Professional Documents
Culture Documents
Training
Video
HD conference AR/VR Access control
surveillance
How can we meet Wi-Fi 6 bandwidth How can we deploy different service networks How can we respond to concurrent user
needs? in a unified manner? traffic at peak hours?
Single AP = 10 Gbps Office, security protection, production... High burst -> packet loss
Management, control,
and analysis High-quality bearer network ideal for Wi-Fi 6 era
NETCONF/YANG Telemetry
Full-10GE access, releasing Wi-Fi 6 speed
Network layer • Multi-GE switch + high-density 25GE fixed switch + 100GE core, building ultra-broadband channels for Wi-Fi 6
• Integrated wireless policy management (managing up to 10k APs and 50k concurrent users), meeting massive user concurrency
in the Wi-Fi 6 era
• Wireless campus with 10k users, thanks to 100GE capable CloudEngine S12700E (57.6 Tbps, 50k wireless users, 6x performance)
CloudEngine S series campus switches
AirEngine Wi-Fi 6 AirEngine Wi-Fi 6 powered by Huawei 5G, building a fully wireless campus network
Lightning speed More stable coverage More stable application More stable roaming
Industry's only dual-band 16 Dynamic Turbo: Lossless roaming:
Smart antenna: signals
smart antennas: 10.75 Gbps, application acceleration, zero packet loss
moving with users, 20%
2x the industry average < 10 ms latency during roaming
greater coverage distance
25/100GE 25/100GE
VXLAN
Service Service
network 1 network 2
CloudEngine
S12700E-4
CloudEngine
CloudEngine S7700 CloudEngine
CloudEngine S5735- S5730-H/S S6730-H/S
S/L
• Core switches deliver 6x the industry • Integrated WAC (or native AC) provides • Cloud-based management and O&M, • HQoS ensures the application
switching performance ultra-large specifications when combined with iMaster NCE, experience for key users.
• Innovative hybrid optical-electrical • Intelligent terminal identification achieves automatic deployment and
• Fully programmable, open architecture
switches build ultra-high-speed Wi-Fi 6 facilitates refined access control of IoT intelligent O&M
facilitates smooth network evolution
networks terminals at scale
CloudEngine S12700E-4/8/12
SFUE
10GE GE GE
100GE 25GE Native Free
X Series Optical Optical Electrical VXLAN SVF iPCA MACsec
Ports Ports WAC Mobility
Ports Ports Ports
X6E 24 - - - √ √ √ √ √ √
X6E/X6S 6 - - - √ √ √ √ √ √
X6H - 40 - - - √ √ √ √ √ √
X6E/X6S - - 48 - - √ √ √ √ √ -
X6E/X6S* - - 24 24 - √ √ √ √ √ -
X6E/X6S* - - - 48 - √ √ √ √ √ -
X5E/X5S - - - - 48 √ √ √ √ √ -
Note: The 24-port 10GE (optical) and 24-port GE (optical) line card (X6E/X6S) and the 48-port GE (optical) line card (X6E/X6S) can be used on both S12700E
and S12700 chassis
• The CMU manages power modules and fan modules in a chassis. The CMU is hot swappable. Two CMU cards can be installed in a chassis to
work in active/standby mode.
Input Voltage:
• AC: 90V AC~290V AC Input Voltage:
• DC: 190V DC~290V DC • -40V DC~-72V DC
Max Output Power: Max Output Power::
• 3000W@220V AC/240V DC • 2200W
• 1500W@110V AC
• Power supplies use a screw-free ejector latch for easy swapping. An indicator shows whether a power supply is securely installed in its slot.
• AC/DC power modules can be mixed in the same device.
CloudEngine S7703/06/12
High-density, strong power supply capability, rich port forms, and flexible scenario adaptability
• Bidirectional bandwidth per slot: 320 Gbps (S7703), 800 Gbps (S7703 PoE)
• Integrates the control and monitoring functions, excluding the SFU (full mesh).
• Better performance than MCUD: 1024 APs (via native WAC), 256 SVF ASs
MCUD • Improvements on ARP, ND, and RIB entry specifications
• Bidirectional bandwidth per slot: 720 Gbps (S7706), 720 Gbps/320 Gbps (S7712) *
• Integrates hardware-based OAM/BFD, achieving millisecond-level network quality detection
• Service port-based CSS ensures stable and reliable device running
• Used together with C-version line cards
• Cannot be used for capacity expansion or replacement of old MCUs on the live network
SRUHX1
Note: When SRUHX1 is used on S7712, slots 6 and 7 are golden slots that provide higher bandwidth
X6E/X6S 6 - - - - √ √ √ √ √ √
X6E/X6S - 48 - - - √ √ √ √ √ -
X6E/X6S - 24 24 - - √ √ √ √ √ -
X6E/X6S - - 48 - - √ √ √ √ √ -
X5E/X5S - - - 48 - √ √ √ √ √ -
X5E - - - - 48 √ √ √ √ √ -
48 x GE PoE++
LSS7G48VX5E0
• PoE++
• In-house chip inside, supporting key features such as native WAC, VXLAN, free mobility, SVF, and iPCA
• Used on S7703 PoE and S7706 PoE chassis, with 60 W power supply on all ports
• Replaces X5E/X5S/EA series 48 x GE PoE cards, due to its higher specifications while similar or even lower prices than old cards
C
PS1-PS4 M PS5-PS8
U
PS1 PS2 PS3
S7703: PS3 is a PoE module. S7706/7712: PS5-PS8 is a PoE module.
S7703 PoE: All modules are PoE Module S7706 PoE: All modules are PoE Module
• The CMU manages power modules and fan modules in a chassis. The CMU is hot swappable. Two CMU cards can be installed in a chassis to work in active/standby
mode.
Input Voltage:
• AC: 90V AC~290V AC Input Voltage:
• DC: 190V DC~290V DC • -40V DC~-72V DC
Max Output Power: Max Output Power::
• 3000W@220V AC/240V DC • 2200W
• 1500W@110V AC
• Power supplies use a screw-free ejector latch for easy swapping. An indicator shows whether a power supply is securely installed in its slot.
• AC/DC power modules can be mixed in the same device.
C l o u d E n g i n e S 5 7 0 0 E C - H 4 8 T 4 Y C - M A
A B C D E F G H I J K L M
Location Meaning Description
A Brand name (1 bit) Fixed as S
B Network positioning (1 bit) 8: core switch; 6: aggregation switch; 5: access switch
C Market positioning (1 bit) 7: enterprise network market; 3: carrier market
The leftmost one bit indicates the generation, for example, 10/20/50.
D Switch series (2 bits)
The rightmost one bit indicates the specification upgrade, for example, 01/02/03.
E Industry identifier (1 or 2 bits) Null by default; EC: e-commerce model; S: channel distribution model.
F Series model (1 bit) H: high-end model; S: standard model; L: lite model.
G Number of downlink ports (2 bits) Number of downlink ports
D: 400G; C: 100G; Q: 40G; Y: 25G; X: 10G optical; M: 10G electrical; N: 2.5G/5G electrical; S: GE optical; T: GE electrical; F: FE electrical; P:
H Downlink port type (2 bits)
GE electrical port, supporting PoE; U: GE electrical port, supporting PoE++; UM: multi-GE port, supporting PoE++.
I Number of uplink ports (1 bit) Number of uplink ports
J Uplink port type (2 bits) D: 400G; C: 100G; Q: 40G; Y: 25G; X: 10GE optical; S: GE optical; T: GE electrical; TP: combo port.
K Card slot (1 bit) Null: Cards are not supported; C: Uplink cards are supported.
Null by default; If there is a value (for example, M or I) for this bit, the switch is a dedicated one. M indicates a switch tailored for video
L Dedicated bit (1 bit)
surveillance scenarios, and I indicates an extended-temperature switch.
Type of power supply delivered by
M A: AC power supply; D: –48 V DC power supply; null: no power supply delivered by default.
default
Programmable Network Processor inside ,Native AC(1K AP), Free mobility, iPCA, VXLAN,
CloudEngine S6730-H NetStream, Telemetry, SVF, ECA, Threat deception, MPLS, IPv6,1588v2, service port
stacking
Downlink port: 10GE optical ports; uplink port: 40/100GE optical ports
Programmable Network Processor inside, Free mobility, iPCA, VXLAN, NetStream, Telemetry,
CloudEngine S6730-S SVF, ECA, Threat deception, IPv6, service port stacking
Downlink port: 10GE optical ports; uplink port: 40GE optical ports
Cloud
√ SVF √ VXLAN √ iPCA √ ECA √ NetStream √ MPLS √ Telemetry √ √ iStack
mgmt.
• Native AC, managing a maximum of 1K APs • SVF parent/client mode, simplified deployment and management
• Supports IEEE 1588v2 protocol to achieve precise time • VXLAN-based automatic virtual network deployment, implementing
synchronization. multi-purpose network
CPU: RAM:4GB
Console Programmable chip 6*40GE
4 Core*1.4GHz Flash:2GB
Cloud
√ SVF √ VXLAN √ iPCA √ ECA √ NetStream √ MPLS √ Telemetry √ √ iStack
mgmt.
• Native AC, managing a maximum of 1K APs • SVF parent/client mode, simplified deployment and management
• Supports 10GE optical port access, meeting fast • VXLAN-based automatic virtual network deployment,
connection requirements. implementing multi-purpose network
Programmable chips inside, native AC, VXLAN, free mobility, iPCA, NetStream, Telemetry, SVF, ECA, threat
S5732-H
Enhanced GE/Multi-GE switch deception, MPLS, IPv6, service port stacking, GE/10GE models(with 40GE uplink), Multi-GE models(with
25GE/40GE/100GE uplink)
Programmable chips inside, native AC, VXLAN, free mobility, iPCA, NetStream, Telemetry, SVF, ECA, threat
S5731-H
intelligent GE switch deception, MPLS, IPv6, service port stacking, PoE+ (optional), extended cards,MACsec(8*10GE SFP+
subcard only)
S5731-S Programmable chips inside, VXLAN, free mobility, iPCA, NetStream, Telemetry, SVF, ECA, threat deception,
standard GE switch
IPv6, service port stacking, PoE+ (optional)
S5735-S Telemetry, sFlow, SVF (client), IPv6, RIP/RIPng, OSPF, BFD, BGP/BGP4+, IS-IS/IS-ISv6, intelligent upgrade, eMDI Pluggable
standard GE access switch
power modules (1+1 redundancy), airflow from the left, right, and front to the back, 10 kV surge protection, PoE (optional)
S5735-L Telemetry, sFlow, SVF (client), IPv6, RIP/RIPng, OSPF, intelligent upgrade, eMDI, terminal identification
simplified GE access switch
No fan or built-in fan (airflow from the left and front to the right), 10 kV surge protection, PoE (optional),,
Free Cloud
Native AC MPLS VXLAN ECA iPCA NetStream BGP IS-IS BFD iStack RIP/OSPF
mobility mgmt.
S5732-H √ √ √ √ √ √ √ √ √ √ √ √ √
S5731-H √ √ √ √ √ √ √ √ √ √ √ √ √
S5731-S x x √ √ √ √ √ √ √ √ √ √ √
S5735-S x x x x x x x √ √ √ √ √ √
S5735-L x x x x x x x x x x √ √ √
Benchmarking Model
HW:S5732-H CISCO:C9300
HW:S5731-H CISCO:C9300
Programmable Memory: 4 GB
Console port 1.4 GHz quad-core CPU 6 x 40GE ports
chip Flash: 2 GB
ETH management port Four slots for pluggable fan Two slots for pluggable power modules (1+1
SSD card slot*
USB 2.0 port modules redundancy), supporting 600 W AC or 1000 W DC
power modules
*SSD card slot reserved
Stack bandwidth: 480 Gbps 20/44 x GE optical ports, 4 x 10GE optical ports, and 6 x MAC address: 128K
Cloud
√ SVF √ VXLAN √ iPCA √ ECA √ NetStream √ MPLS √ Telemetry √ √ iStack
mgmt.
• Supports hybrid access of GE and 10GE optical ports, • Works with the CIS platform to implement ECA and threat
and provides abundant ports deception, achieving network-wide security collaboration
Cloud
√ SVF √ VXLAN √ iPCA √ ECA √ NetStream √ MPLS √ Telemetry √ √ iStack
mgmt.
Category 5 cable
• 10GE optical fiber access, meeting Wi-Fi needs in the 1/2.5G 100 m (industry average) None
(CAT5E)
next 10 years
Category 6 cable
1/2.5/5G 100 m (industry average) None
(CAT6)
Hybrid optical-
1G/10G 200 m Smooth upgrade
electrical cable
Application scenario: AP access distance is greater than 100 m, where power supply is difficult and cabling costs are high. Hybrid optical-electrical
cables are deployed once, while smoothly upgrading to 25G/40G/100G.
Stack bandwidth: 240 Gbps 24/48 x GE electrical ports and 4 x 10GE optical ports MAC address: 288K
Cloud
√ SVF √ VXLAN √ iPCA √ ECA √ NetStream √ MPLS √ Telemetry √ √ iStack
mgmt.
• Supports 512 MB buffer to meet services with bursty • Works with the CIS platform to implement ECA and threat
traffic deception, achieving network-wide security collaboration
Two slots for pluggable fan Two slots for pluggable power modules
USB 2.0 port
modules (1+1 redundancy)
Cloud
√ SVF √ VXLAN √ iPCA √ ECA √ NetStream √ BGP √ Telemetry √ √ iStack
mgmt.
• Comes with pluggable power modules and fan modules, • Works with the CIS platform to implement ECA and threat
supporting 1+1 redundancy deception, achieving network-wide security collaboration
USB-based Cloud
√ SVF √ sFlow √ eMDI √ √ IS-IS/IS-ISv6 √ BGP √ Telemetry √ √ iStack
deployment mgmt
• Supports perpetual/Fast PoE, providing high-quality • Provides all-optical, all-electrical, and optical/electrical
power supply hybrid models to meet scenario-specific requirements
Two built-in fan modules, with airflow from the left, Two slots for pluggable power modules
USB 2.0 port
right, and front to the back (1+1 redundancy)
USB-based Cloud
√ SVF √ sFlow √ eMDI √ √ IS-IS/IS-ISv6 √ BGP √ Telemetry √ √ iStack
deployment mgmt
2 x 10GE SFP+
CloudEngine S5735-S4T2X-IA150G1 4 x GE or 8 x GE (PoE) Console port
USB port
CloudEngine S5735-S8P2X-IA200G1 Ethernet management port
220 V AC input
12 V DC output
24 V AC output
Fiber
Circuit breaker management Access control sensor
(input/output) tray
Note: The S5735-L48P4X-A has one built-in pluggable 1000 W AC power module.
USB-based Cloud
√ SVF √ sFlow √ eMDI √ √ RIP/RIPng √ OSPF √ Telemetry √ √ iStack
deployment mgmt.
• Supports perpetual/Fast PoE, providing high-quality • Provides models with 12/24/48 x GE ports to meet
power supply scenario-specific requirements
Model 2 x 40GE QSFP+ card 8*10GE Base-T card 8*10GE SFP+ card* 8*25GE SFP28 card**
S5732-H
√ √
Multi-GE Model
S5732-H
√ √
Hybrid Optical-Electrical Model
S5731-H √ √ √
*Note: The 8*10GE card supports 2*25GE SFP28 (ports 0 and 1) through mode switching, and all ports support MACsec.
**Note: The 8*25GE card supports 10GE/25GE auto-sensing, GE optical interfaces (CLI), and all ports support MACsec.
AC input
47 Hz to 63 Hz 47 Hz to 63 Hz 45 Hz to 65 Hz N/A 45 Hz to 65 Hz
frequency
High-voltage DC
190 V DC to 290 V DC N/A 190 V DC to 290 V DC N/A 190 V DC to 290 V DC
voltage
60W AC √ √
150W AC √ √ √
600W AC √ √ √ √ √
1000W AC √ √ √ √ √
1000W DC √ √ √ √ √ √ √
Note: The table is for reference only. For the mapping between product models and power modules, see the latest brochure on the official website and the configurator SCT.
Forwarding
bottleneck
Core Core Native AC
WAC
Access Access
Native AC √ √ √ √ √ √ √ √ √ √
AP management
capacity 10K 512 1K 1K 1K 4K 4K 1K 1K 1K
(Total)
AP management
capacity 4K 512 1K 1K 1K 4K 4K - - -
(X-series LPU)
Note: The SRUH of the CloudEngine S7706/12 includes three models, SRUH, SRUHA1 and SRUHX1.
Border
Edge Edge
Office Videoconfe Security Office Videoconfer Security Office Office Videoconferencing Videoconferencing Security Security protection
rencing protection encing protection protection
Border Border
VXLAN VXLAN
The following uses office terminal A under Edge A as an example to describe the service forwarding mode during the communication with terminals or applications in the
VN, between VNs, and outside.
In Centralized VXLAN gateway mode, the Layer 3 gateway is deployed only on one device. All traffic sent across subnets is forwarded through the Layer 3 gateway,
implementing centralized traffic management.
In Distributed VXLAN gateway mode, Edge nodes function as VTEPs of VXLAN tunnels and can also function as Layer 3 VXLAN gateways. Border nodes are unaware of the
VXLAN tunnels and only forward VXLAN packets.
Huawei Huawei
or 3rd vendor or 3rd vendor
VxLAN
Edge A (BGP-EVPN) Edge B
VxLAN
(BGP-EVPN)
Office PC IPC Conference TE Office PC Conference TE IPC Office PC IPC Conference TE Office PC Conference TE IPC
• Application scenario: network reconstruction and upgrade, supporting hybrid • Application scenario: applicable to new deployment or reconstruction scenarios and
deployment (access) of devices from different vendors; supports hybrid deployment of 3rd party devices
• Solution highlights: The existing access devices are reused to maximize the return • Solution Highlights: Reuse of Some Aggregation Devices, Protecting Investment on
on investment (ROI) of the live network the Live Network, and Network-wide Virtualization
iMaster NCE
1. Define security groups and policies
8 Mbps
2. Automatically translate and
deliver policies Terry
Mark
3. Authenticate users 4. Match and enforce policies
2 Mbps
1 Mbps
Guest 3 Guest √ x x x
VIP
Guest
Security group 2 Security group 1 Security group 3 Security group 2 Security group 3
(R&D) (VIP) (guest) (R&D) (guest)
R&D 2 R&D √ × √ √
Security group 6
(email) Guest 3 Guest √ x x x
IP-Group Finance 5 Finance × √ √ ×
Synchronization ... ... ... ... ...
Security group 7 (R&D)
Access
R&D Data channel
VIP
Guest
Security group 2 Security group 1 Security group 3 Security group 2 Security group 3
(R&D) (VIP) (guest) (R&D) (guest)
Guest 3 Guest √ x x x
VIP
VXLAN tunnel
Sales
Security group 2 Security group 1 Security group 3 Security group 2 Security group 3
(R&D) (VIP) (guest) (R&D) (guest)
Data center
Policy Execute Point Security group Security group
definition policy matrix
Authentication Point
Security Group Group Policy (Permission)
Security group 5
(finance) Group Name SG ID Extranet Finance Email R&D
VIP 1 VIP √ √ √ √
R&D 2 R&D √ × √ √
Security group 6 Core
Guest 3 Guest √ x x x
(email)
Finance 5 Finance × √ √ ×
VIP
Sales
Security group 2 Security group 1 Security group 3 Security group 2 Security group 3
(R&D) (VIP) (guest) (R&D) (guest)
cable
logical stack port supports one or more physical ports of the same type.
• Used for GE or 10GE optical port stacking • Used for 40GE or 100GE optical port stacking • Used for GE or 10GE optical port stacking • Used for 40GE or 100GE optical port stacking
Type 3: fiber patch cord + optical module Type 4: dedicated stack cable
Fiber patch cord Optical module Dedicated stack cable
1. Used for GE or 10GE optical port stacking
Note: For details about the stack cables used with specific product models, see the Switch Stack Specifications.xlsx.
Note: The CloudEngine S12700E supports CSS based on service ports, and the S7706 and S77012 support CSS based on service ports or stack cards to ensure reliability of
core nodes and simplify device management.
iStack
Aggregation Client
Aggregation (AS1)
Client
Access Access
(AS2)
Note: The SVF system consists of the parent and clients. The parent manages all clients (ASs) connected to the SVF system. AS is the abbreviation of the access switch connected to the
parent. In an SVF system, AS is an SVF client.
Attribute S12700E S7700 S6730-H S6730-S S5732-H S5731-H S5731-S S5735-S S5735-L
SVF parent √ √ √ √ √ √ - - -
Number of layers of
ASs supported
2 2 2 2 2 2 - - -
Maximum number of
ASs supported
256 256 32 32 32 32 - - -
AS supporting stacking √ √ √ √ √ √ - - -
Number of stack
members in one AS
5 5 5 5 5 5 - - -
SVF client - - - √ √ √ √ √ √
Note: The S6730-S,S5732-H and S5731-H switches that use programmable chips can work as the SVF parent and client. You can flexibly configure them.
RIP/OSPF/IS-IS
Multi-hop
detection
• Hardware-Based OAM/BFD provides 3.3 ms detection interval. • Upon a network-level fault, a switchover can be completed within 50
It helps quickly detect the link status. ms, with user services not affected.
Innovative eMDI detects and locates audio/video service faults in real time
CampusInsight
KPI collection flow
9 8 7 6 5 3 2 1
IPC2 VCN
Traditional: single-point defense through border security devices Huawei: network-wide defense by using security device + security probe
• Firewalls are used to isolate • Firewalls are used to isolate Basic principles of ECA
• The security probe extracts the features of
external network threats. external network threats. encrypted traffic and reports them to the CIS in
• The lateral movement of • Security probes inside access metadata.
internal threats is neither devices isolate terminal threats, • The CIS compares the features with the signature
database, identifies malicious traffic, and notifies
perceived nor addressed. preventing them from lateral iMaster-NCE of the result.
movement. • iMaster-NCE delivers the traffic policy to the
security probe to block or permit the traffic.
iStack iStack
iMaster-NCE CIS iMaster-NCE
platform
Note: All models of fixed switches using programmable chips can collaborate with the CIS platform to implement security defense functions, such as ECA, threat deception,
and traffic anomaly detection.
Network-wide secure transmission of Layer 2 packets MACsec: Layer 2 data encryption technology
Media Access Control Security (MACsec) defines a method for secure data
communication over an IEEE 802 LAN. MACsec ensures data transmission
Routing/MPLS IPsec security by encrypting data transmitted between hop-by-hop devices. The
WAN protocol is 802.1AE.
Data source
Data frame
MACsec authenticity
integrity check
LAN verification
User data Replay
MACsec protection
encryption
Note: MACsec is enabled on the uplink ports (fixed ports or ports of cards) of access switches
Area A Area B Area C
and ports of aggregation devices, and on the uplink ports of aggregation devices and ports
of core devices to provide end-to-end secure transmission channels.
MACsec √ √ √ √ √ √ √ √ √ √
Encryption
Technology MACsec-256 MACsec-256 MACsec-256 MACsec-256 MACsec-256 MACsec-256 MACsec-256 MACsec-256 MACsec-256 MACsec-256
Interface card
Remark Interface card Interface card Interface card Uplink Port Extended card Extended card
(0~5 port)
Port
User
Fixed
S6720-SI CloudEngine S6730-S
(10GE)
S6720-LI CloudEngine S5732-H(Multi-GE)
S5720I-SI
CloudEngine S5735-S-IA
Video Backhaul Switch
S5720I-SI
CloudEngine S5735-S-I(24 Port)
Extended-Temperature Switch