Layer3 OS5 Switches

Advanced Layer 2 management functions with optional features of IEC 62443, Macsec, L3, L3 Lite, PTP, NAT, and IEC 61375-2-5 ETBN

OVERVIEW

Lantech OS5 management features include advanced Layer 2 management features and Layer 3, Layer 3 Lite, EC61375-2-5 (ETBN)**, R-NAT**, hardware NAT, PTP**, Macsec**, IPv6 etc.

Optional Layer3 (incl. NAT)
The optional L3 supports enhanced routing functionality, including RIP v1/v2/ RIPng, OSPF v1/v2/v3, DVMRP, PIM, PIMv6, VLAN routing, etc. It also supports NAT functions including Static(one-to-one), Dynamic(many-to-many) and PAT (one-to-many). (See the comparison table below)

Optional TTDP and R-NAT protocol for train application (EN50155 models)
The optional TTDP (Train Topology Discovery Protocol) can assign IP and Gateway IP automatically when the train network topology is changed due to the adjustment of train cars. Exclusive DHCP and VLAN over TTDP can help bind devices with certain IP assignments and segment VLAN in the ECN network. The optional R-NAT (Railway-Network Address Translation) is under TTDP simplifies the management of network address translation between ETB and ECN.

Optional IEEE 1588 PTP V2 and 802.1AS for precise time protocol
The Precision Time Protocol (PTP) is a protocol used to synchronize clocks throughout a network. The PTP V2 and gPTP support transparent clock and two-step processing can improve network time accuracy and precision. It supports Profiles including 802.1AS (gPTP) / IEEE 1588v2 (default) / Power Profile IEC 61850-9-3 and IEEE C37.238-2017 and three modes (TC: Transparent clock mode; BC: Boundary clock mode and OC: Ordinary clock mode).

Certified cybersecurity development process with IEC 62443-4-1, and IEC 62443-4-2** certificate with physical tamper resistance and detection for integrity and authenticity of the boot process
Lantech OS5 platform is designed with a high standard of cybersecurity to prevent threats from network attacks. To ensure the safety and reliability of communication networks, Lantech software development is certified with IEC 62443-4-1 security process standards and the switch is also certified with IEC 62443-4-2**. The switch uses roots of trust to verify the integrity and authenticity of the firmware, software, and configuration data needed for the switch’s boot process.

DDoS security to protect switch and server
OS5 platform builds in DDoS attacks security and 802.1X security authentication. The MAC-based port authentication is an alternative approach to 802.1x for authenticating hosts connected to a port. By authenticating based on the host’s source MAC address, the host is not required to run a user for the 802.1x protocol. The RADIUS server that performs the authentication will inform the switch if this MAC can be registered in the MAC-table.

Optional MacSec for advanced security
OS5 switches support MAC security (MACsec) based on IEEE802.3AE standard in association with 802.1X Radius server. MACsec can provide much higher performance for encryption like AES-256 resorting to less CPU utilization. MACsec provides data confidentiality, integrity, and origin authentication to protect transmitted Ethernet data frames in the network with hardware support for MACsec.

Support PXE to verify the switch with the latest or certain version
The switch can check its firmware version during booting time via PXE protocol. If the switch finds any newer version, it will upload automatically.

Support OPEN API document format for Restful API for better switch performance; Auto-provisioning for firmware/configuration update
The switch supports Restful API that uses JSON format to access and use data for GET, PUT, POST and DELETE types to avoid traditional SNMP management occupying CPU utilization. The OPEN API document format for Restful API can greatly improve central management efficiency for various applications including fleet management and AIOT. It also supports auto-provisioning for switch to auto-check the latest software image and configuration through TFTP server.

Auto feed* configuration for swapped new switches for Seamless Network Maintenance
Lantech OS5 switch supports auto-feed*configuration features that revolutionize network switch setup and management. It ensures that new and replacement switches automatically receive the correct configuration without manual intervention.

DHCP option 82 & Port based, Mac based DHCP, Option 7/42/60/66, DHCP Snooping, IPv6 ready
The switch can act as DHCP server to assign dedicated IP addresses by MAC or by port (Port based for each switch), it also can assign IP addresses by port for multiple switches with a single DHCP option82 server. DHCP Snooping and Ipv6 DHCP service is are also supported.

Standardized G.8032 ring, 8 MSTI MSTP; MRP ring
Lantech OS5 Ethernet switches feature a standardized G.8032 ring that is compatible with 3rd party G.8032 ring. It supports MSTP that allows RSTP over VLAN for redundant links with 8 MSTI. MRP (Media Redundancy Protocol) is also supported for industrial automation networks.

Enhanced Storm control
Storm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces, so the detection and reaction are more precise and efficient.

Protocol based VLAN; Subnet based VLAN; QinQ, QoS and GVRP
It supports the QinQ, QoS and GVRP for large VLAN segmentation. The protocol-based VLAN processes traffic based on protocol. It filters IP traffic from nearby end-stations using a particular protocol such as IP, IPX, ARP by Ethernet-types in a Hex value. Subnet based VLANs group traffics into logical VLANs based on the source IP address and IP subnet. The above features can help to build VLAN in the network mixed with managed and un-managed switch as to define packets to which VLAN group based on protocol or subnet.

IGMPv3, GMRP, router port, MLD Snooping, static multicast forwarding
It supports IGMPv3, GMRP, router port, MLD snooping and static multicast forwarding binding by ports for video surveillance applications.

Support NTP, SNTP server with built-in RTC clock source with golden capacitor
The support of NTP/SNTP can synchronize system clock in Internet. Lantech OS5 switch supports NTP server & server/client mode. The switch also builds in a real-time clock (RTC) for measurement of the passage of time with a NTP server.

Out-Of-Band management
OOB management allows a separate and secure method to access and manage the switch even when the primary network is inaccessible.

Enhanced environmental monitoring for switch inside information
The enhanced environmental monitoring can detect switch overall temperature, total power load, actual input voltage and current. It can send the SNMP traps alert when abnormal.

Snapshot switch information for trouble-shooting analysis
With the distinctive Snapshot feature to gather switch data including port statistics, system core information, configuration and event log at the point of time or by scheduling to address switch issues and analyze the root cause in a timely manner.

Future release
Optional
Annual license

L2 SPECIFICATIONS

Manageability / Network
Management (IPv4/IPV6)	SNMP v1 v2c, v3/ Web/ Telnet/ SSH/SSL/ OPEN API document format for Restful API
User-friendly UI	Auto topology drawing Topology demo Complete CLI for a professional setting
SNMP MIB(IPv4/IPv6)	MIBII MIB SNMP MIB Bridge MIB IF MIB RMON MIB Alarm MIB Private MIB
SNMP Trap(IPv4/IPv6)	Up to 5 trap stations; trap types including: Device cold start Authorization failure Port link up/link down DI/DO open/close Typology change (ITU ring) Power failure Environmental abnormal
Firmware Update	Supports TFTP firmware update, TFTP backup and restore; HTTP firmware upgrade; USB firmware update
Configuration import and export	Supports editable configuration file for system quick installation; Support factory reset ping to restore all settings back to factory default
DHCP(IPv4/IPv6)	Provide DHCP Client/ DHCP Server/DHCP Option 82/Port based DHCP; DHCP Snooping, DHCP Option 66; DHCP Option 7/42/60/61/66/67/PXE
Mac-based DHCP Server(IPv4/IPv6)	Assign IP address by Mac in DHCP network
DNS(IPv4/IPv6)	Provide DNS client feature and can set Primary and Secondary DNS server
System Log (IPv4/IPv6)	Supports System log record and remote system log server
PXE client	Check firmware version when switch is booting-up
Auto-provisioning	Auto check firmware image and confirguration
LLDP	Supports LLDP to allow switch to advise its identification and capability on the LAN
CDP	Cisco Discovery Protocol for topology mapping
Remote Admin (IPv4/IPv6)	Supports 10 IP addresses that have permission to access the switch management and to prevent unauthorized intruder
OOB	Through Out-Of-Band management port
Redundancy / Protection
ITU G.8032	Support ITU G.8032 for Ring protection in less than 20ms for self-heal recovery (single ring topology) Standard .8032 ring configuration with ease
Spanning Tree	Supports IEEE802.1d Spanning Tree and IEEE802.1w Rapid Spanning Tree, IEEE802.1s Multiple Spanning Tree 8 MSTI; Supports BPDU guard/Root guard/Aggregation port
Protection	Miss-wiring avoidance Node failure protection Loop protection
PoE (PoE models)
PoE Management	PoE Detection to check if PD hangs then restart the PD
Per Port PoE Status	On/ Off, voltage, current, watts, temperature
Fast/Perpetual PoE	provides immediate and continuous power to devices during PSE switch reboots
Security
IEC62443 Cybersecurity ready***	Cybersecurity Vulnerability checking Identification and authentication Resource availability
IEEE 802.1AE MACSec**	Support GCM-AES-128bits & 256bits MACSec encryption between client and network device IEEE 802.1X and dynamic secure association key (SAK) security mode Non-encryption of the 802.1Q Tag header
Prevention of DDoS/DoS attack	Suspicious Packets DoS/DDoS Attacks Network DoS/DDoS Attacks
Network Security (IPv4/IPv6)	Support 10 IP addresses that have permission to access the switch management and to prevent unauthorized intruder. 802.1X access control for port based and MAC based authentication/static MAC-Port binding and user based Ingress/Egress ACL L2/L3 SSL/SSH v2 for Management HTTPS for secure access to the web interface TACACS+ for Authentication Encryptable export configuration
Login Security (IP4/IP6)	Supports IEEE802.1X Authentication/RADIUS
Switching
VLAN	Port Based VLAN IEEE 802.1Q Tag VLAN (256 entries)/ VLAN ID (Up to 4K, VLAN ID can be assigned from 1 to 4096) GVRP, QinQ, QoS (Max 32 entries; Max 7 entries when QoS by VLAN) Protocol based VLAN Ipv4/IPv6 Subnet based VLAN
IGMP	Support IGMP snooping v1, v2, v3; Supports IGMP static route; 1024 multicast groups; IGMP router port; IGMP query; GMRP
MLD Snooping	Support Ipv6 Multicast stream
Static multicast forwarding	Static multicast forwarding forward reversed IGMP flow with multicast packets binding with ports for IP surveillance application
QoS
Quality of Service	The quality of service determined by port, Tag and Ipv4 Type of service, Ipv4 Differentiated Services Code Points – DSCP
Class of Service	Support IEEE802.1p class of service, per port provides 8 priority queues
Bandwidth Control	Support ingress packet filter and egress* packet limit. The egress* rate control supports all of packet type. Ingress filter packet type combination rules are Broadcast/Multicast/Flooded Unicast packet, Broadcast/Multicast packet, Broadcast packet only and all types of packet. The packet filter rate can be set an accurate value through the pull-down menu for the ingress packet filter and the egress* packet limit.
Port Trunk with LACP	LACP Port Trunk: 8 Trunk groups
Port
Port Mirror	Support 3 mirroring types: “RX, TX and Both packet”
Enhanced Storm Control	prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces
System
Enhanced Environmental Monitoring	System status for actual input voltage, current, total power load and ambient temperature to be shown in GUI and sent alerting if any abnormal status
Time Management
NTP/SNTP(IPv4/IPv6)	Supports NTP/SNTP to synchronize system clock in Internet Supports NTP server & server/client mode NTP server support Primary and Backup in client mode Support NTP Time Re-correct without battery Built-in RTC clock can be clock source for NTP server (RTC is subject to model variant)
PTP**	IEEE1588 PTP V2, IEEE802.1AS gPTP, IEC 61850-9-3; Transparent clock and two step processing
Diagnostic	Support Ping, ARP table and DDM information
Train Protocol (EN50155 models)
ECN	Complies with IEC 61375-3-4 (ECN) standard.
IPv6
Managed	Neighbor Discovery v6
Multicast	MLDv1/v2 (RFC 2710)
DHCP	DHCPv6 Client (RFC 3315), DHCPv6 Snooping, DHCPv6 Relay (RFC 3315), DHCPv6 Server (RFC 3315)
Diagnostic	Ping v6, IPv6-Tracert, IPv6-TFTP

Future release
Optional
Annual license

L3 & L3Lite SPECIFICATIONS

Upgradable Package – L3 & L3Lite (L3L) SPECIFICATIONS

RIP v1/v2 (L3 only)	Support RIP Redistribute Static routes Route-map Metric Support Enhanced Redistributing Routing Protocols Between routing protocols (RIP, OSPF, EIGRP, BGP). Directly connected routes can be redistributed into a routing protocol. Support OSPF and RIP running simultaneously in the same system (but need to be in different interfaces) Support Equal-cost multi-path routing (ECMP) for RIP
OSPF	Support OSPF Area Standard Area Stub Area Stub no-summary Area Support Equal-cost multi-path routing (ECMP)
Static Route	Up to 32
L3 port	Physical port, Aggregation port
Multicast Routing
DVMRP (L3 only)	Distance Vector Multicast Routing Protocol (DVMRP) is a routing protocol used to share information between routers to facilitate the transportation of IP multicast packets among networks.
PIM (Protocol Independent Multicast)	PIM-SM (Sparse Mode) PIM-BSR (Bootstrap) PIM-DM (Dense Mode) PIM-SSM (Source-Specific Multicast Mode)
Routing
VRRP	For Routing Redundancy Combine Max. 2 gateways as single virtual gateway
VLAN
Inter-VLAN routing	Support dynamic routing and static routing
Router-on-a stick	Route traffic between different VLAN groups via VLAN trunking port
NAT
Hardware NAT	Max 384 clients
Static NAT	Max 128 connections; 1 to 1
PAT (port address translation)	Max 256 connections; 1 to many; many to 1; Port forwarding
Train (EN50155 models)
TTDP**	TTDP (Train Topology Discovery Protocol) complies with IEC 61375-2-5 (ETBN) standard.
DHCP for TTDP**	Support Option 66/82
R-NAT** (OS5-L3 only)	Support Railway-Network Address Translation
Others
IP based port	Support
IPv6 Routing
Unicast Routing	Inter-VLAN routing , RIPng, OSPFv3
Multicast Routing	PIMv6 (PIM-SM, PIM-SSM, PIM- BSR)
Redundant	VRRPv3

*Future release
**Optional

PLATFORMS COMPARISON / L3 VS L3Lite

ORDER INFORMATION

ORDERING INFORMATION

P/N	Model name	Description
9000-119	OS5 – L3L	OS5 software platform upgrade to Layer 3 Lite platform
9000-120	OS5 – L3L – IEC61375-2-5	OS5 software platform with IEC-61375-2-5 ETBN (Ethernet Train Backbone Networks) function (under L3L)
9000-122	OS5 – L3	OS5 software platform with Layer 3 functions
9000-123	OS5 – L3 – IEC61375-2-5	OS5 software platform with IEC-61375-2-5 ETBN (Ethernet Train Backbone Networks) function w/ R-NAT (under L3)
9000-124	OS5 – IEC62443-4-2	OS5 software platform IEC-62443-4-2 Cybersecurity features
9000-125	OS5 – Macsec	OS5 software platform Macsec features
9000-126	OS5 – PTP	OS5 software platform IEEE 1588 PTP V2 features

Advanced Layer 2 management functions with optional features of IEC 62443, Macsec, L3, L3 Lite, PTP, NAT, and IEC 61375-2-5 ETBN

OVERVIEW

Future release
Optional
Annual license

L2 SPECIFICATIONS

Future release
Optional
Annual license

Upgradable Package – L3 & L3Lite (L3L) SPECIFICATIONS

*Future release
**Optional

PLATFORMS COMPARISON / L3 VS L3Lite

*Future release
**Optional

ORDERING INFORMATION

About Lantech

Quality

Contact Us

Advanced Layer 2 management functions with optional features of IEC 62443, Macsec, L3, L3 Lite, PTP, NAT, and IEC 61375-2-5 ETBN

OVERVIEW

*Future release **Optional ***Annual license

About Lantech

Quality

Contact Us

Future release
Optional
Annual license