Wondering if anyone on the list has any experiences with fs.com Ethernet switches that they are willing to share (good or bad)? We're looking for some cost effective L2 only 10Gb-T switches and their S58XX switches have come up as a potential option. Thanks, Rich
Once upon a time, Richard Angeletti <reno@psc.edu> said:
Wondering if anyone on the list has any experiences with fs.com Ethernet switches that they are willing to share (good or bad)?
We're looking for some cost effective L2 only 10Gb-T switches and their S58XX switches have come up as a potential option.
I set up a couple of S5850s for a sever cluster recently, with MC-LAG and a bit of L3 for a management network. They worked fine. The only issue I had was getting ACLs applied to limit device and management net access; they had a couple of extra steps needed. The typical IOS-ish "ip access-group" command is accepted on an interface, but it doesn't actually work that way - you have to do a policy-map that references a class-map that references an access-list, and then apply the policy-map to the interface. Also, putting an ACL on "line vty" only applied after authentication (so you could SSH and authenticate, only to then be denied access, which makes it susceptible to password scanners). Instead you configure an ACL on the SSH service itself. -- Chris Adams <cma@cmadams.net>
Same experience here. So far so good and their TAC is efficient. I had to disable MCLAG settings due to a strange behavior with multicast. Something that appeared unpleasing- at least to me - is the fact that the separate MPLS license doesn't support PIM when activated. Regards Paschal Masha | Engineering Skype ID: paschal.masha ----- Original Message ----- From: "Chris Adams" <cma@cmadams.net> To: "nanog" <nanog@nanog.org> Sent: Thursday, April 14, 2022 4:55:27 PM Subject: Re: fs.com Ethernet switches Once upon a time, Richard Angeletti <reno@psc.edu> said:
Wondering if anyone on the list has any experiences with fs.com Ethernet switches that they are willing to share (good or bad)?
We're looking for some cost effective L2 only 10Gb-T switches and their S58XX switches have come up as a potential option.
I set up a couple of S5850s for a sever cluster recently, with MC-LAG and a bit of L3 for a management network. They worked fine. The only issue I had was getting ACLs applied to limit device and management net access; they had a couple of extra steps needed. The typical IOS-ish "ip access-group" command is accepted on an interface, but it doesn't actually work that way - you have to do a policy-map that references a class-map that references an access-list, and then apply the policy-map to the interface. Also, putting an ACL on "line vty" only applied after authentication (so you could SSH and authenticate, only to then be denied access, which makes it susceptible to password scanners). Instead you configure an ACL on the SSH service itself. -- Chris Adams <cma@cmadams.net>
Using a cheap POE switch. I'm pretty happy with it since it's cheap. It's a bit noisy with a small load would be my only complaint - I suspect it's the same volume at full load. No management/layer 3 features on mine nor do I want them. I don't know if L2 only means you want management or not. On Thu, Apr 14, 2022 at 10:24 AM Paschal Masha < paschal.masha@ke.wananchi.com> wrote:
Same experience here. So far so good and their TAC is efficient.
I had to disable MCLAG settings due to a strange behavior with multicast. Something that appeared unpleasing- at least to me - is the fact that the separate MPLS license doesn't support PIM when activated.
Regards Paschal Masha | Engineering Skype ID: paschal.masha
----- Original Message ----- From: "Chris Adams" <cma@cmadams.net> To: "nanog" <nanog@nanog.org> Sent: Thursday, April 14, 2022 4:55:27 PM Subject: Re: fs.com Ethernet switches
Once upon a time, Richard Angeletti <reno@psc.edu> said:
Wondering if anyone on the list has any experiences with fs.com Ethernet switches that they are willing to share (good or bad)?
We're looking for some cost effective L2 only 10Gb-T switches and their S58XX switches have come up as a potential option.
I set up a couple of S5850s for a sever cluster recently, with MC-LAG and a bit of L3 for a management network. They worked fine.
The only issue I had was getting ACLs applied to limit device and management net access; they had a couple of extra steps needed. The typical IOS-ish "ip access-group" command is accepted on an interface, but it doesn't actually work that way - you have to do a policy-map that references a class-map that references an access-list, and then apply the policy-map to the interface.
Also, putting an ACL on "line vty" only applied after authentication (so you could SSH and authenticate, only to then be denied access, which makes it susceptible to password scanners). Instead you configure an ACL on the SSH service itself.
-- Chris Adams <cma@cmadams.net>
One of my clients deployed S3900s, both 24- and 48-port copper models, across half a dozen sites, and I did 99% of the config. Theoretically the 5800s are just a faster/beefier version but haven’t seen them in person. They… work, more or less. Some of the hardcoded limits are just stupid, like max 32 DHCP-relayed devices per L3 interface/VLAN and the 33rd client just doesn’t get DHCP. Either the intermediate carrier out there is stripping VLAN tags, or there’s something really weird with their trunking, not sure which yet. Both the GUI and CLI are required to configure a switch in practice – perhaps you can use the CLI exclusively if you’re an expert, but holy cow some of the config language is radically unintuitive. OTOH, even basic models have some advanced features like EAPS/ERPS in the base system. It’s very clear to me from the capabilities and language used in the original OS release that this model, at least, was originally targeting ILECs almost exclusively (e.g. console port == craft interface). Newer software releases have made them a little less obscure or difficult to work work. I can’t quite say “don’t buy them” but I sure wouldn’t recommend them, either. Broadly put: you get what you pay for! -Adam Adam Thompson Consultant, Infrastructure Services [MERLIN] 100 - 135 Innovation Drive Winnipeg, MB, R3T 6A8 (204) 977-6824 or 1-800-430-6404 (MB only) athompson@merlin.mb.ca<mailto:athompson@merlin.mb.ca> www.merlin.mb.ca<http://www.merlin.mb.ca/> From: NANOG <nanog-bounces+athompson=merlin.mb.ca@nanog.org> On Behalf Of Richard Angeletti Sent: Wednesday, April 13, 2022 2:11 PM To: nanog@nanog.org Subject: fs.com Ethernet switches Wondering if anyone on the list has any experiences with fs.com<http://fs.com> Ethernet switches that they are willing to share (good or bad)? We're looking for some cost effective L2 only 10Gb-T switches and their S58XX switches have come up as a potential option. Thanks, Rich
participants (5)
-
Adam Thompson
-
Chris Adams
-
Josh Luthman
-
Paschal Masha
-
Richard Angeletti