LANCOM IGS-3128XF
Rugged, temperature-enhanced 28-port Gigabit access switch with cloud management for exclusive fiber-optic connectivity in harsh industrial environments
Overview
For industrial companies, infrastructure providers, and operators of critical systems, the LANCOM IGS-3128XF serves as a reliable distribution instance for internally networking other switches within the network. With its robust metal housing, flexible fiber-optic connectivity across all ports, and extended temperature tolerance, this cloud-ready industrial switch is ideally suited for demanding environments such as manufacturing, logistics, or energy supply. The 28-port Gigabit access switch features 24x 1G SFP ports – 4 of which can be used as combo ports (TP/SFP) – as well as 4x 10G SFP+ ports for uplinks and backbone connections. For flexible power supply options, the LANCOM IGS-3128XF comes with an internal AC power unit and an additional connector for external DC power sources. Its shallow housing depth allows for space-saving installation, particularly in compact distribution cabinets. With Layer 3 Lite functionality and support for the LANCOM Management Cloud (LMC), the LANCOM IGS-3128XF enables centralized and automated management of both the device and the entire network.
Key Features
- ▶️ Industrial Gigabit access switch with fiber-optic support on all ports: 20x 1G SFP ports, 4x combo ports (TP/SFP), and 4x 10G SFP+ ports
- ▶️ AC and DC input for maximum flexibility in the choice of power supply
- ▶️ Robust metal housing for reliability in harsh environments and demanding temperatures (-20 °C to +55 °C)
- ▶️ Basic Layer-3 features such as static routing and DHCP server
- ▶️ Security with configurable access control on all ports as per IEEE 802.1X and access control lists
- ▶️ Secure remote management through TACACS+, SSH, SSL, and SNMPv3
- ▶️ Cloud-managed LAN for fast configuration and convenient management via the LANCOM Management Cloud
- ▶️ IPv6 and IPv4 support for modern enterprise networks
- ▶️ Includes a serial configuration cable, and an IEC power cable; mounting brackets can be unscrewed
- ▶️ 5-year replacement service for all components
Performance
- High performance on 28 ports: Equipped with 20x 1G SFP ports, 4x combo ports (TP/SFP), and 4x 10G SFP+ ports supporting transfer rates of up to 10 Gbps.
- Combo ports can be used flexibly as either copper (RJ45) or fiber-optic ports (SFP).
- Data throughput of 128 Gbps on the backplane offers full performance even under heavy load.
- Ideal central distribution instance for connecting additional switches in modern network infrastructures.
- Switching technology: Store and forward with latency less than 4 microseconds.
- MAC addresses: Support of max 32K MAC addresses.
- Throughput: Max. 128 Gbps on the backplane.
- Maximum packet processing: 95.23 million packets per second (mpps) at 64-byte packets.
- VLAN: Port based and IEEE 802.1q tag based VLAN with up to 4,093 VLANs; Supports ingress and egress packet filter in port based VLAN.
- Jumbo frame support: Up to 10240 bytes.
- Link Aggregation Control Protocol (LACP): Support of 26 groups containing up to 4 ports each according to IEEE 802.1ax.
Industrial Applications
- Designed for use in severe frost or extreme heat (-20 °C to +55 °C).
- Optimally tailored to the requirements of the industrial and manufacturing sectors.
- Metal housing provides enhanced resistance to bumps and vibration.
- Shallow housing depth of just 211 mm saves valuable space and allows for flexible installation in small network cabinets or confined environments.
- Compared to standard switches with depths of 300–400 mm, this design allows ample room for effective cable management and optimal air circulation.
Cloud-Managed LAN and Secure Access
- With the LANCOM Management Cloud (LMC) and Cloud-managed LAN, offers quick and easy network integration and automatic configuration provisioning across locations with a click.
- Eliminates time-consuming individual device and switch port configurations.
- Targeted switch rollout via LMC enables automatic VLAN assignment and "zero-touch" assignment to devices.
- Secure Terminal Access provides access to the command line ("CLI tunneling") directly from the LMC, encrypted and without leaving the cloud interface.
- Provides expert functions and extensive diagnostic/troubleshooting commands.
- Highlights include "trace" and "ping" commands for quick troubleshooting.
- Access to low-level configuration parameters and detailed statistics of the LCOS SX operating system.
- Secure remote access to third-party devices in the local network via the integrated SSH client.
Interference-Free High-Speed Transmissions
- Supports fiber-optic connectivity on all 28 ports, enabling reliable high-speed data transmission over long distances.
- Link aggregation (LACP) allows multiple ports to be combined into a single logical channel, achieving a total transmission rate of up to 40 Gbps.
- Boosts network performance, ideal for organizations with extensive or distributed infrastructures.
- Fiber-optics enhance installation flexibility and protect the network from electromagnetic interference.
High Reliability Through Redundant Power Supply
- Essential for stable internal networking and continuous availability.
- In addition to the integrated 100–240 V AC power supply, supports a 24–54 V DC power supply via an optional external power adapter.
- Ensures high operational reliability; if one power source fails, the other takes over, guaranteeing uninterrupted operation.
Configurable Access Control & Secure Remote Management
- Prevents rogue clients from gaining unauthorized access.
- Secured access control on all ports as per IEEE 802.1X (port-based, single, multi, and MAC-based) or by ACLs (access control lists).
- Secure communication protocols: SSH, SSL, and SNMPv3 enable professional remote management.
- Supports the TACACS+ protocol for authentication, authorization, and accounting.
- Optimized solution for maximum security in multi-site network management and monitoring.
DHCP Server Functionality
- The switch can independently and automatically assign IP addresses to clients.
- Supports this basic Layer-3 function, taking over IP management of the connected network.
Static Routing for Efficient Networks
- Supports the basic Layer-3 function of static routing, shifting certain routing tasks from the router to the switch.
- Predefinition of network routes enables faster data exchange, especially with high internal data traffic, reducing router load.
- Freed-up router capacity is available for handling external data traffic, increasing overall network efficiency.
IPv6 and IPv4 Support
- Dual-stack implementation allows use in pure IPv4, pure IPv6, or mixed networks.
- Supports numerous applications over IPv6 networks, including SSL, SSH, Telnet, or TFTP.
- IPv6 features include stateless autoconfiguration, neighbor device discovery, and MLD snooping.
Security Features
| Feature | Description |
|---|---|
| Secure Shell Protocol (SSH) | SSH for a secure remote configuration |
| Secure Sockets Layer (SSL) | SSL to encrypt HTTP connections; advanced security for browser-based configuration via web interface |
| IEEE 802.1X | IEEE 802.1X access control on all ports; RADIUS for authentication, authorization and accounting with e.g. MD5 hashing; guest VLAN; dynamic VLAN assignment |
| Private VLAN edge | Layer 2 isolation between clients in the same VLAN ("protected ports"); support multiple uplinks |
| Port security | Locking of MAC addresses to ports; limiting of the number of learned MAC addresses |
| IP source guard | Blocking access for illegal IP addresses on specific ports |
| Access control lists | Drop or rate limitation of connections based on source and destination MAC addresses, VLAN ID, IP address (IPv4/IPv6), protocol, port, DSCP/IP precedence, TCP/UDP source and destination ports, IEEE 802.1p priority, ICMP packets, IGMP packets, TCP flag |
| RADIUS/TACACS+ | Authentication, authorization and accounting of configuration changes by RADIUS or TACACS+ |
| Storm Control | Multicast/Broadcast/Unicast storm suppression |
| Isolated Group | Allows certain ports to be designated as protected. All other ports are non-isolated. Traffic between isolated group members is blocked. Traffic can only be sent from isolated group to non-isolated group. |
Layer 2 Switching Features
- Spanning Tree Protocol (STP) / Rapid STP / Multiple STP: Standard Spanning Tree according to IEEE 802.1d with fast convergence support of IEEE 802.1w (RSTP); using Multiple Spanning Tree instances by default according to IEEE 802.1s (MSTP).
- Link Aggregation Control Protocol (LACP): Support of 26 groups containing up to 4 ports each according to IEEE 802.1ax.
- VLAN: Support for up to 4K VLANs simultaneously (out of 4093 VLAN IDs); matching due to port, IEEE 802.1q tagged VLANs, MAC addresses, IP subnet and Private VLAN Edge function ("protected ports").
- Voice VLAN: Voice traffic is automatically assigned to a voice-specific VLAN and treated with appropriate levels of QoS.
- IGMP multicasts: IGMP v1, v2, v3 to limit bandwidth-intensive multicast traffic to ports with requesters; supports 1024 multicast groups; source-specific multicasting.
- IGMP querier: Support of multicast domains of snooping switches in the absence of a multicast router.
- IGMP Snooping: Identifies multicast groups and prevents unnecessary traffic.
- IGMP proxy: Passes IGMP messages through.
- MLD v1/v2: IPv6 multicast packets are transmitted to interested listeners only.
- Generic VLAN registration: VLAN registration with GVRP according to IEEE 802.1q for automatic delivery of VLANs in bridged domains.
- DHCP Relay Agent: Relays DHCP broadcast requests to different LANs.
- Supported DHCP options: ▶️ DHCP option 82.
Interfaces
- Console port: RJ45 configuration port for command line access.
Management and Monitoring
- Management: LANconfig, WEBconfig, LANCOM Management Cloud, Industry Standard CLI.
- Command Line Interface (CLI): Configuration and status display from the command line with console application and direct connection to console port, via Telnet or SSH.
- Monitoring: LANmonitor, LANCOM Management Cloud.
- Remote Monitoring: Integrated RMON software agent supports 4 RMON groups (history, statistics, alarms and events) for enhanced traffic management, monitoring and analysis.
- Port Mirroring: Traffic can be mirrored from one port to another for investigation with network analyzer or RMON probe. Up to 27 ports can be mirrored to a single mirror port. Single sessions can be selected.
- Diagnosis: Diagnosis from the switch with PING and cable diagnosis.
- Firmware update: ▶️ Update via WEBconfig and browser (HTTP/HTTPS), ▶️ Update via TFTP and LANconfig, ▶️ Dual firmware image to update during operation.
- Secure Copy: Securely import and export files.
- DHCP client: Automatic assignment of the management IP address by DHCP.
- SNTP: Automatic time settings with Simple Network Time Protocol (SNTP).
- s-flow: Standard for monitoring of high-speed networks. Visualization of network use, accounting, and analysis to protect your network against dangers.
Hardware Specifications
| Specification | Details |
|---|---|
| Weight | 6.80 lbs (3.10 kg) |
| Power supply | Internal power supply unit (100 – 240 V, 50–60 Hz), and a connector for an external DC power supply unit with 24–54 V |
| Environment | ▶️ Normal temperature range: -20 to 55 °C ▶️ Relative humidity (during and outside operation): non-condensing and condensing 5% to 90% ▶️ Minimum ambient temperature for cold start is 0 °C |
| Housing | Robust metal housing, 19" 1U (442 x 44 x 211 mm W x H x D) with removable mounting brackets, network connectors on the front |
| Mean time between failure (MTBF) | ▶️ at 25 °C: 197,000 hours ▶️ at 60 °C: 29,000 hours |
| Power consumption (max) | 35 W |
| Acoustic noise (typ) | 40 dBa |
Software
- LCOS version: Based on LCOS SX 4.30.
- Lifecycle Management: After discontinuation (End of Sale), the device is subject to the LANCOM Lifecycle Management. Details can be found at: www.lancom-systems.com/lifecycle
- Anti-backdoor policy: Products from LANCOM are free of hidden access paths (backdoors) and other undesirable features for introducing, extracting or manipulating data. The trust seal "IT Security made in Germany" (ITSMIG) and certification by the German Federal Office for Information Security (BSI) confirm the trustworthiness and the outstanding level of security.
Declarations of Conformity
| Region/Standard | Certification |
|---|---|
| Europe/EFTA | CE |
| North America | FCC/IC |
| Australia / New Zealand | ACMA |
| *) Note | The full text of the specific Declaration of Conformity is available at the following Internet address: www.lancom-systems.com/doc |
Supported IEEE Standards
- IEEE 802.1AB (Link Layer Discovery Protocol - LLDP)
- IEEE 802.1AB (LLDP-MED)
- IEEE 802.1ad (Q-in-Q tagging)
- IEEE 802.1ak (MRP and MVRP - Multiple Registration Protocol and Multiple VLAN Registration Protocol)
- IEEE 802.1d (MAC Bridging)
- IEEE 802.1d (Spanning Tree)
- IEEE 802.1p (Class of Service)
- IEEE 802.1q (VLAN)
- IEEE 802.1s (Multiple Spanning Tree Protocol - MSTP)
- IEEE 802.1w (Rapid Spanning Tree Protocol - RSTP)
- IEEE 802.1X (Port Based Network Access Control)
- IEEE 802.3 (10Base-T Ethernet)
- IEEE 802.3ab (1000Base-TX Ethernet)
- IEEE 802.1ax, incl. 802.3ad (Link Aggregation Control Protocol - LACP)
- IEEE 802.3ae (10 Gigabit Ethernet over fiber)
- IEEE 802.3az (Energy Efficient Ethernet)
- IEEE 802.3u (100Base-T Ethernet)
- IEEE 802.3x (Flow Control)
- IEEE 802.3z (1000Base-X Ethernet)
Supported RFC Standards
| RFC Number | Description |
|---|---|
| RFC 854 | Telnet Protocol Specification |
| RFC 1213 | MIB II |
| RFC 1215 | SNMP Generic Traps |
| RFC 1493 | Bridge MIB |
| RFC 1769 | Simple Network Time Protocol (SNTP) |
| RFC 2021 | Remote Network Monitoring MIB v2 (RMONv2) |
| RFC 2233 | Interface MIB |
| RFC 2460 | Internet Protocol Version 6 (IPv6) |
| RFC 2613 | SMON MIB |
| RFC 2617 | HTTP Authentication |
| RFC 2665 | Ethernet-Like MIB |
| RFC 2674 | IEEE 802.1p and IEEE 802.1q Bridge MIB |
| RFC 2818 | Hypertext Transfer Protocol Secure (HTTPS) |
| RFC 2819 | Remote Network Monitoring MIB (RMON) |
| RFC 2863 | Interface Group MIB using SMIv2 |
| RFC 2933 | IGMP MIB |
| RFC 3019 | MLDv1 MIB |
| RFC 3414 | User based Security Model for SNMPv3 |
| RFC 3415 | View based Access Control Model for SNMP |
| RFC 3587 | IPv6 Global Unicast Address Format |
| RFC 3621 | Power Ethernet MIB |
| RFC 3635 | Ethernet-Like MIB |
| RFC 3636 | IEEE 802.3 MAU MIB |
| RFC 4133 | Entity MIBv3 |
| RFC 4188 | Bridge MIB |
| RFC 4251 | The Secure Shell Protocol Architecture (SSH) |
| RFC 4291 | IP Version 6 Addressing Architecture |
| RFC 4443 | Internet Control Message Protocol (ICMPv6) |
| RFC 4541 | IGMP- and MLD-Snooping |
| RFC 4668 | RADIUS Authentication Client MIB |
| RFC 4670 | RADIUS Accounting MIB |
| RFC 5519 | Multicast Group Membership Discovery MIB |
Scope of Delivery
| Item | Details |
|---|---|
| Manual | Hardware Quick Reference (DE/EN), Installation Guide (DE/EN) |
| Cable | Serial configuration cable, 1.5m |
| Cable | IEC power cord |
| 19" brackets | Two 19" brackets for rackmounting |
Support and Services
Warranty
- Free warranty extension up to 5 years (replacement service for defects). For details, please refer to the service and support conditions at: www.lancom-systems.com/support-conditions or www.lancom-systems.com/rma
Updates
- Security updates: Up to 2 years after End of Sale of the device (but min. 5 years, see www.lancom-systems.com/product-tables), can be extended by purchasing LANcare products.
- Software Updates: Regular free updates including new features as part of the LANCOM Lifecycle Management (www.lancom-systems.com/lifecycle).
Manufacturer Support
- For LANcommunity partners up to the End of Life of the device. For end customers with LANcare Direct or LANcare Premium Support during the LANcare validity.
LANcare Services
LANcare Advanced M
- Security updates until EOL (min. 5 years) and 5 years NBD advance replacement with delivery of the replacement device within one business day (8/5/NBD), item no. 10731.
LANcare Direct Advanced 24/7 M
- Direct, prioritized 10/5 manufacturer support incl. 24/7 emergency hotline and security updates for the device, NBD advance replacement with delivery of the device on the next business day (24/7/NBD), guaranteed first response times (SLA) of max. 30 minutes for reporting massive operational disruptions by telephone (priority 1) and max. 4 hours for all other concerns (priority 2), term-based for 1, 3, or 5 years (item no. 10779, 10780 or 10781).
LANcare Direct 24/7 M (Alternative)
- Direct, prioritized 10/5 manufacturer support incl. 24/7 emergency hotline and security updates for the device, guaranteed first response times (SLA) of max. 30 minutes for reporting massive operational disruptions by telephone (priority 1) and max. 4 hours for all other concerns (priority 2), term-based for 1, 3, or 5 years (item no. 10755, 10756 or 10757).
LANcare Direct Advanced 10/5 M
- Direct, prioritized 10/5 manufacturer support and security updates for the device, NBD advance replacement with delivery of the device on the next business day (10/5/NBD), guaranteed first response times (SLA) of max. 2 hours for reporting massive operational disruptions by telephone (priority 1) and max. 4 hours for all other concerns (priority 2), term-based for 1, 3, or 5 years (item no. 10767, 10768 or 10769).
LANcare Direct 10/5 M (Alternative)
- Direct, prioritized 10/5 manufacturer support and security updates for the device, guaranteed first response times (SLA) of max. 2 hours for reporting massive operational disruptions by telephone (priority 1) and max. 4 hours for all other concerns (priority 2), term-based for 1, 3, or 5 years (item no. 10743, 10744 or 10745).
LANCOM Management Cloud Licenses
- LANCOM LMC-B-1Y LMC License: (1 Year), enables the management of one category B device for one year via the LANCOM Management Cloud, item no. 50103.
- LANCOM LMC-B-3Y LMC License: (3 Years), enables the management of one category B device for three years via the LANCOM Management Cloud, item no. 50104.
- LANCOM LMC-B-5Y LMC License: (5 Years), enables the management of one category B device for five years via the LANCOM Management Cloud, item no. 50105.
Accessories
| Accessory Type | Description |
|---|---|
| SFP Transceiver Module | 1000Base-SX SFP transceiver module LANCOM SFP-SX-LC1, item no. 61556 |
| SFP Transceiver Module | 1000Base-SX SFP transceiver module LANCOM SFP-SX2-LC1, item no. 60183 |
| SFP Transceiver Module | 1000Base-LX SFP transceiver module LANCOM SFP-LX-LC1, item no. 61557 |
| SFP BiDi Transceiver Module | 1000Base-LX SFP BiDi transceiver module LANCOM SFP-BiDi1550-SC1, item no. 60201 |
| SFP Transceiver Module | 10GBase-SX SFP transceiver module LANCOM SFP-SX-LC10, item no. 61485 |
| SFP Transceiver Module | 10GBase-LX SFP transceiver module LANCOM SFP-LX-LC10, item no. 61497 |
| SFP Transceiver Module | 10GBase-LX SFP transceiver module LANCOM SFP-LR40-LC10, item no. 60182 |
| SFP BiDi Transceiver Module | 10GBase-LX SFP BiDi transceiver module LANCOM SFP-BiDi1310-LC10, item no. 60202 |
| Copper SFP Transceiver Module | Copper SFP transceiver module LANCOM SFP-CO1, item no. 61494 |
| 10G Multi Gigabit Ethernet Copper Module | 10G multi gigabit Ethernet copper module LANCOM SFP-CO10-MG, Art.-Nr.: 60170, max. 1 module usable due to increased power consumption and associated heat |
| 10G Direct Attach Cable | 10G Direct Attach Cable 1m LANCOM SFP-DAC10-1m, Art.-Nr.: 61495 |
| 10G Direct Attach Cable | 10G Direct Attach Cable 3m LANCOM SFP-DAC10-3m, Art.-Nr.: 60175 |
| Power Cord | LANCOM Power Cord (UK) IEC power cord, UK plug, item no. 61650 |
| Power Cord | LANCOM Power Cord (CH) IEC power cord, CH plug, item no. 61652 |
| Power Cord | LANCOM Power Cord (US) IEC power cord, US plug, item no. 61651 |
| Power Cord | LANCOM Power Cord (AU) IEC power cord, AU plug, item no. 61653 |
| Note | Support for third-party accessories (SFP and DAC) is excluded and cannot be granted. |
Item Number
| LANCOM IGS-3128XF | 61671 |
Product Image
Image of the LANCOM IGS-3128XF switch: A black, rectangular, rack-mountable network switch with multiple SFP ports, RJ45 ports, and status indicator LEDs visible on the front panel. The device is labeled with the LANCOM logo and model name.
Company Information
LANCOM Systems GmbH
A Rohde & Schwarz Company
Adenauerstr. 20/B2
52146 Wuerselen | Germany
info@lancom.de | www.lancom-systems.com
LANCOM, LANCOM Systems, LCOS, LANcommunity, LANCOM Service LANcare, LANCOM Active Radio Control, and AirLancer are registered trademarks. All other names or descriptions used may be trademarks or registered trademarks of their owners. This document contains statements relating to future products and their attributes. LANCOM Systems reserves the right to change these without notice. No liability for technical errors and/or omissions. 08/25
