Skip to main content

RY-LGSP28-10 en

19" switch with management, strong security functions and PoE+
  • 19" L2/L3 Switch with 250W PoE+
  • Copper ports: 8 x10/100/1000TX
  • Optical ports: 2 x SFP/SFP+ 1G/10G
  • Manageable, ring capable, L3 functions
  • Non Stop PoE
  • Controlled fans
  • Power supply 230VAC

This Layer-2/3 switch with extensive L3 functions has been specially developed for applications with high data load, such as video over IP, video streaming also in connection with multicast. The switch has extensive security functions that protect both the switch itself and the network traffic. The PoE allows IP cameras to be fed via the data cable. With the extensive management options, even complex network requirements can be met.

Video network special features

Active monitoring of the camera
The switch continuously monitors PoE-powered cameras. In the event of a camera failure, the switch automatically restarts the camera. At the same time, the switch sends an SNMP message.

Active monitoring of the PoE supply
If, for example, too much power is demanded from the switch due to a defective camera, the switch alerts via SNMP.

Active management of PoE power
When the switch is started up, the individual PoE ports can start up with a time delay to prevent overloading the PoE power supply units.

Active integration of the switch in video management systems
For the popular video management systems Milestone and Siveillance Video, SW modules are available which allow direct integration of the switch management and the DMS into this VMS.

Uninterruptible PoE power supply
The PoE supply to the PDs is not interrupted when the switch is rebooted.

Jumbo frames even at 100 Mbps
Jumbo Frames up to 10'240Bytes are also supported at 100MBit/s

More information

Special featuresThe switch has extensive safety functions. For example, the ACL allows not only to protect the switch itself, but also the traffic in the network.
Non-Stop PoE: When the switch is rebooted, the PoE supply to the connected cameras is not interrupted. As soon as the switch is operational again, so are the camera images.


DMS (Device Management System)

The switch has an integrated network monitoring and control system that gives the user a good overview of the entire network in a very simple way. This DMS system has the following features:

Graphical network overview
The network topology view provides a quick overview of all switches and end devices present in the network, such as IP cameras or servers, including the IP address, device type and designation. Plans and maps can be stored as background images, allowing the user to quickly access specific network devices even without knowledge of the IP structure.

Device search
This function also allows targeted access to a specific device in larger networks. Newly added devices, such as an exchanged IP camera, are displayed immediately and allow the user to access the device immediately without knowing the IP address.

Data traffic display
The data traffic can be graphically displayed per port over a time axis.

Error handling and security
Network diagnostics between master switch and connected terminals.
Protection mechanisms such as data rate limitation allow effective protection against unwanted access.
With IEEE802.3ah and IEEE802.1ag, tools for the structuring of networks are available.


To download the firmware you need access. Please log in or register. The registration must be activated by us.


Technical data

General properties
supply voltage100-240VAC, 50-60Hz
power consumptionMax. 40W (without PoE) / 290W (with PoE)
MTBF25°C: 334'272h
50°C: 97'070h
operating temperature0°C to 50°C
dimensions220 x 242 x 44mm (WxDxH)
weight2.3 kg
copper ports8 x 10/100/1000TX, PoE+, RJ45
Maximum PoE-power over all ports: 250W
optical fibre ports2 x SFP/SFP+, 1G/10G 
We recommend the use of our barox SFPs. We do not test or guarantee the compatibility of our devices with SFPs of other manufacturers.
console port1 x RS232, RJ45
network properties
managementHTTP/HTTPS, SSH, Telnet Client, IPv6 Management
SNMP v1, v2c, v3 supports traps and USM
DHCP Client / DHCPv6 Client
DHCP Server
PTP, Precision Time Protocol, IEEE1588 v2
Embedded RMON agent supports RMON Groups 1,2,3,9 (history, statistics, alarms and events) for improved traffic management, monitoring and analysis

Web GUI, DMS, SNMPv1, v2c and v3, Console, Telnet, RMON
Individual management accesses can be deactivated.

PoE ManagementPort configuration
Supports the PoE configuration function per port.

PoE Scheduling
Supports per-port PoE scheduling to power on/off PoE devices (PDs).

Automatic check
Check the connection status of the PDs. Restart the PDs if there are no responses.

Power delay
The PoE ports can be switched on with a time delay to protect the switch from overload.

Non-Stop PoE, Soft Reboot
The switch supplies the PDs with power even during the soft reboot.
port settingsPort disable/enable, Autonegotiation 10/100/1000Mbps, Flow Control disable/enable, data rate control on each port, max. Framesize, Power Control
port statusDisplay per port: Speed, Link Status, Flow Control Status, Autonegotiation Status, Trunk Status
layer3 functionsIPv4 und IPv6 Unicast: static routing
communications redundancyStandard Spanning Tree (STP), IEEE802.1d
Rapid Spanning Tree (RSTP), IEEE802.w
Multiple Spanning Tree (MSTP), IEEE802.1s
Ethernet Linear Protection Switching (ELPS), ITU-T G.8031
Ethernet Ring Protection Switching, (ERPS), ITU-T G.8032
VLANTag-based VLAN according to 802.1Q
Supports up to 4K VLANs simultaneously (from 4096 VLAN IDs)

Port-based VLAN
A port member of a VLAN can be isolated to other isolated ports of the same VLAN and private VLANs.

Private VLAN edge (PVE)
Private VLANs are based on the source port mask and there are no connections to VLANs. This means that VLAN IDs and private VLAN IDs can be identical.

Voice VLAN
The Voice VLAN function allows you to route voice traffic on the Voice VLAN.

Guest VLAN
With the IEEE 802.1X guest VLAN feature, a guest VLAN can be configured for each 802.1X port on the device to provide limited services to non-802.1X-compliant clients.

Q-in-Q (double tag) VLAN
This allows you to set specific requirements for VLAN IDs and the number of VLANs to be supported.

802.1v protocol VLAN
The classification of multiple protocols into a single VLAN often enforces VLAN boundaries that are unsuitable for some of the protocols. This requires the presence of a non-standard unit that passes frames containing the protocols for which the VLAN boundaries are unsuitable between VLANs.

MAC-based VLAN
The MAC-based VLAN feature allows incoming unmarked packets to be assigned to a VLAN, classifying traffic based on the source MAC address of the packet.

IP subnet-based VLAN
In an IP subnet-based VLAN, all end workstations in an IP subnet are assigned to the same VLAN. In this VLAN, users can move their workstations without having to reconfigure their network addresses.

Management VLAN
Management VLAN is used to manage the switch from a remote location using protocols such as Telnet, SSH, SNMP, Syslog, etc.
link aggregationIEEE 802.3ad LACP / Static Trunk, supports five groups of 16-port trunks or static trunk
QoSHardware queue
Supports eight hardware queues.

Port based: Traffic QoS by port
802.1p: The VLAN priority-based Layer 2 CoS QoS service class is a parameter used in data and voice protocols to distinguish the types of payloads contained in the transmitted packet.
DSCP-based differentiated services (DiffServ) Layer 3 DSCP QoS: IP packets can carry either an IP priority value (IPP) or a DSCP (Differentiated Services Code Point) value. QoS supports the use of both values because DSCP values are backward compatible with IP priority values.
Classification and re-labelling of TCP/IP ACLs: QoS through ACL

Egress shaping and speed control per port

Strict priority and weighted round robin (WRR): Weighted Round Robin is a scheduling algorithm that uses the weights assigned to the queues to determine how much data is cleared from one queue before it is moved to the next queue.

Certified authentication
A private HTTPS key can be stored for management access.

User administration
User rights can be freely set in up to 15 levels.

The switch allows up to 512 entries. Drop or rate limitation based on source/destination MAC/IP address or VLAN ID. Rules and conditions for incoming packets can be set per port. The rules include protocols, IP ports and address ranges. The rules can be set according to either the authorization or exclusion procedure. Criteria are: TCP/ UDP source and destination ports, 802.1p priority, Ethernet type, ICMP (Internet Control Message Protocol) packet

Port Security
MAC address management per port and IP source guard: The MAC address can be checked in combination with the IP address.

Storm Control
Prevents traffic in a LAN from being disrupted by a broadcast, multicast or unicast flood on a port.

RADIUS Authentication, 802.1X
Authorisation and billing, MD5 hash, guest VLAN, single/multiple host mode and single/multiple sessions
Supports IGMP-RADIUS-based 802.1X
Dynamic VLAN assignment

TACACS+ Authentication
The switch supports TACACS+ authentication. Switch as a client.

Secure Shell (SSH)
SSH secures Telnet traffic to or from the switch, SSH v1 and v2 are supported

Secure Socket Layer (SSL)
SSL encrypts HTTP traffic, providing enhanced secure access to the browser-based management GUI in the switch.

HTTPS & SSL (Secured Web)
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP.

BPDU Guard
The BPDU Guard, an extension of STP, removes a node that reflects BPDUs back into the network. It enforces the boundaries of the STP domain and keeps the active topology predictable by not allowing network devices behind a BPDU Guard-enabled port to participate in STP.

DHCP Snooping
With DHCP snooping, the switch has a function that acts as a firewall between untrusted hosts and trusted DHCP servers.

Loop Protection
Loop Protection prevents unknown unicast, broadcast and multicast loops in Layer 2 switching configurations.

multicastIGMP v1/v2/v3 Snooping
IGMP limits bandwidth-intensive multicast traffic to the applicants. Supports 1024 multicast groups.

IGMP Querier
IGMP Querier is used to support a Layer 2 multicast domain of snooping switches when no multicast router is available.

IGMP Proxy
IGMP Snooping with proxy reporting or report suppression actively filters IGMP packets to reduce the load on the multicast router.

MLD v1/v2 Snooping
Delivers IPv6 multicast packets only to the required recipients.

Multicast VLAN Registration (MVR)
A dedicated, manually configured VLAN, known as Multicast VLAN, to route multicast traffic over a Layer 2 network in conjunction with IGMP snooping.
standardsIEEE 802.3 10Base-T
IEEE 802.3u 100Base-TX/100BASE-FX
IEEE 802.3z Gigabit SX/LX
IEEE 802.3ab Gigabit 1000T
IEEE 802.3x Flow Control and Back pressure
IEEE 802.3ad Port trunk with LACP
IEEE 802.1d Spanning tree protocol
IEEE 802.1w Rapid spanning tree protocol
IEEE 802.1s Multiple spanning tree protocol
IEEE 802.1p Class ofservice
IEEE 802.1Q VLAN Tagging
IEEE 802.1x Port Authentication Network Control
IEEE 802.1ab LLDP
IEEE 802.3af/at Power over Ethernet
IEEE Energy Efficient Ethernet
IEEE 1588v2 PTP Precisison Time Protocol

Product variants



Pair of brackets for mounting the RY-LGSP28-10 in a 19" frame.
Included in delivery.

Version 20.12.2022, Changes without notice