fs.com Ethernet switches

Thu Apr 14 14:24:31 UTC 2022

Same experience here. So far so good and their TAC is efficient. 

I had to disable MCLAG settings due to a strange behavior with multicast. Something that appeared unpleasing- at least to me - is the fact that the separate MPLS license doesn't support PIM when activated.

Regards 
Paschal Masha | Engineering 
Skype ID: paschal.masha

----- Original Message -----
From: "Chris Adams" <cma at cmadams.net>
To: "nanog" <nanog at nanog.org>
Sent: Thursday, April 14, 2022 4:55:27 PM
Subject: Re: fs.com Ethernet switches

Once upon a time, Richard Angeletti <reno at psc.edu> said: 
> Wondering if anyone on the list has any experiences with fs.com Ethernet 
> switches that they are willing to share (good or bad)? 
> 
> We're looking for some cost effective L2 only 10Gb-T switches and their 
> S58XX switches have come up as a potential option. 

I set up a couple of S5850s for a sever cluster recently, with MC-LAG 
and a bit of L3 for a management network. They worked fine. 

The only issue I had was getting ACLs applied to limit device and 
management net access; they had a couple of extra steps needed. The 
typical IOS-ish "ip access-group" command is accepted on an interface, 
but it doesn't actually work that way - you have to do a policy-map that 
references a class-map that references an access-list, and then apply 
the policy-map to the interface. 

Also, putting an ACL on "line vty" only applied after authentication (so 
you could SSH and authenticate, only to then be denied access, which 
makes it susceptible to password scanners). Instead you configure an 
ACL on the SSH service itself. 

-- 
Chris Adams <cma at cmadams.net> 