Data Sheet

ManualsBrandsNETGEAR ManualsComputers & Accessories8xMulti-Gig PoE+ (240W) and 2xSFP+ (shared) Managed Switch

Layer 3 routing package

Static Routes/ECMP Static Routes for IPv4 and IPv6 • Static and default routes are conﬁgurable with next IP address hops to any given destination

• Permitting additional routes creates several options for the network administrator

• The admin can conﬁgure multiple next hops to a given destination, intending for the router to load share

across the next hops

• The admin distinguishes static routes by specifying a route preference value: a lower preference value is a

more preferred static route

• A less preferred static route is used if the more preferred static route is unusable (down link, or next hop

cannot be resolved to a MAC address)

• Preference option allows admin to control the preference of individual static routes relative to routes

learned from other sources (such as OSPF) since a static route will be preferred over a dynamic route when

routes from dierent sources have the same preference

Advanced Static Routing functions for administrative

trac control

• Static Reject Routes are conﬁgurable to control the trac destined to a particular network so that it is not

forwarded through the router

• Such trac is discarded and the ICMP destination unreachable message is sent back to the source

• Static reject routes can be typically used to prevent routing loops

• Default routes are conﬁgurable as a preference option

In order to facilitate VLAN creation and VLAN routing

using Web GUI, a VLAN Routing Wizard oers follow-

ing automated capabilities:

• Create a VLAN and generate a unique name for VLAN

• Add selected ports to the newly created VLAN and remove selected ports from the default VLAN

• Create a LAG, add selected ports to a LAG, then add this LAG to the newly created VLAN

• Enable tagging on selected ports if the port is in another VLAN

• Disable tagging if a selected port does not exist in another VLAN

• Exclude ports that are not selected from the VLAN

• Enable routing on the VLAN using the IP address and subnet mask entered as logical routing interface

DHCP Relay Agents relay DHCP requests from any

routed interface, including VLANs, when DHCP server

doesn’t reside on the same IP network or subnet

• The agent relays requests from a subnet without a DHCP server to a server or next-hop agent on another

subnet

• Unlike a router which switches IP packets transparently, a DHCP relay agent processes DHCP messages

and generates new DHCP messages

• Supports DHCP Relay Option 82 circuit-id and remote-id for VLANs

• Multiple Helper IPs feature allows to conﬁgure a DHCP relay agent with multiple DHCP server addresses per

routing interface and to use dierent server addresses for client packets arriving on dierent interfaces on

the relay agent server addresses for client packets arriving on dierent interfaces on the relay agent

Support of Routing Information Protocol (RIPv2) as

a distance vector protocol speciﬁed in RFC 2453 for

IPv4

• Each route is characterized by the number of gateways, or hops, a packet must traverse to reach its

intended destination

• Categorized as an interior gateway protocol, RIP operates within the scope of an autonomous system

IP Multinetting allows to conﬁgure more than one IP address on a network interface (other vendors may call it IP Aliasing or Secondary Addressing)

ICMP Throttling feature adds conﬁguration options for

the transmission of various types of ICMP messages

• ICMP Redirects can be used by a malicious sender to perform man-in-the-middle attacks, or divert

packets to a malicious monitor, or to cause Denial of Service (DoS) by blackholing the packets

• ICMP Echo Requests and other messages can be used to probe for vulnerable hosts or routers

• Rate limiting ICMP error messages protects the local router and the network from sending a large number

of messages that take CPU and bandwidth

Enterprise security

Trac control MAC Filter and Port Security help restrict the trac allowed into and out of speciﬁed ports or interfaces in the system in order to increase overall security

and block MAC address ﬂooding issues

DHCP Snooping monitors DHCP trac between DHCP clients and DHCP servers to ﬁlter harmful DHCP message and builds a bindings database of (MAC address, IP

address, VLAN ID, port) tuples that are considered authorized in order to prevent DHCP server spooﬁng attacks

Dynamic ARP Inspection (IPv4) use the DHCP snooping bindings database per port and per VLAN to drop incoming packets that do not match any binding and to

enforce source IP / MAC addresses for malicious users trac elimination

ProSAFE® Intelligent Edge Managed Switches Data Sheet

M4200 series

Page 8 of 31