S5860 Series Swithes SNMP MIB Files

22-02-2026 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

S5860 Series Switches Software Upgrade Guide

06-02-2026 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

S5860 Series Switches Data sheet

06-02-2026 - Product overview FS S5860 Series Switches are high-performance and strong-security 10G L3 enterprise switch with 760Gbps/2.56T switching capacity. FS S5860-20SQ, S5860-24XB-U, S5860-48XMG-U, S5860-48MG-U, S5860-24MG-U, S5860-24XMG and S5860-48XMG are based on Broadcom® BCM56170, and S5860-48SC is based on Broadcom® BCM56873. The S5860-20SQ 24-port 10Gb Ethernet layer 3 switch features 20x 1G/10G downlinks, 4x 10G/25G SFP28 and 2x 40G QSFP+ (can be split into 4x 10G SFP+) uplinks that all support virtual stacking. This managed enterprise switch adopts cutting-edge Broadcom chips to deliver 760 Gbps switching capacity and 565 Mpps forwarding rate. It is packed with redundant hot-swappable power supplies, dual hot-swappable smart fans and hardware-level dual-flash chip for superior processing performance and network reliability. FS agile S5860-20SQ managed switch is ideal for large-scale campus network aggregations, small and medium-sized network cores to meet the needs of high-speed, safe, intelligent enterprise networks. S5860-24XB-U is FS-developed next-generation L3 multi-gigabit hybrid optical/electrical switch. This switch features 24x 100M/1000M/2.5G/5G/10GBase-T and 4x 1/10G SFP+ with 4x 10G/25G SFP28 uplinks. With wired and wireless convergence, it also complies with PoE++ standard, all ports support PoE++power supply. This managed enterprise switch support virtual stacking, adopts cutting-edge Broadcom chips to deliver 760 Gbps switching capacity and 565 Mpps forwarding rate. It is packed with redundant hot-swappable power supplies, hot-swappable smart fans for superior processing performance and network reliability. It is ideal for campus network access/aggregation, 10 GE data center server access, and high-speed wireless device access. The S5860-48SC 48-port 1G/10G Ethernet layer 3 switch features 48x 1G/10G downlinks, 8x 40G/100G QSFP28 uplinks that all support virtual stacking. This managed enterprise switch adopts cutting-edge Broadcom chip and ARM A9 Quad-Core CPU to deliver 2.56T switching capacity and 1,904 Mpps forwarding rate. It is packed with redundant hot-swappable power supplies, 3+1 hot-swappable smart fans and hardware-level dual-flash chip for superior processing performance and network reliability. The S5860-48SC managed switch is ideal for large-scale campus network aggregations, small and medium-sized network cores to meet the needs of high-speed, safe, intelligent enterprise networks. Also, this cost-effective campus network switch comes with an industry-leading 5-year limited lifetime warranty and 30-day return policy. The S5860-24MG-U is FS-developed next-generation multi-GE switch. This switch features 24x 100M/1000M/2.5G/5GBase-T with 4x 10G/25G SFP28 uplinks, catering for demands of high-density access and high-performance aggregation. With wired and wireless convergence, it also complies with PoE++ standard, all ports support PoE++power supply. It delivers robust performance, sound end-to-end service quality, and rich security functions for the aggregation layer of large-scale networks, the core layer of small- and medium-scale networks, and campus data centers. This satisfies requirements on high speed, security, and intelligence for enterprise campus networks. The S5860-48MG-U is FS-developed next-generation multi-GE switch. This switch features 48x 100M/1000M/2.5G/5GBase-T, 4x 25Gb SFP28, with 2x 40Gb QSFP+ Uplinks, catering for demands of high-density access and high-performance aggregation. With wired and wireless convergence, it also complies with PoE++ standard, ports 1 to 48 support PoE/PoE+, ports 1 to 24 support PoE++power supply. It delivers robust performance, sound end-to-end service quality, and rich security functions for the aggregation layer of large-scale networks, the core layer of small- and medium-scale networks, and campus data centers. This satisfies requirements on high speed, security, and intelligence for enterprise campus networks. S5860-48XMG-U is FS-developed next-generation multi-GE switch. This switch features 48x 100M/1000M/2.5G/5G/10GBase-T, 4x 25Gb SFP28, with 2x 40Gb QSFP+ Uplinks, catering for demands of high-density access and high-performance aggregation. With wired and wireless convergence, it also complies with PoE++ standard, ports 1 to 48 support PoE/PoE+, ports 1 to 24 support PoE++power supply. It delivers robust performance, sound end-to-end service quality, and rich security functions for the aggregation layer of large-scale networks, the core layer of small- and medium-scale networks, and campus data centers. This satisfies requirements on high speed, security, and intelligence for enterprise campus networks. S5860-24XMG is FS-developed next-generation multi-GE switch, which features 24x 100M/1000M/2.5G/5G/10GBase-T, 4x 10Gb SFP+ and 2 x 25Gb SFP28 Uplinks. This managed enterprise switch adopts cutting-edge Broadcom chips to deliver 760 Gbps switching capacity and 565 Mpps forwarding rate. It is packed with redundant hot-swappable power supplies, dual hot-swappable smart fans and hardware-level dual-flash chip for superior processing performance and network reliability. FS agile S5860-24XMG managed switch is ideal for large-scale campus network aggregations, small and medium-sized network cores to meet the needs of high-density access and high-performance aggregation. S5860-48XMG is FS-developed next-generation multi-GE switch, which features 48x 100M/1000M/2.5G/5G/10GBase-T, 4x 25Gb SFP28 and 2x 40Gb QSFP+ Uplinks. This managed enterprise switch adopts cutting-edge Broadcom chips to deliver 760 Gbps switching capacity and 565 Mpps forwarding rate. It is packed with redundant hot-swappable power supplies, dual hot-swappable smart fans and hardware-level dual-flash chip for superior processing performance and network reliability. FS agile S5860-48XMG managed switch is ideal for large-scale campus network aggregations, small and medium-sized network cores to meet the needs of high-density access and high-performance aggregation. Product highlights Broadcom Chip, Support Stacking on All Optical Ports Support Stacking on All 10G Electrical Ports 1+1 Hot-swappable Power Supplies, Smart Fans Support MLAG, QoS, DHCP, BGP, VRRP, QinQ, etc. Support WEB/CLI/SNMP/SSH for Flexible Operation Network Monitoring through Sampled Flow (sFlow) Support SSH, ACL, AAA, 802.1X, RADIUS, TACACS+, etc. for Security IPv4/IPv6 Dual-Stack for Future Network Expansion Up to 24 PoE++ Ports, Total Budget 740W (Only for S5860-24XB-U) Up to 24 PoE++ Ports, Total Budget 370W (Only for S5860-24MG-U) Up to 48 PoE++ Ports, Total Budget 1600W (Only for S5860-48MG-U and S5860-48XMG-U) Platform details Platform benefits Software requirements Product specifications Quality certification At FS, our Quality Commitment lies in all aspects of processes, resources, and methods that enable us to build superior networks for our customers. Through a quality policy focusing on continuous improvement of products and services, we're able to achieve the highest levels of satisfaction for our customers. To that end, every FS employee is accountable for contributing to the value of the products and services we deliver. Figure 9 shows some of the authoritative certifications obtained by FS S5860 Series Switches. Optics supported For details about the optical modules available, visit： S5860-20SQ: Transceivers DACs and AOCs Supported on S5860-20SQ Switch S5860-48SC: Transceivers DACs and AOCs Supported on S5860-48SC Switch S5860-24XB-U: Transceivers DACs and AOCs Supported on S5860-24XB-U Switch Warranty, service and support FS S5860 Series Switches enjoy 5 years limited warranty against defects in materials or workmanship. For more information on FS Returns & Refunds policy, visit https://www.fs.com/policies/warranty.html or https://www.fs.com/policies/day_return_policy.html. FS provides a personal account manager, free professional technical support, and 24/7 live customer service to each customer. • Professional Lab: Test each product with the latest and advanced networking equipment. • Free Technical Support: Provide free & tailored solutions and services for your businesses. • 80% Same-day Shipping: Immediate shipping for in-stock items. • Fast Response: Direct and immediate assistance from an expert. For more information, visit https://www.fs.com/service/fs_support.html Ordering information Additional information For more information about the S5860 Series Switches, contact your account manager or visit https://www.fs.com/search_result?keyword=S5860 Document history

RADIUS Protocol Spoofing Vulnerability Mitigation (CVE-2024-3596)

30-01-2026 - RADIUS Protocol Spoofing Vulnerability Mitigation (CVE-2024-3596) Introduction On July 9, 2024, security researchers disclosed the following high-severity vulnerability in the RADIUS protocol: CVE-2024-3596, also known as the Blast-RADIUS vulnerability. This vulnerability allows attackers to spoof RADIUS response packets through man-in-the-middle attacks, modifying any valid authentication response (such as "Access-Accept", "Access-Reject", or "Access-Challenge") into arbitrary responses, thereby bypassing the authentication mechanism and gaining network access. Vulnerability Overview Vulnerability Name RADIUS Protocol Spoofing Vulnerability CVE Number CVE-2024-3596 Vulnerability Type Forgery, MITM Discovery Time 2024-07-09 Attack Vector Network Vulnerability Level High Severity The RADIUS protocol is used to transmit user authentication, authorization, and accounting information between a network access server (NAS) and an Authentication, Authorization, and Accounting (AAA) server. It verifies the user's identity through communication between the client and the server and determines whether the user has the right to access network resources. There is a vulnerability in the RADIUS protocol that allows attackers to forge responses when the Message-Authenticator attribute is not enforced. This issue is due to the use of MD5 for cryptographic integrity checks, enabling attackers to forge UDP-based RADIUS response packets. This may lead to unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the security of the process. Scope of Impact The impact of this vulnerability depends on the mix of RADIUS client, RADIUS server, and transport protocol. Successful exploitation of this vulnerability can lead to privilege escalation and identity impersonation on the affected system. Potentially Affected: Systems that use the RADIUS network authentication protocol without enabling the Extensible Authentication Protocol (EAP) authentication method RADIUS servers that have not globally enforced Message-Authenticator validation on received requests The transmission message does not carry the Message-Authenticator field Unaffected: EAP-based 802.1X Authentication Protected over TLS Require Message-Authenticator attribute from every server-client response Safety Measures Measure 1: Emergency Mitigation This is the fastest and most important protection measure, with the focus on protecting the RADIUS communication channel. 1. Implement network isolation and access control: Strictly limit the IP addresses of network devices (switches) that can communicate with the RADIUS server. On the firewall or switch ACL, only RADIUS port communication between switches within the specified network management VLAN and the RADIUS server is allowed, and all other sources of access are denied. 2. Encrypted Transmission Channel: Establish IPsec VPN tunnels between all switches and the RADIUS server. This will effectively prevent man-in-the-middle attacks, as all traffic is encrypted and authenticated. If supported by the RADIUS server and client, use RADIUS over TLS (RadSec), which uses TCP and TLS encryption. Measure 2: Strengthen Monitoring and Detection 1. Network Behavior Anomaly Monitoring: Deploy a Network Detection and Response (NDR) system to monitor whether any device attempts authentication during non-working hours or from an abnormal location. 2. Log Audit: Centralized collection and analysis of logs from switches and security devices, focusing on whether authentication success events are consistent with RADIUS server logs, and whether there are abnormal patterns of sudden success after a large number of authentication failures. Solutions Note: To effectively mitigate this attack, we recommend implementing the following security measures. All measures except item 3 can be deployed immediately within your current environment. 1. Upgrade RADIUS Server: Immediately upgrade your RADIUS server (such as FreeRADIUS) to a patched version. 2. Mandatory Message-Authenticator Attribute: On the patched RADIUS server, configure the Message-Authenticator attribute to be used for all types of RADIUS requests. This attribute uses the more secure HMAC-MD5 mechanism, which can effectively defend against such attacks. Verification Principle: The RADIUS request sent by the client to the verification server must include the Message-Authenticator attribute. If this attribute is not included, the verification server will silently discard the request. If this attribute is included, the transaction will be verified, and the Message-Authenticator attribute will be sent in the RADIUS response. image.png 3. Check and update the switch firmware : Note: FS will enhance the security of all switch devices to avoid the risk of Radius vulnerabilities. Users can obtain the latest firmware version (the security-enhanced version will be provided upon release) on the front end of the corresponding product. Use the new version of the switch firmware update to include the Message-Authenticator field, enhancing the security of its RADIUS client and providing better compatibility. The following is a packet capture example of an Access-Request that includes the Message-Authenticator attribute: 589e0d17-aa54-41ee-8083-2d7efa67048b.jpg 4. TLS/DTLS encryption protects the communication between the RADIUS client and server: TLS (Transport Layer Security Protocol): It is an encrypted Communication Protocol based on TCP. Its core principle is to establish a reliable connection through a three-way handshake, complete identity authentication and key negotiation based on digital certificates during the handshake phase, and generate a unique session key. Subsequently, all application layer data (such as RADIUS data packets) will be encapsulated by the TLS record protocol, encrypted using strong encryption algorithms such as AES, and guaranteed data integrity through modern hashing algorithms such as HMAC-SHA256. The advantage of TLS is its high reliability, built-in retransmission mechanism to ensure that data is not lost, and it is suitable for enterprise network environments with high stability requirements. Note: TLS handshake requires multiple round trips and may introduce a delay of several tens of milliseconds. image.png DTLS (Datagram Transport Layer Security Protocol): It is the UDP version of TLS, designed specifically for connectionless and latency-sensitive scenarios. Its principle is similar to TLS, providing encryption, authentication, and integrity protection, but optimized for the characteristics of UDP: using sequence numbers and replay window mechanisms to prevent data packet replay attacks, supporting data packet loss and out-of-order processing, and simplifying the handshake process to reduce latency. DTLS retains the security features of TLS while adapting to the original UDP transmission method of the RADIUS protocol, suitable for wireless networks, high latency, or environments that require traversing NAT. 5. Network Isolation and Secure VPN Tunnel Communication: Where possible, network isolation and secure VPN tunnel communication should be enforced for the RADIUS protocol to restrict access to these network resources from untrusted sources.

S5860-48SC Switch Quick Start Guide V6.0

17-12-2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

S5860-48SC(AC) Instruction Manual of Safety and Compliance Information

17-12-2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

30-10-2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

21-10-2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

30-09-2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

06-09-2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.