High Availability Video Surveillance Switch

The Allied Telesis IX5-28GPX offers an impressive set of features in a high-value package, making it ideal for IP video surveillance environments.



The Allied Telesis IX5-28GPX provides a high performing and scalable solution for today’s networks. With 24 PoE+ enabled 10/100/1000Mbps ports, two 1/10 Gigabit uplinks, plus the ability to stack up to four units, the IX5-28GPX is the ideal solution for video surveillance applications where high performance and resilient PoE power are critical.

High availability

The IX5-28GPX was designed with reliability in mind. It guarantees continual delivery of data and streaming video. Dual hot-swappable load-sharing power supplies provide resilient system and end-point power, with up to 30 Watts available to power today’s pan, tilt and zoom cameras. Factor in the ability to operate at up to 60°C, and the IX5 is an easy choice for modern video surveillance environments.

Network resiliency

The convergence of network services in the enterprise has led to increasing demand for highly available networks with minimal downtime. VCStack™, in conjunction with link aggregation, provides a network with no single point of failure and an easy, resilient solution for high availability applications. The IX5-28GPX can form a VCStack of up to four units for enhanced resiliency and simplified device management.
Allied Telesis Ethernet Protection Switched Ring (EPSRing™), and the standards-based G.8032 Ethernet Ring Protection, ensure that distributed network segments have high-speed, resilient access to online resources and applications.

Ring Protection and VCStack-LD (Long Distance), which enables stacks to be created over long distance fiber links, make the IX5-28GPX the perfect choice for distributed environments.

Simplified network management

Modern converged networks have increasing management requirements. Allied Telesis Autonomous Management Framework™ (AMF) automates many everyday tasks, including configuration management, saving you valuable time and resources. The complete network can be managed as a single virtual device with powerful centralized management features. Growing the network can be accomplished with plug-and-play simplicity, and network node recovery is fully zero-touch.

AMF secure mode increases network security with management traffic encryption, authorization, and monitoring.

Advanced operating system

The IX5-28GPX runs the advanced AlliedWare Plus™ fully featured operating system, delivering a rich feature set and an industry-standard CLI. The industry-standard CLI reduces training requirements and is consistent across all AW+ devices, simplifying network management.


Advanced security features protect the network from the edge to the core. Unprecedented control over user access is provided with Network Access Control (NAC), to mitigate threats to network infrastructure. This ensures the network is accessed only by known users and devices - users’ adherence to network security policies is checked, and either access is granted or remediation is offered. Secure access can also be provided for guests. A secure network environment is guaranteed, with powerful control over network traffic types, secure management options, and other multi- layered security features built right into the IX5-28GPX switch.


The flexibility of the IX5-28GPX, coupled with the ability to seamlessly add new nodes to a VCStack of multiple units, ensures a future-proof network. The IX5-28GPX comes with a comprehensive IPv6 feature set, ensuring it is ready for future network traffic demands.


The IX5-28GPX supports Energy Efficient Ethernet, which automatically reduces the power consumed by the switch whenever there is no traffic on a port. This sophisticated feature can significantly reduce operating costs, by reducing the power requirements of the switch and any associated cooling equipment.

Key Features


  • Dual hot-swappable load-sharing power supplies maximize network uptime, ensuring a resilient solution where always-on access is required.

Allied Telesis Autonomous Management Framework (AMF)

  • Allied Telesis Autonomous Management Framework (AMF) is a sophisticated suite of management tools that provide a simplified approach to network management. Common tasks are automated or made so simple that the every-day running of a network can be achieved without the need for highly-trained, and expensive, network engineers. Powerful features like centralized management, auto-backup, auto-upgrade, auto-provisioning and auto-recovery enable plug-and-play networking and zero-touch management.
  • AMF secure mode encrypts all AMF traffic, provides unit and user authorization, and monitors network access to greatly enhance network security.

Virtual Chassis Stacking (VCStack)

  • Create a VCStack of up to four IX5 units with 40Gbps of stacking bandwidth to each unit. VCStack provides a highly available system where network resources are spread out across stacked units, reducing the impact if one of the units fails. Aggregating switch ports on different units across the stack provides excellent network resiliency.

Long-Distance Stacking

  • Long-distance stacking allows a VCStack to be created over longer distances, perfect for a distributed network environment.

Ethernet Protection Switched Ring (EPSRing)

  • EPSRing and 10 Gigabit Ethernet allow several IX5 switches to form a high-speed protected ring capable of recovery within as little as 50ms. This feature is ideal for large IP surveillance environments.
  • Super-Loop Protection enables a link between two EPSR nodes to be in separate EPSR domains, improving redundancy and network fault resiliency.

G.8032 Ethernet Ring Protection

  • G.8032 provides standards-based high-speed ring protection, that can be deployed stand-alone, or interoperate with Allied Telesis EPSR.
  • Ethernet Connectivity Fault Monitoring (CFM) proactively monitors links and VLANs, and provides alerts when a fault is detected.

Industry-leading Quality of Service (QoS)

  • Comprehensive low-latency wire speed QoS provides flow-based traffic management with full classification, prioritization, traffic shaping and min/max bandwidth profiles. Boosted network performance and guaranteed delivery of business-critical Ethernet services and applications are provided. Time-critical services such as voice and video take precedence over non-essential services such as file downloads, maintaining responsiveness of Enterprise applications.

Loop Protection

  • Thrash limiting, also known as rapid MAC movement, detects and resolves network loops. It is highly user-configurable — from the rate of looping traffic to the type of action the switch should take when it detects a loop.
  • With thrash limiting, the switch only detects a loop when a storm has occurred, which can potentially cause disruption to the network. To avoid this, loop detection works in conjunction with thrash limiting to send special Loop Detection Frame (LDF) packets that the switch listens for. If a port receives an LDF packet, the port, or link can be disabled, or an SNMP trap can be sent. This feature can help to detect loops before a network storm occurs, avoiding the risk and inconvenience of traffic disruption.

Power over Ethernet Plus (PoE+)

  • With PoE, a separate power connection to media endpoints such as IP phones and wireless access points is not necessary. PoE+ reduces costs and provides even greater flexibility, providing the capability to connect devices requiring more power (up to 30 Watts) such as, tilt and zoom security cameras.

Link Layer Discovery Protocol – Media Endpoint Discovery (LLDP – MED)

  • LLDP-MED extends LLDP basic network endpoint discovery and management functions. LLDP-MED allows for media endpoint specific messages, providing detailed information on power requirements, network policy, location discovery (for Emergency Call Services) and inventory.

Voice VLAN

  • Voice VLAN automatically separates voice and data traffic into two different VLANs. This automatic separation places delay-sensitive traffic into a voice- dedicated VLAN, which simplifies QoS configurations.


  • sFlow is an industry-standard technology for monitoring high-speed switched networks. It provides complete visibility into network use, enabling performance optimization, usage accounting/billing, and defense against security threats. Sampled packets sent to a collector ensure it always has a real-time view of network traffic.

VLAN Mirroring (RSPAN)

  • VLAN mirroring allows traffic from a port on a remote switch to be analysed locally. Traffic being transmitted or received on the port is duplicated and sent across the network on a special VLAN.

Dynamic Host Configuration Protocol (DHCP) Snooping

  • DHCP servers allocate IP addresses to clients, and the switch keeps a record of addresses issued on each port. IP source guard checks against this DHCP snooping database to ensure only clients with specific IP and/or MAC address can access the network. DHCP snooping can be combined with other features, like dynamic ARP inspection, to increase security in Layer 2 switched environments, and also provides a traceable history, which meets the growing legal requirements placed on service providers.


  • Authentication options on the IX5 also include alternatives to IEEE 802.1x port-based authentication, such as web authentication to enable guest access and MAC authentication for endpoints that do not have an IEEE 802.1x supplicant. All three authentication methods—IEEE 802.1x, MAC-based and Web-based—can be enabled simultaneously on the same port for tri-authentication.

Access Control Lists (ACLs)

  • AlliedWare Plus delivers industry-standard Access Control functionality through ACLs. ACLs filter network traffic to control whether routed packets are forwarded or blocked at the port interface. This provides a powerful network security mechanism to select the types of traffic to be analyzed, forwarded, or influenced in some way.

Optical DDM

  • Most modern optical SFP/SFP+/XFP transceivers support Digital Diagnostics Monitoring (DDM) functions according to the specification SFF-8472. This enables real time monitoring of the various parameters of the transceiver, such as optical output power, temperature, laser bias current and transceiver supply voltage. Easy access to this information simplifies diagnosing problems with optical modules and fiber connections.

Active Fiber Monitoring

  • Active Fiber Monitoring prevents eavesdropping on fiber communications by monitoring received optical power. If an intrusion is detected, the link can be automatically shut down, or an operator alert can be sent. Active Fiber Monitoring is supported on fiber data and fiber stacking links.

UniDirectional link Detection

  • UniDirectional Link Detection (UDLD) is useful for monitoring fiber-optic links between two switches that use two single-direction fibers to transmit and receive packets. UDLD prevents traffic from being sent across a bad link by blocking the ports at both ends of the link in the event that either the individual transmitter or receiver for that connection fails.

IP Video Surveillance

With the evolution of CCTV technology to digital IP-based systems, the emphasis has moved from simple video footage monitoring, to intelligent systems with video analytics capable of identifying abnormal events or behavior. As intelligence increases in these systems, so too do the applications for this technology – from retail outlets, warehouses and office buildings, to hotels, hospitals and advanced traffic monitoring systems.

Modern high definition digital images are sharper and clearer than ever before. Large amounts of digital video can be stored on Network-Attached Storage (NAS) systems, and digital images don’t degrade over time.

Allied Telesis provides secure and resilient IP video surveillance network solutions.

The key features of our IX5-28GPX switch make it ideal for use in advanced surveillance systems:

  • Dual hot-swappable load-sharing power supplies, and support for operation up to 60°C ensure maximum network uptime.
  • Power over Ethernet (PoE+) provides up to 30 Watts to end-points, supporting the latest generation of pan, tilt and zoom IP cameras.
  • High performance multicast support manages large numbers of digital video streams across the network.
  • Long-Distance Virtual Chassis Stacking (VCStack-LD) is ideal to spread network distribution, while keeping total resilience.
  • Ethernet Protection Switched Rings (EPSR) provides a high-speed ring topology with failover in a little as 50ms, supporting large IP surveillance environments with an ‘always-on’ solution.

With the IX5-28GPX and other advanced switching products, Allied Telesis IP video surveillance solutions are dependable, scalable and ready for the next generation of digital monitoring technologies.

IX5-28GPX 24 - 2 2* 24 128Gbps 95.2Mpps

* Stacking ports can be configured as additional 1G/10G Ethernet ports when unit is not stacked


  • 40Gbps of stacking bandwidth
  • Supports 13KB jumbo frames
  • Wirespeed multicasting
  • Up to 16K MAC addresses
  • Up to 1K multicast entries
  • Up to 128 Link Aggregation Groups (LAGS) - any combination of static and dynamic (LACP)
  • 64MB flash memory
  • Packet buffer memory: 2MB


  • Modular AlliedWare Plus operating system
  • Redundant power supplies load share providing uninterrupted power and extra reliability
  • Full environmental monitoring of PSUs, fans, temperature and internal voltages. SNMP traps alert network managers in case of any failure

Power Characteristics

  • AC voltage: 90 to 260V (auto-ranging)
  • Frequency: 47 to 63Hz


  • Stackable up to four units of IX5 in a VCStack

Flexibility and Compatibility

  • 10G SFP+ ports will support any combination of Allied Telesis 1000Mbps SFP and 10GbE SFP+ modules and direct attach cables listed in this document under Ordering Information
  • Stacking ports can be configured as 10G Ethernet ports
  • Port speed and duplex configuration can be set manually or by auto-negotiation

Diagnostic Tools

  • Active Fiber Monitoring detects tampering on optical links
  • Built-In Self Test (BIST)
  • Find-me device locator
  • Cable fault locator (TDR)
  • UniDirectional Link Detection (UDLD)
  • Automatic link flap detection and port shutdown
  • Optical Digital Diagnostic Monitoring (DDM)
  • Ping polling for IPv4 and IPv6
  • Port and VLAN mirroring (RSPAN)
  • TraceRoute for IPv4 and IPv6

IPv4 Features

  • Black hole routing
  • Directed broadcast forwarding
  • DNS relay
  • Policy-based routing
  • IPv4 static routing
  • UDP broadcast helper (IP helper)

IPv6 Features

  • DHCPv6 relay, DHCPv6 client
  • DNSv6 relay, DNSv6 client
  • IPv4 and IPv6 dual stack
  • IPv6 hardware ACLs
  • Device management over IPv6 networks with SNMPv6, Telnetv6 and SSHv6
  • NTPv6 client and server
  • IPv6 static routing


  • Front panel 7-segment LED provides at-a-glance status and fault information
  • Allied Telesis Autonomous Management Framework (AMF) enables powerful centralized management and zero-touch device installation and recovery
  • Console management port on the front panel for ease of access
  • Eco-friendly mode allows ports and LEDs to be disabled to save power
  • Web-based Graphical User Interface (GUI)
  • Industry-standard CLI with context-sensitive help
  • Powerful CLI scripting engine and built-in text editor
  • Comprehensive SNMP MIB support for standards-based device management
  • Event-based triggers allow user-defined scripts to be executed upon selected system events
  • USB interface allows software release files, configurations and other files to be stored for backup and distribution to other devices

Quality of Service

  • 8 priority queues with a hierarchy of high priority queues for real time traffic, and mixed scheduling, for each switch port
  • Limit bandwidth per port or per traffic class down to 64kbps
  • Wirespeed traffic classification with low latency essential for VoIP and real-time streaming media applications
  • Policy-based QoS based on VLAN, port, MAC and general packet classifiers
  • Policy-based storm protection
  • Extensive remarking capabilities
  • Taildrop for queue congestion control
  • Strict priority, weighted round robin or mixed scheduling
  • IP precedence and DiffServ marking based on layer 2, 3 and 4 headers

Resiliency Features

  • Stacking ports can be configured as 10G Ethernet ports
  • Control Plane Prioritization (CPP) ensures the CPU always has sufficient bandwidth to process network control traffic
  • Dynamic link failover (host attach)
  • EPSRing (Ethernet Protection Switched Rings) with SuperLoop Protection (SLP)
  • EPSR enhanced recovery for extra resiliency
  • Long-Distance stacking (LD-VCStack)
  • Loop protection: loop detection and thrash limiting
  • PVST+ compatibility mode
  • STP root guard
  • VCStack fast failover minimizes network disruption

Security Features

  • Access Control Lists (ACLs) based on layer 3 and 4 headers
  • Configurable ACLs for management traffic
  • Dynamic ACLs assigned via port authentication
  • ACL Groups enable multiple hosts/ports to be included in a single ACL, reducing configuration
  • Auth-fail and guest VLANs
  • Authentication, Authorisation and Accounting (AAA)
  • Bootloader can be password protected for device security
  • BPDU protection
  • DHCP snooping, IP source guard and Dynamic ARP Inspection (DAI)
  • DoS attack blocking and virus throttling
  • Dynamic VLAN assignment
  • MAC address filtering and MAC address lock-down
  • Network Access and Control (NAC) features manage endpoint security
  • Port-based learn limits (intrusion detection)
  • Private VLANs provide security and port isolation for multiple customers using the same VLAN
  • Secure Copy (SCP)
  • Strong password security and encryption
  • Tri-authentication: MAC-based, web-based and IEEE 802.1x
  • RADIUS group selection per VLAN or port

Environmental Specifications

  • Operating temperature range:
0°C to 50°C (32°F to 122°F) nominal
0°C to 60°C (32°F to 140°F) with
2 x PWR800 and 250W PoE max.
Derated by 1°C per 305 meters (1,000 ft)
  • Storage temperature range:
-25°C to 70°C (-13°F to 158°F)
  • Operating relative humidity range:
5% to 90% non-condensing
  • Storage relative humidity range:
5% to 95% non-condensing
  • Operating altitude:
3,048 meters maximum (10,000 ft)

    Electrical Approvals and Compliances

    • EMC: EN55022 class A, FCC class A, VCCI class A, ICES-003 class A
    • Immunity: EN55024, EN61000-3-levels 2 (Harmonics), and 3 (Flicker) – AC models only


    • Standards: UL60950-1, CAN/CSA-C22.2 No. 60950-1-03, EN60950-1, EN60825-1, AS/NZS 60950.1
    • Certification: UL, cUL

    Restrictions on Hazardous Substances (RoHS) Compliance

    • EU RoHS compliant
    • China RoHS compliant

    Physical Specifications and MTBF Figures

    IX5-28GPX 440 x 480 x 44 mm
    (17.32 x 18.89 x 1.73 in)
    1RU Rack-mount 5.4 kg (11.91 lb) 7.4 kg (16.32 lb) 58 x 56 x 15 cm
    (22.8 x 22.0 x 5.9 in)

    Power and Noise Characteristics

    IX5-28GPX 81 276 44 626 703 52

    Noise: tested to ISO7779; front bystander position

    Latency (microseconds)

    IX5-28GPX 66µs 9.3µs 3.9µs 3.0µs
    1 x PWR800 370W 24 12
    2 x PWR800 720W 24 24

    AlliedWare Plus Operating System

    Version 5.5.0-1

    Cryptographic Algorithms

    FIPS Approved Algorithms

    Encryption (Block Ciphers):

    • AES (ECB, CBC, CFB and OFB Modes)
    • 3DES (ECB, CBC, CFB and OFB Modes)

    Block Cipher Modes:

    • CCM
    • CMAC
    • GCM
    • XTS

    Digital Signatures & Asymmetric Key Generation:

    • DSA
    • ECDSA
    • RSA

    Secure Hashing:

    • SHA-1
    • SHA-2 (SHA-224, SHA-256, SHA-384. SHA-512)

    Message Authentication:

    • HMAC (SHA-1, SHA-2(224, 256, 384, 512)

    Random Number Generation:

    • DRBG (Hash, HMAC and Counter)

    Non FIPS Approved Algorithms

    RNG (AES128/192/256)

    Ethernet Standards

    IEEE 802.2 Logical Link Control (LLC)
    IEEE 802.3 Ethernet
    IEEE 802.3ab 1000BASE-T
    IEEE 802.3ae 10 Gigabit Ethernet
    IEEE 802.3af Power over Ethernet (PoE)
    IEEE 802.3at Power over Ethernet up to 30W (PoE+)
    IEEE 802.3az Energy Efficient Ethernet (EEE)
    IEEE 802.3x Flow control - full-duplex operation
    IEEE 802.3z 1000BASE-X

    IPv4 Features

    RFC 768
    User Datagram Protocol (UDP)
    RFC 791
    Internet Protocol (IP)
    RFC 792
    Internet Control Message Protocol (ICMP)
    RFC 793
    Transmission Control Protocol (TCP)
    RFC 826
    Address Resolution Protocol (ARP)
    RFC 894
    Standard for the transmission of IP datagrams over Ethernet networks
    RFC 919
    Broadcasting Internet datagrams
    RFC 922
    Broadcasting Internet datagrams in the presence of subnets
    RFC 932
    Subnetwork addressing scheme
    RFC 950
    Internet standard subnetting procedure
    RFC 951
    Bootstrap Protocol (BootP)
    RFC 1027
    Proxy ARP
    RFC 1035
    DNS client
    RFC 1042
    Standard for the transmission of IP datagrams over IEEE 802 networks
    RFC 1071
    Computing the Internet checksum
    RFC 1122
    Internet host requirements
    RFC 1191
    Path MTU discovery
    RFC 1518
    An architecture for IP address allocation with CIDR
    RFC 1519
    Classless Inter-Domain Routing (CIDR)
    RFC 1542
    Clarifications and extensions for BootP
    RFC 1591
    Domain Name System (DNS)
    RFC 1812
    Requirements for IPv4 routers
    RFC 1918
    IP addressing
    RFC 2581
    TCP congestion control

    IPv6 Features

    RFC 1981
    Path MTU discovery for IPv6
    RFC 2460
    IPv6 specification
    RFC 2464
    Transmission of IPv6 packets over Ethernet networks
    RFC 2711
    IPv6 router alert option
    RFC 3484
    Default address selection for IPv6
    RFC 3587
    IPv6 global unicast address format
    RFC 3596
    DNS extensions to support IPv6
    RFC 4007
    IPv6 scoped address architecture
    RFC 4193
    Unique local IPv6 unicast addresses
    RFC 4213
    Transition mechanisms for IPv6 hosts and routers
    RFC 4291
    IPv6 addressing architecture
    RFC 4443
    Internet Control Message Protocol (ICMPv6)
    RFC 4861
    Neighbor discovery for IPv6
    RFC 4862
    IPv6 Stateless Address Auto-Configuration (SLAAC)
    RFC 5014
    IPv6 socket API for source address selection
    RFC 5095
    Deprecation of type 0 routing headers in IPv6
    RFC 5175
    IPv6 Router Advertisement (RA) flags option
    RFC 6105
    IPv6 Router Advertisement (RA) guard


    AT Enterprise MIB with AMF MIB and SNMP traps
    Optical DDM MIB
    SNMPv1, v2c and v3
    IEEE 802.1AB Link Layer Discovery Protocol (LLDP)

    RFC 1155
    Structure and identification of management information for TCP/IP-based Internets
    RFC 1157
    Simple Network Management Protocol (SNMP)
    RFC 1212
    Concise MIB definitions
    RFC 1213
    MIB for network management of TCP/IP-based Internets: MIB-II
    RFC 1215
    Convention for defining traps for use with the SNMP
    RFC 1227
    SNMP MUX protocol and MIB
    RFC 1239
    Standard MIB
    RFC 2578
    Structure of Management Information v2 (SMIv2)
    RFC 2579
    Textual conventions for SMIv2
    RFC 2580
    Conformance statements for SMIv2
    RFC 2674
    Definitions of managed objects for bridges with traffic classes, multicast filtering and VLAN extensions
    RFC 2741
    Agent extensibility (AgentX) protocol
    RFC 2787
    Definitions of managed objects for VRRP
    RFC 2819
    RMON MIB (groups 1,2,3 and 9)
    RFC 2863
    Interfaces group MIB
    RFC 3176
    sFlow: a method for monitoring traffic in switched and routed networks
    RFC 3411
    An architecture for describing SNMP management frameworks
    RFC 3412
    Message processing and dispatching for the SNMP
    RFC 3413
    SNMP applications
    RFC 3414
    User-based Security Model (USM) for SNMPv3
    RFC 3415
    View-based Access Control Model (VACM) for SNMP
    RFC 3416
    Version 2 of the protocol operations for the SNMP
    RFC 3417
    Transport mappings for the SNMP
    RFC 3418
    MIB for SNMP
    RFC 3621
    Power over Ethernet (PoE) MIB
    RFC 3635
    Definitions of managed objects for the Ethernet-like interface types
    RFC 3636
    IEEE 802.3 MAU MIB
    RFC 4022
    MIB for the Transmission Control Protocol (TCP)
    RFC 4113
    MIB for the User Datagram Protocol (UDP)
    RFC 4188
    Definitions of managed objects for bridges
    RFC 4292
    IP forwarding table MIB
    RFC 4293
    MIB for the Internet Protocol (IP)
    RFC 4318
    Definitions of managed objects for bridges with RSTP
    RFC 4560
    Definitions of managed objects for remote ping, traceroute and lookup operations
    RFC 5424
    Syslog protocol
    RFC 6527
    Definitions of managed objects for VRRPv3

    Multicast Support

    IGMP query solicitation
    IGMP snooping (IGMPv1, v2 and v3)
    IGMP snooping fast-leave
    IGMP/MLD multicast forwarding (IGMP/MLD proxy)
    MLD snooping (MLDv1 and v2)

    RFC 1112
    Host extensions for IP multicasting (IGMPv1)
    RFC 2236
    Internet Group Management Protocol v2 (IGMPv2)
    RFC 2710
    Multicast Listener Discovery (MLD) for IPv6
    RFC 2715
    Interoperability rules for multicast routing protocols
    RFC 3306
    Unicast-prefix-based IPv6 multicast addresses
    RFC 3376
    RFC 3810
    Multicast Listener Discovery v2 (MLDv2) for IPv6
    RFC 4541
    IGMP and MLD snooping switches

    Quality of Service (QoS)

    IEEE 802.1p
    Priority tagging
    RFC 2211
    Specification of the controlled-load network element service
    RFC 2474
    DiffServ precedence for eight queues/port
    RFC 2475
    DiffServ architecture
    RFC 2597
    DiffServ Assured Forwarding (AF)
    RFC 2697
    A single-rate three-color marker
    RFC 2698
    A two-rate three-color marker
    RFC 3246
    DiffServ Expedited Forwarding (EF)

    Resiliency Features

    ITU-T G.8023 / Y.1344
    Ethernet Ring Protection Switching (ERPS)
    IEEE 802.1AX
    Link aggregation (static and LACP)
    IEEE 802.1D
    MAC bridges
    IEEE 802.1s
    Multiple Spanning Tree Protocol (MSTP)
    IEEE 802.1w
    Rapid Spanning Tree Protocol (RSTP)
    IEEE 802.3ad
    Static and dynamic link aggregation
    RFC 5798
    Virtual Router Redundancy Protocol version 3 (VRRPv3) for IPv4 and IPv6

    Security Features

    SSH remote login
    SSLv2 and SSLv3
    TACACS+ Accounting, Authentication and Authorisation (AAA)

    IEEE 802.1X
    authentication protocols (TLS, TTLS, PEAP and MD5)
    IEEE 802.1X
    multi-supplicant authentication
    IEEE 802.1X
    port-based network access control
    RFC 2560
    X.509 Online Certificate Status Protocol (OCSP)
    RFC 2818
    HTTP over TLS (“HTTPS”)
    RFC 2865
    RADIUS authentication
    RFC 2866
    RADIUS accounting
    RFC 2868
    RADIUS attributes for tunnel protocol support
    RFC 2986
    PKCS #10: certification request syntax specification v1.7
    RFC 3546
    Transport Layer Security (TLS) extensions
    RFC 3579
    RADIUS support for Extensible Authentication Protocol (EAP)
    RFC 3580
    IEEE 802.1x RADIUS usage guidelines
    RFC 3748
    PPP Extensible Authentication Protocol (EAP)
    RFC 4251
    Secure Shell (SSHv2) protocol architecture
    RFC 4252
    Secure Shell (SSHv2) authentication protocol
    RFC 4253
    Secure Shell (SSHv2) transport layer protocol
    RFC 4254
    Secure Shell (SSHv2) connection protocol
    RFC 5246
    TLS v1.2
    RFC 5280
    X.509 certificate and Certificate Revocation List (CRL) profile
    RFC 5425
    Transport Layer Security (TLS) transport mapping for Syslog
    RFC 5656
    Elliptic curve algorithm integration for SSH
    RFC 6125
    Domain-based application service identity within PKI using X.509 certificates with TLS
    RFC 6614
    Transport Layer Security (TLS) encryption
    for RADIUS
    RFC 6668
    SHA-2 data integrity verification for SSH


    RFC 854
    Telnet protocol specification
    RFC 855
    Telnet option specifications
    RFC 857
    Telnet echo option
    RFC 858
    Telnet suppress go ahead option
    RFC 1091
    Telnet terminal-type option
    RFC 1350
    Trivial File Transfer Protocol (TFTP)
    RFC 1985
    SMTP service extension
    RFC 2049
    RFC 2131
    DHCPv4 (server, relay and client)
    RFC 2132
    DHCP options and BootP vendor extensions
    RFC 2616
    Hypertext Transfer Protocol - HTTP/1.1
    RFC 2821
    Simple Mail Transfer Protocol (SMTP)
    RFC 2822
    Internet message format
    RFC 3046
    DHCP relay agent information option (DHCP option 82)
    RFC 3315
    DHCPv6 (server, relay and client)
    RFC 3633
    IPv6 prefix options for DHCPv6
    RFC 3646
    DNS configuration options for DHCPv6
    RFC 3993
    Subscriber-ID suboption for DHCP relay agent option
    RFC 4330
    Simple Network Time Protocol (SNTP) version 4
    RFC 5905
    Network Time Protocol (NTP) version 4

    VLAN Support

    Generic VLAN Registration Protocol (GVRP)

    IEEE 802.1ad
    Provider bridges (VLAN stacking, Q-in-Q)
    IEEE 802.1Q
    Virtual LAN (VLAN) bridges
    IEEE 802.1v
    VLAN classification by protocol and port
    IEEE 802.3ac
    VLAN tagging

    Voice over IP (VoIP)

    Voice VLAN

    AT-FL-IX5-EPSR IX5 EPSR Master and UDLD License EPSR Master
    One license per stack member
    AT-FL-IX5-8032 ITU-T G.8032 license G.8032 ring protection
    Ethernet CFM
    One license per stack member

    Model availability can vary between regions. Please check to see which models are available in your region.

    Switch and Power Supply options


    24-port 10/100/1000BASE-T stackable PoE+ switch with 4 SFP+ ports and 2 power supply bays


    Sliding rack mount kit


    800W AC system and PoE+ power supply

    Where xx =
    10 for US power cord
    20 for no power cord
    30 for UK power cord
    40 for Australian power cord
    50 for European power cord

    10GbE SFP+ Modules


    10GSR 850 nm short-haul, 300 m with MMF


    10GSR 850 nm short-haul, 300 m with MMF
    industrial temperature


    10GLRM 1310 nm short-haul, 220 m with MMF


    10GLR 1310 nm medium-haul, 10 km with SMF


    10GLR 1310 nm medium-haul, 10 km with SMF
    industrial temperature


    10GER 1310nm long-haul, 20 km with SMF
    industrial temperature


    10GER 1310nm long-haul, 40 km with SMF
    industrial temperature


    10GER 1550nm long-haul, 80 km with SMF
    industrial temperature


    1 meter SFP+ direct attach cable


    3 meter SFP+ direct attach cable


    7 meter SFP+ direct attach cable

    ** These modules support dual-rate 1G/10G operation

    SFP Modules


    1000SX GbE multi-mode 850nm fiber up to 550m


    1000SX GbE multi-mode 850nm fiber up to 550m industrial temperature


    1000X GbE multi-mode 1310nm fiber up to 2km


    1000LX GbE single-mode 1310nm fiber up to 10km


    1000LX GbE single-mode 1310nm fiber up to 10km industrial temperature


    1000LX GbE Bi-Di (1310nm Tx, 1490nm Rx) fiber up to 10km


    1000LX GbE Bi-Di (1490nm Tx, 1310nm Rx) fiber up to 10km


    1000LX GbE single-mode 1310nm fiber up to 40km


    1000ZX GbE single-mode 1550nm fiber up to 80km


    1000BX GbE Bi-Di (1310 nm Tx, 1550 nm Rx) fiber up to 20 km


    1000BX GbE Bi-Di (1490 nm Tx, 1310 nm Rx) fiber up to 20 km