figure 5

2. Medium speed core and with Gigabit uplinks, Gigabit to the desk
This design (Figure 6) comprises an x900-12XT/S stack at the core with 8000GS/48 stacks at the access layer with multiple Gigabit links to
each stack. PoE provides for IP Phones.

x900-12XT/S

8000GS/48
Stack

CORE

8000GS/48
Stack
1 Gigabit link
ACCESS Link aggregation

Figure 6

9 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com

 Solutions | Enterprise Networking

3. High speed core with 10Gigabit backbone and Gigabit to the desk
This design (Figure 7) comprises of a SwitchBlade x908 VCStack at the core with x600-24Ts/XP stacks at the access layer using 10Gigabit
uplinks.

SwitchBlade
x908

x600-24Ts/XP

CORE
x600-24Ts/XP
9424

x600-24Ts/XP

10 Gigabit link
1 Gigabit link
ACCESS
Link aggregation

Figure 7

10 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com

 NETWORK RESILIENCY SOLUTIONS | VCStack + Link aggregation

4. Three tier model - high speed L3 distributed core, L2/3 distribution layer and Gigabit to the desk
This design (Figures 8 and 9) comprises of a SwitchBlade x908 VCStack at the core, x600-24Ts/XP stacks at the aggregation level and
8000GS/24 stacks at the access edge - showing how L3 resilience combines with basic split link-aggregation.

SwitchBlade x908

x600-24Ts/XP
Stack

CORE

8000GS/24
Stack

AGGREGATION

10 Gigabit link
1 Gigabit link
ACCESS
Link aggregation

Figure 8

This design can also integrate into much larger routed solutions, as shown in the diagram below.

x600-24Ts/XP IP routed
Stack backbone

8000GS/24
Stack

L3

AGGREGATION

10 Gigabit link
1 Gigabit link
ACCESS
Link aggregation

Figure 9

11 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com

 Solutions | Enterprise Networking

Product Summaries x900-24XT

2 x 60Gbps expansion bays

SwitchBlade x908
24 x 10/100/1000BASE-T (RJ-45) copper ports

xx900-24XS

2 x 60Gbps expansion bays

24 x 100/1000BASE-X SFP ports

xx900-12XT/S

1 x 60Gbps expansion bay

12 x combo ports (10/100/1000BASE-T copper or SFP)
SwitchBlade x908

Advanced Layer 3 Modular Switch x600-24 and 48 Series

8 x 60Gbps expansion bays
2 chassis can be stacked with 160Gbps aggregate bandwidth
using rear stacking ports
The Allied Telesis SwitchBlade x908 industry leading modular
switch incorporates eight high speed 60Gbps expansion bays,
delivering a new generation of high performance.

x900-24X and 12X Series

x600 24 and 48 Series

Intelligent Gigabit Layer 3+ Switches

4 units may be stacked using AT-Stack-XG modules and stacking
cables

The x600 Layer 3+ switches offer an impressive set of features in

T
x900 12X and 24X Series
a high-value package. The x600 family is scalable, with an extensive
range of port-density and uplink-connectivity options.
Advanced Gigabit Layer 3+ Expandable Switches
x600-24Ts
The x900 Layer 3+ switches have high-speed 60Gbps expansion
bays which provide a high level of port flexibility and application 24 x 10/100/1000BASE-T (RJ-45) copper ports
versatility unmatched by any other 1RU Gigabit Ethernet switch 4 x 1000BASE-X SFP combo ports
on the market. The expansion modules can be used in a variety of
configurations to provide tailored solutions that meet wide-ranging
physical networking requirements.

12 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com

 NETWORK RESILIENCY SOLUTIONS | VCStack + Link aggregation

x600-24Ts/XP AT-8000GS/24PoE

24 x 10/100/1000BASE-T (RJ-45) copper ports 10/100/1000Tx 24 ports PoE stackable Gigabit Ethernet switch
with 4 combo ports
4 x 1000BASE-X SFP combo ports
2 x XFP ports AT-8000S Series

x600-48Ts

44 x 10/100/1000BASE-T (RJ-45) copper ports

4 x 1000BASE-X SFP ports

x600-48Ts/XP

44 x 10/100/1000BASE-T (RJ-45) copper ports

4 x 1000BASE-X SFP ports
2 x XFP ports

AT-8000GS Series AT-8000S Series

T AT-8000S family are Layer 2 Stackable Fast Ethernet Switches,

The
that provide high performance Layer 2 switching in an affordable
th
fixed configuration platform.
fix

AT-8000S/16
A
16-port standalone 10/100TX L2 switch with1 active SFP bay
(unpopulated) and 1 standby 10/100/1000T ports (RJ-45)

AT-8000S/24
A

AT-8000GS Series 24-port stackable 10/100TX L2 switch with 2 active SFP bays
(unpopulated) and 2 standby 10/100/1000T ports (RJ-45)

The AT-8000GS family are L2 stackable Gigabit switches offering AT-8000S/24POE

Gigabit SFP combo, uplink ports, and PoE options. Stacking up to 6 24-port stackable 10/100TX Power over Ethernet switch with
units, these switches offer an advanced L2 feature set. 2 active SFP bays (unpopulated) and 2 standby 10/100/1000T
ports (RJ-45)
AT-8000GS/24
AT-8000S/48
10/100/1000T x 24 ports stackable Gigabit Ethernet switch
with 4 combo SFP ports 48-port stackable 10/100TX L2 switch with 2 active SFP bays
(unpopulated) and 2 standby 10/100/1000T ports (RJ-45)
AT-8000GS/48
AT-8000S/48POE
10/100/1000T x 48 ports managed stackable Gigabit Ethernet
switch with SFP x 4 combo ports 48-port stackable 10/100TX POE switch with 2 active SFP bays
(unpopulated) and 2 standby 10/100/1000T ports (RJ-45)

13 | Allied Telesis Solutions: Enterprise Networking www.alliedtelesis.com

 Network Management Software About Allied Telesis Inc.
In addition to direct connection to the units for configuration via Allied Telesis is a world class leader in delivering IP/Ethernet
console, Telnet, Web GUI, and secure SSH and SSL, Allied Telesis network solutions to the global market place. We create innovative,
managed switches offer rich SNMP functionality which is standards- standards-based IP networks that seamlessly connect you with voice,
based. The user is not tied into any specific management software video and data services.
platform. Allied Telesis offers the following products to meet the
requirements for monitoring status, statistics, and providing alerts of Enterprise customers can build complete end-to-end networking
failures in the resilient network. solutions through a single vendor, with core to edge technologies
ranging from powerful 10 Gigabit Layer 3 switches right through to
AT-SNMPC-S7 media converters.
Windows based SNMP network Management platform offering
extensive monitoring, reporting and alert functions. Various options Allied Telesis also offer a wide range of access, aggregation and
available to suit the size of network from single site Workgroup, to backbone solutions for Service Providers. Our products range from
full, multi-site enterprise with web-based reporting. industry leading media gateways which allow voice, video and data
services to be delivered to the home and business, right through
AT-AV-EMS to high-end chassis-based platforms providing significant network
Allied Telesis Element Management System Plug-in for graphical infrastructure.
management of ATI products. Snaps into Castle Rock SNMPc,
IPSwitch WhatsUp, IBM Tivoli or Hp Openview. Allied Telesis' flexible service and support programs are tailored to
meet a wide range of needs, and are designed to protect your Allied
Telesis investment well into the future.

Visit us online at www.alliedtelesis.com

USA Headquarters | 19800 North Creek Parkway | Suite 100 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895
European Headquarters | Via Motta 24 | 6830 Chiasso | Switzerland | T: +41 91 69769.00 | F: +41 91 69769.11
Asia-Pacific Headquarters | 11 Tai Seng Link | Singapore | 534182 | T: +65 6383 3832 | F: +65 6383 3830
www.alliedtelesis.com
2009 Allied Telesis Inc. All rights reserved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners. C618-31015-00 Rev. C