DRS610

DRS610 series is designed for industrial environments requiring a high level of security design, LAN to WAN routing and high-speed Ethernet/Fiber communications, such as industrial automation, road traffic control, etc. DRS610 provides 10-port full-gigabit Ethernet including 2-port Gigabit RJ45 WAN ports, 6-port Gigabit RJ45 LAN ports, and 2-port 100M/1G SFP LAN. The DRS610 Din-Rail layer 3 Router Switch supports dual WAN ports, NAT, Firewall, OpenVPN, IPSec, Routing, and L2 managed switch features such as VRRP routing and ERPS v2 network redundancy. The industrial design features a wide operating temperature from -40~70oC and high EMC protection. The platform supports cellular LTE and 5G extension by request.
Related Downloads Inquiry cart

All-in-one Router Switch with NAT/Firewall/VPN, Routing, L2+ Switching

・Highly integrated Secure NAT/Firewall/VPN Router and L3/L2 Managed Switch features
・10-port Full Gigabit Ethernet ports, including 2 x Gigabit RJ45 WAN, 6 x Gigabit RJ45 LAN and 2 x100/1000M SFP LAN
・Dual WAN ports available for Network Address Translation (LAN) Routing
・ >100Mbps LAN to WAN NAT Routing Performance
・Firewall for traffic classification, port forwarding, DMZ and deep packet inspection for Modbus TCP/UDP*
・ Support OpenVPN, IPsec, DMVPN* for secure remote access ・Support VRRP for router redundancy
・Built-in DHCP Server that automatically provides and assigns IP addresses, default gateways to clients

High-performance CPU & Full Gigabit Switching

・ Powerful 1.2GHz ARM Cortex-A9 processor

・Non-blocking switch fabric design

・8 flexible Class of Service(CoS) queues

・16K MAC address table

・ 9Kb Jumbo Frame

・Fiber ports support both 100M and 1000M SFP

・DDM function for fiber connectivity monitoring

・Energy-Efficient Ethernet for power saving
 

WoMaster ERPSv2 PLUS Ring Technology

・ITU G.8032 v1/v2 ERPS Ring Redundancy & HW-based CFM for quick acknowledgment while GbE copper link failure, providing 20ms recovery time and seamless restoration.

・ ERPSv2 available to replace legacy Ring + Chain + Dual Homing

・Inter-Operability with 3rd party industrial switch and still remain fast recovery time.

・Support Enhanced RSTP for large ring network topology with up to 80 switches.


IEC62443-4-2 Level 3 / 4 Cyber Security

802.1X/RADIUS port-based access control

・IP Security/Port Security

・HTTPs/SSH Management IP secure access

・Supports advanced cybersecurity features, 802.1X MAB, TACAS+, DHCP Snooping, IP Source Guard, Dynamic ARP Inspection, advanced Port Security & L2-L7 Access Control List
 

L2+ Management Switch Features

・Various configuration paths, including WebGUI, CLI,

    SNMP, Modbus TCP, LLDP topology control

・Layer 2 Switch features include VLAN, QoS,

    LACP/Trunk, Rapid Spanning Tree protocol…etc.

・IGMP Snooping v1/v2/v3, IGMP Query, 512 L2 Multicast Groups for video applications 
 

Industrial IoT LAN & Cloud Management

・Support WoMaster Software Utilities:

    -NetMaster Network Management System

    -ViewMaster for Configuration Management

    -ThingMaster, ThingMaster OTA for device management

     over Cloud

・Support MQTTS protocol, ready to use AWS/Azure and Private

    Cloud Agent for cloud management
 

Rugged Design for Wayside Network Switching with Wide Power Input Range 

10~60V wide power range design with redundant

    power input

・Excellent heat dissipation design for operating in

    -40~75oC environments

・High level EMC protection exceeding traffic control

    and heavy industrial standards’ requirements

・IEC 61000-6-2/4 Heavy Industrial Environment

・EN50121-4 railway trackside EMC compliance

 ITU-T G.8032 ERPSv2 gives ultimate Inter-Operability, Flexibility, and Scalability




G.8032 v.2 ERPS is becoming the most common standard for redundancy on industrial networks and replacing proprietary ring redundancy and standard Ethernet Ring Switching, as it provides stable protection of the entire Ethernet Ring from any loops and open standard for 3rd party devices. The ITU-T G.8032 v2 ERPS recovers the network break within less than 20ms recovery time thus significantly increases network reliability for critical IIoT applications, such as heavy industrial automation (power substation and oil and gas vertical markets), ITS (traffic control, public transportation), railway networks, and other smart city applications concerning public safety.

 








G.8032 v1 only supports single ring topology, whilst G.8032 version 2 additionally features recovery switching for Ethernet traffic in Multiple Ring (ladder) of conjoined Ethernet Rings by one or more interconnections which saves deployment costs by providing wide-area multipoint connectivity with a reduced number of links. Deploying switches with support of G.8032 v2 ERPS ensures highly resilient Ethernet infrastructure whilst simultaneously saving costs, as they can interoperate with third-party switches and still guarantee fast network recovery time without any data loss.



 

√ ITU-T G.8032 ERPSv2 reduces coupling Ring failure recovery time

The G.8032 ERPS v2 technology effectively saves the recovery time for coupling ring link breakdown from 300 sec to less than 20ms by immediately change the topology of both major ring and subring.  
       

 

√ WoMaster ERPS v2 PLUS Technology – Fast Giga Copper Recovery Time

The adaption of Broadcom® CFM Technology can reduce CFM Transmission for link failure within 3.3ms, thus to detect the ring link fault within 11.55ms (3.5 times the CFM Interval) for ERPSv2 mechanism to respond. Once the ring port fails, the ERPS RPL-Owner will forward the backup port and recover the GbE copper within 20ms under the condition that 250pcs nodes in one ring
​.
          

√ Advanced Port Based Security- IEEE802.1 x MAB (MAC Authentication Bypass)​

MAB enables port-based access control by bypassing the MAC address authentication process to TACACS+/Radius Server. Prior to MAB, the endpoint's (ex. PLC) identity is unknown and all traffic is blocked. The switch examines a single packet to learn and authenticate the source MAC address. After MAB succeeds, the endpoint's identity is known and all traffic from that endpoint is allowed. The switch performs source MAC address filtering to help ensure that only the MAB-authenticated endpoint is allowed to send traffic.

        
In addition to MAB, the authentication can also be done by the pre-configured static or auto-learn MAC address table in the switch.
  • MAC address Auto Learning enables the switch to be programmed to learn (and to authorize) a preconfigured number of the first source MAC addresses encountered on a secure port. This enables the capture of the appropriate secure addresses when first configuring MAC address-based authorization on a port. Those MAC addresses are automatically inserted into the Static MAC Address Table and remained there until explicitly removed by the user.
  • The port security is further enhanced by the Sticky MAC setting. If Sticky MAC address is activated, the MACs/Devices authorized on the port 'sticks’ to the port and the switch will not allow them to move to a different port.
  • Port Shutdown Time allows users to specify for the time period to auto shutdown the port if a security violation event occurs.
           

 DHCP Snooping

DHCP snooping acts like a firewall between untrusted hosts and trusted DHCP servers. It performs the following activities:

  • Validates DHCP messages received from untrusted sources and filters out invalid messages.
  • Rate-limits DHCP traffic from trusted and untrusted sources.
  • Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses.
  • Utilizes the DHCP snooping binding database to validate subsequent requests from untrusted hosts.

DHCP snooping is enabled on a per-VLAN basis. By default, the feature is inactive on all VLANs. You can enable the feature on a single VLAN or a range of VLANs.
cccccccccc


 

 Dynamic ARP Inspection (DAI)



DAI validates the ARP packets in a network. DAI intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from some man-in-the-middle attacks.

DAI ensures that only valid ARP requests and responses are relayed. The switch performs these activities:
  • Intercepts all ARP requests and responses on untrusted ports
  • Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before updating the local ARP cache or before forwarding the packet to the appropriate destination
  • Drops invalid ARP packets.
DAI determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database, the DHCP snooping binding database. This database is built by DHCP snooping if DHCP snooping is enabled on the VLANs and on the switch. If the ARP packet is received on a trusted interface, the switch forwards the packet without any checks. On untrusted interfaces, the switch forwards the packet only if it is valid.





​√ IP Source Guard


IP source guard provides source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legitimate host by assuming the legitimate host's IP address. The feature uses dynamic DHCP snooping and static IP source binding to match IP addresses to hosts on untrusted Layer 2 access ports.

Initially, all IP traffic on the protected port is blocked except for DHCP packets. After a client receives an IP address from the DHCP server, or after static IP source binding is configured by the administrator, all traffic with that IP source address is permitted from that client.

Traffic from other hosts is denied. This filtering limits a host's ability to attack the network by claiming a neighbor host's IP address.

 


​√
 IPv4/v6 Access Control List (ACL)

Packet filtering limits network traffic and restricts network use by certain users or devices. ACLs filter traffic as it passes through a switch and permits or denies packets crossing specified interfaces. An ACL is a sequential collection of permit and deny conditions that apply to packets. When a packet is received on an interface, the switch compares the fields in the packet against any applied ACLs to verify that the packet has the required permissions to be forwarded, based on the criteria specified in the access lists.

WoMaster supports L2-L7 ACLs, parsing up to 128 bytes/packet and L2-L7 packet classification and filtering IPv4/IPv6 traffic, including TCP, User Datagram Protocol (UDP), Internet Group Management Protocol (IGMP), and Internet Control Message Protocol (ICMP).



 

√ Multi-Level User Passwords

The different centralized authentication server is supported such as RADIUS and TACACS+. Using a central authentication server simplifies account administration, in particular when you have more than one switches in the network.

Authentication Chain is also supported. An authentication chain is an ordered list of authentication methods to handle more advanced authentication scenarios. For example, you can create an authentication chain which first contacts a RADIUS server, and then looks in a local database if the RADIUS server does not respond.


 

√ NMS NetMaster Made Easy Deploy and Visualize Large Scale of ERPS Ring and VLAN

It is very time consuming and technical to set up a large group of ERPS v2 ring.  However, NetMaster NMS provides a smart way to configure a group of ERPS ring and visualize ERPS major/subring in purple/yellow color. With VLAN visualization, devices, ports, and links with the VLAN ID will be colored-coded.

             

             

            





 

√ Broadcom®  L3 Routing at wire speed Performance
 

The Layer 3 switch with Broadcom® ASIC (A Dedicated Chip) can perform routing at wire-speed, which is much faster and efficient than software routing by CPU loading.  Compared with a that simply makes routing functions, the Layer 3 switch can handle larger networks with a lot of broadcasts, subnets and/or VLANs that require higher performance.

 

The layer 3 switch also handles complicated routing network topologies involving Inter VLAN routing, Dynamic routing, OSPF v1/2, RIP v1/2, Static routing with broadcast traffic control.


√ Virtual Router Redundancy Protocol (VRRP)

VRRP is a redundancy protocol for connecting redundant WAN gateway routers or layer 3 switches which allows a backup router or layer 3 switch to automatically takes over if the primary (master) router or switch fails. VRRP works by grouping the redundant gateways together into a single virtual router. That virtual router entity has an IP address of its own. Instead of sending traffic to an individual router, the nodes send traffic to the virtual router address (for example, by using the virtual router address as their gateway address). The master router processes traffic that is addressed to the virtual router address and forwards it appropriately. The master router also sends out regular advertisements to the backup router. If the master router goes down, the backup router stops receiving these advertisements. In that case, the backup router takes over as the master router and starts processing traffic. When the original master router comes back up, it takes over as the master router again.

 


√ Open Shortest Path First (OSPF) 

WoMaster Layer 3 Managed Switch designs with the OSPF Version 2 specification. OSPF calculates the shortest route to a destination through the network-based algorithm. When compared with RIP (Routing Information Protocol) which is a distance vector-based routing protocol, OSPF can provide scalable network support and faster convergence time for network routing state by calculating the cost of the route, taking into account bandwidth, delay and load. As a result, OSPF is widely used in large networks such as ISP (Internet Service Provider) backbone and enterprise networks for calculating routes through large and complex local area networks.
 

√ MQTTS

 MQTT relies on the TCP transport protocol. By default, TCP connections do not use an encrypted communication. To encrypt the whole MQTT communication, ThingsMaster and other MQTT brokers allow use of TLS instead of plain TCP. In the mission-critical industrial application, encryption is mandatory and highly suggested for industrial communication.

The MQTTS is standardized at IANA as “secure-mqtt”. All WoMaster Routers and Switches support the latest TLSv1.2 encryption and X.509 authentication.

 
Technology  
Standard IEEE 802.3 10Base-T Ethernet
IEEE 802.3u 100Base-TX Fast Ethernet
IEEE 802.3u 100Base-FX Fast Ethernet Fiber
IEEE 802.3ab 1000Base-T Gigabit Ethernet Copper
IEEE 802.3z Gigabit Ethernet Fiber
IEEE 802.3x Flow Control and back-pressure
IEEE 802.3az (Energy Efficient Ethernet)
IEEE 802.1p Class of Service (CoS)
IEEE 802.1Q VLAN and GVRP
IEEE 802.1AB Link Layer Discovery Protocol (LLDP)
IEEE 802.1D-2004 Rapid Spanning Tree Protocol (RSTP)
IEEE 802.1S Multiple Spanning Tree Protocol (MSTP)
IEEE 801.1AX/802.3ad Link Aggregation Control Protocol (LACP)
IEEE 802.1x Port-based Network Access Protocol
IEEE 1588 Precision Time Protocol v2
ITU-T G.8032 version 2 Ethernet ring protection switching(ERPSv2)
Performance  
Switch Technology Store and Forward Technology with Non-Blocking Switch Fabric
Internal Packet Buffer: 4Mb
Forwarding rate: 14.88Mpps/10-port (1,488,000pps/Gigabit port)
CPU/RAM Cortex-A9, max. 1.2GHz, DDR3 2Gb
Number of MAC Address 16K
Jumbo Frame 9216 Bytes
VLAN 256 VLANs, VLAN ID 1~4094
IGMP Groups 512
Traffic Prioritize 8 Priority Queues per Port
Routing Table 4K
Interface  
Ethernet Port 8 x 100/1000Base-T RJ45 Auto-Negotiation, Auto MDI/MDIX, 2 x 100/1000M SFP
System LED 2 x Power: Green On, 1 x DO/Alarm: Red On
1x SYS, 1x DI, 1x Ring Status (Reserved by ODM Request)
(SYS: Ready: Green On, Firmware Updating: Green Blinking, DI : Green On, Ring: Ring Status: Node Normal: Green On, Owner Normal: Green Blinking, Owner/Node Abnormal: Amber On, Ring Port Fail: Amber Blinking)
Ethernet Port LED Link (Green On), Activity (Green Blinking), Speed 1000M(Amber On), Speed 100M (Off)
SFP LED Port: Link (Green On), Activity (Green Blinking); 1000M: Speed 1000M (Amber On), Speed 100M (Off)
Reset System Reboot(2-6 Seconds)/Default Settings Reset(over 7 Seconds)
Console 1 x RS232 in RJ45 for System Configuration. Baud Rate: 115200.n.8.1,
Pin Define: 3: TxD, 6:RxD, 5:GND (Configured by Internal Jumper)
Digital Input, Digital Output 4-Pin Removable Terminal Block Connector, 2-Pins for DI, 2-Pins for DO (Relay Alarm)
1x Digital Output: Dry Relay Output with 0.5A /24V DC
1x Digital Input: High: DC 11V~30V, Low: DC 0V~10V
Power Input 4-Pin Removable Terminal Block Connector for Redundant Power
Power Requirement  
Input Voltage 24VDC (10~60VDC)
Reverse Polarity Protect Yes
Input Current 0.45A @ 24V
Power Consumption Max. 10.8W@24VDC full traffic, suggest reserving 15% tolerance
Software  
Management WebGUI, Command Line Interface (CLI), IPv4/IPv6(RFC2460), Telnet, SNMP v1/v2c/v3, RMON, SNMP Trap, LLDP, DHCP Server/Client/Option 82, TFTP, System Log, SMTP
Traffic Management Flow Control, Rate Control, Storm Control, CoS, QoS, RFC 2474 DiffServ
Filter IGMP Snooping v1/v2/v3, IGMP Snooping Fast-Leave/Immediate-Leave, IGMP Query, GMRP, IEEE802.1Q VLAN, QinQ, GVRP, Private VLAN, IGMP Query Solicitation/Request*, MLDv1/v2 Snooping*, IEEE 802.1v*
Security IEEE 802.1X/RADIUS, TLS v1.2, Access Control List (ACL, MAC/IP/ARP filter), HTTPs/SSH secure login, First login password management
Advanced Security Advanced Security: TACACS+, Mutli-user authentication, IEEE802.1x MAB, DHCP Snooping/IPSG, Dynamic ARP inspection, DoS/DDoS*, Adv. Port security*, SFTP
Redundancy WoMaster ERPSv2 Plus, ITU-T G.8032 v1/v2 Ethernet Ring Protection Switching (ERPSv2), HW CFM, Loop Protection, Rapid Spanning Tree Protocol/Spanning Tree Protocol (RSTP/STP), Multiple Spanning Tree Protocol (MSTP)
eRSTP (Enhanced Rapid Spanning Tree), up to 80 switches in one Ring
Time Management NTP, IEEE 1588 Precision Time Protocol v2
Layer 3 / Router OS
(DRS614/610)
Dual WAN interfaces
Routing: RIPv2, OSPFv2, Static Multicast Route*, VRRPv2
NAT: 1-1 NAT, NAPT(SNAT/DNAT), Port forwarding, R-NAT*, TTDP*
Firewall: Stateful Inspection firewall, DMZ, Deep packet inspection for Modbus TCP/UDP*
VPN: IPSec, OpenVPN, DMVPN*, PPTP*, L2TP*, GRE*. Encryption includes DES/3DES/AES128/AES256
Industrial IoT Modbus TCP, MQTTS*, RESTful API*, EtherNet/IP*
Cloud Management AWS Agent, Azure Agent, ThingsMaster, ThingMaster OTA
Utility ViewMaster, NetMaster
MIB ERPS MIB, MIB-II, Ethernet-like MIB*, P-BRIDGE MIB, Q-BRIDGE MIB, Bridge MIB, RMON MIB Group 1, 2, 3, 9*, WoMaster Private MIB
Diagnostic LLDP, Port Mirror, Ping, Port Statistic, Event Log
Mechanical  
Installation DIN-Rail
Enclosure Material Steel Metal with Aluminum Side Heat Sink
Dimension 65x155x125 (W x H x D) / without DIN Rail Clip
Ingress Protection IP31
Weight ~985g without package
Environmental  
Operating Temperature -40°C~75°C
Humidity 0%~95% Non- Condensing
Storage Temperature -40°C~85°C
MTBF >200,000 hours
Warranty 5 years
Standard  
EMI CISPR 22, FCC part 15B Class A
EMC EN61000-6-2/EN61000-6-4, EN50121-4 Compliance for Railway Roadside
Model Name Description
DRS610 Industrial 10-port Full Gigabit Secure Router Switch with NAT/Firewall/VPN/L3switching, 2GT WAN+6GT LAN+2GSFP LAN
WR610GR-LTE* Industrial 10-port Full Gigabit Secure Cellular Router Switch with NAT/Firewall/VPN/L3switching, 2GT WAN+6GT LAN+2GSFP LAN, LTE
  Package List
1 x Product Unit (Without SFP Transceiver)
2 x 4-pin Removable Terminal Block Connector
1 x Attached Din Clip
1 x Quick Installation Guide
   

Optional Accessories
MK-D1-2 Wall-mounting kit with 2 plates and 8 screws
CBL-RJ45F9-1.5M Serial RS232 console cable RJ45 to DB9 Female 1.5Meter
PSD40-24 40W/24VDC DIN-rail power supply
SFPGEM05 SFP, 1000Mbps, LC, multi, 550M, 0~70°C
SFPGEM05T SFP, 1000Mbps, LC, multi, 550M, -40~85°C
SFPGEM05D SFP, 1000Mbps, LC, multi, DDM, 550M, 0~70°C
SFPGEM05DT SFP, 1000Mbps, LC, multi, DDM, 550M, -40~85°C
SFPGEM2 SFP, 1000Mbps, LC, multi, 2KM, 0~70°C
SFPGEM2T SFP, 1000Mbps, LC, multi, 2KM, -40~85°C
SFPGEM2D SFP, 1000Mbps, LC, multi, DDM, 2KM, 0~70°C
SFPGEM2DT SFP, 1000Mbps, LC, multi, DDM, 2KM, -40~85°C
SFPGES10 SFP, 1000Mbps, LC, single, 10KM, 0~70°C
SFPGES10T SFP, 1000Mbps, LC, single, 10KM, -40~85°C
SFPGES10D SFP, 1000Mbps, LC, single, DDM, 10KM, 0~70°C
SFPGES30 SFP, 1000Mbps, LC, single, 30KM, 0~70°C
SFPGES30T SFP, 1000Mbps, LC, single, 30KM, -40~85°C
SFPGES30D SFP, 1000Mbps, LC, single, DDM, 30KM, 0~70°C
SFPGES10-A SFP, 1000Mbps, LC, single, 10KM, BiDi TX-1310nm RX-1550nm, 0~70°C
SFPGES10-B SFP, 1000Mbps, LC, single, 10KM, BiDi TX-1550nm RX-1310nm, 0~70°C
SFPGES10T-A SFP, 1000Mbps, LC, single, 10KM, BiDi TX-1310nm RX-1550nm, -40~85°C
SFPGES10T-B SFP, 1000Mbps, LC, single, 10KM, BiDi TX-1550nm RX-1310nm, -40~85°C
SFPGES10D-A SFP, 1000Mbps, LC, single, DDM, 10KM, BiDi TX-1310nm RX-1550nm, 0~70°C
SFPGES10D-B SFP, 1000Mbps, LC, single, DDM, 10KM, BiDi TX-1550nm RX-1310nm, 0~70°C