Product Datasheet

ManualsBrandsNETGEAR ManualsComputers & Accessories8x1G Ultra90 PoE++ 802.3bt 720W 2x1G and 2xSFP+ Managed Switch

With Successive Tiering, the Authentication Manager

allows for authentication methods per port for a

Tiered Authentication based on conﬁgured time-outs

• Bydefault,congurationauthenticationmethodsaretriedinthisorder:Dot1x,thenMAB,thenCaptivePortal

(webauthentication)

• With BYOD, such Tiered Authentication is powerful and simple to implement with strict policies

– For instance, when a client is connecting, M4300 tries to authenticate the user/client using the three

methods above, the one after the other

• The admin can restrict the conﬁguration such that no other method is allowed to follow the captive portal

method, for instance

DoubleVLANs(DVLAN)passtrafcfromonecustomerdomaintoanotherthroughthe“metrocore”inamulti-tenancyenvironment:customerVLANIDsarepreserved

and a service provider VLAN ID is added to the trafﬁc so the trafﬁc can pass the metro core in a simple, secure manner

PrivateVLANs(withPrimaryVLAN,IsolatedVLAN,

CommunityVLAN,Promiscuousport,Hostport,

Trunks)provideLayer2isolationbetweenportsthat

share the same broadcast domain, allowing a VLAN

broadcast domain to be partitioned into smaller

point-to-multipoint subdomains accross switches in

the same Layer 2 network

• Private VLANs are useful in DMZ when servers are not supposed to communicate with each other but need

to communicate with a router

• They remove the need for more complex port-based VLANs with respective IP interface/subnets and

associated L3 routing

• Another Private VLANs typical application are carrier-class deployments when users shouldn’t see, snoop or

attack other users’ trafﬁc

SSL version 3 and TLS version 2 ensure Web GUI sessions are secured

SecureShell(SSHversion2)andSNMPv3(withorwithoutMD5orSHAauthentication)ensureSNMPandTelnetsessionsaresecured

2048-bit RSA key pairs, SHA2-256 and SHA2-512 cryptographic hash functions for SSLv3 and SSHv2 are supported on all M4300 models

TACACS+andRADIUSenhancedadministratormanagementprovidesstrict“Login”and“Enable”authenticationenforcementfortheswitchconguration,basedon

latestindustrystandards:execauthorizationusingTACACS+orRADIUS;commandauthorizationusingTACACS+andRADIUSServer;userexecaccountingforHTTP

andHTTPSusingTACACS+orRADIUS;andauthenticationbasedonuserdomaininadditiontouserIDandpassword

Superior quality of service

Advancedclassier-basedhardwareimplementationforLayer2(MAC),Layer3(IP)andLayer4(UDP/TCPtransportports)prioritization

8queues(7inastack)forprioritiesandvariousQoSpoliciesbasedon802.1p(CoS)andDiffServcanbeappliedtointerfacesandVLANs

Advancedratelimitingdownto1Kbpsgranularityandmininum-guaranteedbandwidthcanbeassociatedwithACLsforbestgranularity

Single Rate Policing feature enables support for

SingleRatePolicerasdenedbyRFC2697

• CommittedInformationRate(averageallowableratefortheclass)

• CommittedBurstSize(maximumamountofcontiguouspacketsfortheclass)

• ExcessiveBurstSize(additionalburstsizefortheclasswithcreditsrellataslowerratethancommitted

burstsize)

• DiffServ feature applied to class maps

AutomaticVoiceoverIPprioritizationwithprotocol-based(SIP,H323andSCCP)orOUI-basedAuto-VoIPupto144simultaneousvoicecalls

Flow Control

802.3xFlowControlimplementationperIEEE802.3

Annex 31B speciﬁcations with Symmetric ﬂow

control, Asymmetric ﬂow control or No ﬂow control

• Asymmetric ﬂow control allows the switch to respond to received PAUSE frames, but the ports cannot

generate PAUSE frames

• Symmetricowcontrolallowstheswitchtobothrespondto,andgenerateMACcontrolPAUSEframes

Allows trafﬁc from one device to be throttled for a

speciﬁed period of time: a device that wishes to in-

hibit transmission of data frames from another device

on the LAN transmits a PAUSE frame

• A device that wishes to inhibit transmission of data frames from another device on the LAN transmits a

PAUSE frame

UDLD Support

UDLD implementation detects unidirectional links

physicalports(UDLDmustbeenabledonbothsides

ofthelinkinordertodetectanunidirectionallink)

• UDLD protocol operates by exchanging packets containing information about neighboring devices

• The purpose is to detect and avoid unidirectional link forwarding anomalies in a Layer 2 communication

channel

Both“normal-mode”and“aggressive-mode”aresupportedforperfectcompatibilitywithothervendorsimplementations,includingport“D-Disable”triggeringcasesin

both modes

PAGE 14 of 57

AV Line Managed Switches

Datasheet | M4250 series

AV Line Managed Switches