diff --git a/roles/access/tasks/fs-s5800-48t4s.yml b/roles/access/tasks/fs-s5800-48t4s.yml
new file mode 120000
index 0000000..b136bed
--- /dev/null
+++ b/roles/access/tasks/fs-s5800-48t4s.yml
@@ -0,0 +1 @@
+fs.yml
\ No newline at end of file
diff --git a/roles/access/tasks/main.yml b/roles/access/tasks/main.yml
index 069784c..c06a8be 100644
--- a/roles/access/tasks/main.yml
+++ b/roles/access/tasks/main.yml
@@ -34,7 +34,7 @@
     ansible_terminal_stderr_re: [] # some errors are not actually errors
   register: result
   # These lines are not displayed by 'sho ru' and always reported as different, so ignore them.
-  changed_when: result.commands | reject('match', '^(no shutdown|no switchport access vlan|no switchport trunk native vlan|no voice vlan.*|switchport mode access|switchport mode hybrid|interface .*|no enable service web-server https?|no ip dhcp snooping|no ip dhcp snooping trust|no switchport port-security.*)$')
+  changed_when: result.commands | reject('match', '^(no shutdown|no switchport access vlan|no switchport trunk native vlan|no voice vlan.*|switchport mode access|switchport mode hybrid|interface .*|service http disable|no enable service web-server https?|no ip dhcp snooping|no ip dhcp snooping trust|no switchport port-security.*)$')
   notify: write config
 
 - name: Run model-specific tasks
diff --git a/roles/access/templates/config-fs.j2 b/roles/access/templates/config-fs-s5800-48t4s.j2
similarity index 57%
rename from roles/access/templates/config-fs.j2
rename to roles/access/templates/config-fs-s5800-48t4s.j2
index 036b709..3d5c7e9 100644
--- a/roles/access/templates/config-fs.j2
+++ b/roles/access/templates/config-fs-s5800-48t4s.j2
@@ -1,43 +1,41 @@
 hostname {{ inventory_hostname }}
 
-no netconf enable
-
-no enable service telnet-server
-no enable service web-server http
-no enable service web-server https
+service http disable
+service telnet disable
 
+vlan database
 {% for vlan in add_vlans %}
  vlan {{ vlan }}
 {% endfor %}
-{% for vlan in del_vlans | difference([1]) %} {# VLAN 1 can not be deleted #}
+{% for vlan in del_vlans %}
  no vlan {{ vlan }}
 {% endfor %}
+exit
 
-{% for iface in interfaces %}
-interface {{ iface.name }}
-{% if iface.enabled %} no{% endif %} shutdown
-{% if iface.lag %}
- port-group {{ iface.lag.name | select('in', '0123456789') | join('') }} mode active
-
-{% elif iface.mgmt_only %}
+{# sort to ensure LAG interfaces are added last #}
+{% for iface in interfaces | sort(attribute="type.value") | sort(attribute="mgmt_only") %}
+{% if iface.mgmt_only %}
 {% for address in iface.ip_addresses %}
 {% set subnet = address.address | ipaddr('subnet') %}
 {% set prefix = prefixes | selectattr('prefix', '==', subnet) | first %}
 {% if address.family.value == 4 %}
- ip address {{ address.address | ipaddr('address') }} {{ address.address | ipaddr('netmask') }}
+management ip address {{ address.address }}
 {% if prefix.custom_fields.gateway %}
- gateway {{ prefix.custom_fields.gateway.address | ipaddr('address') }}
+management route add gateway {{ prefix.custom_fields.gateway.address | ipaddr('address') }}
 {% endif %}
 {% else %}
- ipv6 address {{ address.address | upper }}
-{% if prefix.custom_fields.gateway %}
- ipv6 gateway {{ prefix.custom_fields.gateway.address | ipaddr('address') | upper }}
-{% endif %}
+management ipv6 address {{ address.address }}
 {% endif %}
 {% endfor %}
 
 {% else %}
- mtu {{ iface.mtu | default('9216', true) }}
+
+interface {{ iface.name }}
+{% if iface.enabled %} no{% endif %} shutdown
+{% if iface.lag %}
+ channel-group {{ iface.lag.name | select('in', '0123456789') | join('') }} mode active
+
+{% else %}
 {% if iface.mode and iface.mode.value == 'access' %}
  switchport mode access
 {% if iface.untagged_vlan and iface.untagged_vlan.vid != 1 %}
@@ -49,9 +47,10 @@ interface {{ iface.name }}
  switchport mode trunk
  switchport trunk allowed vlan only {{ (iface.tagged_vlans or vlans) | map(attribute='vid') | compact_numlist }}
 {%- elif iface.mode and iface.mode.value == 'tagged-all' %}
- switchport mode uplink
- switchport trunk allowed vlan only 2-4094
+ switchport mode trunk
+ switchport trunk allowed vlan all
 {% endif %}
 
+{% endif %}
 {% endif %}
 {% endfor %}
diff --git a/roles/access/templates/config-fs-s5860-48xmg-u.j2 b/roles/access/templates/config-fs-s5860-48xmg-u.j2
deleted file mode 120000
index ffb3016..0000000
--- a/roles/access/templates/config-fs-s5860-48xmg-u.j2
+++ /dev/null
@@ -1 +0,0 @@
-config-fs.j2
\ No newline at end of file
diff --git a/roles/access/templates/config-fs-s5860-48xmg-u.j2 b/roles/access/templates/config-fs-s5860-48xmg-u.j2
new file mode 100644
index 0000000..036b709
--- /dev/null
+++ b/roles/access/templates/config-fs-s5860-48xmg-u.j2
@@ -0,0 +1,57 @@
+hostname {{ inventory_hostname }}
+
+no netconf enable
+
+no enable service telnet-server
+no enable service web-server http
+no enable service web-server https
+
+{% for vlan in add_vlans %}
+ vlan {{ vlan }}
+{% endfor %}
+{% for vlan in del_vlans | difference([1]) %} {# VLAN 1 can not be deleted #}
+ no vlan {{ vlan }}
+{% endfor %}
+
+{% for iface in interfaces %}
+interface {{ iface.name }}
+{% if iface.enabled %} no{% endif %} shutdown
+{% if iface.lag %}
+ port-group {{ iface.lag.name | select('in', '0123456789') | join('') }} mode active
+
+{% elif iface.mgmt_only %}
+{% for address in iface.ip_addresses %}
+{% set subnet = address.address | ipaddr('subnet') %}
+{% set prefix = prefixes | selectattr('prefix', '==', subnet) | first %}
+{% if address.family.value == 4 %}
+ ip address {{ address.address | ipaddr('address') }} {{ address.address | ipaddr('netmask') }}
+{% if prefix.custom_fields.gateway %}
+ gateway {{ prefix.custom_fields.gateway.address | ipaddr('address') }}
+{% endif %}
+{% else %}
+ ipv6 address {{ address.address | upper }}
+{% if prefix.custom_fields.gateway %}
+ ipv6 gateway {{ prefix.custom_fields.gateway.address | ipaddr('address') | upper }}
+{% endif %}
+{% endif %}
+{% endfor %}
+
+{% else %}
+ mtu {{ iface.mtu | default('9216', true) }}
+{% if iface.mode and iface.mode.value == 'access' %}
+ switchport mode access
+{% if iface.untagged_vlan and iface.untagged_vlan.vid != 1 %}
+ switchport access vlan {{ iface.untagged_vlan.vid }}
+{% else %}
+ no switchport access vlan
+{% endif %}
+{%- elif iface.mode and iface.mode.value == 'tagged' %}
+ switchport mode trunk
+ switchport trunk allowed vlan only {{ (iface.tagged_vlans or vlans) | map(attribute='vid') | compact_numlist }}
+{%- elif iface.mode and iface.mode.value == 'tagged-all' %}
+ switchport mode uplink
+ switchport trunk allowed vlan only 2-4094
+{% endif %}
+
+{% endif %}
+{% endfor %}