Alcatel-Lucent AOS-W 6.5.3.x - Branch Switch Config for Cloud Services Switches

To Next Page

To Previous Page

AOS-W 6.5.3.x | User Guide BranchSwitch Config for Cloud Services Switches | 215

Chapter 10

BranchSwitch Config for Cloud Services Switches

Many distributed enterprises with branch and remote offices and locations use cost-effective hybrid WAN

connectivity solutions that include low-cost DSL, 4G and LTE technologies, rather than relying solely on

traditional E1/T1 or T3/E3 dedicated circuits. OAW-40xx Series Cloud Services Switches are optimized for these

types of locations, which are more likely to use cloud security architectures instead of dedicated security

appliances, and where clients are likely to access applications in the cloud, rather than on local application

servers.

Throughout this document the term branch switch will refer to a OAW-40xx Series Series Cloud Services switch that

has been configured via a branch config group created using the AOS-W Smart Config WebUI.

AOS-W supports these distributed enterprises through the following features designed specifically for branch

and remote offices:

n Authentication survivability allows OAW-40xx Series switches to store user access credentials and key reply

attributes whenever clients are authenticated with external RADIUS servers or LDAP authentication servers,

providing authentication and authorization survivability when remote authentication servers are not

accessible.

n Integration with existing Palo Alto Networks Firewalls, like WildFire™ anti-virus and anti-malware detection

services. In deployments with multiple Palo Alto Networks (PAN) firewalls, OAW-40xx Series switches can

select the best PAN firewall based on priority and availability.

n Policy-based routing on each uplink interface, which allows you specify the next hop to which packets are

routed. AOS-W supports multiple next-hop lists, to ensure connectivity in the event that a device on the list

becomes unreachable.

n Uplink and VPNredundancy, and per-interface bandwidth contracts to limit traffic for individual

applications (or categories of applications) either sent from or received by a selected interface.

n Packet compression between Alcatel-Lucent devices (such as devices at the branch and main office), to

maximize the amount of data that can be carried by the network.

n A WAN health-check feature that uses ping-probes to measure WAN availability and latency on each uplink.

The following diagram depicts managed node where a branch switch in the branch office learns the address,

routing information, and other provisioning information from the master switch.