QoS with four priority queues
The QoS (Quality Of Service) Control List (QCL) feature provides four internal queues to support four different classifications of traffic. High priority packet streams experience less delay inside the switch, which supports lower latency for certain delay-sensitive traffic. The ES-5240GM can classify the packet as one of the four priorities according to VIP port, 802.1p priority tag, DiffServ and/or IP TOS, IPv4 and UDP/TCP application traffics. The QoS operate at full wire speed. The actual scheduling at each egress port can be based upon a strict priority, weighted round robin or a mix of both.
It is based on ACL function to classify the ingress traffic to do port copy. This mechanism helps track network errors or abnormal packet transmission without interrupting the flow of data. Allow ingress traffic to be monitored by a single port that is defined as mirror capture port. The mirror capture port can be any 10/100 port, 10/100/1000 port. Mirroring multiple ports is possible but can create congestion at the mirror capture port.
Q-in-Q VLAN for performance & security
The VLAN feature in the switch offers the benefits of both security and performance. VLAN is used to isolate traffic between different users and thus provides better security. Limiting the broadcast traffic to within the same VLAN broadcast domain also enhances performance. Q-in-Q, the use of double VLAN tags is an efficient method for enabling Subscriber Aggregation. This is very useful in the MAN.
Isolated Group, provides protection for certain ports
The isolated group feature allows certain ports to be designated as protected. All other ports are non-isolated. Traffic between isolated group members is blocked. Traffic can only be sent from isolated group to non-isolated group.
Mac-based 802.3ad LACP with automatic link fail-over
Dynamic fail-over means packets will not get assigned to any trunk member port that has failed. If one of the ports were to fail, traffic will automatically get distributed to the remaining active ports.
802.1x Access Control improves network security
802.1x features enable user authentication for each network access attempt. Port security features allow you to limit the number of MAC addresses per port in order to control the number of stations for each port. Static MAC addresses can be defined for each port to ensure only registered machines are allowed to access. By enabling both of these features, you can establish an access mechanism based on user and machine identities, as well as control the number of access stations.
802.1d Compatible & 802.1w Rapid Spanning Tree & 802.1s Multiple Spanning Tree
For mission critical environments with multiple switches supporting STP, you can configure the switches with a redundant backup bridge path, so transmission and reception of packets can be guaranteed in the event of any fail-over switch on the network.
4 dual media ports for flexible fiber connection
4-Port 21,22,23,24 dual media ports are provided for flexible fiber connection. You can select to install optional transceiver modules in these slots for short, medium or long distance fiber backbone attachment. Use of the SFP module will disable their corresponding built-in 10/100/1000Base-T connections.
Broadcast/Multicast/unknown- Unicast Storm Control
To limit too many broadcast/multicast/unknown- unicast flooding in the network, broadcast/multicast storm control is used to restrict excess traffic. Threshold values are available to control the rate limit for each port. Packets are discarded if the count exceeds the configured upper threshold.
The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. Binding these two address types together allows the transmission of data between the layers. The primary purpose of IP-MAC binding is to restrict the access to a switch to a number of authorized users. Only the authorized client can access the switch's port by checking the pair of IP-MAC Addresses and port number with the pre-configured database. If an unauthorized user tries to access an IP-MAC binding enabled port, the system will block the access by dropping its packet.
Access Control List (ACL)
The ACLs are divided into EtherT