Extreme Networks K-Series K10 Chassis
10-slot chassis offering up to a maximum of 216 triple-speed ports and (8) 10Gb ports

Features:

Multi-layer packet classification - enables the delivery of critical applications to specific users via traffic awareness and control

• User, port, and device Level (Layer 2 through 4 packet classification)
• QoS mapping to priority queues (802.1p & IP ToS/ DSCP) up to 11 queues per port
• Multiple queuing mechanisms (SPQ, WFQ, WRR and Hybrid)
• Granular QoS/rate limiting
• VLAN to policy mapping

Switching/VLAN services - provides high performance connectivity, aggregation, and rapid recovery services

• Extensive industry standards compliance (IEEE and IETF)
• Inbound and outbound bandwidth rate control per flow
• VLAN services support
  • Link aggregation (IEEE 802.3ad)
  • Multiple spanning trees (IEEE 802.1s)
  • Rapid reconfiguration of spanning tree (IEEE 802.1w)
• Provider Bridges (IEEE 802.1ad), Q-in-Q Ready
• Flow setup throttling
• DHCP Server

IP Routing - provides dynamic traffic optimization, broadcast containment and efficient network resilience

• Standard routing features include static routes, RIPv2, RIPng and Multicast routing support (DVMRP, IGMP v1/v2/v3), Policy Based Routing and Route Maps and VRRP
• Licensed routing features include OSPF v2/v3, VRF and PIM-SM

Security (User, Network and Management)

• User security
  • Authentication (802.1X, MAC, PWA+ and CEP), MAC (Static and Dynamic) port locking
  • Multi-user authentication/policies
• Network security
  • Access Control Lists (ACL) basic and extended
  • Policy-based security services (examples: spoofing, unsupported protocol access, intrusion prevention, DoS attacks limits)
• Management Security
  • Secure access to the K-Series via SSH, SNMP v3

Management, Control and Analysis – provide streamlined tools for maintaining network availability and health

• Configuration
  • Industry-standard CLI and web management support
  • Multiple firmware images with editable configuration files
• Network Analysis
  • SNMP v1/v2c/v3, RMON (9 groups) and SMON (rfc2613) VLAN and Stats
  • Port/VLAN mirroring (one-to-one, one-to-many, many-to-many)
  • Unsampled NetFlow on every port with no impact on system switching and routing performance
• Automated set-up and reconfiguration
  • Replacement I/O module will automatically inherit previous modules configuration

Feature-Rich Functionality

Examples of additional functionality and features that are supported by the Extreme Networks K-Series:

• NetFlow - Provides real-time visibility, application profiling and capacity planning
• LLDP-MED - Link Layer Discovery Protocol for Media Endpoint Devices enhances VoIP deployments
• Flow Setup Throttling - (FST) effectively preempts and defends against DoS attacks
• Node & Alias Location - Automatically tracks user and device location and enhances network management productivity and fault isolation
• Port Protection Suite - Maintain network availability by ensuring good protocol and end station behavior
• Flex-Edge Technology - Provides advanced bandwidth management and allocation for demanding access/edge devices

Flow Setup Throttling (FST) is a proactive feature designed to mitigate zero-day threats and Denial of Service (DoS) attacks before they can affect the network. FST directly combats the effects of zero-day and DoS attacks by limiting the number of new or established flows that can be programmed on any individual switch port. This is achieved by monitoring the new flow arrival rate and/or controlling the maximum number of allowable flows.

In network operations, it is very time consuming to locate a device or find exactly where a user is connected. This is especially important when reacting to security breaches. Extreme Networks K-Series modules automatically track the network's user/device location information by listening to network traffic as it passes through the switch. This information is then used to populate the Node/Alias table with information such as an end-station's MAC address and Layer 3 alias information (IP address, IPX address, etc.). This information can then be utilized by Extreme Networks NMS Suite management tools to quickly determine the switch and port number for any IP address and take action against that device in the event of a security breach. This node and alias functionality is unique to Extreme Networks and reduces the time to pinpoint the exact location of a problem from hours to minutes.

For organizations looking to deploy Unified Communications, the Extreme Networks K-Series combines policy-based automation with support for multiple standards-based discovery methods, including LLDP-MED, SIP and H.323, to automatically identify and provision UC services for IP phones from all major vendors. K-Series switches also provide dynamic mobility for IP clients; when an IP phone moves and plugs in elsewhere in the enterprise network, its VoIP service provisioning, security and traffic priority settings move with it, with none of the typical manual administration required for moves, adds and changes.

The K-Series also supports a comprehensive portfolio of port protection capabilities, such as SPANguard and MACLock, which provide the ability to detect unauthorized bridges in the network and restrict a MAC address to a specific port. Other port protection features include Link Flap, Broadcast Suppression and Spanning Tree Loop protection which protects against mis-configuration and protocol failure.

Extreme Networks K-Series Flex-Edge technology provides line rate traffic classification for all access ports with guaranteed priority delivery for control plane traffic and high-priority traffic as defined by the Extreme Networks policy overlay. In addition to allocating resources for important network traffic, prioritized bandwidth can be assigned on a per port or per authenticated user basis. Flex-Edge technology is ideal for deployment in wiring closets and distribution points that can often suffer from spikes in utilization that cause network congestion. With Flex-Edge technologies, organizations no longer have to fear a momentary network congestion event that would result in topology changes and random packet discards.

Benefits:

Business Alignment

• Ensures each end-user receives the information, services and applications needed to achieve their business goals through extensive network visibility and control capabilities
• Green and efficient power system modularity drives down power and cooling costs by providing optimal incremental power consumption
• Consistent end user experience and network protection by effectively allocating critical network services while blocking suspicious traffic

Operational Efficiency

• High-density, small form factor chassis provides up to (216) 10/100/1000 ports with (8) 10Gb uplinks in a standard rack, significantly reducing footprint costs
• Management automation and builtin resiliency features drive down operational costs and maximize uptime
• Automatically identifies and provisions new devices and services reducing IT deployment time

Security

• Reduces risk and simplifies network administration with built-in, not boltedon security
• Protects business traffic from malicious attacks and maintains information confidentiality, integrity and availability
• Extends network access control and security to existing edge switches and wireless access points, meeting the challenges associated with the consumerization of IT

Support and Service

• Industry-leading customer satisfaction and first call resolution rates

Standards and Protocols:

Switching/VLAN Services Generic VLAN Registration Protocol (GVRP) 802.3u Fast Ethernet 802.3ab Gigabit Ethernet (copper) 802.3z Gigabit Ethernet (fiber) 802.3ae 10 Gigabit Ethernet (fiber) 802.1Q VLANs 802.1D MAC Bridges Provider Bridges (IEEE 802.1ad) Ready 802.1w Rapid re-convergence of Spanning Tree 802.1s Multiple Spanning Tree 802.3ad Link Aggregation 802.3ae Gigabit Ethernet 802.3x Flow Control IP Multicast (IGMPv1,v2 support & IGMPv3) Jumbo Packet with MTU Discovery Support for Gigabit Link Flap Detection Dynamic Egress (Automated VLAN Port Configuration) 802 1ab LLDP-MED Class of Service Strict Priority Queuing Weighted Fair Queuing with Shaping 11 Transmit Queues per Port Packet Count or Bandwidth based Rate Limiters. (Bandwidth Thresholds between 64 Kbps and 4 Gbps) IP ToS/DSCP Marking/Remarking 802.1D Priority-to-Transmit Queue Mapping Network Security and Policy Management 802.1X Port-based Authentication Web-based Authentication MAC-based Authentication Convergence Endpoint Discovery with Dynamic Policy Mapping (Siemens HFA, Cisco VoIP, H.323, and SIP) Multiple Authentication Types per Port Simultaneously Multiple Authenticated users per port with unique policies per user/End System (VLAN association independent) RFC 3580 IEEE 802.1 RADIUS Usage Guidelines, with VLAN to Policy Mapping Worm Prevention (Flow Set-Up Throttling) Broadcast Suppression ARP Storm Prevention MAC-to-Port Locking Span Guard (Spanning Tree Protection) Behavioral Anomaly Detection/Flow Collector (non-sampled Netflow) Static Multicast Group Provisioning Multicast Group, Sender and Receiver Policy Control IETF and IEEE MIB Support RFC 1213 MIB-II RFC 1389 RIPv2 MIB Extension RFC 1493 BRIDGE-MIB RFC 1659 RS-232-MIB RFC 1724 RIPv2 MIB Extension RFC 1850 OSPFv2 MIB RFC 2012 TCP-MIB RFC 2013 UDP-MIB RFC 2096 IP Forwarding Table MIB RFC 2233 The Interfaces Group MIB using SMIv2 RFC 2578 SNMPv2-SMI RFC 2579 SNMPv2-TC RFC 2613 SMON-MIB RFC 2674 P/Q-BRIDGE-MIB RFC 2787 VRRP MIB RFC 2819 RMON MIB RFC 2863 IF-MIB RFC 2864 IF-INVERTED-STACK-MIB RFC 2922 PTOPO-MIB RFC 2934 PIM MIB for IPv4 RFC 3273 HC-RMON-MIB RFC 3291 INET-ADDRESS-MIB RFC 3411 SNMP Architecture for Management Frameworks RFC 3412 Message Processing and Dispatching for SNMP RFC 3412 SNMP-MPD-MIB RFC 3413 SNMP Applications RFC 3413 SNMP-NOTIFICATIONS-MIB RFC 3413 SNMP-PROXY-MIB RFC 3413 SNMP-TARGET-MIB RFC 3414 SNMP-USER-BASED-SM-MIB RFC 3415 SNMP-VIEW-BASED-ACM-MIB RFC 3417 SNMPv2-TM RFC 3418 SNMPv2 MIB RFC 3584 SNMP-COMMUNITY-MIB RFC 3621 POWER-ETHERNET-MIB RFC 3635 ETHERLIKE-MIB RFC 4133 ENTITY MIB RFC 4188 Bridge MIB RFC 4268 ENTITY-STATE-MIB RFC 4268 ENTITY-STATE-TC-MIB RFC 4292 IP Forwarding MIB RFC 4293 MIB for the Internet Protocol (IP) RFC 4560 DISMAN-PING-MIB RFC 4560 DISMAN-TRACEROUTE-MIB RFC 4560 DISMAN-NSLOOKUP-MIB RFC 4750 OSPFv2 MIB RFC 4836 MAU-MIB RFC 4836 IANA-MAU-MIB RFC 4884 RFC 4884 Extended ICMP Multi-Part Messages RFC 5060 PIM MIB RFC 5240 PIM Bootstrap Router MIB RFC 5519 MGMD-STD-MIB RFC 5643 OSPFv3 MIB DVMRP-MIB IANA-ADDRESS-FAMILY-NUMBERS-MIB IEEE8021-PAE-MIB IEEE8023-LAG-MIB LLDP-EXT-DOT1-MIB LLDP-EXT-DOT3-MIB LLDP-EXT-MED-MIB LLDP-MIB RSTP-MIB U-BRIDGE-MIB USM-TARGET-TAG-MIB

IP Routing Features Static Routes Standard ACLs OSPF with Multipath Support OSPF Passive Interfaces IPv6 Routing Protocol Extended ACLs Policy-based Routing RFC 147 Definition of a Socket RFC 768 UDP RFC 781 Specification of (IP) Timestamp Option RFC 783 TFTPRFC 791 Internet Protocol RFC 792 ICMP RFC 793 TCP RFC 826 ARP RFC 854 Telnet RFC 894 Transmission of IP over Ethernet Networks RFC 919 Broadcasting Internet Datagrams RFC 922 Broadcasting IP Datagrams over Subnets RFC 925 Multi-LAN Address Resolution RFC 950 Internet Standard Subnetting Procedure RFC 951 BOOTP RFC 959 File Transfer Protocol RFC 1027 Proxy ARP RFC 1112 IGMP RFC 1122 Requirements for IP Hosts - Comm Layers RFC 1123 Requirements for IP Hosts - Application and Support RFC 1191 Path MTU Discovery RFC 1323 TCP Extensions for High Performance RFC 1349 Type of Service in the Internet Protocol Suite RFC 1388 RIPv2 Carrying Additional Information RFC 1492 TACAS+ RFC 1517 Implementation of CIDR RFC 1518 CIDR Architecture RFC 1519 CIDR RFC 1542 BootP: Clarifications and Extensions RFC 1583/RFC 2328 OSPFv2 RFC 1587 OSPFv2 NSSA RFC 1624 IP Checksum via Incremental Update RFC 1722 RIPv2 Protocol Applicability Statement RFC 1723 RIPv2 Carrying Additional Information RFC 1745 OSPF Interactions RFC 1746 OSPF Interactions RFC 1765 OSPF Database Overflow DVMRP v3-10 RFC 1812 General Routing RFC 1886 DNS Extensions to Support IP Version 6 RFC 1981 Path MTU Discovery for IPv6 RFC 2001 TCP Slow Start RFC 2018 TCP Selective Acknowledgment Options RFC 2030 SNTP RFC 2080 RIPv6 RFC 2082 RIP-II MD5 Authentication RFC 2113 IP Router Alert Option RFC 2117 PIM-SM Protocol Specification RFC 2131 DHCP Server Relay RFC 2132 DHCP Options and BOOTP Vendor Extensions RFC 2138 RADIUS Authentication RFC 2154 OSPF with Digital Signatures RFC 2236 IGMPv2 RFC 2328 OSPFv2 RFC 2329 OSPF Standardization Report RFC 2338 VRRP RFC 2361 Protocol Independent Multicast - Sparse Mode RFC 2362 PIM-SM Protocol Specification RFC 2370 The OSPF Opaque LSA Option RFC 2373 Address Notation Compression RFC 2374 IPv6 Aggregatable Global Unicast Address Format RFC 2375 IPv6 Multicast Address Assignments RFC 2401 Security Architecture for Internet Protocol RFC 2404 Use of HMAC-SHA-1-96 within ESP and AH RFC 2406 IP Encapsulating Security Payload (ESP) RFC 2407 Internet IP Security Domain of Interpretation for ISAKMP RFC 2408 ISAKMP RFC 2428 FTP Extensions for IPv6 and NATs RFC 2453 RIPv2 RFC 2460 IPv6 Specification RFC 2461 Neighbor Discovery IPv6 RFC 2462 IPv6 Stateless Address Autoconfiguration RFC 2463 ICMPv6 RFC 2464 Transmission of IPv6 over Ethernet RFC 2474 DS Field definition in IPv4/v6 Headers RFC 2475 An Architecture for Differentiated Service RFC 2710 MLDv1 RFC 2711 IPv6 Router Alert Option RFC 2827 Network Ingress Filtering RFC 2865 RADIUS Authentication; RADIUS Accounting RFC 2894 Router Renumbering RFC 3041 Privacy Extensions for IPv6 SLAAC RFC 3101 OSPF NSSA Option RFC 3137 OSPF Stub Router Advertisement

RFC 3376 IGMPv3 RFC 3411 SNMP Architecture for Management Frameworks RFC 3412 Message Processing and Dispatching for SNMP RFC 3413 SNMP Applications RFC 3446 Anycast RP using PIM and MSDP RFC 3484 Default Address Selection for IPv6 RFC 3493 Basic Socket Interface Extensions for IPv6 RFC 3509 Alternative Implementations of OSPF ABRs RFC 3513 IPv6 Addressing Architecture RFC 3590 MLD Multicast Listener Discovery RFC 3595 Textual Conventions for IPv6 Flow Label RFC 3596 DNS Extensions to Support IPv6 RFC 3623 Graceful OSPF Restart RFC 3704 Network Ingress Filtering RFC 3768 VRRP RFC 3810 MLDv2 RFC 3879 Deprecating Site Local Addresses RFC 3956 Embedding RP Address in IPv6 Multicast Address RFC 4007 IPv6 Scoped Address Architecture RFC 4167 Graceful OSPF Restart Implementation Report RFC 4193 Unique Local IPv6 Unicast Addresses RFC 4222 Prioritized Treatment of OSPFv2 Packets RFC 4291 IP Version 6 Addressing Architecture RFC 4301 Security Architecture for IP RFC 4302 IP Authentication Header RFC 4303 IP Encapsulating Security Payload (ESP) RFC 4305 Crypto Algorithm Requirements for ESP and AH RFC 4443 ICMPv6 for IPv6 RFC 4541 IGMP Snooping RFC 4552 Authentication /Confidentiality for OSPFv3 RFC 4601 PIM-SM RFC 4602 PIM-SM IETF Proposed Std Req Analysis RFC 4604 IGMPv3 and MLDv2 RFC 4607 Source-Specific Multicast for IP RFC 4608 PIM--SSM in 232/8 RFC 4610 Anycast-RP Using PIM RFC 4835 CryptoAlgorithm Requirements for ESP and AH RFC 4861 Neighbor Discovery for IPv6 RFC 4878 OAM Functions on Ethernet-Like Interfaces RFC 4884 Extended ICMP Multi-Part Messages RFC 4940 IANA Considerations for OSPF RFC 5059 BSR for PIM RFC 5095 Deprecation of Type 0 Routing Headers in IPv6 RFC 5186 IGMPv3/MLDv2/MCAST Routing Protocol Interaction RFC 5187 OSPFv3 Graceful Restart RFC 5250 OSPF Opaque LSA Option RFC 5340 OSPF for IPv6 RFC 5798 VRRP Version 3 RFC 6164 Using 127-Bit IPv6 Prefixes onInter-Router Links Management, Control and Analysis SNMP v1/v2c/v3 Web-based Management Interface Industry Common Command Line Interface Multiple Software Image Support with Revision Roll Back Multi-configuration File Support Editable Text-based Configuration File COM Port Boot Prom and Image Download via ZMODEM Telnet Server and Client Secure Shell (SSHv2) Server and Client Cabletron Discovery Protocol Cisco Discovery Protocol v1/v2 Syslog FTP Client Simple Network Time Protocol (SNTP) Netflow version 5 and version 9 RFC 2865 RADIUS RFC 2866 RADIUS Accounting TACACS+ for Management Access Control Management VLAN 4 Many to-One-port, One-to-Many Ports, VLAN Mirror Sessions Extreme Networks Network Management Suite NMS Console NMS Policy Manager NMS Inventory Manager NMS Automated Security Manager NMS NAC Manager

Specifications:

K-Series Models	K6	K10
Performance/Capacity
Switching Fabric Bandwidth	280 Gbps	440 Gbps
Switching Throughput	190 Mpps (Measured in 64-byte packets)	299 Mpps (Measured in 64-byte packets)
Routing Throughput	190 Mpps (Measured in 64-byte packets)	299 Mpps (Measured in 64-byte packets)
Address Table Size	32,000 MAC Addresses	32,000 MAC Addresses
VLANs Supported	4,096	4,096
Transmit Queues	11	11
Classification Rules	8,196/chassis	8,196/chassis
Packet Buffering	3.0GB	4.5GB
Physical Specifications
Chassis Dimensions (H x W x D)	H: 22.15 cm (8.719") W: 44.70 cm (17.60") D: 35.546 cm (14") 5U	H: 31.02 cm cm (12.219") W: 44.70 cm (17.60"") D: 35.546 cm (14") 7U
Host Memory and Flash	1Gb DRAM 32 MB flash memory	1Gb DRAM 32 MB flash memory
Environmental Specifications
Operating Temperature	+5 °C to +40 °C (41 °F to 104 °F)
Storage Temperature	-30 °C to +73 °C (-22 °F to 164 °F)
Operating Humidity	5% to 95% relative humidity, non-condensing
Power Requirements	100 to 125 VAC, 12 A or 200 to 250 VAC, 7.6 A; 50 to 60 Hz (Max per power supply)
Power over Ethernet Specifications
System Power	Automated or manual PoE power distribution Per-port enable/disable, power level, priority safety, overload, and short-circuit protection System power monitor PoE Power: 400W per power supply (100 to 125 VAC) 2400W Max. 800W per power supply at (200 to 250 VAC) 4800W Max.
Standards Compliance	IEEE 802.3af IEEE 802.3at
Agency and Standards Specifications
Safety	UL 60950-1, FDA 21 CFR 1040.10 and 1040.11, CAN/CSA C22.2 No.60950-1, EN 60950-1, EN 60825-1, EN 60825-2, IEC 60950-1, 2006/95/EC (Low Voltage Directive)
Electromagnetic compatibility	FCC 47 CFR Part 15 (Class A), ICES-003 (Class A), EN 55022 (Class A), EN 55024, EN 61000-3-2, EN 61000-3-3, AS/NZ CISPR-22 (Class A). VCCI V-3. CNS 13438 (BSMI), 2004/108/EC (EMC Directive)
Environmental	2002/95/EC (RoHS Directive), 2002/96/EC (WEEE Directive), Ministry of Information Order #39 (China RoHS)

Hardware-Based High Availability Features

The K-Series includes many standard high availability features. These hardware-based high availability features allow the K-Series to be deployed in mission critical environments that require 24/7 availability.

The K-Series supports the following hardware-based high availability features:

• Passive chassis backplane
• Hot swappable fan trays with multiple cooling fans
• Hot swappable and load-sharing power supplies
• Multiple AC input connections for power circuit redundancy
• Up to 36 groups of eight Ethernet ports can be grouped together to create a multi-link aggregation group (LAG)

Solutions:

Distributed, Flow-Based Architecture

In order to ensure granular visibility and management of traffic without sacrificing performance, the Extreme Networks K-Series deploys a flowbased architecture. This architecture ensures that when a specific communications flow is being established between two end points, the first packets in that communication are processed through the multilayer classification engines in the switch and the I/O fabric module. In this process, the role is identified, the applicable policies are determined, the packets are inspected and the action is determined. After the flow is identified, all subsequent packets associated with that flow are automatically handled in the Extreme Networks ASICs without any further processing. In this way the Extreme Networks K-Series is able to apply a very granular level of control to each flow at full line rate.

Multi-User/Method Authentication and Policy

Authentication allows enterprise organizations to manage network access and provide mobility to users and devices. It provides a way to know who or what is connected to the network and where this connection is at any time. The Extreme Networks K-Series has unique, industry leading capabilities regarding types of simultaneous authentication methods. K-Series modules can support multiple concurrent authentication techniques, including:

• 802.1X authentication
• MAC authentication, which is a way to authenticate devices on the network using the MAC address
• Web-based authentication, also known as Port Web Authentication (PWA), where a user name and password are supplied through a browser
• CEP, also known as Convergence End Point, where multiple vendors VoIP phones are identified and authenticated; this capability provides great flexibility to enterprises looking to implement access control mechanisms across their infrastructure

A significant additional feature of the K-Series is the capability to support multi-user authentication. This allows multiple users and devices to be connected to the same physical port and each user or device to be authenticated individually using one of the multi-method options (802.1x, MAC, PWA, or CEP). The major benefit of multi-user authentication is to authorize multiple users, either using dynamic policy or VLAN assignment for each authenticated user. In the case of dynamic policy, this is called Multi-User Policy. Multi-user port capacities with the K-Series are determined on a per port, per I/O module, and per multi-slot system basis.

Multi-user authentication and policy can provide significant benefits to customers by extending security services to users connected to unmanaged devices, third party switches/routers, VPN concentrators, or wireless LAN access points at the edge of their network. Using authentication provides security, priority, and bandwidth control while protecting existing network investments. The K-Series supports up to 8 users per port with a license option for 256 users per port. Total system capacity supports 1152 users on the K6 and 1920 users on the K10.

Dynamic, Flow-Based Packet Classification

Another unique feature that separates the Extreme Networks K-Series from all competitive switches is the capability to provide User-Based Multi-layer Packet Classification/QoS. With the wide array of network applications used on networks today, traditional Multi-layer Packet Classification by itself is not enough to guarantee the timely transport of businesscritical applications. In the K-Series, User-Based Multi-layer Packet Classification allows traffic classification not just by packet type, but also by the role of the user on the network and the assigned policy of that user. With User-Based Multi-layer Packet Classification, packets can be classified based on unique identifiers like "All Users", "User Groups", and "Individual User", thus ensuring a more granular approach to managing and maintaining network confidentiality, integrity, and availability.

Network Visibility From High Fidelity NetFlow

Network performance management and security capabilities via NetFlow are available on Extreme Networks K-Series switch ports without slowing down switching and routing performance or requiring the purchase of expensive daughter cards for every module. Extreme Networks NetFlow tracks every packet in every flow as opposed to more typical statistical sampling techniques or restrictive appliance-based implementations. The value of unsampled, real-time NetFlow monitoring is the visibility into exactly what traffic is traversing the network. If something abnormal occurs it will be captured by NetFlow and appropriate action can be applied. Additionally, NetFlow can be used for capacity planning, allowing the network manager to monitor the traffic flows and volumes of traffic in the network and understand where the network needs to be reconfigured or upgraded. This saves time and money by enabling administrators to know when and where upgrades might be needed.

Network Traffic Monitoring - Port Mirroring

Port mirroring is an integrated diagnostic tool for tracking network performance and security that is especially useful for fending off network intrusion and attacks. It is a low-cost alternative to network taps and other solutions that may require additional hardware, disrupt normal network operation, affect client applications or may introduce a new point of failure into your network.

Port mirroring is highly scalable and easy to monitor . It is especially convenient to use in networks where ports are scarce. Ports that can be configured to participate in mirroring include physical ports, virtual ports and host ports—VLAN interfaces, and intrusion detection ports. With this feature, analyzing bi-directional traffic and ensuring connectivity between, for example, a departmental switch and its high speed uplink to a backbone switch becomes simple and cost effective process.

K-Series port mirroring relationships can be set on inbound traffic, outbound traffic, or both for up to 4 port mirrors consisting of one-to-one, one-to-many, many-to-one, IDS or policy mirrors.

Documentation:

Download the Extreme Networks K-Series Datasheet (PDF).