Product Datasheet

ManualsBrandsNETGEAR ManualsComputers & Accessories4x1G and 24 SFP+ Managed Switch

802.1xMACAddressAuthenticationBypass(MAB)

is a supplemental authentication mechanism that lets

non-802.1x devices bypass the traditional 802.1x

process altogether, letting them authenticate to the

network using their client MAC address as an identiﬁer

• AlistofauthorizedMACaddressesofclientNICsismaintainedontheRADIUSserverforMABpurpose

• MABcanbeconguredonaper-portbasisontheswitch

• MABinitiatesonlyaerthedot1xauthenticationprocesstimesout,andonlywhenclientsdon’trespond

toanyoftheEAPOLpacketssentbytheswitch

• When802.1Xunawareclientstrytoconnect,theswitchsendstheMACaddressofeachclienttothe

authentication server

• TheRADIUSservercheckstheMACaddressoftheclientNICagainstthelistofauthorizedaddresses

• TheRADIUSserverreturnstheaccesspolicyandVLANassignmenttotheswitchforeachclient

WithSuccessiveTiering,theAuthenticationManager

allows for authentication methods per port for a Tiered

Authentication based on conﬁgured time-outs

• Bydefault,congurationauthenticationmethodsaretriedinthisorder:Dot1x,thenMAB,thenCaptive

Portal(webauthentication)

• WithBYOD,suchTieredAuthenticationispowerfulandsimpletoimplementwithstrictpolicies

• Forinstance,whenaclientisconnecting,M6100triestoauthencatetheuser/clientusingthethree

methods above, the one aer the other

• The admin can restrict the conﬁguration such that no other method is allowed to follow the captive portal

method, for instance

DoubleVLANs(DVLAN-QoQ)passtracfromonecustomerdomaintoanotherthroughthe“metrocore”inamulti-tenancyenvironment:customerVLANIDsare

preservedandaserviceproviderVLANIDisaddedtothetracsothetraccanpassthemetrocoreinasimple,securemanner

PrivateVLANs(withPrimaryVLAN,IsolatedVLAN,

CommunityVLAN,Promiscuousport,Hostport,

Trunks)provideLayer2isolationbetweenportsthat

share the same broadcast domain, allowing a VLAN

broadcast domain to be partitioned into smaller point-

to-multipoint subdomains across switches in the same

Layer 2 network

• PrivateVLANsareusefulinDMZwhenserversarenotsupposedtocommunicatewitheachotherbut

needtocommunicatewitharouter;theyremovetheneedformorecomplexport-basedVLANswith

respectiveIPinterface/subnetsandassociatedL3routing

• Another Private VLANs typical application are carrier-class deployments when users shouldn’t see, snoop

or attack other users’ trac

SecureShell(SSH)andSNMPv3(withorwithoutMD5orSHAauthentication)ensureSNMPandTelnetsessionsaresecured

TACACS+andRADIUSenhancedadministratormanagementprovidesstrict"Login"and"Enable"authenticationenforcementfortheswitchconguration,basedonlat-

estindustrystandards:execauthorizationusingTACACS+orRADIUS;commandauthorizationusingTACACS+andRADIUSServer;userexecaccountingforHTTPand

HTTPSusingTACACS+orRADIUS;andauthenticationbasedonuserdomaininadditiontouserIDandpassword

Superior quality of service

Advancedclassier-basedhardwareimplementationforLayer2(MAC),Layer3(IP)andLayer4(UDP/TCPtransportports)prioritization

8queuesforprioritiesandvariousQoSpoliciesbasedon802.1p(CoS)andDiServcanbeappliedtointerfacesandVLANs

Advanced rate limiting down to 1 Kbps granularity and mininum-guaranteed bandwidth can be associated with ACLs for best granularity

AutomaticVoiceoverIPprioritizationwithAuto-VoIP

iSCSIFlowAccelerationandautomaticprotection/QoSwithAuto-iSCSI

Flow Control

802.3xFlowControlimplementationperIEEE802.3

Annex31BspecicationswithSymmetricow

control, Asymmetric ﬂow control or No ﬂow control

• AsymmetricowcontrolallowstheswitchtorespondtoreceivedPAUSEframes,buttheportscannot

generatePAUSEframes

• Symmetricowcontrolallowstheswitchtobothrespondto,andgenerateMACcontrolPAUSEframes

Allows trac from one device to be throttled for a speciﬁed period of time: a device that wishes to inhibit transmission of data frames from another device on the LAN

transmitsaPAUSEframe

UDLD Support

UDLDimplementationdetectsunidirectionallinks

physicalports(UDLDmustbeenabledonbothsides

ofthelinkinordertodetectanunidirectionallink)

• UDLDprotocoloperatesbyexchangingpacketscontaininginformationaboutneighboringdevices

• The purpose is to detect and avoid unidirectional link forwarding anomalies in a Layer 2 communication

channel in which a bi-directional link stops passing trac in one direction

Both“normal-mode”and“aggressive-mode”aresupportedforperfectcompatibilitywithothervendorsimplementations,includingport“D-Disable”triggeringcasesin

both modes

ProSAFE® Next-Gen Edge Managed Switches Data Sheet

M5300 series

Page 9 of 38