top of page

Reason S20

Managed Ethernet Switches

GE’s Reason S20 series of managed Ethernet switches are designed to enable an IEC 61850 digital substation network, including IEEE 1588v2 (PTP), in harsh environments within power systems and industry applications. Using the Reason S20, packet switching between substation devices is flexible, reliable and robust, even in situations where routing is necessary.

A flexible, modular design allows the Reason S20 series to support a wide range of network architectures. The Reason S20 series includes the following models:

  • S2020, the cost-effective choice, offers a high density of Ethernet ports in a 1U form factor for easy rack mounting. This model supports up to 5 modules with 4 ports each and allows configurations with up to 20 fast Ethernet ports or up to 4 gigabit ports plus 16 fast Ethernet ports.

  • S2024, the premium model, offers full gigabit Ethernet switch functionality. This model supports up to 24 ports, provided by 6 interface modules with 4 ports each. The 1U mechanical design is identical to the S2020 model.

In both S2020 and S2024 models, layer 3 functions and IEEE 1588v2 PTP (all ports, hardware-based) can be upgraded via a licensing file. The Reason S20 switches can be configured and managed cyber-securely using an SSH command line interface or an HTTPS graphical interface. Both models offer full cyber security features by default, including RADICUS/TACACS+ remote authentication technology, password encryption and digitally signed firmware, enabling operators to fully comply with NERC CIP guidelines and regulations. Statistical information and file management can be operated using SNMP v3.

Key Benefits

The flexible and robust Reason S20 Ethernet switches provide customers with a variety of benefits, including:

  • Network Management Software (NMS) integration with MDS PulseNET (v4.5.0)

  • Layer 2 and 3 Managed Ethernet Switch

  • Fully flexible Ethernet switch for industrial applications, including PRP redundant networks

  • Ready for IEC 61850 networks (tests performed by KEMA)

  • Store-and-forward packet switching

  • Media Access Control (MAC) bridges and Spanning Tree Protocol as standardized by the IEEE 802.1D

  • IP Routing functionalities: Static, Routing Information Protocol (RIP) and Open Shortest Path First (OSPF)

  • Virtual Router Redundancy Protocol (VRRP) to eliminate a single point of failure in static routed environments

  • UltraRSTP (Rapid Spanning Tree Protocol - IEEE 802.1W) with fault recovery time less than 5 ms per hop, meeting IEC 61850-90-4 specifications

  • Bridge Protocol Data Unit (BPDU) guard and filtering to prevent external interference in Spanning Tree networks

  • Cyber Security enhancements, been ready for NERC CIP requirements

  • Support for IPv4 and IPv6 protocols (Multicast, Unicast and Broadcast operation)

  • Internal clock synchronization using NTP protocol

  • Operation as NTP server using IEEE 1588v2 as source of time

  • Alarm contacts for detection of critical events

  • Standard USB 2.0 configuration port

Cyber Security

























The Reason S20 delivers advanced cyber security features that help operators to comply with NERC CIP guidelines and regulations. These features are standard with firmware 06A02 and greater.


AAA Server Support (Radius/TACACS+)

Enables integration with centrally managed authentication and accounting of all user activities and uses modern industry best practices and standards that meet and exceed NERC CIP requirements for authentication and password management.

Role Based Access Control (RBAC)

Efficiently administrate users and their privileges within S20 devices. Multiple users account with independent passwords and privilege levels (roles) may be created, and with an advanced function leveling it is possible to define the access level required for each predefined function. Attempts to log-in (either successful or failed) are stored in a persistent flash memory syslog. After three failed log-in attempts, the user account gets locked out and must wait 1 minute to retry new three attempts.


Password Complexity, Encryption and Expiration

Factory default password is different for each manufactured device and after the first login, users must change the password with at least 8 characters including lower/uppercase alphabetic, numeric and special non alphabetic characters (e.g. #, $, @, &). Passwords are encrypted using SHA256 and by default, it may expire after 6 months (user-configurable).


Firmware digitally signed and secure communications

To perform a secure firmware update, S20 uses the checksum algorithm to check firmware integrity and a digital signature to ensure its authenticity. In addition, only the encrypted Secure File Transfer Protocol (SFTP) is enabled to transfer the firmware file. By default, only secure protocols such as SSH (CLI) and HTTPS (graphic web interface) are activated to establish remote access to S20, and if desired they may be deactivated as well as unused Ethernet ports, leaving only the local USB Serial communication through SSH available.


The flexible design of Reason S20 allows the user to customize each group of 4 ports interfaces to either electrical (RJ45 fixed/SFP) or optical (SFP), Fast Ethernet or Gigabit. In addition, S20 may have a redundant power supply which does not need to be identical to the main one. The power supply options are the full range high voltage 125-250 VDC / 110-240 VAC (50/60 Hz) or the low voltage 24/48 VDC.

Field proven design backed by extensive type testing to ensure the robustness of the S20’s fanless design for harsh substation environments. The EMC and Environmental tests are in accordance with IEC 60255-26, IEC 61850-3 Ed. 2, IEEE 1613 and its extension IEEE 1613.1. Safety requirements are in accordance with IEC 60255-27 and UL 60950-1.

IEC 61850 Networks

The Reason S20 is compliant with IEC 61850 for applications in substations, proven by an extensive type testing to demonstrate the EMC and environment robustness and a functional and performance test report issued by KEMA. The test scope included . The test scope included VLAN function, QoS function for GOOSE messages, network recovery performance (RSTP) and booting time. The Reason S20 UltraRSTP achieves a fault recovery time of less than 5ms per hop, reducing packets loss while maintaining interoperability with others standard RSTP devices. For zero recovery time, S20 is ready for PRP networks schemes.




IEEE 1588v2

Precision Time Protocol (PTP) is defined in the IEEE 1588 standard, which describes the precision clock synchronization protocol for networked measurement and control systems. Reason S20 complies with IEEE1588v2, and can operate either as transparent clock or boundary clock to ensure time accuracy for PTP-aware IEDs in the network. All S20 interface ports may operate as PTP-aware, achieving the nanosecond accuracy given the hardware based implementation.








SFP Transceivers

If you have free SFP slots, or require replacing SFP transceivers, GE offers the following:


SFP Transceiver 1000Mbps LC single mode, 1310nm wavelength, 20km



SFP Transceiver 1000Mbps LC single mode, 1310nm wavelength, 40km



SFP Transceiver 1000Mbps LC single mode, 1550nm wavelength, 80km



SFP Transceiver 1000Mbps LC single mode, 1550nm wavelength, 120km 



SFP Transceiver 1000Mbps LC multi mode, 850nm wavelength, 500m



SFP Transceiver 100Mbps LC multi mode, 1310nm wavelength, 2km



SFP Transceiver 100 Mbps LC single mode, 1310 nm wavelength, 20 km



SFP Transceiver 10/100/1000Mbps, RJ45 connector



Reason S20


The Reason S20 delivers advanced cyber security features

design-s20 (1).jpg

Reason S20 operates either as a transparent clock or boundary clock to ensure time accuracy for PTP-aware IEDs in the network

Reason S20



Reason S20 operates either as a transparent clock or boundary clock to ensure time accuracy for PTP-aware IEDs in the network

bottom of page