DS422 series is designed for industrial environments requiring high security and high-quality Ethernet/Fiber communication, such as industrial automation, road traffic control, etc. DS422 provides 22-port full-gigabit Ethernet ports including 16-port Gigabit RJ45 and 6-port 100M/1G SFP with non-blocking wire-speed switching, The switch is designed with advanced cybersecurity, network redundancy, and Layer 2+ management software features. Full Gigabit capability and rugged industrial design deliver high performance and reliability in harsh environments.
Related Downloads Inquiry cart

High performance CPU & Full Gigabit Switching

Powerful 1.2GHz ARM Cotex-A9 processor

Non-blocking switch fabric design

22-port Full Gigabit Ethernet ports, including 16

    Gigabit RJ45 and 6 100/1000M SFP.

8 flexible Class of Service(CoS) queues

16K MAC address table

9Kb Jumbo Frame

DDM function for fiber connectivity monitoring

Up to 8Gbps Link Aggregation

Energy-Efficient Ethernet for power saving

L2+ Management Switch Features

Various configuration paths, including WebGUI, CLI,

    SNMP, Modbus TCP, LLDP topology control

Layer 2 Switch features include VLAN, QoS,

    LACP/Trunk, Rapid Spanning Tree protocol…etc.

IGMP Snooping v1/v2/v3, IGMP Query, 512 L2 Multicast Groups for video applications

Built-in DHCP Server that automatically provides and assigns IP addresses, default gateways to clients

WoMaster ERPSv2 PLUS Ring Technology

・ITU G.8032 v1/v2 ERPS Ring Redundancy & HW-based CFM for quick acknowledgment while GbE copper link failure, providing sub 50ms recovery time and seamless restoration.

・ ERPSv2 available to replace legacy Ring + Chain + Dual Homing

・Inter-Operability with 3rd party industrial switch and still remain fast recovery time.

・Support Enhanced RSTP for large ring network topology with up to 80 switches.

IEC62443-4-2 Level 3 / 4 Cyber Security

L2-L7 IPv4/IPv6* Access Control List (ACL)

DHCP Snooping, IP Source Guard, Dynamic ARP Inspection

802.1Q VLAN, Private VLAN, Advanced Port Security*

Multi-Level user passwords

HTTPS/SSH/SFTP, 256-bit encryption

802.1X MAB for non-802.1X compliant end devices

RADIUS/TACACS+ centralized password authentication

Industrial IoT LAN Management

Support Software Utilities:

    -NetMaster, Network Management System

    -ViewMaster, Group Discovery & Configuration Utility

Support Modbus TCP for monitoring in field

Support Ethernet IP for monitoring in field


Rugged Design for Wayside Network Switching with Wide Power Input Range 

10~60V wide power range design with redundant

    power input

Excellent heat dissipation design for operating in

    -40~75oC environments

High level EMC protection exceeding traffic control

    and heavy industrial standards’ requirements

IEC 61000-6-2/4 Heavy Industrial Environment

 ITU-T G.8032 ERPSv2 gives ultimate Inter-Operability, Flexibility, and Scalability

G.8032 v.2 ERPS is becoming the most common standard for redundancy on industrial networks and replacing proprietary ring redundancy and standard Ethernet Ring Switching, as it provides stable protection of the entire Ethernet Ring from any loops and open standard for 3rd party devices. The ITU-T G.8032 v2 ERPS recovers the network break within less than 50ms recovery time thus significantly increases network reliability for critical IIoT applications, such as heavy industrial automation (power substation and oil and gas vertical markets), ITS (traffic control, public transportation), railway networks, and other smart city applications concerning public safety.


G.8032 v1 only supports single ring topology, whilst G.8032 version 2 additionally features recovery switching for Ethernet traffic in Multiple Ring (ladder) of conjoined Ethernet Rings by one or more interconnections which saves deployment costs by providing wide-area multipoint connectivity with a reduced number of links. Deploying switches with support of G.8032 v2 ERPS ensures highly resilient Ethernet infrastructure whilst simultaneously saving costs, as they can interoperate with third-party switches and still guarantee fast network recovery time without any data loss.


√ ITU-T G.8032 ERPSv2 reduces coupling Ring failure recovery time

The G.8032 ERPS v2 technology effectively saves the recovery time for coupling ring link breakdown from 300 sec to less than 50ms by immediately change the topology of both major ring and subring.  


√ WoMaster ERPS v2 PLUS Technology – Fast Giga Copper Recovery Time

The adaption of Broadcom® CFM Technology can reduce CFM Transmission for link failure within 3.3ms, thus to detect the ring link fault within 11.55ms (3.5 times the CFM Interval) for ERPSv2 mechanism to respond. Once the ring port fails, the ERPS RPL-Owner will forward the backup port and recover the GbE copper within 50ms under the condition that 250pcs nodes in one ring

√ Advanced Port Based Security- IEEE802.1 x MAB (MAC Authentication Bypass)​

MAB enables port-based access control by bypassing the MAC address authentication process to TACACS+/Radius Server. Prior to MAB, the endpoint's (ex. PLC) identity is unknown and all traffic is blocked. The switch examines a single packet to learn and authenticate the source MAC address. After MAB succeeds, the endpoint's identity is known and all traffic from that endpoint is allowed. The switch performs source MAC address filtering to help ensure that only the MAB-authenticated endpoint is allowed to send traffic.

In addition to MAB, the authentication can also be done by the pre-configured static or auto-learn MAC address table in the switch.
  • MAC address Auto Learning enables the switch to be programmed to learn (and to authorize) a preconfigured number of the first source MAC addresses encountered on a secure port. This enables the capture of the appropriate secure addresses when first configuring MAC address-based authorization on a port. Those MAC addresses are automatically inserted into the Static MAC Address Table and remained there until explicitly removed by the user.
  • The port security is further enhanced by the Sticky MAC setting. If Sticky MAC address is activated, the MACs/Devices authorized on the port 'sticks’ to the port and the switch will not allow them to move to a different port.
  • Port Shutdown Time allows users to specify for the time period to auto shutdown the port if a security violation event occurs.

 DHCP Snooping

DHCP snooping acts like a firewall between untrusted hosts and trusted DHCP servers. It performs the following activities:

  • Validates DHCP messages received from untrusted sources and filters out invalid messages.
  • Rate-limits DHCP traffic from trusted and untrusted sources.
  • Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses.
  • Utilizes the DHCP snooping binding database to validate subsequent requests from untrusted hosts.

DHCP snooping is enabled on a per-VLAN basis. By default, the feature is inactive on all VLANs. You can enable the feature on a single VLAN or a range of VLANs.


 Dynamic ARP Inspection (DAI)

DAI validates the ARP packets in a network. DAI intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from some man-in-the-middle attacks.

DAI ensures that only valid ARP requests and responses are relayed. The switch performs these activities:
  • Intercepts all ARP requests and responses on untrusted ports
  • Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before updating the local ARP cache or before forwarding the packet to the appropriate destination
  • Drops invalid ARP packets.
DAI determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database, the DHCP snooping binding database. This database is built by DHCP snooping if DHCP snooping is enabled on the VLANs and on the switch. If the ARP packet is received on a trusted interface, the switch forwards the packet without any checks. On untrusted interfaces, the switch forwards the packet only if it is valid.

​√ IP Source Guard

IP source guard provides source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legitimate host by assuming the legitimate host's IP address. The feature uses dynamic DHCP snooping and static IP source binding to match IP addresses to hosts on untrusted Layer 2 access ports.

Initially, all IP traffic on the protected port is blocked except for DHCP packets. After a client receives an IP address from the DHCP server, or after static IP source binding is configured by the administrator, all traffic with that IP source address is permitted from that client.

Traffic from other hosts is denied. This filtering limits a host's ability to attack the network by claiming a neighbor host's IP address.


 IPv4/v6 Access Control List (ACL)

Packet filtering limits network traffic and restricts network use by certain users or devices. ACLs filter traffic as it passes through a switch and permits or denies packets crossing specified interfaces. An ACL is a sequential collection of permit and deny conditions that apply to packets. When a packet is received on an interface, the switch compares the fields in the packet against any applied ACLs to verify that the packet has the required permissions to be forwarded, based on the criteria specified in the access lists.

WoMaster supports L2-L7 ACLs, parsing up to 128 bytes/packet and L2-L7 packet classification and filtering IPv4/IPv6 traffic, including TCP, User Datagram Protocol (UDP), Internet Group Management Protocol (IGMP), and Internet Control Message Protocol (ICMP).


√ Multi-Level User Passwords

The different centralized authentication server is supported such as RADIUS and TACACS+. Using a central authentication server simplifies account administration, in particular when you have more than one switches in the network.

Authentication Chain is also supported. An authentication chain is an ordered list of authentication methods to handle more advanced authentication scenarios. For example, you can create an authentication chain which first contacts a RADIUS server, and then looks in a local database if the RADIUS server does not respond.


√ NMS NetMaster Made Easy Deploy and Visualize Large Scale of ERPS Ring and VLAN

It is very time consuming and technical to set up a large group of ERPS v2 ring.  However, NetMaster NMS provides a smart way to configure a group of ERPS ring and visualize ERPS major/subring in purple/yellow color. With VLAN visualization, devices, ports, and links with the VLAN ID will be colored-coded.





Standard IEEE 802.3 10Base-T Ethernet
IEEE 802.3u 100Base-TX Fast Ethernet
IEEE 802.3u 100Base-FX Fast Ethernet Fiber
IEEE 802.3ab 1000Base-T Gigabit Ethernet Copper
IEEE 802.3z Gigabit Ethernet Fiber
IEEE 802.3x Flow Control and back-pressure
IEEE 802.3az (Energy Efficient Ethernet)
IEEE 802.1p Class of Service (CoS)
IEEE 802.1AB Link Layer Discovery Protocol (LLDP)
IEEE 802.1D-2004 Rapid Spanning Tree Protocol (RSTP)
IEEE 802.1S Multiple Spanning Tree Protocol (MSTP)
IEEE 801.1AX/802.3ad Link Aggregation Control Protocol (LACP)
IEEE 802.1x Port based Network Access Protocol
IEEE 1588 Precision Time Protocol v2
ITU-T G.8032 version 2 Ethernet ring protection switching(ERPSv2)
Switch Technology Store and Forward Technology with Non-Blocking Switch Fabric
Internal Packet Buffer: 4Mb
Forwarding rate: 14.88Mpps/10-port (1,488,000pps/Gigabit port)
CPU/RAM Cotex-A9, max. 1.2GHz, DDR3 2Gb
Number of MAC Address 16K
Jumbo Frame 9216 Bytes
VLAN 256 VLANs, VLAN ID 1~4094
IGMP Groups 512
Traffic Prioritize 8 Priority Queues per Port
Ethernet Port 16 x 100/1000Base-T RJ45 Auto Negotiation, Auto MDI/MDIX
6 x 100/1000M SFP
System LED 2 x Power: Green On
1 x DO/Alarm: Red On
Ethernet Port LED Link (Green On), Activity (Green Blinking), Speed 1000M(Amber On), Speed 100M (Off)
SFP LED Port: Link (Green On), Activity (Green Blinking); 1000M: Speed 1000M (Amber On), Speed 100M (Off)
Reset System Reboot(2-6 Seconds)/Default Settings Reset(over 7 Seconds)
Console 1 x RS232 in RJ45 for System Configuration. Baud Rate: 115200.n.8.1,
Pin Define: 3: TxD, 6:RxD, 5:GND
*Also available to support Pin Define: 3: RxD, 4:TxD, 6:GND (Configured by Internal Jumper)
Digital Input, Digital Output 4-Pin Removable Terminal Block Connector, 2-Pins for DI, 2-Pins for DO (Relay Alarm)
1x Digital Output: Dry Relay Output with 0.5A /24V DC
1x Digital Input: High: DC 11V~30V, Low: DC 0V~10V
Power Input 4-Pin Removable Terminal Block Connector for Redundant Power
Power Requirement  
Input Voltage DS422: 24VDC (10~60VDC)
*DS422-AC: 220VAC (90~264VAC)
*DS422-HVDC: 110VDC(43~160VDC)
Reverse Polarity Protect Yes
Input Current 0.67A @ 24V
Power Consumption Typical 16W@24V (16GT+6G SFP Activated, TBD)
Max. 18W@60VDC full traffic, suggest to reserve 15% tolerance (TBD)
Management WebGUI, Command Line Interface (CLI), IPv4/IPv6(RFC2460), Telnet, SNMP v1/v2c/v3, RMON, SNMP Trap, LLDP, DHCP Server/Client/Option 82, TFTP, System Log, SMTP
Traffic Management Flow Control, Rate Control, Storm Control, CoS, QoS, RFC 2474 DiffServ
Filter IGMP Snooping v1/v2/v3, IGMP Snooping Fast-Leave/Immediate-Leave, IGMP Query, GMRP, IEEE802.1Q VLAN, QinQ, GVRP, Private VLAN, IGMP Query Solicitation/Request*, MLDv1/v2 Snooping*, IEEE 802.1v*
Security IEEE 802.1X/RADIUS, TLS v1.2, Access Control List (ACL, MAC/IP/ARP filter), HTTPs/SSH secure login, First login password management
Advanced Security Advanced Security: TACACS+, Mutli-user authentication, IEEE802.1x MAB, DHCP Snooping/IPSG, Dynamic ARP inspection, DoS/DDoS*, Adv. Port security*, SFTP
Redundancy WoMaster ERPSv2 PLUS, HW CFM, Rapid Spanning Tree Protocol includes STP/RSTP/MSTP, eRSTP, Loop Protection, Port Trunk/801.1AX/802.3ad LACP
eRSTP (Enhanced Rapid Spanning Tree), up to 80 switches in one Ring
Time Management NTP, IEEE 1588 Precision Time Protocol v2
Industrial IoT Modbus TCP, Ethernet/IP
Utility ViewMaster, NetMaster
MIB ERPS MIB, MIB-II, Ethernet-like MIB*, P-BRIDGE MIB, Q-BRIDGE MIB, Bridge MIB, RMON MIB Group 1, 2, 3, 9*, Private MIB
Diagnostic LLDP, Port Mirror, Ping, Port Statistic, Event Log
Installation DIN Rail
Enclosure Material Steel Metal
Additional Aluminum Side Heat Sink
Dimension 78x155x125 (W x H x D) / without DIN Rail Clip
Ingress Protection IP31
Weight ~1285g without package (TBD)
Operating Temperature -40°C~75°C
Humidity 0%~95% Non- Condensing
Storage Temperature -40°C~85°C
MTBF >200,000 hours
Warranty 5 years
CE Heavy Industrial EN61000-6-2/EN61000-6-4 compliance
FCC CISPR 22, FCC part 15B Class A Compliance
Model Name Description
DS422 Industrial 22-port Full Gigabit L2+ Managed Ethernet Switch, 16GT+6GSFP, 24VDC Input
DS422-AC (By Request) Industrial 22-port Full Gigabit L2+ Managed Ethernet Switch, 16GT+6GSFP, 220VAC input
DS422-HVDC (By Request) Industrial 22-port Full Gigabit L2+ Managed Ethernet Switch, 16GT+6GSFP, 110VDC Input
  Package List
1 x Product Unit (Without SFP Transceiver)
2 x 4-pin Removable Terminal Block Connector
1 x Attached Din Clip
1 x Quick Installation Guide
The AC/HVDC model is customized version and request MoQ. Please contact Out Sales for detail.
Optional Accessories
MK-D1-2 Wall-mounting kit with 2 plates and 8 screws
CBL-RJ45F9-1.5M Serial RS232 console cable RJ45 to DB9 Female 1.5Meter
PSD40-24 40W/24VDC DIN-rail power supply
SFPGEM05 SFP, 1000Mbps, LC, multi, 550M, 0~70°C
SFPGEM05T SFP, 1000Mbps, LC, multi, 550M, -40~85°C
SFPGEM05D SFP, 1000Mbps, LC, multi, DDM, 550M, 0~70°C
SFPGEM05DT SFP, 1000Mbps, LC, multi, DDM, 550M, -40~85°C
SFPGEM2 SFP, 1000Mbps, LC, multi, 2KM, 0~70°C
SFPGEM2T SFP, 1000Mbps, LC, multi, 2KM, -40~85°C
SFPGEM2D SFP, 1000Mbps, LC, multi, DDM, 2KM, 0~70°C
SFPGEM2DT SFP, 1000Mbps, LC, multi, DDM, 2KM, -40~85°C
SFPGES10 SFP, 1000Mbps, LC, single, 10KM, 0~70°C
SFPGES10T SFP, 1000Mbps, LC, single, 10KM, -40~85°C
SFPGES10D SFP, 1000Mbps, LC, single, DDM, 10KM, 0~70°C
SFPGES30 SFP, 1000Mbps, LC, single, 30KM, 0~70°C
SFPGES30T SFP, 1000Mbps, LC, single, 30KM, -40~85°C
SFPGES30D SFP, 1000Mbps, LC, single, DDM, 30KM, 0~70°C
SFPGES10-A SFP, 1000Mbps, LC, single, 10KM, BiDi TX-1310nm RX-1550nm, 0~70°C
SFPGES10-B SFP, 1000Mbps, LC, single, 10KM, BiDi TX-1550nm RX-1310nm, 0~70°C
SFPGES10T-A SFP, 1000Mbps, LC, single, 10KM, BiDi TX-1310nm RX-1550nm, -40~85°C
SFPGES10T-B SFP, 1000Mbps, LC, single, 10KM, BiDi TX-1550nm RX-1310nm, -40~85°C
SFPGES10D-A SFP, 1000Mbps, LC, single, DDM, 10KM, BiDi TX-1310nm RX-1550nm, 0~70°C
SFPGES10D-B SFP, 1000Mbps, LC, single, DDM, 10KM, BiDi TX-1550nm RX-1310nm, 0~70°C