Preface Scope This document provides an overview on FSM-510G. It contains: Descriptive material about the FSM-510G Hardware Installation Guide. Audience The guide is intended for system engineers or operating personnel who want to have a basic understanding of FSM-510G. Safety Instructions When a connector is removed during installation, testing, or servicing, or when an energized fiber is broken, a risk of ocular exposure to optical energy that may be potentially hazardous occurs, depending on the laser output power.
Overview FSM-510G series industrial Ethernet solutions deliver high quality, wide operation temperature range, extended power input range and advanced VLAN & QoS features. It’s ideal for harsh environments and mission critical applications. Faceplate 10-Port series Front Panel Introduction Front Panel...
Quick Installation Mounting the FSM-510G (DIN-Rail) Mounting step: 1. Screw the DIN-Rail bracket on with the bracket and screws in the accessory kit. 2. Hook the unit over the DIN rail. Push the bottom of the unit towards the DIN Rail until it snaps into place. Figure 1 FSM-510G DIN-Rail Mounting...
Mounting the FSM-510G (Wall mount) Mounting step: Screw on the wall-mounting plate on with the plate and screws in the accessory kit. Figure 2 FSM-510G Wall Mounting...
Connecting the Ethernet Interface (RJ45 Ethernet) FSM-510G provides two types of electrical (RJ45) and optical (mini-GBIC) interfaces. For example, on FSM-510G-2F , Port 1-8 are electrical only (RJ45). To connect to a PC, use a straight-through or a cross-over Ethernet cable, To connect the FSM-510G copper Port to an Ethernet device, use UTP (Unshielded Twisted Pair) or STP (Shielded Twisted Pair) Ethernet cables.
Page 15
Prepare a proper SFP module and install it into the optical port. Then you can connect fiber optics cabling that uses LC connectors or SC connectors (with the use of an optional SC-to-LC adapter) to the fiber optics connector. Refer to Table 1 for the normal operational LED status. Fiber optics cable with LC duplex Connect the optical fiber to the SFP connector...
Power Connection The DC power interface is a 6-pin terminal block with polarity signs on the top panel. The FSM-510G can be powered from two power supply (input range 12V – 58V). The DC power alarm contact on the middle terminal block. connector is a 6-pin terminal block;...
Console Connection The Console port is for local management by using a terminal emulator or a computer with terminal emulation software. DB9 connector connect to computer COM port Baud rate: 115200bps 8 data bits, 1 stop bit None Priority None flow control...
To connect the host PC to the Console port, a RJ45 (male) connector-to-RS232 DB9 (female) connector cable is required. The RJ45 connector of the cable is connected to the Console port of FSM-510G; the DB9 connector of the cable is connected to the PC COM port. The pin assignment of the Console cable is shown below: SYSTEM RESET The Reset button is provided to reboot the system without the need to remove power.
Web Interface Initialization (Optional) Web Browser Support IE 7 (or newer version) with the following default settings is recommended: Language script Latin based Web page font Times New Roman Plain text font Courier New Encoding Unicode (UTF-8) Text size Medium Firefox with the following default settings is recommended: Web page font Times New Roman...
Page 20
Connect & Login to FSM-510G Connecting to FSM-510G Ethernet port (RJ45 Ethernet port). Factory default IP: 192.0.2.1 Login with default account and password. Username: admin Password: (none)
Monitoring the Ethernet Interface By RJ45 Ethernet: Figure 3 Refer to for monitoring 8 Gigabit Ethernet with copper connector (RJ45). Also refer to Table 1 for the normal operational LED status. By SFP: Figure 3 Refer to for monitoring 4 Gigabit Ethernet with SFP connector. Also refer to Table 1 for the normal operational LED status.
Reset to Default and Save Configure Configuration via CLI command To see what current interface and IP address is: If manager want to reset the configuration to default but keep management IP setting. (1) please execute this command: reload defaults keep-ip (2) check interface VLAN and IP address, confirm only management IP setting kept.
Page 24
Configuration via WEB UI If manager want to reset the configuration to default but keep management IP setting (1)Go to “Maintenance” ”Factory Defaults” pagination to Click “Yes” button. (2) Go to “Maintenance” “Configuration” ”Save startup-config” pagination, then click “Save Configuration” button, then reset successfully. If manager want to reset the all configuration to default completely (1) Go to “Maintenance”...
Page 25
(3) Change WEB’s IP be 192.0.2.1(default IP) to login PC’s Web UI. (4) Go to “Maintenance” “Configuration” ”Save startup-config” pagination, then click “Save Configuration” button, then reset successfully.
LED STATUS INDICATIONS Table 1 LED Status Indicators STATE Description On Green P1 power line has power P1 power line disconnect or does not have supply power On Green P2 power line has power P2 power line disconnect or does not have supply power On Red Alarm event occurs...
VLAN Application Guide VLAN Application Guide This part describes how to configure Virtual LANs (VLANs) in FSM-510G. The FSM-510G supports up to 2048 VLANs. Ports are grouped into broadcast domains by assigning them to the same VLAN. Frames received in on VLAN can only be forwarded within that VLAN, and multicast frames and unknown unicast frames are flooded only to ports in the same VLAN.
VLAN Application Guide Example 2: Port-based VLANs When the FSM-510G receives an untagged VLAN packet, it will add a VLAN tag to the frame according to the PVID setting on a port. As shown in the following figure, the untagged packet is marked (tagged) as it leaves the FSM-510G through Port 2, which is configured as a tagged member of VLAN100.
Page 31
VLAN Application Guide Step2. Select Configuration -> VLAN -> Static VLAN. Create a VLAN with VLAN ID 100. Enter a VLAN name in the Name field. Step3. Assign VLAN tag setting to or remove it from a port by toggling the check box under an individual port number.
VLAN Application Guide Example 3: IEEE 802.1Q Tagging FSM-510G is able to construct layer-2 broadcast domain by identifying VLAN ID specified by IEEE 802.1Q. It forwards a frame between bridge ports assigned to the same VLAN ID and can set multiple VLANs on each bridge port.
Page 34
VLAN Application Guide Configuration: Step1. Go to C onfiguration -> VLANs -> Port VLAN configuration page specify the VLAN membership as follows: Step2. Transmit unicast packets with VLAN tag 100 from Port 1 to Port 2 and Port 7. The FSM-510G should tag it with VID 100.
QoS Application Guide Security Application Guide ACL function supports access control security for MAC address, IP address, Layer4 Port, and Type of Service. Each has five actions: Deny, Permit, Queue Mapping, CoS Marking, and Copy Frame. User can set default ACL rule to Permit or Deny. To get more clearly for these ACL function, see following table. Actions Default ACL Rule Queue...
Page 37
QoS Application Guide ◎ One directional MAC address with one VLAN deny filtering. Step 1: Create a new ACL Profile. (Profile Name: DenySomeMac) Step 2: Create a new ACL Entry rule under this ACL profile. (Deny MAC: 11 and VLAN: 4) Step 3: Bind this ACL profile to a GE port.
Page 38
QoS Application Guide Step 4: Send frames between PORT-3 and PORT-4, and see test result. FSM510G FSM510G FSM510G CLI Command: access-list ace 1 ingress interface GigabitEthernet 1/4 policy 1 vid 4 frametype etype smac 00-00-00-00-00-11 action deny exit interface GigabitEthernet 1/3 switchport trunk allowed vlan 4,5 switchport trunk vlan tag native interface GigabitEthernet 1/4...
Page 39
QoS Application Guide ◎ Two directional MAC address with all VLAN deny filtering. Step 1: Create a new ACL Profile. (Profile Name: DenySomeMac) Step 2: Create a new ACL Entry rule under this ACL profile. (Deny SrcMAC: 13 and DesMAC: 11) Step 3: Bind this ACL profile to a GE port.
Page 40
QoS Application Guide Step 4: Send frames between PORT-3 and PORT-4, and see test result. FSM510G FSM510G FSM510G CLI Command: access-list ace 2 ingress interface GigabitEthernet 1/3 policy 0 frametype etype smac 00-00-00-00-00-13 dmac 00-00-00-00-00-11 action deny exit interface GigabitEthernet 1/3 switchport trunk allowed vlan 4,5 switchport trunk vlan tag native interface GigabitEthernet 1/4...
Page 41
QoS Application Guide Case 1: (b) This case acts as no ACL function. It means all frames will pass through. Case 1: (c) User can set default ACL Rule of GE port as “Permit”, then to bind a suitable profile with “Queue Mapping”...
Page 42
QoS Application Guide Step 4: Send frames between PORT-3 and PORT-4, and see test result. FSM510G FSM510G FSM510G CLI Command: access-list ace 1 next 2 ingress interface GigabitEthernet 1/4 policy 1 vid 4 frametype etype smac 00-00-00-00-00-11 action deny exit interface GigabitEthernet 1/3 switchport trunk allowed vlan 4,5 switchport trunk vlan tag native...
Page 43
QoS Application Guide Case 1: (e) User can set default ACL Rule of GE port as “Permit”, then to bind a suitable profile with “Copy Frame” action for mirror analyzer used. It means the system will copy frames from binding GE Port to analyzer port.
Page 44
QoS Application Guide Step 5: Send frames between PORT-3 and PORT-4, and see test result. FSM510G FSM510G FSM510G CLI Command: access-list ace 2 next 3 ingress interface GigabitEthernet 1/3 policy 0 frametype etype smac 00-00-00-00-00-13 dmac 00-00-00-00-00-11 action deny mirror redirect interface GigabitEthernet 1/5 exit interface GigabitEthernet 1/3...
Page 45
QoS Application Guide Case 1: (f) This case means all frames will not pass through. Case 1: (g) User can set default ACL Rule of GE port as “Deny”, then to bind a suitable profile with “Permit” action for ACL. It means GE port can not pass through all packets but ACL entry of the profile binding. ◎...
Page 46
QoS Application Guide Step 4: Send frames between PORT-3 and PORT-4, and see test result. FSM510G FSM510G FSM510G CLI Command: access-list ace 4 ingress interface GigabitEthernet 1/4 policy 3 tag tagged vid 4 frametype etype smac 00-00-00-00-00-11 exit interface GigabitEthernet 1/3 switchport trunk allowed vlan 4,5 switchport trunk vlan tag native interface GigabitEthernet 1/4...
Page 47
QoS Application Guide ◎ Two directional MAC address with all VLAN permit filtering Step 1: Create a new ACL Profile. (Profile Name: AllowSomeMac) Step 2: Create a new ACL Entry rule under this ACL profile. (Allow SrcMAC: 13 and DesMAC: 11) Step 3: Bind this ACL profile to a GE port.
Page 49
QoS Application Guide Case 1: (h) Because the default ACL Rule of GE port is “Deny”, Queue Mapping action has no sense. We do not do this case. Case 1: (i) Because the default ACL Rule of GE port is “Deny”, CoS Marking action has no sense. We do not do this case.
Page 50
QoS Application Guide Step 5: Send frames between PORT-3 and PORT-4, see test result. FSM510G FSM510G FSM510G...
QoS Application Guide Case 2: ACL for IP address For IP address ACL, it can filter on source IP address, destination IP address, or both. It also supports to set IP range ACL. When it filters on both IP address, packets coincident with both rules will take effect. In other words, it does not do filter if it only coincident with one rule.
QoS Application Guide Ring Version 2 Application Guide To have a reliable network is very important to Ethernet applications, especially in Industrial domain. Tailyn’s FSM-510G provides a mini-second grade failover ring protection; this feature offers a seamless working network even if encountering some matters with connections. It is able to be applied by Ethernet cable and Fiber.
QoS Application Guide Ring Version 2 Feature Group 1 - It support option of ring-master ring-slave # Ring - it could be master or slave. # When role is ring/master, one ring port is forward port and another is block port. The block port is redundant port.
Page 55
QoS Application Guide # Dual-Homing # When role is dual-homing, one ring port is primary port and another is backup port. This backup port is redundant port. In normal state, it is blocked. Group 3 - It support configuration of the chain and balancing-chain.
Page 56
QoS Application Guide # Balancing Chain - it could be central-block, terminal-1/2 or member. # When role is balancing-chain/central-block, one ring port is member port and another is block port. The block port is redundant port. It is blocked in normal state. # When role is balancing-chain/terminal-1/2, one ring port is terminal port and another is member port.
QoS Application Guide How to Configure Ringv2 Configuration (Console) To configure the ring protection in FSM-510G series management switch, 1. Login “admin” account in console configure terminal 2. Go to Configure mode by ” ” ringv2 protect group1 3. Go to configure ring protection group by command “...
Page 58
QoS Application Guide In our current design, one device could support 3 ring index, they are include ring, coupling, dual-homing, chain, and balancing-chain. Note 1 - It must enable group1 before configure group2 as coupling. Note 2 - When group1 or group2 is enabled, the configuration of group3 is invisible. Note 3 - When group3 is enabled, the configuration of group1 and group3 is invisible.
Page 59
QoS Application Guide First Step: Disable RSTP on All Ring Port 1. Go to “Configuration Spanning Tree CIST ports” Web page 2. Do not enable STP global. 3. Click “Save” bottom...
Page 60
QoS Application Guide Ring Master 1. Go to “Configuration Ringv2” Web page 2. Enable Group1, and Select Role be “Ring(Master) 3. Select one port link to neighbor devices be “Forward Port”, another is “Block Port” Ring Slave 1. Go to “Configuration Ringv2” Web page 2.
Page 61
QoS Application Guide Coupling Primary 1. Go to “Configuration Ringv2” Web page 2. Enable Group1, and Select Role be “Ring(Slave) 3. Select two port link to neighbor devices be “Forward Port”. 4. Enable Group2, and Select Role be “Coupling(Primary)” 5. Select one port link to above ring be “Primary Port”. Coupling Backup 1.
Page 62
QoS Application Guide Chain(Haed) 1. Go to “Configuration Ringv2” Web page 2. Enable Group3, and Select Role be “Chain(Head)” 3. Select one port link to other ring or networks be “Head Port”. Chain(Tail) 1. Go to “Configuration Ringv2” Web page 2.
Page 63
QoS Application Guide Balance Chain(Central Block) 1. Go to “Configuration Ringv2” Web page 2. Enable Group3, and Select Role be “Balance Chain(Central Block)” 3. Select one port be “Block Port” which could distribute traffic loading Balance Chain(Terminal) 1. Go to “Configuration Ringv2” Web page 2.
QoS Application Guide QoS Application Guide Quality of Service (QoS) features allow you to allocate network resources to mission-critical applications at the expense of applications that are less sensitive to such factors as time delays or network congestion. You can configure your network to prioritize specific types of traffic, ensuring that each type receives the appropriate Quality of Service (QoS) level.
QoS Application Guide Example 1: SPQ without Shaping (Default profile) We send 2 Streams (Stream0, Stream1) from PORT-1 to PORT-2. Both 2 Streams each have 100Mbps. Stream0 includes VLAN Priority0, Stream1 includes VLAN Priority7. Set PORT-2 link speed to 100Mbps. Expected Result: We expect PORT-2 only can receive 100Mbps of Stream1, and Stream0 will be discarded.
Page 66
QoS Application Guide Web management: Step1. Go to Configuration -> Ports -> set port 2 link speed to 100Mbps full duplex. Step2. Select Configuration -> VLANs ->Create a VLAN with VLAN ID 100. Enter a VLAN name in the Name field. Here we set tagged VLAN100 on PORT-1 and PORT-2. CLI configuration command: interface GigabitEthernet 1/2 speed 100...
QoS Application Guide Example 2: SPQ with Shaping We send 2 Streams (Stream0, Stream1) from port1 to port-2. Both 2 Streams each have 100Mbps. Stream0 includes VLAN Priority0, Stream1 includes VLAN Priority7. Stream3 and Stream4 only for learning which make sure the traffic are not flooding. Expected Result: We expect PORT-2 only can receive 20Mbps of Stream1, and 80Mbps of Stream0.
QoS Application Guide Example 3: WRR We send 3 Streams (Stream0, Stream1 and Stream2) from PORT-1 to PORT-2. These Streams each have 100Mbps. Stream0 includes VLAN Priority0, Stream1 includes VLAN Priority3, Stream2 includes VLAN Priority7. Stream3, Stream4 and Stream5 only for learning which make sure the traffic are not flooding.
Page 72
QoS Application Guide Web management: Step1. Go to Configuration -> Qos -> Port shaping, and click on PORT-2 to create a Qos profile. Step2. Select schedule mode be “”Weighted” and set weight value for queue 0, queue 3 and queue 7 as below.
QoS Application Guide Example 4 SP-WRR We send 4 Streams (Stream0, Stream1, Stream2 and Stream3) from PORT-1 to PORT-2. These Streams each have 100Mbps. Stream0 includes VLAN Priority0, Stream1 includes VLAN Priority1, Stream2 includes VLAN Priority2, Stream3 includes VLAN Priority3 and Stream4 includes VLAN Priority6.
IGMP Application Guide IGMP is an acronym for Internet Group ManagementProtocol. It is a communications protocol used to manage the membership of Internet Protocol multicast groups. IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships.
Page 84
Example2: 1. Go to “Configuration IPMC Basic Configuration” to select the check box of “Snooping Enable” 2. Un-select the check box of ”Unregistered IPMCv4 Flooding Enabled” 3. If Multicast stream is from L3 switch, then the uplink port have to be “Router Port” Notice: If an aggregation member port is selected as a router port, the whole aggregation will act as a router port.
Page 85
(4) Go to “Configuration IPMC VLAN Configuration” to select the check box of “Snooping Enable” and set VLAN ID of port14.
Page 87
Example3: FSM-510G In this scenario, these clients belong to multiple vlans, you have to create more one vlan to be the agent for all client vlans. To create a vlan : go to ”Configuration VLANs Allow Access VLANs”, then set port 14 be vlan200 member port.
Page 88
Go to “Configuration IPMC VLAN Configuration” to select the check box of “Snooping Enable” and set VLAN ID of port14. If there is no querier on the L3 switch, you have to select “Querier Election”, and set the “Querier Address ”, the IP address is in the same network as uplink interface. Selecet the IGMP version as server.
Page 89
How to Configuration VLC VLC Configure on IGMP Server (1) In «Media » area of top tool bar to select “Stream” (2) Select a video or voiced file to play...
Page 90
(3) Confirm the file is right, then click “Next” twice.
Page 91
(4) Select stream type as “UDP” and click “Add” button. (5) Set stream IP, the range is 224.0.0.1 to 239.255.255.254, and protocol port is 1234. Here I set stream IP is 255.0.0.1...
Page 92
(6) Select ”Sort out all stream” and click “Stream” button, then the stream start to send to switch. VLC Configure on IGMP Client (1) In «Media » area of top tool bar to select open network stream...
Page 93
(2) Set the stream IP and protocol port as previous setting on server, the protocol type is “UDP”, the format should as below circle, then click “PLAY” button. Back to management switch, Go to “Monitor IPMC Groups Information”, you will see the stream IP in the table.
802.1x Authentication Application Guide Introduction of 802.1x authentication function IEEE 802.1x derives keys which can be used to provide per-packet authentication, integrity and confidentially. Typically use along with well-known key derivation algorithms (e.g. TLS, SRP, MD5-Challenge, etc.). In our industrial switch (FSM-510G), we support 802.1x authentication function per port (port1~port10).
Page 95
client 20.20.20.0/24 { The secret in the IVS500 should secret = a1b2c3d4 be the same with this one.
Step 3: Edit user name and password for supplicant to authenticate with server. Setting: user name user password test123 Cleartext-Password := “test123” aaaa Cleartext-Password := “aaaa” Step 4: Set a static IP address for this Radius Server. Setting: 20.20.20.20 Step 5: Start Radius Server Example Here we take an example of 802.1x Authentication via FSM-510G to be authenticated by RADIUS server.
Page 97
Step1. Go to Configuration -> Security -> AAA -> Radius. Click “Add New Server”, Input “20.20.20.20” for server, and “ a1b2c3d4 ” for secret key. Then click “Save” button. CLI Command:...
Page 98
configure interface vlan 1 ip address 20.20.20.120 255.0.0.0exit exit radius-server host 20.20.20.20 timeout 5 retransmit 3 key a1b2c3d4 dot1x re-authentication dot1x system-auth-control exit interface GigabitEthernet 1/1 dot1x auth-port-control auto Configuration Supplicant’s NIC Setting Step 1: Configure a static IP address 20.20.20.10 and net mask 255.255.255.0 for supplicant. (If there is a DHCP server to assign IP address for supplicant, this step can be ignored.) Step 2: Select the IEEE802.1x Authentication Enable check box, then to configure EAP type to MD5-Challenge.
Page 99
Authentication Behavior Supplicant should pass authentication process in order to use any service. After supplicant enters correct account and password which stored in RADIUS server, it can be authenticated successfully. The authentication process is as following. FSM-510G...