FS.com (Fiberstore) Managed Switches
FS.com (Fiberstore) switches provide enterprise-grade switching with comprehensive Layer 2/3 features at competitive pricing. The rXg integrates with FS switches via SSH for configuration synchronization, 802.1X/MAB authentication, and VLAN management.
Supported Models
| Model/Series | Notes |
|---|---|
| S3900 Series | Stackable Managed switches (24-48 ports) |
| S5800 Series | High-performance L2+ switches |
| S5850 Series | 10GbE Data Center switches |
| S5860 Series | Multi-rate switches with 25/100G uplinks |
| S8050 Series | Campus Core switches |
Features Supported
| Feature | Supported | Description |
|---|---|---|
| Config Sync | Yes | Automatic configuration synchronization from rXg |
| Auto Bootstrap | Yes | Zero-touch onboarding capability |
| SNMP Monitoring | Yes | CPU, memory, and port statistics collection |
| LLDP Neighbor Discovery | Yes | Automatic detection of connected devices |
| Switch Port Import | Yes | Automatic import and management of switch ports |
| 802.1X Authentication | Yes | Port-based network access control (EAP) |
| MAC Authentication Bypass | Yes | MAC-based authentication for non-802.1X devices |
| Dynamic VLAN Assignment | Yes | RADIUS-assigned VLAN based on authentication |
| DHCP Snooping | No | Not managed by rXg |
| Firmware Management | No | Manual firmware upgrades required |
| SPB-m Fabric | No | Not supported |
Prerequisites
Firmware Requirements
| Version | Support Status | Notes |
|---|---|---|
| FSOS 7.x+ | Supported | SSH with legacy algorithms required |
Network Requirements
- Management IP connectivity to rXg
- SSH access (TCP port 22)
- SNMP access (UDP port 161)
- RADIUS connectivity (UDP ports 1812, 1813) for 802.1X/MAB
Onboarding Process
Auto Bootstrap
FS switches support automatic bootstrap configuration from rXg. The bootstrap process configures:
- Terminal length settings
- SSH server with version 2
- LLDP
- SNMP community
- User credentials
- Management VLAN and IP
- Default route
- NTP/SNTP server
Bootstrap Configuration
enable
config
! Disable terminal paging
terminal length 0
! Enable SSH (regenerate key for compatibility)
no ip sshd enable
ip sshd enable
ip sshd version 2
! Enable LLDP
lldp run
! SNMP configuration
snmp-server community public ro
! User account
username <username> password 0 <password>
! Management VLAN and IP
interface vlan <mgmt_vlan>
ip address <ip> <subnet>
exit
! Default route
ip route 0.0.0.0 0.0.0.0 <gateway>
! NTP configuration
sntp server priority 1 <rxg_ip>
! Save configuration
write
Manual Onboarding
For manual configuration before adding to rXg:
- Configure management IP address
- Enable SSH server with version 2
- Create user account with enable privileges
- Configure SNMP community
- Add device to rXg Infrastructure Devices
Configuration
Connection Settings
The rXg connects via SSH using RubyExpect for CLI automation. FS switches require specific legacy SSH algorithms and an extended timeout due to slow key exchange.
SSH algorithms enabled:
- Key Exchange: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1
- Ciphers: aes128-cbc, 3des-cbc, aes192-cbc, aes256-cbc
- MACs: hmac-sha1 (required - connection fails without this)
- Host Key: ssh-rsa
Connection timeout: 35 seconds (extended for slow SSH key exchange)
CLI prompts recognized:
- Password prompt: password:
- Enabled prompt: #
- Disabled prompt: >
- Configure prompt: (config)#
- Interface prompt: (config-if)#
Initial connection handling:
- After login, issues enable command with enable password
- Paging is disabled with terminal length 0 command
Port Naming Convention
FS switches use a specific interface naming format:
| Type | Format | Example |
|---|---|---|
| Gigabit Ethernet | GigaEthernet |
GigaEthernet0/1, GigaEthernet0/48 |
| 10G Ethernet | TenGigaEthernet |
TenGigaEthernet0/1 |
Note: The interface name uses "GigaEthernet" (not "GigabitEthernet" as in Cisco IOS).
VLAN Configuration
Creating VLANs
vlan <vlan_id>
exit
Access Port Configuration
interface <port>
switchport mode access
switchport pvid <vlan_id>
exit
Trunk Port Configuration
interface <port>
switchport mode trunk
switchport trunk vlan-allowed <vlan_list>
switchport pvid <native_vlan>
exit
VLAN list commands:
- Set allowed VLANs: switchport trunk vlan-allowed <range>
- Add VLANs: switchport trunk vlan-allowed add <range>
- Remove VLANs: switchport trunk vlan-allowed remove <range>
VLAN list format:
- Single VLAN: 100
- Range: 100-200
- Multiple: 100,200,300
802.1X / MAB Configuration
Global 802.1X Configuration
802.1X must be enabled globally before per-port configuration takes effect:
dot1x enable
dot1x re-authentication
dot1x mabformat 2
aaa authentication dot1x DOT1X-AUTH group radius
Note: dot1x mabformat 2 sets the MAC address format for MAB authentication.
RADIUS Server Configuration
RADIUS host and key are configured as separate commands:
radius-server host <rxg_ip> auth-port 1812 acct-port 1813
radius-server key <shared_secret>
Per-Port 802.1X (EAP)
interface <port>
dot1x authentication type eap
dot1x authentication method DOT1X-AUTH
dot1x port-control auto
exit
Per-Port MAB
interface <port>
dot1x mab
dot1x authentication method DOT1X-AUTH
dot1x port-control auto
exit
Combined 802.1X and MAB
interface <port>
dot1x authentication type eap
dot1x mab
dot1x authentication method DOT1X-AUTH
dot1x port-control auto
exit
Removing Authentication
interface <port>
no dot1x mab
no dot1x authentication type
no dot1x authentication method
no dot1x port-control
exit
SNMP Configuration
snmp-server community <community> ro
Or with read-only explicitly:
snmp-server community <community> read-only
Port Enable/Disable
interface <port>
no shutdown
exit
interface <port>
shutdown
exit
Port Descriptions
interface <port>
description <description>
exit
Configuration Save
write
Monitoring Capabilities
| Metric | Collection Method | Notes |
|---|---|---|
| CPU Usage | SNMP | System health monitoring |
| Memory Usage | SNMP | System health monitoring |
| Port Statistics | SNMP | Packets in/out, errors |
| Port Status | SNMP / CLI | Up/down, speed, duplex |
| LLDP Neighbors | CLI | Connected device discovery |
Data Gathered
The config sync process collects:
- Interface list and status (from show interface brief)
- VLAN configurations
- Port VLAN memberships (trunk/access modes)
- 802.1X/MAB port configurations
- RADIUS server configuration
- Device information (serial, model, firmware version)
Troubleshooting
Common Issues
SSH Connection Failures
Symptom: Unable to establish SSH connection or "unsupported message type" errors
Resolution:
- FS switches require the hmac-sha1 MAC algorithm - without it, connections fail with "unsupported message type(249)"
- Verify SSH is enabled: show ip sshd
- Check SSH version 2 is enabled: ip sshd version 2
- Verify IP connectivity to switch management address
- Verify user credentials are correct
- Note: SSH key exchange can be slow; allow up to 35 seconds for connection
- Check for IP lockout after failed login attempts (60 second timeout)
SSH connection test from command line:
bash
ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 \
-o Ciphers=+aes128-cbc \
-o MACs=hmac-sha1 \
-o HostKeyAlgorithms=+ssh-rsa \
user@switch_ip
802.1X Authentication Failures
Symptom: Clients failing to authenticate
Resolution:
- Verify dot1x is enabled globally: show running-config | include dot1x
- Global dot1x enable is required before per-port settings take effect
- Verify RADIUS server is configured: show running-config | include radius
- Check RADIUS key matches rXg configuration
- Verify authentication method is configured on port
- Review rXg RADIUS logs for authentication attempts
VLAN Configuration Not Applied
Symptom: Traffic not passing on expected VLANs
Resolution:
- Verify VLAN exists: show vlan
- Check port mode: show running-config interface <port>
- For trunk ports, verify switchport trunk vlan-allowed includes the VLAN
- For access ports, verify switchport pvid is set correctly
- Use show vlan id <vlan_id> to see port memberships
Configuration Not Saving
Symptom: Changes lost after reboot
Resolution:
- Configuration must be saved with write command
- Verify save completed successfully
Diagnostic Commands
System information:
show version
show running-config
show interface brief
Interface status:
show interface brief
show interface <port>
show running-config interface <port>
VLAN information:
show vlan
show vlan id <vlan_id>
show vlan name
show vlan members port <port>
802.1X status:
show running-config | include dot1x
show dot1x
RADIUS configuration:
show running-config | include radius
IP configuration:
show interface vlan <vlan_id>
show ip route 0.0.0.0
Known Limitations
- VLAN 1: Cannot be deleted; used as default VLAN
- SSH Algorithm Requirements: Requires legacy SSH algorithms including
hmac-sha1MAC - SSH Key Exchange: Key exchange can be slow (up to 35 seconds)
- Interface Naming: Uses "GigaEthernet" not "GigabitEthernet"
- Firmware Upgrades: Manual firmware upgrades required; not managed by rXg
Operational Caveats
- Terminal Length: Issue
terminal length 0to disable output paging for automation - Configuration Save: Changes must be saved with
writecommand to persist across reboots - SSH Regeneration: When regenerating SSH keys, disable and re-enable:
no ip sshd enablethenip sshd enable - Global dot1x: The
dot1x enableglobal command is required before per-port 802.1X/MAB settings take effect - MAB Format: Use
dot1x mabformat 2for proper MAC address formatting in RADIUS requests - PVID Command: Use
switchport pvid(notswitchport access vlan) for native/access VLAN assignment - Slow SSH: Allow extended timeout (35+ seconds) for SSH connections due to slow key exchange on some models
- SNTP vs NTP: Use
sntp serverfor time synchronization (notntp server)
