The 12 Port Gigabit L3 Managed Switch DP612 supports various routing protocols such as IP/VLAN routing, RIP, OSPF, VRRP router redundancy to be fully compatible with your backbone network. It is designed with advanced cybersecurity features such as Port-Based Security- IEEE802.1 x MAB (MAC Authentication Bypass), Access Control List (ACL, MAC/IP/ARP filter), DHCP Snooping, IP Source Guard, Dynamic ARP Inspection as well as advanced redundancy features such as WoMaster ERPSv2 Plus and eRSTP. The PoE design for DP612 delivers up to 240w power budget over the 8 Giga PoE+ port.
Related Downloads Inquiry cart
Full Gigabit Switching and Ultra-high Throughput
  • 12-port Full Gigabit Ethernet with 8 GbE RJ-45 and 4100M/1G SFP
  • DDM function for high-quality fiber connectivity monitoring
  • 16K MAC address table
  • 1.5MByte packet buffer memory for H.264 burst
  • 9K bytes jumbo frame
  • Store-and-forward with non-blocking switch fabric
  • 8 flexible Class of Service(CoS) queues, 512 L2 Multicast Groups for video applications   

WoMaster ERPSv2 PLUS Ring Technology
  • Apply Broadcom® CFM Technology for overcoming GbE copper physical limitation and providing minimum 50ms recovery time, seamless restoration time
  • Inter-Operability with 3rd party ITU-T G.8032 v1/v2 ERPS switch and still remain fast recovery time
  • Replace legacy Ring + Chain + Dual Homing

Enhanced RSTP(eRSTP)
  • Enhance the RSTP fault recovery time performance
  • Enhance RSTP performance for large ring network topologies with up to 80 switches

Extreme PoE Capability
  • 8-port IEEE 802.3af/at compliant PoE, up to 30W/port
  • Up to 240W power budget 
  • Complete PoE management including per-port Power Budget Control, PoE Scheduling and PoE Status

Dynamic Routing with Redundancy Protection
  • RIPv1&v2, OSPFv1&v2 for intra-domain routing within an autonomous system
  • Efficient unicast/multicast static routing
  • VRRP guarantees sustainable routing in a single point of failure

Compliant with IEC62443-4-2 Level 3 / 4 Cyber Security 
  • L2-L7 IPv4/IPv6* Access Control List (ACL)
  • DHCP Snooping, IP Source Guard, Dynamic ARP Inspection
  • 802.1Q VLAN, Private VLAN, Advanced Port Security
  • Multi-Level user passwords
  • HTTPS/SSH/SFTP, 256-bit encryption
  • 802.1X MAB for non-802.1X compliant end devices
  • RADIUS/TACACS+ centralized password authentication

Industrial IoT LAN & Cloud Management
  • Various configuration paths, including CGI WebGUI, CLI, SNMP and RMON
  • Support WoMaster Software Utilities:
        -NetMaster Network Management System
        -ViewMaster for Configuraiton Management
        -ThingMaster*, ThingMaster OTA* for device management over Cloud
  • Support MQTT* protocol, ready to use AWS/Azure and Private Cloud Agent for cloud management
  • LLDP for topology control, auto-topology drawing
  • USB for easy field configuration and firmware update

ITU-T G.8032 ERPSv2 gives ultimate Inter-Operability, Flexibility, and Scalability

G.8032 v.2 ERPS is becoming the most common standard for redundancy on industrial networks and replacing proprietary ring redundancy and standard Ethernet Ring Switching, as it provides stable protection of the entire Ethernet Ring from any loops and open standard for 3rd party devices. The ITU-T G.8032 v2 ERPS recovers the network break within less than 50ms recovery time thus significantly increases network reliability for critical IIoT applications, such as heavy industrial automation (power substation and oil and gas vertical markets), ITS (traffic control, public transportation), railway networks, and other smart city applications concerning public safety.


G.8032 v1 only supports single ring topology, whilst G.8032 version 2 additionally features recovery switching for Ethernet traffic in Multiple Ring (ladder) of conjoined Ethernet Rings by one or more interconnections which saves deployment costs by providing wide-area multipoint connectivity with a reduced number of links. Deploying switches with support of G.8032 v2 ERPS ensures highly resilient Ethernet infrastructure whilst simultaneously saving costs, as they can interoperate with third-party switches and still guarantee fast network recovery time without any data loss.


√ ITU-T G.8032 ERPSv2 reduces coupling Ring failure recovery time

The G.8032 ERPS v2 technology effectively saves the recovery time for coupling ring link breakdown from 300 sec to less than 50ms by immediately change the topology of both major ring and subring.  


√ WoMaster ERPS v2 PLUS Technology – Fast Giga Copper Recovery Time

The adaption of Broadcom® CFM Technology can reduce CFM Transmission for link failure within 3.3ms, thus to detect the ring link fault within 11.55ms (3.5 times the CFM Interval) for ERPSv2 mechanism to respond. Once the ring port fails, the ERPS RPL-Owner will forward the backup port and recover the GbE copper within 50ms under the condition that 250pcs nodes in one ring

√ Advanced Port Based Security- IEEE802.1 x MAB (MAC Authentication Bypass)​

MAB enables port-based access control by bypassing the MAC address authentication process to TACACS+/Radius Server. Prior to MAB, the endpoint's (ex. PLC) identity is unknown and all traffic is blocked. The switch examines a single packet to learn and authenticate the source MAC address. After MAB succeeds, the endpoint's identity is known and all traffic from that endpoint is allowed. The switch performs source MAC address filtering to help ensure that only the MAB-authenticated endpoint is allowed to send traffic.

In addition to MAB, the authentication can also be done by the pre-configured static or auto-learn MAC address table in the switch.
  • MAC address Auto Learning enables the switch to be programmed to learn (and to authorize) a preconfigured number of the first source MAC addresses encountered on a secure port. This enables the capture of the appropriate secure addresses when first configuring MAC address-based authorization on a port. Those MAC addresses are automatically inserted into the Static MAC Address Table and remained there until explicitly removed by the user.
  • The port security is further enhanced by the Sticky MAC setting. If Sticky MAC address is activated, the MACs/Devices authorized on the port 'sticks’ to the port and the switch will not allow them to move to a different port.
  • Port Shutdown Time allows users to specify for the time period to auto shutdown the port if a security violation event occurs.

 DHCP Snooping

DHCP snooping acts like a firewall between untrusted hosts and trusted DHCP servers. It performs the following activities:

  • Validates DHCP messages received from untrusted sources and filters out invalid messages.
  • Rate-limits DHCP traffic from trusted and untrusted sources.
  • Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses.
  • Utilizes the DHCP snooping binding database to validate subsequent requests from untrusted hosts.

DHCP snooping is enabled on a per-VLAN basis. By default, the feature is inactive on all VLANs. You can enable the feature on a single VLAN or a range of VLANs.

 Dynamic ARP Inspection (DAI)

DAI validates the ARP packets in a network. DAI intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from some man-in-the-middle attacks.

DAI ensures that only valid ARP requests and responses are relayed. The switch performs these activities:
  • Intercepts all ARP requests and responses on untrusted ports
  • Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before updating the local ARP cache or before forwarding the packet to the appropriate destination
  • Drops invalid ARP packets.
DAI determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database, the DHCP snooping binding database. This database is built by DHCP snooping if DHCP snooping is enabled on the VLANs and on the switch. If the ARP packet is received on a trusted interface, the switch forwards the packet without any checks. On untrusted interfaces, the switch forwards the packet only if it is valid.

​√ IP Source Guard

IP source guard provides source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legitimate host by assuming the legitimate host's IP address. The feature uses dynamic DHCP snooping and static IP source binding to match IP addresses to hosts on untrusted Layer 2 access ports.

Initially, all IP traffic on the protected port is blocked except for DHCP packets. After a client receives an IP address from the DHCP server, or after static IP source binding is configured by the administrator, all traffic with that IP source address is permitted from that client.

Traffic from other hosts is denied. This filtering limits a host's ability to attack the network by claiming a neighbor host's IP address.


 IPv4/v6 Access Control List (ACL)

Packet filtering limits network traffic and restricts network use by certain users or devices. ACLs filter traffic as it passes through a switch and permits or denies packets crossing specified interfaces. An ACL is a sequential collection of permit and deny conditions that apply to packets. When a packet is received on an interface, the switch compares the fields in the packet against any applied ACLs to verify that the packet has the required permissions to be forwarded, based on the criteria specified in the access lists.

WoMaster supports L2-L7 ACLs, parsing up to 128 bytes/packet and L2-L7 packet classification and filtering IPv4/IPv6 traffic, including TCP, User Datagram Protocol (UDP), Internet Group Management Protocol (IGMP), and Internet Control Message Protocol (ICMP).


√ Multi-Level User Passwords

The different centralized authentication server is supported such as RADIUS and TACACS+. Using a central authentication server simplifies account administration, in particular when you have more than one switches in the network.

Authentication Chain is also supported. An authentication chain is an ordered list of authentication methods to handle more advanced authentication scenarios. For example, you can create an authentication chain which first contacts a RADIUS server, and then looks in a local database if the RADIUS server does not respond.


√ NMS NetMaster Made Easy Deploy and Visualize Large Scale of ERPS Ring and VLAN

It is very time consuming and technical to set up a large group of ERPS v2 ring.  However, NetMaster NMS provides a smart way to configure a group of ERPS ring and visualize ERPS major/subring in purple/yellow color. With VLAN visualization, devices, ports, and links with the VLAN ID will be colored-coded.





√ Broadcom®  L3 Routing at wire speed Performance

The Layer 3 switch with Broadcom® ASIC (A Dedicated Chip) can perform routing at wire-speed, which is much faster and efficient than software routing by CPU loading.  Compared with a that simply makes routing functions, the Layer 3 switch can handle larger networks with a lot of broadcasts, subnets and/or VLANs that require higher performance.


The layer 3 switch also handles complicated routing network topologies involving Inter VLAN routing, Dynamic routing, OSPF v1/2, RIP v1/2, Static routing with broadcast traffic control.

√ Virtual Router Redundancy Protocol (VRRP)

VRRP is a redundancy protocol for connecting redundant WAN gateway routers or layer 3 switches which allows a backup router or layer 3 switch to automatically takes over if the primary (master) router or switch fails. VRRP works by grouping the redundant gateways together into a single virtual router. That virtual router entity has an IP address of its own. Instead of sending traffic to an individual router, the nodes send traffic to the virtual router address (for example, by using the virtual router address as their gateway address). The master router processes traffic that is addressed to the virtual router address and forwards it appropriately. The master router also sends out regular advertisements to the backup router. If the master router goes down, the backup router stops receiving these advertisements. In that case, the backup router takes over as the master router and starts processing traffic. When the original master router comes back up, it takes over as the master router again.


√ Open Shortest Path First (OSPF) 

WoMaster Layer 3 Managed Switch designs with the OSPF Version 2 specification. OSPF calculates the shortest route to a destination through the network-based algorithm. When compared with RIP (Routing Information Protocol) which is a distance vector-based routing protocol, OSPF can provide scalable network support and faster convergence time for network routing state by calculating the cost of the route, taking into account bandwidth, delay and load. As a result, OSPF is widely used in large networks such as ISP (Internet Service Provider) backbone and enterprise networks for calculating routes through large and complex local area networks.

√ Effective PoE Management (DP612)


The Web GUI shows detailed PoE status and the operating status of each PoE Port, including PoE mode, Operation status, and PD class, Power Consumption, Voltage,
 and Current.

The PoE switch can effectively maintain the PD’s status by sending requests to the powered device. If the PoE device does not echo the request, then the PoE port will be shut down to reboot the device. The scheduling can also be configured for better organizing the PoE power forwarding.


Standard IEEE 802.3 10Base-T Ethernet
IEEE 802.3u 100Base-TX Fast Ethernet 
IEEE 802.3u 100Base-FX Fast Ethernet Fiber
IEEE 802.3ab 1000Base-T Gigabit Ethernet copper
IEEE 802.3z Gigabit Ethernet Fiber
IEEE 802.3x Flow Control and back-pressure 
IEEE 802.1AB Link Layer Discovery Protocol(LLDP)  
IEEE 802.1p Class of Service (CoS) 
ITU-T G.8032  version 2 Ethernet ring protection switching(ERPSv2)
IEEE 802.1D-2004 Rapid Spanning Tree Protocol(RSTP) 
IEEE 802.1Q-2005 Multiple Spanning Tree Protocol(MSTP)
IEEE 802.3ad Link Aggregation Control Protocol(LACP)
IEEE 802.1xPort based Network Access Protocol
IEEE 1588 Precision Time Protocol v2

IEEE 802.3af/at Power-over-Ethernet 

Switch Technology

Store and Forward Technology with 24Gbps Non-Blocking Switch Fabric

Internal Packet Buffer: 1.5MBytes

Forwarding rate: 41.67Mpps (1,488,000pps/port)

Number of MAC Address 16K
Jumbo Frame 9216 Bytes
VLAN 256 VLANs, VLAN ID 1~4094
IGMP Groups 512
L3 IP Route

64 Hardware entries

L3 IP Multicast

64 Hardware entries

Traffic Prioritize 8 Priority Queues per Port
Ethernet Port 8 x 10/100/1000BaseT RJ45, Auto Negotiation
4 x 100/1000Base SFP, DDM
System LED 2 x Power: Green On
1 x System Status: Ready:Green On, Fireware Updating:Green Blinking
1 x DO: Red On
1 x DI: Green On

1 x Ring: Off: Ring disabled, Green On: Ring normal (Not RPL Owner),Green Blinking: Ring normal (RPL Owner), Amber On: Ring abnormal, Amber Blinking:Ring port fail
Giga Ethernet Port LED Link (Green On), Activity (Green Blinking), Speed 1000M(Amber On), Speed 100M(Off)
Giga SFP LED Link (Green On), Activity (Green Blinking), Speed 1000M(Amber On), Speed 100M(Off)

8x PoE: PoE ON (Amber On)

Rsest System Reboot(2-6 Seconds)/Default Settings Reset (over 7 Seconds)
Console 1 x RJ45 based RS232 for System Configuration. Baud Rate: 115200.n.8.1
USB 1 x USB for Configuration/Firmware Update
Power Input, Digital Intput, Digital Output 8-Pin Removable Terminal Block Connector
   4 Pin for Redundant Power 
   4 Pin for DI,DO( Relay Alarm)
1 x Digital Output: Dry Relay Output with 0.5A /24V DC
1 x Digital Input: DI with Photo-Coupler Isolation
   High: DC 11V~30V
   Low: DC 0V~10V
Watchdog Hardware-based 10 seconds timer
 Power Requirement
Input Voltage 48VDC (46~57VDC),  50~57VDC for IEEE802.3at
Reverse Polarity Protect Yes
Input Current 4.67A@54V
Power Consumption Max 18.9W@54VDC full traffic without PD loading, suggest to reserve 15% tolerance
Power forwarding mode Alternative A
PoE Power Budget PoE: Max. 240W@75°C
Per Port: Max. 30W
PoE Mode

IEEE 802.3af/at


System/Port Power Budget Control, PoE Scheduling, PD Alive Check, PoE Status

Management   CGI WebGUI, Command Line Interface (CLI), IPv4/IPv6(RFC2460), Telnet, SNMP v1/v2c/v3, SNMP Trap/Informs*, RMON, DHCP server/client/Option 82, TFTP, System Log, SMTP
Traffic Management Flow Control, Rate Control, CoS, QoS, RFC 2474 DiffServ

IGMP Snooping v1/v2/v3, IGMP Snooping Fast-Leave/Immediate-Leave, IGMP Query, GMRP, IEEE802.1Q VLAN, QinQ, GVRP, Private VLAN


IEEE 802.1X/RADIUS, TLS v1.2, Access Control List (ACL, MAC/IP/ARP filter), HTTPs/SSH secure login, First login password management

Advanced Security TACACS+, Mutli-user authentication, IEEE802.1x MAB, DHCP Snooping, IP Source Guard, Dynamic ARP inspection, DoS/DDoS*, Adv. Port security*, SFTP
L2/L3 Redundancy
WoMaster ERPSv2 PLUS, STP/RSTP/MSTP, eRSTP, Loop Protection, Port Trunk/801.1AX/802.3ad LACP, Virtual Router Redundancy Protocol (VRRP)
Time Management
NTP, IEEE 1588 Precision Time Protocol v2
L3 Routing
Static/Dynamic IP Routing, VLAN Routing, RIP v1/v2, OSPF v1/v2, Static Multicast Route
IIoT Industrial Protocol Modbus TCP, EtherNet/IP*, MQTT*, RESTful API*
Private Cloud ThingsMaster*, ThingMaster OTA*
Public Cloud AWS Agent*, Azure Agent*
Utility ViewMaster, NetMaster
MIB ERPS MIB, MIB-II, Ethernet-like MIB*, P-BRIDGE MIB, Q-BRIDGE MIB, Bridge MIB, RMON MIB Group 1, 2, 3, 9*, WoMaster Private MIB
Diagnostic LLDP, Port Mirror, Ping, Port Statistic, Event Log
Installation DIN Rail
Enclosure Material Steel Metal with Aluminum
Dimension 85.5(W) x 150(H) x 126.5(D) mm / without DIN Rail Clip
Ingress Protection IP30
Weight 1.38KG
Operating Temperature & Humidity -40°C~85°C , 0%~95% Non-Condensing
Storage Temperature -40°C~85°C
Hi-Pot Insulation AC1.5KV
MTBF >500,000 hours
Warranty 5 years
Safety IEC60950-1 Compliance
EMC EN61000-6-2/EN61000-6-4
EMI CISPR 22, FCC part 15B Class A
EMS EN61000-4-2 ESD, EN61000-4-3 RS, EN61000-4-4 EFT, EN61000-4-5 Surge, 
​EN61000-4-6 CS, EN61000-4-8 Magnetic Field
Railway EN50121-4

Ordering Information
 Model Name
DP612 Industrial 8G PoE +4GF Layer 3 Cyber Security PoE Switch
Package List
1 x Product Unit (Without SFP transceiver)
1 x 8-pin Removable Terminal Connector 
1 x Attached Din Clip
1 x Quick Installation Guide
Optional Accessory
MK-D1-2 Wall-mounting kit with 2 plates and 8 screws
Serial RS232 console cable RJ45 to DB9 Female 1.5 Meter
SFPGEM05 SFP, 1000Mbps, LC, multi, 550M, 0~70°C
SFPGEM05T SFP, 1000Mbps, LC, multi, 550M, -40~85°C
SFPGEM05D SFP, 1000Mbps, LC, multi, DDM, 550M, 0~70°C
SFPGEM05DT SFP, 1000Mbps, LC, multi, DDM, 550M, -40~85°C
SFPGEM2 SFP, 1000Mbps, LC, multi, 2KM, 0~70°C
SFPGEM2T SFP, 1000Mbps, LC, multi, 2KM, -40~85°C
SFPGEM2D SFP, 1000Mbps, LC, multi, DDM, 2KM, 0~70°C
SFPGEM2DT SFP, 1000Mbps, LC, multi, DDM, 2KM, -40~85°C
SFPGES10 SFP, 1000Mbps, LC, single, 10KM, 0~70°C
SFPGES10T SFP, 1000Mbps, LC, single, 10KM, -40~85°C
SFPGES10D SFP, 1000Mbps, LC, single, DDM, 10KM, 0~70°C
SFPGES30 SFP, 1000Mbps, LC, single, 30KM, 0~70°C
SFPGES30T SFP, 1000Mbps, LC, single, 30KM, -40~85°C
SFPGES30D SFP, 1000Mbps, LC, single, DDM, 30KM, 0~70°C
SFPXGM03D SFP+, 10Gbps, LC, multi, DDM, 300KM, 0~70°C
SFPXGS10D SFP+, 10Gbps, LC, single, DDM, 10KM, 0~70°C
SFPGES10-A SFP, 1000Mbps, LC, single, 10KM, BiDi TX-1310nm RX-1550nm, 0~70°C
SFPGES10-B SFP, 1000Mbps, LC, single, 10KM, BiDi TX-1550m RX-1310nm, 0~70°C
SFPGES10T-A SFP, 1000Mbps, LC, single, 10KM, BiDi TX-1310nm RX-1550nm, -40~85°C
SFPGES10T-B SFP, 1000Mbps, LC, single, 10KM, BiDi TX-1550m RX-1310nm, -40~85°C
SFPGES10D-A SFP, 1000Mbps, LC, single, DDM, 10KM, BiDi TX-1310nm RX-1550nm, 0~70°C
SFPGES10D-B SFP, 1000Mbps, LC, single, DDM, 10KM, BiDi TX-1550m RX-1310nm, 0~70°C
  • As Power Utilities locations are remotely distributed, DCS is usually implemented in a power plant automation system for increasing working productivity as well as for smart energy production with eliminated influence on the environment.

  • The vital role of data communication between various automation components is evident though it brings the problem of data protection from cyber-attacks and network redundancy as it is based on Ethernet and Internet.

  • DP612 features IP31 rugged enclosure, dual redundant 10~60VDC power input, Hi-pot isolation, and operating temperature -40~75°C to ensure overcoming, the high level of electromagnetic interference on power plants.

  • 8 Gigabit Ethernet copper ports can be connected with IP surveillance cameras while 4 Gigabit SFP Combo ports are used for uplink data transmission to Control Center.

  • VRRP function provides gateway backup, keeping network available.