Complete Layer 2 management switch with optional software package of IEC 62443, L3 Lite, L3, NAT and IEC 61375-2-5 ETBN


ITU G.8032 Ring Environmental Monitoring Support PXE to verify switch firmware with the latest or certain version on server DDoS NAT IEC 61375-2-5 ETBN L3L - Layer3 Lite L3 - Layer3


Lantech OS3/OS4 switch is powerful with complete Layer 2 management features and optional upgradable for future expansion, such as Layer 3 Lite, Layer 3, IEC61375-2-5 (ETBN), R-NAT, hardware NAT, PTP, etc.

Support Restful API* for better switch performance; Auto-provisioning* for firmware/configuration update
The switch supports Restful API* that uses JSON format to access and use data for GET, PUT, POST and DELETE types to avoid traditional SNMP management occupying CPU utilization. It also supports auto-provisioning for switch to auto-check the latest software image and configuration through TFTP server.

DDoS security to protect switch and server; Optional IEC 62443 compliance with free one year service
Lantech OS3/4 platform is designed with high standard of cybersecurity to prevent the threats from network attack such as DDoS attacks and 802.1X security authentication. The optional cybersecurity IEC 62443 features include DHCP snooping, prevention of DDoS attack, Dynamic ARP Inspection, IPSource Guard, Port Security, Vulnerability checking, Encrypted file, Public keys, Strength password, Account management, Penetration and Stress test, and many more with up to 90 security measures.

MAC-based port authentication is an alternative approach to 802.1x for authenticating hosts connected to a port. By authenticating based on the host’s source MAC address, the host is not required to run a user for the 802.1x protocol. The RADIUS server that performs the authentication will inform the switch if this MAC can be registered in the MAC address table of switch.

Optional IEEE 1588 PTP V2 and 802.1AS for precise time protocol (OS4 only)
The Precision Time Protocol (PTP) is a protocol used to synchronize clocks throughout a network. The PTP V2 and gPTP supports transparent clock and two step processing that improves network time accuracy and precision.

DHCP option 82 & Port based, Mac based DHCP, Option 7/66, DHCP Snooping, IPv6 DHCP basic server
DHCP server can assign dedicated IP address by MAC or by port (Port based for single switch), it also can assign IP address by port for multiple switches with single DHCP option82 server. DHCP Snooping is supported. DHCP option66 server can offer IP address of TFTP server to DHCP client for VOIP application while DHCP option7 can offer IP address of logging server. Basic Ipv6 DHCP service can be supported.

User friendly GUI, Auto topology drawing
The user-friendly UI, innovative auto topology drawing and topology demo makes OS3/OS4 Ethernet switches much easier to get hands-on. The complete CLI enables professional engineer to configure setting by command line.

Enhanced G.8032 ring, 8 MSTI MSTP; MRP ring
Lantech OS3/OS4 Ethernet switches features enhanced G.8032 ring which can be self-healed in less than 20ms for single ring topology protection covering multicast packets. It also supports various ring topologies that covers enhanced ring and basic ring by easy setup than others. It supports MSTP that allows RSTP over VLAN for redundant links with 8 MSTI. MRP (Media Redundancy Protocol) can be supported for industrial automation networks.

Enhanced Storm control
Storm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces and the detection is more precise and reaction is more efficient.

Protocol based VLAN; Subnet based VLAN; QinQ, QoS and GVRP
It supports the QinQ, QoS and GVRP for large VLAN segmentation. The protocol-based VLAN processes traffic based on protocol. It filters IP traffic from nearby end-stations using a particular protocol such as IP, IPX, ARP or other Ethernet-types in a Hex value. Subnet based VLANs group traffics into logical VLANs based on the source IP address and IP subnet. The above features can help to build VLAN in the network mixed with managed and un-managed switch as to define packets to which VLAN group based on protocol or subnet.

IGMPv3, GMRP, router port, MLD Snooping, static multicast forwarding and multicast Ring protection
The unique multicast protection under enhanced G.8032 ring can offer immediate self-recovery instead of waiting for IGMP table timeout. It also supports IGMPv3, GMRP, router port, MLD snooping and static multicast forwarding binding by ports for video surveillance application.

Support NTP, SNTP server with built-in RTC clock source (RTC is subject to model variant)
The support of NTP/SNTP is able to synchronize system clock in Internet. Lantech OS3/OS4 switch supports NTP server & server/client mode. The switch also built-in a real-time clock (RTC) for measurement the passage of time with a NTP server. (RTC is subject to model variant)

Enhanced environmental monitoring for switch inside information
The enhanced environmental monitoring can detect switch overall temperature, total power load, actual input voltage and current. It can send the SNMP traps alert when abnormal. (Subject to model variant)

Optional Layer3 Lite / Layer3 to be upgradable
Lantech OS3/OS4 platform is optional upgradable to L3 Lite or L3 for future expansion. The optional L3L/L3 supports enhanced routing functionality, including RIP v1/v2, OSPF, DVMRP, PIM, Static NAT, PAT, Port forwarding, etc. It provides better network performance for large scale applications. (NAT is only available on OS4-L3 platform)

Optional TTDP and R-NAT protocol for train application (EN50155 models)
Lantech OS3/OS4 platform complies with IEC 61375-3-4 (ECN) standard. The support of Ethernet Consist Network allows interconnection between end devices located in single consist of train and interoperability with IEC61375-2-5 (ETBN). The optional TTDP (Train Topology Discovery Protocol) can assign IP and Gateway IP automatically when train network topology is changed due to the adjustment of train cars. Exclusive DHCP and VLAN over TTDP can help bind device with certain IP assignment and segment VLAN in ECN network. The optional R-NAT (Railway-Network Address Translation) is under TTDP that simplifies the management of network address translation between ETB and ECN. (R-NAT is only available on OS4-L3 platform)

*Future release
***Annual license


Manageability / Network


SNMP v1 v2c, v3/ Web/ Telnet/ CLI

User friendly UI

  • Auto topology drawing
  • Topology demo
  • Complete CLI for professional setting


  • MIB
  • Bridge MIB
  • IF MIB 
  • Private MIB


Up to 5 trap stations; trap types including:

  • Device cold start
  • Authorization failure
  • Port link up/link down
  • DI/DO open/close
  • Typology change (ITU ring)
  • Power failure
  • Environmental abnormal

Firmware Update

Supports TFTP firmware update, TFTP backup and restore; HTTP firmware upgrade; USB firmware update

import and export

Supports editable configuration file for system quick installation; Support factory reset ping to restore all settings back to factory default


Provide DHCP Client/ DHCP Server/DHCP Option 82/Port based DHCP; DHCP Snooping, DHCP Option 66; DHCP Option 7/66/61/PXE; basic IPv6 DHCP server; IPv6 port based DHCP

Mac based DHCP Server

Assign IP address by Mac in DHCP network


Provide DNS client feature and can set Primary and Secondary DNS server

System Log

Supports System log record and remote system log server


Offer IP address of TFTP server


Supports LLDP to allow switch to advise its identification and capability on the LAN


Cisco Discovery Protocol for topology mapping

Remote Admin

Supports 10 IP addresses that have permission to access the switch management and to prevent unauthorized intruder

Redundancy / Protection

ITU G.8032

  • Support ITU G.8032 for Ring protection in less than 20ms for self-heal recovery (single ring enhanced mode)
  • Support basic single ring & enhanced ring
  • Enhanced G.8032 ring configuration with ease
  • Cover multicast & data packets protection

Spanning Tree

Supports IEEE802.1d Spanning Tree and IEEE802.1w Rapid Spanning Tree, IEEE802.1s Multiple Spanning Tree 8 MSTI; Supports BPDU guard/Root guard/Aggregation port


  • Miss-wiring avoidance
  • Node failure protection
  • Loop protection

PoE (PoE models)

PoE Management

PoE Detection to check if PD hangs then restart the PD

Per Port PoE Status

On/ Off, voltage, current, watts, temperature


IEC62443-4-2 Cybersecurity ready**

  • Cybersecurity
  • Vulnerability checking
  • Identification and authentication
  • Resource availability

Prevention of DDoS/DoS attack

  • Suspicious Packets DoS/DDoS Attacks
  • Network DoS/DDoS Attacks

Network Security

Support 10 IP addresses that have permission to access the switch management and to prevent unauthorized intruder.
802.1X access control for port based and MAC based authentication/static MAC-Port binding
Ingress/Egress ACL L2/L3
SSL/SSH v2 for Management
HTTPS for secure access to the web interface
TACACS+ for Authentication

Login Security

Supports IEEE802.1X Authentication/RADIUS



Port Based VLAN
IEEE 802.1Q Tag VLAN (256 entries)/ VLAN ID (Up to 4K, VLAN ID can be assigned from 1 to 4096)
GVRP, QinQ, QoS (Max 32 entries; Max 7 entries when QoS by VLAN)
Protocol based VLAN
Ipv4 Subnet based VLAN


Support IGMP snooping v1, v2, v3; Supports IGMP static route; 1024 multicast groups; IGMP router port; IGMP query; GMRP

MLD Snooping

Support Ipv6 Multicast stream

Static multicast forwarding

Static multicast forwarding forward reversed IGMP flow with multicast packets binding with ports for IP surveillance application


Quality of Service

The quality of service determined by port, Tag and Ipv4 Type of service, Ipv4 Differentiated Services Code Points – DSCP

Class of Service

Support IEEE802.1p class of service, per port provides 8 priority queues

Bandwidth Control

Support ingress packet filter and egress* packet limit.
The egress rate control supports all of packet type.
Ingress filter packet type combination rules are Broadcast/Multicast/Flooded Unicast packet, Broadcast/Multicast packet, Broadcast packet only and all types of packet.
The packet filter rate can be set an accurate value through the pull-down menu for the ingress packet filter and the egress packet limit.

Port Trunk with LACP

LACP Port Trunk: 8 Trunk groups


Port Mirror

Support 3 mirroring types: “RX, TX and Both packet”

Enhanced Storm Control

prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces


Enhanced Environmental Monitoring

System status for actual input voltage, current, total power load and ambient temperature to be shown in GUI and sent alerting if any abnormal status

Dual Image Firmware

Support dual image firmware function

Time Management


Supports NTP/SNTP to synchronize system clock in Internet
Supports NTP server & server/client mode
NTP server support Primary and Backup in client mode
Support NTP Time Re-correct without battery
Built-in RTC clock can be clock source for NTP server (RTC is subject to model variant)

PTP/gPTP** (OS4 only)

IEEE 1588 PTP V2 & 802.1AS; Transparent clock and two step processing


Support Ping, ARP table and DDM information

Train Protocol (EN50155 models)


Complies with IEC 61375-3-4 (ECN) standard.

*Future release
***Annual license

Upgradable Package - L3 & L3Lite SPECIFICATIONS

Unicast Routing

RIP v1/v2
(L3 only)

Support RIP Redistribute

  • Static routes
  • Route-map
  • Metric

Support Enhanced Redistributing Routing Protocols

  • Between routing protocols (RIP, OSPF, EIGRP, BGP).
  • Directly connected routes can be redistributed into a routing protocol.
  • Support OSPF and RIP running simultaneously in the same system (but need to be in different interfaces)

Support Equal-cost multi-path routing (ECMP) for RIP


Support OSPF Area

  • Standard Area
  • Stub Area
  • Stub no-summary Area

Support Equal-cost multi-path routing (ECMP)

Static Route

Up to 32

Multicast Routing

(L3 only)

Distance Vector Multicast Routing Protocol (DVMRP) is a routing protocol used to share information between routers to facilitate the transportation of IP multicast packets among networks.

PIM (Protocol Independent Multicast)

PIM-SM (Sparse Mode)
PIM-BSR (Bootstrap)
PIM-DM (Dense Mode)
PIM-SSM (Source-Specific Multicast Mode)


VRRP (RFC3768)

For Routing Redundancy

Combine Max. 2 gateways as single virtual gateway


Inter-VLAN routing

Support dynamic routing and static routing

Router-on-a stick

Route traffic between different VLAN groups via VLAN trunking port.

NAT**(OS4-L3 only)

Hardware NAT

Max 384 clients

Static NAT

Max 128 connections; 1 to 1

PAT (port address translation)

Max 256 connections; 1 to many; many to 1; Port forwarding

Train (EN50155 models)


TTDP (Train Topology Discovery Protocol) complies with IEC 61375-2-5 (ETBN) standard.


Support Option 66/82

R-NAT** (OS4-L3 only)

Support Railway-Network Address Translation


Rescue mode

Offer repairing ability to repair operating system if booting image of switch is damaged.

IP based port


*Future release


*Future release


P/N Model name Description
9000-114 OS3 – L3L OS3 software platform upgrade to Layer 3 Lite platform
9000-115 OS3 – IEC61375-2-5 OS3 software platform with IEC-61375-2-5 ETBN (Ethernet Train Backbone Networks) function
9000-116 OS3 – L3 OS3 software platform with Layer 3 functions incl. L3L
9000-110 OS4 – L3L OS4 software platform upgrade to Layer 3 Lite platform
9000-111 OS4 – L3L – IEC61375-2-5 OS4 software platform with IEC-61375-2-5 ETBN (Ethernet Train Backbone Networks) function (under L3L)
9000-112 OS4 – L3 OS4 software platform with Layer 3 functions incl. L3L
9000-118 OS4 – L3 – IEC61375-2-5 OS4 software platform with IEC-61375-2-5 ETBN (Ethernet Train Backbone Networks) function w/R-NAT (under L3)