Advanced Layer 2 management functions with optional features of IEC 62443, Macsec, L3, L3 Lite, PTP, NAT, and IEC 61375-2-5 ETBN
OVERVIEW
Lantech OS5 management features include advanced Layer 2 management features and Layer 3, Layer 3 Lite, EC61375-2-5 (ETBN)**, R-NAT**, hardware NAT, PTP**, Macsec**, IPv6 etc.
Optional Layer3 (incl. NAT)
The optional L3 supports enhanced routing functionality, including RIP v1/v2/ RIPng, OSPF v1/v2/v3, DVMRP, PIM, PIMv6, VLAN routing, etc. It also supports NAT functions including Static(one-to-one), Dynamic(many-to-many) and PAT (one-to-many). (See the comparison table below)
Optional TTDP and R-NAT protocol for train application (EN50155 models)
The optional TTDP (Train Topology Discovery Protocol) can assign IP and Gateway IP automatically when the train network topology is changed due to the adjustment of train cars. Exclusive DHCP and VLAN over TTDP can help bind devices with certain IP assignments and segment VLAN in the ECN network. The optional R-NAT (Railway-Network Address Translation) is under TTDP simplifies the management of network address translation between ETB and ECN.
Optional IEEE 1588 PTP V2 and 802.1AS for precise time protocol
The Precision Time Protocol (PTP) is a protocol used to synchronize clocks throughout a network. The PTP V2 and gPTP support transparent clock and two-step processing can improve network time accuracy and precision. It supports Profiles including 802.1AS (gPTP) / IEEE 1588v2 (default) / Power Profile IEC 61850-9-3 and IEEE C37.238-2017 and three modes (TC: Transparent clock mode; BC: Boundary clock mode and OC: Ordinary clock mode).
Certified cybersecurity development process with IEC 62443-4-1, and IEC 62443-4-2** certificate with physical tamper resistance and detection for integrity and authenticity of the boot process
Lantech OS5 platform is designed with a high standard of cybersecurity to prevent threats from network attacks. To ensure the safety and reliability of communication networks, Lantech software development is certified with IEC 62443-4-1 security process standards and the switch is also certified with IEC 62443-4-2**. The switch uses roots of trust to verify the integrity and authenticity of the firmware, software, and configuration data needed for the switch’s boot process.
DDoS security to protect switch and server
OS5 platform builds in DDoS attacks security and 802.1X security authentication. The MAC-based port authentication is an alternative approach to 802.1x for authenticating hosts connected to a port. By authenticating based on the host’s source MAC address, the host is not required to run a user for the 802.1x protocol. The RADIUS server that performs the authentication will inform the switch if this MAC can be registered in the MAC-table.
Optional MacSec for advanced security
OS5 switches support MAC security (MACsec) based on IEEE802.3AE standard in association with 802.1X Radius server. MACsec can provide much higher performance for encryption like AES-256 resorting to less CPU utilization. MACsec provides data confidentiality, integrity, and origin authentication to protect transmitted Ethernet data frames in the network with hardware support for MACsec.
Support PXE to verify the switch with the latest or certain version
The switch can check its firmware version during booting time via PXE protocol. If the switch finds any newer version, it will upload automatically.
Support OPEN API document format for Restful API for better switch performance; Auto-provisioning for firmware/configuration update
The switch supports Restful API that uses JSON format to access and use data for GET, PUT, POST and DELETE types to avoid traditional SNMP management occupying CPU utilization. The OPEN API document format for Restful API can greatly improve central management efficiency for various applications including fleet management and AIOT. It also supports auto-provisioning for switch to auto-check the latest software image and configuration through TFTP server.
Auto feed* configuration for swapped new switches for Seamless Network Maintenance
Lantech OS5 switch supports auto-feed*configuration features that revolutionize network switch setup and management. It ensures that new and replacement switches automatically receive the correct configuration without manual intervention.
DHCP option 82 & Port based, Mac based DHCP, Option 7/42/60/66, DHCP Snooping, IPv6 ready
The switch can act as DHCP server to assign dedicated IP addresses by MAC or by port (Port based for each switch), it also can assign IP addresses by port for multiple switches with a single DHCP option82 server. DHCP Snooping and Ipv6 DHCP service is are also supported.
Standardized G.8032 ring, 8 MSTI MSTP; MRP ring
Lantech OS5 Ethernet switches feature a standardized G.8032 ring that is compatible with 3rd party G.8032 ring. It supports MSTP that allows RSTP over VLAN for redundant links with 8 MSTI. MRP (Media Redundancy Protocol) is also supported for industrial automation networks.
Enhanced Storm control
Storm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces, so the detection and reaction are more precise and efficient.
Protocol based VLAN; Subnet based VLAN; QinQ, QoS and GVRP
It supports the QinQ, QoS and GVRP for large VLAN segmentation. The protocol-based VLAN processes traffic based on protocol. It filters IP traffic from nearby end-stations using a particular protocol such as IP, IPX, ARP by Ethernet-types in a Hex value. Subnet based VLANs group traffics into logical VLANs based on the source IP address and IP subnet. The above features can help to build VLAN in the network mixed with managed and un-managed switch as to define packets to which VLAN group based on protocol or subnet.
IGMPv3, GMRP, router port, MLD Snooping, static multicast forwarding
It supports IGMPv3, GMRP, router port, MLD snooping and static multicast forwarding binding by ports for video surveillance applications.
Support NTP, SNTP server with built-in RTC clock source with golden capacitor
The support of NTP/SNTP can synchronize system clock in Internet. Lantech OS5 switch supports NTP server & server/client mode. The switch also builds in a real-time clock (RTC) for measurement of the passage of time with a NTP server.
Out-Of-Band management
OOB management allows a separate and secure method to access and manage the switch even when the primary network is inaccessible.
Enhanced environmental monitoring for switch inside information
The enhanced environmental monitoring can detect switch overall temperature, total power load, actual input voltage and current. It can send the SNMP traps alert when abnormal.
Snapshot switch information for trouble-shooting analysis
With the distinctive Snapshot feature to gather switch data including port statistics, system core information, configuration and event log at the point of time or by scheduling to address switch issues and analyze the root cause in a timely manner.