Telco-class Layer 2 Gigabit Carrier Ethernet Switch
 Front Access design; External
Alarm input/output block
 Fully managed Layer 2 switching
The MGS3520 Series GbE L2 Managed Switch is specially designed for service
providers to deliver profitable Ethernet services. With the high-performance
hardware platform, service providers can easily extend network topologies
while enabling robust security, QoS and management functions to help
customers fulfilling differentiated needs for Metro Ethernet services.
 L2 multicast, IGMP snooping, and
MVR for convergence
 Enhanced network protection with
IP source guard, DHCP snooping,
ARP inspection, CPU protection
Advanced QoS for significant services
 L2, L3, and L4 filtering, MAC freeze,
port isolation for access control
 Future-proofed with IPv6 support
 Policy-based QoS optimizes multiservice quality
 High redundancy and resilient
architecture with RSTP and port
Consistent service quality and reliable connecting ability in a converged
network is the key for service providers to win customers and build loyalty;
therefore the ability to control traffic flow and set traffic policy becomes
more critical than ever. The MGS3520 Series offers wire-speed flow control
that classifies and prioritizes the incoming packets according to the
predefine QoS policies that meet requirements of service providers.
In terms of classification, the Differentiated Services Code Point (DSCP)
field and the 802.1p class of service (CoS) field are identified to assess the
priority of incoming packets. Classification and reclassification can be based
on criteria as specific as rules based on IP, MAC addresses, VLAN ID or
TCP/UDP port number. For bandwidth management, the MGS3520 Series
provides 8 priority queues per port for different types of traffics, allowing
service providers to set rule-based rate limitations that take full advantage
of constrained network resources and guarantee the best performance.
Enhanced security for protection among customers
MGS3520 Series
24-port/48-port GbE L2 Switch
with Four GbE Combo Ports
Avoiding subscribers affecting each other on a shared network or shared
device is a major concern for service providers. The MGS3520 Series offers
a complete set of security features to protect user data while administrating
the traffics. The intrusion lock function detects the “plugged” and
“unplugged” status change of Ethernet cables, and the switch would
deactivate a specific port automatically if needed, and the 802.1X
authentication can secure the network from unauthorized users. Port
security provides the ability to deny unauthorized users from accessing the
network. Moreover, the 802.1X feature cooperating with RADIUS is useful
to prevent unauthorized access based on username and password (or other
credentials) and acts as powerful access control for converged networks
with mixed wired and wireless access.
The MGS3520 Series provides a multilayer (L2/L3/L4) ACL suite of
sophisticated policy-based control mechanisms that enables service
providers to deploy easily based on actual network environment
needs via a Web GUI or command line interface to prevent abnormal or
illegal access. The policies can be defined to deny packets based on source
and destination MAC addresses, IP addresses or TCP/UDP ports.
MGS3520 Series
24-port / 48-port GbE L2 Switch with Four GbE Combo Ports
Resilient and redundant design
A quick recovery and round-the-clock network is vital for service providers to establish a robust network. The MGS3520
Series provides comprehensive features to make sure network is well operated. The IEEE 802.3ad Link Aggregation feature
reduces network downtime by providing redundant paths and bandwidth aggregation to critical connections, while IEEE
802.1w Rapid Spanning Tree Protocol (RSTP) and IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) allow immediate
recovery from failed connections by sending packets via the backup link. Furthermore, since the MGS3520 Series supports
backup power system, the power is supplied to the switch in case of an unexpected outage.
Agile traffic control for converged networking applications
Design for access layer converged data, video and voice applications, the ZyXEL MGS3520 Series has a rich Layer 2 feature
set that can shape the traffic for diverse VoIP, video conference, and IPTV deployment. Supporting L2 multicast and IGMP
snooping, the MGS3520 Series can support large IPTV deployments, which using bandwidth efficiently by directing
multicast traffic to the subscribers only. The Multicast VLAN Registration (MVR) function ensures better network security by
allowing a single multicast VLAN to be shared in the network while subscribers remain in separate VLANs. These advanced
traffic control features of the MGS3520 Series provide hotels, businesses, and educational institutions greater agility and
more effective traffic management for converged applications of today.
Future-Proof connectivity for evolving networks
The ZyXEL MGS3520 Series helps business and organizations stay ahead and get ready for future IPv6 networks. It
supports dual stack (IPv4 and IPv6) and IPv6 host that allows business and organizations to deploy the MGS3520 switch at
the network edge today, and easily migrate to the next-generation Internet Protocol in the future. With support for IPv6
ACL packet filtering, the MGS3520 L2 Gigabit switch can create secured IPv6 networks that are protected from illegal IPv6
clients. The MGS3520 Series is designed with a comprehensive set of IPv6 management features that include ICMPv6,
neighbor discovery and DHCPv6 relay, which facilitate the migration to next-generation networking applications without an
extensive equipment upgrade.
Optimized design for Metropolitan Area Network (MAN)
The MGS3520 Series adopts the “front access” design for technicians to easily wire and maintain outdoor cabinets.
The external alarm input/output block connects mechanical cabinet parts to the management network and offers better
protection to the equipment.
Carrier switches supports Digital Diagnostics Monitoring Interface (DDMI) SFP
The enhanced digital interface allows real-time access to device operating parameters, and includes optional digital features
such as soft control and monitoring of SFP I/O signals. In addition, it fully incorporates the functionality needed to
implement digital alarms and warnings.
The digital diagnostic monitoring interface enables users to have the capability of performing component monitoring, fault
isolation and failure prediction tasks on their transceiver-based applications.
DDMI Monitors:
• Temperature
• Supply voltage
• Transmitted bias current
• Transmitted power
• Received power
All features listed above include alarm and warning thresholds
MGS3520 Series
24-port / 48-port GbE L2 Switch with Four GbE Combo Ports
Active Fiber with IPTV Service
MGS3520 Series
24-port / 48-port GbE L2 Switch with Four GbE Combo Ports
Features :
Standard Compliance
IEEE 802.3 10BASE-T Ethernet
IEEE 802.3u 100BASE-Tx Ethernet
IEEE 802.ab 1000BASE-T Ethernet
IEEE 802.3z 1000BASE-X
IEEE 802.3x flow control
IEEE 802.1d spanning tree protocol
IEEE 802.1w rapid spanning tree
IEEE 802.1s multiple spanning tree
IEEE 802.1p class of service, priority
IEEE 802.1Q VLAN tagging
IEEE 802.1X port authentication
IEEE 802.3ad LACP aggregation
IEEE 802.1ad VLAN stacking
IEEE 802.3az Energy Efficient Ethernet
User Security and Authentication
• IEEE 802.1X authentication
• IP source guard (static IP/MAC binding,
DHCP snooping, ARP inspection)
• IP subnet VLAN & VLAN isolation
• Limiting MAC number per port
• Loop guard prevents a switch from
being affected by another switch which
is already in a looping status
• MAC filtering per port secures access to
each port
• MAC freeze
• Port security, port isolation, port
mirroring, intrusion lock
• RADIUS MAC authentication
• Static MAC forwarding per port: only
specified MAC addresses can access the
network (port security)
• Wire speed filtering per
• Wire speed mirroring per
• Wire speed rate limiting per
• GVRP, automatic VLAN member
• Guest VLAN
• CPU protection
• IP-MAC-Port binding
Network Administration Security
SSH v1/v2
RADIUS accounting
TACACS+ authentication, accounting
NTP, daylight saving
Traffic Management and QoS
• Broadcast storm control
• IEEE 802.1p with 8 hardware priority
queues per port for different types of
• IEEE 802.1ad QinQ/selected QinQ
• IEEE 802.1Q tag-based and port-based
• Weighted Fair Queuing
scheduling algorithm
• Policy based rate limiting
• Policy based bandwidth control
• Port based traffic shaping/rate limiting
• Rule-based traffic mirroring
• IGMP snooping (v1, v2, v3)
• IGMP filtering
• Jumbo frame support (9K Bytes) for
high performance data backup or
recovery services
• Support GVRP, automatic VLAN
member registration
• Multicast VLAN Registration (MVR)
• BPDU transparency
• Selective Q-in-Q
Network Management
• Intuitive Web-based management
with all features configurable
• Text-based configuration profile for
massive deployment
• Telnet CLI (Cisco like)
• SNMP v1, v2c, v3 , trap group
• RMON four RMON groups 1, 2, 3, 9
(history, statistics, alarms, and
events) for traffic management,
monitoring, and analysis
• Firmware upgrade, configuration
backup/ restore via ftp
• Alarm led indicator for early warning
of hardware troubles
• Send system trap to trap server
• DHCP relay, DHCP relay per VLAN,
DHCP relay option 82, DHCP client
• Port mirroring: supports
source/destination/port mirroring
• IEEE 802.3ah Ethernet Operations,
Administration and Management
• IEEE 802.1ag CFM
• CO-LPR (Dying gasp)
• sflow
Intelligent ACL
(L2/L3/L4 Access List Control)
• Based on port
• Based on MAC + VLAN ID
• Based on IP address
• Based on protocol type
• Based on TCP/UDP port number MIB
Link Aggregation
• IEEE 802.3ad LACP link aggregation
• Support static manually port trunking
• Up to 6 aggregation groups, 8
ports/per group randomly selected
• VLAN trunking
Redundancy for Fault
• IEEE 802.1w Rapid Spanning
Tree Protocol (RSTP) provides
rapid convergence of spanning
tree independent of spanningtree timer
• IEEE 802.1s multiple spanning
tree provides link availability in
multiple VLAN environments by
allowing multiple spanning
• MRSTP—Multiple RSTP
• ZyXEL new private MIB
• RFC 1066 TCP/IP-based MIB
• RFC 1213, 1157 SNMPv2c/v3 MIB
• RFC 1493 bridge MIB
• RFC 1643 Ethernet MIB
• RFC 1757 RMON group 1, 2, 3, 9
• RFC 2011, 2012, 2013 SNMPv2 MIB
• RFC 2233 SMIv2 MIB
• RFC 2358 Ethernet-like MIB
• RFC 2674 bridge MIB extension
• RFC 2819, 2925 remote management
• RFC 3621 power Ethernet MIB
• RFC 4022 management information
base for transmission control protocol
•RFC 4113 management information
base for user datagram protocol
• RFC 4292 IP forwarding table MIB
• RFC 4293 Management Information
Base (MIB) for IP
Safety Certification
• CE:
AS/NZS CISPR 22: 2009+A1:2010
• FCC Part 15, subpart B
• ICES-003 Issue 5
• Level A
MGS3520 Series
24-port / 48-port GbE L2 Switch with Four GbE Combo Ports