Highlights
Multi-Gigagit Ethernet•TheProSAFE®M4200-10MG-PoE+comeswithNBASE-Tcompliant1G/2.5G/5Gportsand8x2.5G/2x10Gwirespeedaggregation
•Thatis,apurelyline-rateaccesslayerfor802.11acwirelessaccesspointswithPoE+fullprovisioning,andreadyforWave23x3and4x4installations
Higher flexibility•PlenumdesignwithEasyMountoptionswhetherit’sdirectlyonawall,attachedtoarectangularorroundpole,ormountedinastandard19-inchrack
•Secureplacementabovedrop-downceilings,inairpassagewaysandwhereotherswitcheswillnotgo,verticalorhorizontal,flatorperpendicular
Lower complexity•EntirefeaturesetincludingL2switching(multi-tieredaccesscontrol,auto-VoIP,auto-iSCSI)andL3routing(staticorRIP)isavailablewithoutalicense
•DHCP/BootPinnovativeauto-installationincludingfirmwareandconfigurationfileuploadautomation
Investment protection•Multi-GigabitNBASE-Tenables2.5Xto5Xfasterspeedsupto100monlegacyCat5e/Cat6cableswhileproviding100Mand1Gbackwardcompatibility
•EvenifanorganizationisnotreadyforSDN,OpenFlowsupportoffersfuture-readydesignformaximuminvestmentprotection
Secure services•Withsuccessivetiering,theAuthenticationManagerallowsforauthenticationmethodsperportforatieredauthenticationbasedonconfiguredtime-outs
•WithBYOD,tieredDot1x->MAB->CaptivePortalauthenticationispowerfulandsimpletoimplementwithstrictpolicies
Industry standard management•Industrystandardcommandlineinterface(CLI),functionalNETGEARwebinterface(GUI),SNMP,sFlowandRSPAN
•Single-pane-of-glassNMS300managementplatformwithcentralizedfirmwareupdatesandmass-configurationsupport
Industry leading warranty•NETGEARM4200seriesiscoveredunderNETGEARProSAFELifetimeHardwareWarranty*
•90daysofTechnicalSupportviaphoneandemail,LifetimeTechnicalSupportthroughonlinechatandLifetimeNextBusinessDayhardwarereplacement
Page 2 Models at a glance
Page 3 Product brief
Page 4-10 Features highlights
Page 11 Target applications
Page 12-13 Components and modules
Page 14-31 Technical specifications and ordering information
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 1 of 31
The NETGEAR® M4200 Switch Series delivers a unique, effective solution for Wave 2 802.11ac deployments. The M4200 is the first 8x2.5G Multi-Gigabit switch with full PoE+ provision on all ports and 2x10G line-rate aggregation to the wiring closet. Plenum rated, slim design and mounting accessories allow for access point placement optimization and cabling efficiency even in nontraditional networking environments. L3 feature set includes static routing and RIP dynamic routing. The NETGEAR M4200 is ready for the future, with Software-defined Network (SDN) and OpenFlow 1.3 enabled for your network.
NETGEAR Intelligent Edge Switch solutions combine latest advances in hardware and software engineering for higher flexibility, lower complexity and stronger investment protection, at a high-value price point.
Performance at a Glance
Software at a Glance
Hardware at a GlanceFRONT SIDE MANAGEMENT
Modelname Form-Factor
SwitchingFabric
100/1000/2.5GBASE-TRJ45ports
100/1000/2.5G/5GBASE-T
RJ45ports
1000/10GBASE-XSFP+ports
PSU Fans Out-of-bandConsole
Modelnumber
M4200-10MG-PoE+
Full width 1-unit 1U
rack mount 3.9 in
(10 cm) deep
90 Gbps
6 ports PoE+ 100M; 1G; 2.5G
2 ports PoE+ 100M; 1G; 2.5G; 5G
2 ports 1G; 10G Internal
Fixed Side-to-side
28.9dB
Low acoustics
Ethernet: Out-of-band 1G port (Front) Console: RJ45 RS232 (Front) Console: Mini-USB (Front) Storage: USB (Front)
GSM4210P240W PoE budget
8-port Multigigabit and PoE+ full provisioning
LAYER3PACKAGE
Modelname Manage-ment
UsabilityEnhance-ments
IPv4/IPv6ACLandQoS,
DiffServ
IPv4/IPv6Multicastfiltering
IPv4/IPv6Policingand
Conver-gence
SpanningTree
GreenEthernet
VLANsTrunking
PortChannel
IPv4/IPv6Authentica-tionSecurity
IPv4/IPv6Static
Routing
IPv4DynamicRouting
Modelnumber
M4200-10MG-PoE+ Out-of-band;
Web GUI; HTTPs;
CLI; Telnet; SSH
SNMP, MIBs RSPAN
Radius Users, TACACS+
Link Dependency
(Enable or Disable one
or more ports based on the link state of one or more
different ports)
Syslog and Packet
Captures can be sent to USB
storage
Ingress
1 Kbps shaping
Time-based
Single Rate Policing
IGMPv3 MLDv2
Snooping
IGMPv1,v2 and MLDv1
Snooping Querier
Control Packet
Flooding
Auto-VoIP
Auto-iSCSI
LLDP-MED
STP, MTP, RSTP
PV(R)STP1
BPDU/STRG Root Guard
EEE (802.3az)
Static, Dynamic,
Voice, MAC
GVRP/GMRP
QinQ,
Private VLANs
Static or Dynamic
LACP
Seven (7) L2/L3/L4
hashing algorithms
Successive Tiering
(DOT1X; MAB;
Captive Portal)
DHCP Snooping
IPv4:
Dynamic ARP Inspection
IPv4/IPv6 Port, Sub-net, VLAN
routing
DHCPv4 Relay;
DHCPv4 Server
IPv4: RIP GSM4210P
TABLESIZE
ModelnameMACARP/NDP
Routing/SwitchingCapacity
Through-put
ApplicationRouteScaling
PacketBuffer Latency ACLs
MulticastIGMPGroup
member-ship
CPU VLANs DHCP sFlow Modelnumber
M4200-10MG-PoE+ 16K MAC
1K ARP/NDP
90 Gbps
Line-rate
66.9 Mpps Static: 32v4/32v6
RIP: 32
16Mb 64-byte frames:
<2.8µs 1G RJ45 <7.2µs 2.5G RJ45 <5.7µs 5G RJ45
<0.9µs 10G SFP+
50 ACLs
512 rules per list
16K ACL rules
(ingress)
1K IPv4
1K IPv6
CPU 800 Mhz
1GB RAM
256MB Flash
1K VLANs
DHCP Server:
2K leases
IPv4: 256 pools
10 samplers
10 pollers
8 receivers
GSM4210P
1 CLI only
M4200-10MG-PoE+
Rubber belts
Rack-mounting kit
Mount for attachment to a wall, round or rectangular pole
Hose clamps
Rack-mounting kit
Power cord strap and lock
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 2 of 31
NETGEAR M4200 series key features:
•Eight full power PoE+ and multi-speed 1G, 2.5G ports combined with two 10G SFP+ uplinks
•Allow for a fully non-blocking deployment of eight Wave 2 11ac access points, with 240W PoE budget
•Two of these multi-speed 1G, 2.5G PoE+ ports also support 5G•NBASE-T compliant Multigigabit Ethernet (basis for the upcoming
IEEE 802.3bz standard)•2.5X to 5X faster speeds up to 100m on legacy Cat5e/Cat6 cables -
yet providing 100M and 1G backward compatibility•Whisper quiet 28.9dB acoustics when operating at 25°C (77°F),
well below normal offices ambient background noise•Secure placement above drop-down ceilings, in air passageways
and where other switches will not go, vertical or horizontal, flat or perpendicular
•Easy Mount options whether it’s directly on a wall, attached to a rectangular or round pole, or mounted in a standard 19-inch rack
•Low latency and scalable table size with 16K MAC, 1K ARP/NDP, 1K VLANs, 32 routes (IPv4) and 32 routes (IPv6)
•SDN-Ready OpenFlow 1.3 support for maximum investment protection
NETGEAR M4200 series software features:
•Advanced classifier-based, time-based hardware implementation for L2 (MAC), L3 (IP) and L4 (UDP/TCP transport ports) security and prioritization
•Selectable Port-Channel / LAG (802.3ad - 802.1AX) L2/L3/L4 hashing for fault tolerance and load sharing with any type of Ethernet channeling
•Voice VLAN with SIP, H323 and SCCP protocols detection and LLDP-MED IP phones automatic QoS and VLAN configuration
•Efficient authentication tiering with successive DOT1X, MAB and Captive Portal methods for streamlined BYOD
•Comprehensive IPv4/IPv6 static and IPv4 dynamic routing including RIP•Layer 2 multicast forwarding with IGMPv3/MLDv2 Snooping and
IGMPv2/MLDv1 Snooping Querier•Advanced security including malicious code detection, DHCP Snooping,
Dynamic ARP Inspection and DoS attacks mitigation•Innovative multi-vendor Auto-iSCSI capabilities
NETGEAR M4200 series resiliency and availability features:
•Link Dependancy new feature enables or disables ports based on the link state of different ports
•Per VLAN Spanning Tree and Per VLAN Rapid Spanning Tree (PVSTP/PVRSTP) offer interoperability with PVST+ infrastructures
NETGEAR M4200 series management features:
•DHCP/BootP innovative auto-installation including firmware and configuration file upload automation
•Industry standard SNMP, RMON, MIB, LLDP, AAA, sFlow and RSPAN remote mirroring implementation
•Service port for out-of-band Ethernet management (OOB)•Standard RS232 straight-through serial RJ45 and Mini-USB ports for
local management console•Standard USB port for local storage, logs, configuration or image files•Dual firmware image and configuration file for updates with minimum
service interruption•Industry standard command line interface (CLI) for IT admins used to
other vendors commands•Fully functional Web console (GUI) for IT admins who prefer an easy to
use graphical interface•Single-pane-of-glass NMS300 management platform with mass-
configuration support
NETGEAR M4200 series warranty and support:
•NETGEAR ProSAFE Lifetime Hardware Warranty*•Included Lifetime Technical Support•Included Lifetime Next Business Day Hardware Replacement
Product Brief
The ProSAFE® M4200-10MG-PoE+ Managed Switch was designed from the ground up to optimize the installation of Wave 2 11ac access points. Includes eight full power PoE+ and multi-speed 1G, 2.5G ports for 100 meter cable runs, combined with two 10G uplinks for a fully non-blocking deployment of eight Wave 2 11ac access points. NETGEAR Multigigabit Ethernet is compatible with most major wireless and switching vendors managed solutions, and the only one with 8x2.5G to the AP and 2x10G line-rate aggregation to the wiring closet. Plenum rated, slim design and mounting accessories allow for access point placement optimization and cabling efficiency.
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 3 of 31
Features highlights
8-port Multi-Gigabit switch with full PoE+ provision on all ports
NBASE-T (basis for the upcoming IEEE 802.3bz stan-dard) enables 2.5X to 5X faster speeds up to 100m on legacy Cat5e/Cat6 cables
•8-port PoE+ Multi-Gigabit Ethernet 1G/2.5G BASE-T with 8 x 30W = 240 Watts full power
• Including two of these ports with 5G BASE-T capability
•Zero cost cabling plant investment required
•Full 1000BASE-T backward compatibility
•2-port 10G SFP+ uplinks for 8x2.5G to the Wave 2 11ac Access Points and 2x10G line-rate aggregation to the wiring closet
•Non blocking 90Gbps fabric for (6 x 2.5G) + (2 x 5G) + (2 x 10G) full duplex operation
L2, L3 and L4 switching features (access control list, classification, filtering, IPv4/IPv6 static routing, IPv4 dynamic routing) are performed in hardware at interface line rate for voice, video, and data convergence
Example of redundant, wire speed 8x2.5G 2x10G wireless access layer topology:
Unrivalled flexibility
Easy Mount allows for standard rack mounting as well as plenum mounting on rectangular and round poles, or walls
Secure placement above drop-down ceilings, in air passageways and where other switches will not go, vertical or horizontal, flat or perpendicular
Ships with four self-adhesive rubber footpads for installation on a flat surface (cushion against shock and vibrations; ventilation space between stacked switches)
For walls and poles, the switch ships with a mount to which you can click-attach the back or the bottom of the switch (flat or perpendicular)
The mount provides a locking tab and the switch comes with a power cord locker for additional peace of mind in nontraditional networking environments
Whisper quiet 28.9dB acoustics when operating at 25°C (77°F), well below normal offices ambient background noise
LACP
Standard Rack Mounting Attaching the Switch to a Wall Attaching the Switch to a Round Pole Attaching the Switch to a Rectangular Pole
M4200 Distributed Distribution Layer Switches
Stack of two M4300 10G Switches, or M6100 chassis equipped with two 10G blades
10G uplinks (Fiber)
2.5G PoE+ (Copper)
Wave 2 11acWireless Access Points
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 4 of 31
Best value switching performance
16K MAC address table, 1K concurrent VLANs and 32 (IPv4) 32 (IPv6) Layer 3 route table size for the access layer
Each switch provides line-rate local switching and routing capacity
80 PLUS certified power supplies for energy high efficiency
16 Mb packet buffer dynamically shared for intensive applications
Low latency at all network speeds, including 2.5 Gigabit, 5 Gigabit copper and 10 Gigabit fiber interfaces
Jumbo frames support of up to 9Kb accelerating storage performance for backup and cloud applications
iSCSI Flow Acceleration and Automatic Protection/QoS for virtualization and server room networks containing iSCSI initiators and iSCSI targets
•Detecting the establishment and termination of iSCSI sessions and connections by snooping packets used in the iSCSI protocol
•Maintaining a database of currently active iSCSI sessions and connections to store data, including classifier rules for desired QoS treatment
• Installing and removing classifier rule sets as needed for the iSCSI session traffic
•Monitoring activity in the iSCSI sessions to allow for aging out session entries if the session termination packets are not received
•Avoiding session interruptions during times of congestion that would otherwise cause iSCSI packets to be dropped
SDN-ready, M4200 OpenFlow feature enables the switch to be managed by a centralized OpenFlow Controller using the OpenFlow protocol
•Support of a single-table OpenFlow 1.3 data forwarding path
•The OpenFlow feature can be administratively enabled and disabled at any time
•The administrator can allow the switch to automatically assign an IP address to the OpenFlow feature or to specifically select which address should be used
•The administrator can also direct the OpenFlow feature to always use the service port (out-of-band management port)
•The Controller IP addresses are specified manually through the switch user interface
•The list of OpenFlow Controllers and the controller connection options are stored in the Controller Table
•The OpenFlow component in M4200 software uses this information to set up and maintain SSL connections with the OpenFlow Controllers
•M4200 implements a subset of the OpenFlow 1.0.0 protocol and a subset of the OpenFlow 1.3
• It also implements enhancements to the OpenFlow protocol to optimize it for the Data Center environment and to make it compatible with Open vSwitch
Access layer availability
Link Aggregation, also called Port Channeling or Port Trunking, offers powerful network redundancy and load balancing in aggregation to a dual network core
Rapid Spanning Tree (RSTP) and Multiple Spanning Tree (MSTP) allow for rapid transitionning of the ports to the Forwarding state and the suppression of Topology Change Notification
Mount for Attachment Outside the Rack
Both the switch back panel and bottom panel contain mounting holes to allow for attachment
10cm Hose Clamps for Round Poles Rubber Belts for Rectangular PolesPower Cord Lock and Strap
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 5 of 31
NETGEAR PVSTP implementation (CLI only) follows the same rules than other vendor’s Per VLAN STP for strict interoperability
• Including industry-standard PVST+ interoperability
•PVSTP is similar to the MSTP protocol as defined by IEEE 802.1s, the main difference being PVSTP runs one instance per VLAN
• In other words, each configured VLAN runs an independent instance of PVSTP
•FastUplink feature immediately moves an alternate port with lowest cost to forwarding state when the root port goes down to reduce recovery time
•FastBackbone feature selects new indirect port when an indirect port fails
NETGEAR PVRSTP implementation (CLI only) follows the same rules than other vendor’s Per VLAN RSTP for strict interoperability
• Including industry-standard RPVST+ interoperability
•PVRSTP is similar to the RSTP protocol as defined by IEEE 802.1w, the main difference being PVRSTP runs one instance per VLAN
• In other words, each configured VLAN runs an independent instance of PVRSTP
•Each PVRSTP instance elects a root bridge independent of the other
•Hence there are as many Root Bridges in the region as there are VLANs configured
•Per VLAN RSTP has in built support for FastUplink and FastBackbone
IP address conflict detection performed by embedded DHCP servers prevents accidental IP address duplicates from perturbing the overall network stability
Ease of deployment
Automatic configuration with DHCP and BootP Auto Install eases large deployments with a scalable configuration files management capability, mapping IP addresses and host names and providing individual configuration files to multiple switches as soon as they are initialized on the network
Both the Switch Serial Number and Switch primary MAC address are reported by a simple "show" command in the CLI - facilitating discovery and remote configuration operations
M4200 DHCP L2 Relay agents eliminate the need to have a DHCP server on each physical network or subnet
•DHCP Relay agents process DHCP messages and generate new DHCP messages
•Supports DHCP Relay Option 82 circuit-id and remote-id for VLANs
•DHCP Relay agents are typically IP routing-aware devices and can be referred to as Layer 3 relay agents
Automatic Voice over IP prioritization with Auto-VoIP simplifies most complex multi-vendor IP telephones deployments either based on protocols (SIP, H323 and SCCP) or on OUI bytes (default database and user-based OUIs) in the phone source MAC address; providing the best class of service to VoIP streams (both data and signaling) over other ordinary traffic by classifying traffic, and enabling correct egress queue configuration
An associated Voice VLAN can be easily configured with Auto-VoIP for further traffic isolation
When deployed IP phones are LLDP-MED compliant, the Voice VLAN will use LLDP-MED to pass on the VLAN ID, 802.1P priority and DSCP values to the IP phones, accelerating convergent deployments
Versatile connectivity
8-port PoE+ full power and NBASE-T compliant, 1G / 2.5G including two of these ports with 5G ability
All 8-port NBASE-T are backward compatible with standard Gigabit Ethernet (1000BASE-T) and Fast Ethernet (100BASE-T) speeds
IEEE 802.3at Power over Ethernet Plus (PoE+) provides up to 30W power per port using 2 pairs while offering backward compatilibity with 802.3af
• IEEE 802.3at Layer 2 LLDP method and 802.3at PoE+ 2-event classification method fully supported for compatibility with most PoE+ PD devices
2-port 10G SFP+ uplinks for 8x2.5G to the Wave 2 11ac Access Points and 2x10G line-rate aggregation to the wiring closet
Automatic MDIX and Auto-negotiation on all ports select the right transmission modes (half or full duplex) as well as data transmission for crossover or straight-through cables dynamically for the admin
Link Dependancy feature enables or disables one or more ports based on the link state of one or more different ports
IPv6 support with multicasting (MLD for IPv6 filtering), static IPv6 routes (unicast), ACLs and QoS
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 6 of 31
Ease of management and granular control
Dual firmware image and dual configuration file for transparent firmware updates / configuration changes with minimum service interruption
Flexible Port-Channel/LAG (802.3ad - 802.1AX) implementation for maximum compatibility, fault tolerance and load sharing with any type of Ethernet channeling from other vendors switch, server or storage devices conforming to IEEE 802.3ad - including static (selectable hashing algorithms) - or to IEEE 802.1AX with dynamic LAGs or port-channel (highly tunable LACP Link Aggregation Control Protocol )
Unidirectional Link Detection Protocol (UDLD) and Aggressive UDLD detect and avoid unidirectional links automatically, in order to prevent forwarding anomalies in a Layer 2 communication channel in which a bi-directional link stops passing traffic in one direction
Port names feature allows for descriptive names on all interfaces and better clarity in real word admin daily tasks
SDM (System Data Management, or switch database) templates allow for granular system resources distribution depending on IPv4 or IPv6 applications
•ARP Entries (the maximum number of entries in the IPv4 Address Resolution Protocol ARP cache for routing interfaces)
• IPv4 Unicast Routes (the maximum number of IPv4 unicast forwarding table entries)
• IPv6 NDP Entries (the maximum number of IPv6 Neighbor Discovery Protocol NDP cache entries)
• IPv6 Unicast Routes (the maximum number of IPv6 unicast forwarding table entries)
•ECMP Next Hops (the maximum number of next hops that can be installed in the IPv4 and IPv6 unicast forwarding tables)
Private VLANs and local Proxy ARP help reduce broadcast with added security
Management VLAN ID is user selectable for best convenience
Industry-standard VLAN management in the command line interface (CLI) for all common operations such as VLAN creation; VLAN names; VLAN “make static” for dynamically created VLAN by GVRP registration; VLAN trunking; VLAN participation as well as VLAN ID (PVID) and VLAN tagging for one interface, a group of interfaces or all interfaces at once
Simplified VLAN configuration with industry-standard Access Ports for 802.1Q unaware endpoints and Trunk Ports for switch-to-switch links with Native VLAN
System defaults automatically set per-port broadcast, multicast, and unicast storm control for typical, robust protection against DoS attacks and faulty clients which can, with BYOD, often create network and performance issues
IP Telephony administration is simplified with consistent Voice VLAN capabilities per the industry standards and automatic functions associated
Comprehensive set of “system utilities” and “Clear” commands help troubleshoot connectivity issues and restore various configurations to their factory defaults for maximum admin efficiency: traceroute (to discover the routes that packets actually take when traveling on a hop-by-hop basis and with a synchronous response when initiated from the CLI), clear dynamically learned MAC addresses, counters, IGMP snooping table entries from the Multicast forwarding database etc...
Syslog and Packet Captures can be sent to USB storage for rapid network troubleshooting
Replaceable factory-default configuration file for predictable network reset in distributed branch offices without IT personnel
All major centralized software distribution platforms are supported for central software upgrades and configuration files management (HTTP, TFTP), including in highly secured versions (HTTPS, SFTP, SCP)
Simple Network Time Protocol (SNTP) can be used to synchronize network resources and for adaptation of NTP, and can provide synchronized network timestamp either in broadcast or unicast mode (SNTP client implemented over UDP - port 123)
Embedded RMON (4 groups) and sFlow agents permit external network traffic analysis
Engineered for convergence
Audio (Voice over IP) and Video (multicasting) comprehensive switching, filtering, routing and prioritization
Auto-VoIP, Voice VLAN and LLDP-MED support for IP phones QoS and VLAN configuration
IGMP Snooping and Proxy for IPv4, MLD Snooping and Proxy for IPv6, and Querier mode facilitate fast receivers joins and leaves for multicast streams and ensure mul-ticast traffic only reaches interested receivers everywhere in a Layer 2 or a Layer 3 network, including source-specific (SSM) and any-source (ASM) multicast
Multicast VLAN Registration (MVR) uses a dedicated Multicast VLAN to forward multicast streams and avoid duplication for clients in different VLANs
PoE power management and schedule enablement
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 7 of 31
Layer 3 routing package
Static Routes/ECMP Static Routes for IPv4 and IPv6 •Static and default routes are configurable with next IP address hops to any given destination
•Permitting additional routes creates several options for the network administrator
•The admin can configure multiple next hops to a given destination, intending for the router to load share across the next hops
•The admin distinguishes static routes by specifying a route preference value: a lower preference value is a more preferred static route
•A less preferred static route is used if the more preferred static route is unusable (down link, or next hop cannot be resolved to a MAC address)
•Preference option allows admin to control the preference of individual static routes relative to routes learned from other sources (such as OSPF) since a static route will be preferred over a dynamic route when routes from different sources have the same preference
Advanced Static Routing functions for administrative traffic control
•Static Reject Routes are configurable to control the traffic destined to a particular network so that it is not forwarded through the router
•Such traffic is discarded and the ICMP destination unreachable message is sent back to the source
•Static reject routes can be typically used to prevent routing loops
•Default routes are configurable as a preference option
In order to facilitate VLAN creation and VLAN routing using Web GUI, a VLAN Routing Wizard offers follow-ing automated capabilities:
•Create a VLAN and generate a unique name for VLAN
•Add selected ports to the newly created VLAN and remove selected ports from the default VLAN
•Create a LAG, add selected ports to a LAG, then add this LAG to the newly created VLAN
•Enable tagging on selected ports if the port is in another VLAN
•Disable tagging if a selected port does not exist in another VLAN
•Exclude ports that are not selected from the VLAN
•Enable routing on the VLAN using the IP address and subnet mask entered as logical routing interface
DHCP Relay Agents relay DHCP requests from any routed interface, including VLANs, when DHCP server doesn’t reside on the same IP network or subnet
•The agent relays requests from a subnet without a DHCP server to a server or next-hop agent on another subnet
•Unlike a router which switches IP packets transparently, a DHCP relay agent processes DHCP messages and generates new DHCP messages
•Supports DHCP Relay Option 82 circuit-id and remote-id for VLANs
•Multiple Helper IPs feature allows to configure a DHCP relay agent with multiple DHCP server addresses per routing interface and to use different server addresses for client packets arriving on different interfaces on the relay agent server addresses for client packets arriving on different interfaces on the relay agent
Support of Routing Information Protocol (RIPv2) as a distance vector protocol specified in RFC 2453 for IPv4
•Each route is characterized by the number of gateways, or hops, a packet must traverse to reach its intended destination
•Categorized as an interior gateway protocol, RIP operates within the scope of an autonomous system
IP Multinetting allows to configure more than one IP address on a network interface (other vendors may call it IP Aliasing or Secondary Addressing)
ICMP Throttling feature adds configuration options for the transmission of various types of ICMP messages
• ICMP Redirects can be used by a malicious sender to perform man-in-the-middle attacks, or divert packets to a malicious monitor, or to cause Denial of Service (DoS) by blackholing the packets
• ICMP Echo Requests and other messages can be used to probe for vulnerable hosts or routers
•Rate limiting ICMP error messages protects the local router and the network from sending a large number of messages that take CPU and bandwidth
Enterprise security
Traffic control MAC Filter and Port Security help restrict the traffic allowed into and out of specified ports or interfaces in the system in order to increase overall security and block MAC address flooding issues
DHCP Snooping monitors DHCP traffic between DHCP clients and DHCP servers to filter harmful DHCP message and builds a bindings database of (MAC address, IP address, VLAN ID, port) tuples that are considered authorized in order to prevent DHCP server spoofing attacks
Dynamic ARP Inspection (IPv4) use the DHCP snooping bindings database per port and per VLAN to drop incoming packets that do not match any binding and to enforce source IP / MAC addresses for malicious users traffic elimination
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 8 of 31
Time-based Layer 2 / Layer 3-v4 / Layer 3-v6 / Layer 4 Access Control Lists (ACLs) can be binded to ports, Layer 2 interfaces, VLANs and LAGs (Link Aggregation Groups or Port channel) for fast unauthorized data prevention and right granularity
For in-band switch management, management ACLs on CPU interface (Control Plane ACLs) are used to define the IP/MAC or protocol through which management access is allowed for increased HTTP/HTTPS or Telnet/SSH management security
Out-of-band management is available via dedicated service port (1G RJ45 OOB) when in-band management can be prohibited via management ACLs
Bridge protocol data unit (BPDU) Guard allows the network administrator to enforce the Spanning Tree (STP) domain borders and keep the active topology consistent and predictable - unauthorized devices or switches behind the edge ports that have BPDU enabled will not be able to influence the overall STP by creating loops
Spanning Tree Root Guard (STRG) enforces the Layer 2 network topology by preventing rogue root bridges potential issues when for instance, unauthorized or unex-pected new equipment in the network may accidentally become a root bridge for a given VLAN
Dynamic 802.1x VLAN assignment mode, including Dynamic VLAN creation mode and Guest VLAN / Unauthenticated VLAN are supported for rigorous user and equipment RADIUS policy server enforcement
•Up to 48 clients (802.1x) per port are supported, including the authentication of the users domain, in order to facilitate convergent deployments. For instance when IP phones connect PCs on their bridge, IP phones and PCs can authenticate on the same switch port but under different VLAN assignment policies (Voice VLAN versus other Production VLANs)
802.1x MAC Address Authentication Bypass (MAB) is a supplemental authentication mechanism that lets non-802.1x devices bypass the traditional 802.1x process altogether, letting them authenticate to the network using their client MAC address as an identifier
•A list of authorized MAC addresses of client NICs is maintained on the RADIUS server for MAB purpose
•MAB can be configured on a per-port basis on the switch
•MAB initiates after unsuccesful dot1x authentication process (configurable time out), when clients don’t respond to any of EAPOL packets
•When 802.1X unaware clients try to connect, the switch sends the MAC address of each client to the authentication server
•The RADIUS server checks the MAC address of the client NIC against the list of authorized addresses
•The RADIUS server returns the access policy and VLAN assignment to the switch for each client
With Successive Tiering, the Authentication Manager allows for authentication methods per port for a Tiered Authentication based on configured time-outs
•By default, configuration authentication methods are tried in this order: Dot1x, then MAB, then Captive Portal (web authentication)
•With BYOD, such Tiered Authentication is powerful and simple to implement with strict policies
– For instance, when a client is connecting, M4200 tries to authencate the user/client using the three methods above, the one after the other
•The admin can restrict the configuration such that no other method is allowed to follow the captive portal method, for instance
Double VLANs (DVLAN - QinQ) pass traffic from one customer domain to another through the “metro core” in a multi-tenancy environment: customer VLAN IDs are preserved and a service provider VLAN ID is added to the traffic so the traffic can pass the metro core in a simple, secure manner
Private VLANs (with Primary VLAN, Isolated VLAN, Community VLAN, Promiscuous port, Host port, Trunks) provide Layer 2 isolation between ports that share the same broadcast domain, allowing a VLAN broadcast domain to be partitioned into smaller point-to-multipoint subdomains accross switches in the same Layer 2 network
•Private VLANs are useful in DMZ when servers are not supposed to communicate with each other but need to communicate with a router
•They remove the need for more complex port-based VLANs with respective IP interface/subnets and associated L3 routing
•Another Private VLANs typical application are carrier-class deployments when users shouldn’t see, snoop or attack other users’ traffic
Secure Shell (SSH) and SNMPv3 (with or without MD5 or SHA authentication) ensure SNMP and Telnet sessions are secured
TACACS+ and RADIUS enhanced administrator management provides strict “Login” and “Enable” authentication enforcement for the switch configuration, based on latest industry standards: exec authorization using TACACS+ or RADIUS; command authorization using TACACS+ and RADIUS Server; user exec accounting for HTTP and HTTPS using TACACS+ or RADIUS; and authentication based on user domain in addition to user ID and password
Superior quality of service
Advanced classifier-based hardware implementation for Layer 2 (MAC), Layer 3 (IP) and Layer 4 (UDP/TCP transport ports) prioritization
8 queues for priorities and various QoS policies based on 802.1p (CoS) and DiffServ can be applied to interfaces and VLANs
Advanced rate limiting down to 1 Kbps granularity and mininum-guaranteed bandwidth can be associated with ACLs for best granularity
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 9 of 31
Single Rate Policing feature enables support for Single Rate Policer as defined by RFC 2697
•Committed Information Rate (average allowable rate for the class)
•Committed Burst Size (maximum amount of contiguous packets for the class)
•Excessive Burst Size (additional burst size for the class with credits refill at a slower rate than committed burst size)
•DiffServ feature applied to class maps
Automatic Voice over IP prioritization with protocol-based (SIP, H323 and SCCP ) or OUI-based Auto-VoIP up to 144 simultaneous voice calls
iSCSI Flow Acceleration and automatic protection / QoS with Auto-iSCSI
Flow Control
802.3x Flow Control implementation per IEEE 802.3 Annex 31B specifications with Symmetric flow control, Asymmetric flow control or No flow control
•Asymmetric flow control allows the switch to respond to received PAUSE frames, but the ports cannot generate PAUSE frames
•Symmetric flow control allows the switch to both respond to, and generate MAC control PAUSE frames
Allows traffic from one device to be throttled for a specified period of time: a device that wishes to inhibit transmission of data frames from another device on the LAN transmits a PAUSE frame
•A device that wishes to inhibit transmission of data frames from another device on the LAN transmits a PAUSE frame
UDLD Support
UDLD implementation detects unidirectional links physical ports (UDLD must be enabled on both sides of the link in order to detect an unidirectional link)
•UDLD protocol operates by exchanging packets containing information about neighboring devices
•The purpose is to detect and avoid unidirectional link forwarding anomalies in a Layer 2 communication channel
Both “normal-mode” and “aggressive-mode” are supported for perfect compatibility with other vendors implementations, including port “D-Disable” triggering cases in both modes
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 10 of 31
Target Application
1
2
3
NETGEARProSAFE
M6100-3S
XCM8924X
Reset
SFP SPD/Link/ACT Mode: Green = Link at 10G Yellow = Link at 1G Bl ink = ACT
Green =Link at 10GYellow=
USB
OOB
Console
100M/1GBl ink=ACT
Supervisor
PWR/Status
1F 2F 1T 2T 3F 4F 3T 4T 5F 6F 5T 6T 7F 8F 7T 8T 9F 10 F 9T 10 T 11 F 12 F 11 T 12 T 13 F 14 F 13 T 14 T 15 F 16 F 15 T 16 T
RJ45 SPD/Link/ACT Mode: Green = Link at 10G Yellow = Link at 100M/1G Bl ink = ACT23 2421 2219 2017 18
Link at
XCM8924X
Reset
SFP SPD/Link/ACT Mode: Green = Link at 10G Yellow = Link at 1G Bl ink = ACT
Green =Link at 10GYellow=
USB
OOB
Console
100M/1GBl ink=ACT
Supervisor
PWR/Status
1F 2F 1T 2T 3F 4F 3T 4T 5F 6F 5T 6T 7F 8F 7T 8T 9F 10 F 9T 10 T 11 F 12 F 11 T 12 T 13 F 14 F 13 T 14 T 15 F 16 F 15 T 16 T
RJ45 SPD/Link/ACT Mode: Green = Link at 10G Yellow = Link at 100M/1G Bl ink = ACT23 2421 2219 2017 18
Link at
XCM8924X
Reset
SFP SPD/Link/ACT Mode: Green = Link at 10G Yellow = Link at 1G Bl ink = ACT
Green =Link at 10GYellow=
USB
OOB
Console
100M/1GBl ink=ACT
Supervisor
PWR/Status
1F 2F 1T 2T 3F 4F 3T 4T 5F 6F 5T 6T 7F 8F 7T 8T 9F 10 F 9T 10 T 11 F 12 F 11 T 12 T 13 F 14 F 13 T 14 T 15 F 16 F 15 T 16 T
RJ45 SPD/Link/ACT Mode: Green = Link at 10G Yellow = Link at 100M/1G Bl ink = ACT23 2421 2219 2017 18
Link at
M4200 Series:Wireless Access Layer
M6100 Series: Redundant Core
WIRING CLOSET – BUILDING 1
Fiber, 10GBASE-LR LITE single mode
Fiber, 10GBASE-LRM multimode
Copper, 1/ 2.5/ 5G PoE+ RJ45 Cat5e
Copper, 10GBASE-T RJ45 Cat6A
Fiber, 10GBASE-SR multimode
Wireless APs
WAREHOUSE – BUILDING 2
M4300 and M4200 Series:Distribution and Wireless Access Layer
PROSAFE
Power
Reset
FanStack ID
RJ45 LED: Green=10G, Yellow=100M/1G, Blink=ACT
1413 1615 1817 2019 2221 2423
M4300-12X12F
21 43 65 87 109 1211
StackMaster
Console (USB)115200, N, 8, 1
USB
SFP+ LED: Green=10G, Yellow=1G, Blink=ACTPROSAFE
Power
Reset
FanStack ID
RJ45 LED: Green=10G, Yellow=100M/1G, Blink=ACT
1413 1615 1817 2019 2221 2423
M4300-12X12F
21 43 65 87 109 1211
StackMaster
Console (USB)115200, N, 8, 1
USB
SFP+ LED: Green=10G, Yellow=1G, Blink=ACT
M4300-12X12F
M4300-12X12F
L2/L3/L4 LACP
PROSAFE
Power
Reset
Console (USB)115200, N, 8, 1 USB
Link/AC Mode:
Console
OOBSPD ACT
Green=1GYellow=10/100M
115200,N,8,1
Fan
Green=10G, Yellow=1G, Blink=ACT
3 4 5 6 7 8 9 101 2
M4200-10MG-PoE+100-240~50-60Hz, 5A max.RJ45 SPD Mode:
Yellow=10/100MGreen=2.5G,Blink=ACT
PoE Mode:Green=PoE Powered
Yellow=PoE FaultOf f =no PD
RJ45 SPD Mode:Yellow=10/100M
Green=2.5G,Blink=ACT
PoE Mode:Green=PoE Powered
Yellow=PoE FaultOf f =no PD
SPD PoE
M4200-10MG-PoE+
PROSAFE
Power
Reset
Console (USB)115200, N, 8, 1 USB
Link/AC Mode:
Console
OOBSPD ACT
Green=1GYellow=10/100M
115200,N,8,1
Fan
Green=10G, Yellow=1G, Blink=ACT
3 4 5 6 7 8 9 101 2
M4200-10MG-PoE+100-240~50-60Hz, 5A max.RJ45 SPD Mode:
Yellow=10/100MGreen=2.5G,Blink=ACT
PoE Mode:Green=PoE Powered
Yellow=PoE FaultOf f =no PD
RJ45 SPD Mode:Yellow=10/100M
Green=2.5G,Blink=ACT
PoE Mode:Green=PoE Powered
Yellow=PoE FaultOf f =no PD
SPD PoE
2.4 GHz GHz5
2.4 GHz GHz5
2.4 GHz GHz5
M4200-10MG-PoE+
PROSAFE
Power
Reset
Console (USB)115200, N, 8, 1 USB
Link/AC Mode:
Console
OOBSPD ACT
Green=1GYellow=10/100M
115200,N,8,1
Fan
Green=10G, Yellow=1G, Blink=ACT
3 4 5 6 7 8 9 101 2
M4200-10MG-PoE+100-240~50-60Hz, 5A max.RJ45 SPD Mode:
Yellow=10/100MGreen=2.5G,Blink=ACT
PoE Mode:Green=PoE Powered
Yellow=PoE FaultOf f =no PD
RJ45 SPD Mode:Yellow=10/100M
Green=2.5G,Blink=ACT
PoE Mode:Green=PoE Powered
Yellow=PoE FaultOf f =no PD
SPD PoE
2.4 GHz GHz5
2.4 GHz GHz5
2.4 GHz GHz5
2.4 GHz GHz5
2.4 GHz GHz5
2.4 GHz GHz5
M4200-10MG-PoE+
Wave 2 11ac Access Point deployment
M4200 is the world’s first Multigigabit Ethernet switch with eight full power PoE+ and multi-speed 1G, 2.5G ports combined with two 10G uplinks for a fully non-blocking deployment of eight Wave 2 11ac access points from any vendor.
.
Building 1: Wireless Access Layer
•With Wave 2 802.11ac, wired networks need to expand their reach and scope to support speeds greater than 1 Gigabit
•In addition, power-constrained environments can benefit from full power PoE+ to support access points in a range of environments
•The M4200-10MG-PoE+ was designed from the ground up to optimize the installation of Wave 2 11ac access points
•With 8 x 2.5G to the APs and 2 x 10G line rate aggregation, M4200 connects redundantly directly to a M6100 core chassis
•The two SFP+ uplinks connect to two different 10G blades using link aggregation (L2/L3/L4 LACP) with load-balancing and failover
•M6100 management unit hitless failover and nonstop forwarding ensure no single point of failure
•Using LACP in aggregation to this redundant core, M4200 allows for wire-speed wireless access layer, with PoE+ full provisioning
Building 2: M4300 and M4200 Distribution and Wireless Access Layer
•In this warehouse, two half-width M4300 10GbE models are paired in a single rack space for redundant distribution layer•Compared with a single aggregation switch, such two-unit horizontal stacking is cost-effective yet highly efficient for HA•Management unit hitless failover and nonstop forwarding ensures no single point of failure for M4200 access switches •Every M4200 can connect to both redundant distribution switches using link aggregation (L2/L3/L4 LACP) with load-balancing and failover •When too far from the wiring closet, M4200 distant switches are securely mounted on poles across the warehouse•This redundant topology allows for wire-speed 8x2.5G wireless access layer, with PoE+ full provisioning
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 11 of 31
19-inch Rack-Mount Kit Mount for Attachment Outside the Rack 10cm Hose Clamps for Round Poles Rubber Belts for Rectangular Poles
Components
•8-port PoE+ 1G / 2.5G (RJ45) including 2-port with 5Gbps
•NBASE-T compliant
•2-port 10GBASE-X (SFP+)
•Non blocking 90Gbps fabric for (6 x 2.5G) + (2 x 5G) + (2 x 10G) full duplex operation
•240W PoE budget (30W per port across 8 ports)
•Out-of-band 1G Ethernet management port
•Mini-USB and RJ45 RS232 console ports and USB storage port
•L3 feature set with static routing and RIP v1/v2 dynamic routing
•Easy Mount for standard rack mounting as well as plenum mounting on poles or walls
•Whisper quiet acoustics (28.9dB @25°C / 77°F)
M4200-10MG-PoE+Multigigabit Ethernet Managed Switch
Ordering informationAmericas, Europe: GSM4210P-100NES
Asia Pacific: GSM4210P-100AJS
Warranty: Lifetime ProSAFE Hardware Warranty
Standard Rack Mounting Attaching the Switch to a Wall Attaching the Switch to a Round Pole Attaching the Switch to a Rectangular Pole
Both the switch back panel and bottom panel contain mounting holes to allow for attachment
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 12 of 31
Accessories
ORDERING INFORMATIONWORLDWIDE: SEETABLEBELOW
WARRANTY: 5 YEARS
Multimode Fiber (MMF) Single mode Fiber (SMF)OM1orOM262.5/125µm
OM3orOM450/125µm 9/125µm
10 Gigabit SFP+
AXM763
10GBase-LRMlongreachmultimode
802.3aq-LCduplexconnector
upto220m(722ft)
AXM763-10000S (1 unit)
AXM763
10GBase-LRMlongreachmultimode
802.3aq-LCduplexconnector
upto260m(853ft)
AXM763-10000S (1 unit)
AXM762
10GBase-LRlongreachsinglemodeLCduplexconnector
upto10km(6.2miles)
AXM762-10000S (1 unit) AXM762P10-10000S
(pack of 10 units)
AXM76110GBase-SRshortreachmultimode
LCduplexconnector
OM3:upto300m(984ft)OM4:upto550m(1,804ft)
AXM761-10000S (1 unit) AXM761P10-10000S
(pack of 10 units)
AXM76410GBase-LRLITEsinglemode
LCduplexconnector
upto2km(1.2mile)
AXM764-10000S (1 unit)
Gigabit SFP
AGM731F
1000Base-SXshortrangemultimodeLCduplexconnector
upto275m(902ft)
AGM731F (1 unit)
AGM731F
1000Base-SXshortrangemultimodeLCduplexconnector
OM3:upto550m(1,804ft)OM4:upto1,000m(3,280ft)
AGM731F (1 unit)
AGM732F
1000Base-LXlongrangesinglemodeLCduplexconnector
upto10km(6.2miles)
AGM732F (1 unit)
•Fits into M4200 models SFP+ interfaces
GBIC SFP and SFP+ Optics for M4200 series
•Fits into M4200 models SFP+ interfaces
•Fits into M4200 models SFP+ interfaces
•1 port Gigabit RJ45
•Supports only 1000Mbps full-duplex mode
•Up to 100m (328 ft) with Cat5 RJ45 or better
•Conveniently adds copper connectivity to M4200 fiber interfaces
AGM7341000Base-T Gigabit RJ45 SFP
ORDERINGINFORMATION•WORLDWIDE:AGM734-10000S
•WARRANTY:5YEARS
Direct Attach Cables for M4200 series
SFP+ to SFP+ 1meter(3.3ft) 3meters(9.8ft)
10 Gigabit DAC AXC761
10GSFP+Cu(passive)SFP+connectorsonbothend
AXC761-10000S (1 unit)
AXC763
10GSFP+Cu(passive)SFP+connectorsonbothend
AXC763-10000S (1 unit)
•Fits into M4200 models SFP+ interfaces
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 13 of 31
Model Name Description Model number
M4200-10MG-PoE+ FullPowerPoE+8x2.5Gand2x10GAggregationSwitch GSM4210P
Technical Specifications
PHYSICAL INTERFACES
Gigabitand10GigabitEthernetPorts Auto-sensingRJ45100/1000/2.5GBASE-T
Auto-sensingRJ45100/1000/2.5G/5GBASE-T
Auto-sensingSFP+ports1000/10GBASE-X
M4200-10MG-PoE+ 6 2 2
ManagementPorts Consoleports Serviceport(Out-of-bandEthernet) Storageport
M4200-10MG-PoE+ SerialRS232RJ45(front);Mini-USB(front) 1xRJ4510/100/1000BASE-T(front) 1xUSB(front)
PowerSupply Built-inPSU
M4200-10MG-PoE+ 1(front,powercordstrapandlock)
Fans Fixedfans
M4200-10MG-PoE+ side-to-sideairflow
Requirements based on 12.0 software release
POWER OVER ETHERNET
PSECapacity PoE+ports
M4200-10MG-PoE+ 8
PoEBudget PoEBudget@110V-220VACin
M4200-10MG-PoE+ 240Watts(8x30Wfullpower)
FeaturesSupport
IEEE802.3af(upto15.4Wperport) Yes
IEEE802.3at(upto30Wperport) Yes
IEEE802.3atLayer2(LLDP)method Yes
IEEE802.3at2-eventclassification Yes
PoEtimer/schedule(week,days,hours) Yes
PROCESSOR / MEMORY
Processor(CPU) Integrated800MhzCPUinswitchingsilicon
Systemmemory(RAM) 1GB
Codestorage(flash) 256MB Dualfirmwareimage,dualconfigurationfile
PacketBufferMemory 16Mb Dynamicallysharedacrossonlyusedports
PERFORMANCE SUMMARY
Switchingfabric
M4200-10MG-PoE+ 90Gbps Line-rate(nonblockingfabric)
Throughput
M4200-10MG-PoE+ 66.9Mpps
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 14 of 31
Latency-10GFiber 64-byteframes 512-byteframes 1024-byteframes 1518-byteframes
M4200-10MG-PoE+ 0.849µs 0.838µs 0.838µs 0.835µs
Latency-5GCopper 64-byteframes 512-byteframes 1024-byteframes 1518-byteframes
M4200-10MG-PoE+ 5.697µs 6.94µs 8.578µs 10.16µs
Latency-2.5GCopper 64-byteframes 512-byteframes 1024-byteframes 1518-byteframes
M4200-10MG-PoE+ 7.174µs 8.573µs 10.214µs 11.78µs
Latency-1GFiber 64-byteframes 512-byteframes 1024-byteframes 1518-byteframes
M4200-10MG-PoE+ 2.775µs 2.756µs 2.741µs 2.712µs
Latency-1GCopper 64-byteframes 512-byteframes 1024-byteframes 1518-byteframes
M4200-10MG-PoE+ 2.784µs 2.764µs 2.748µs 2.769µs
GreenEthernet
EnergyEfficientEthernet(EEE) IEEE802.3azEnergyEfficientEthernetTaskForcecomplianceDeactivatedbydefault
OtherMetrics
Forwardingmode Store-and-forward
Addressing 48-bitMACaddress
Addressdatabasesize 16KMACaddresses
NumberofVLANs 4,093VLANs(802.1Q)simultaneously
Numberofmulticastgroupsfiltered(IGMP) 2Ktotal(1,024IPv4and1,024IPv6)
NumberofLinkAggregationGroups(LAGs) 5LAGswithupto8portspergroup802.3ad/802.1AX-2008
NumberofhardwarequeuesforQoS 8queues
NumberofroutesIPv4IPv6
32IPv4UnicastRoutes32IPv6UnicastRoutes
NumberofstaticroutesIPv4IPv6
3232
RIPapplicationroutescalingIPv4 32
NumberofIPinterfaces(portorVLAN) 64
Jumboframesupport upto9KBpacketsize
Acousticnoise(ANSI-S10.12) @25°Cambient(77°F)
M4200-10MG-PoE+ 28.9dBFanspeedcontrol
HeatDissipation(BTU)
M4200-10MG-PoE+ 1,067.62BTU/hr
MeanTimeBetweenFailures(MTBF) @25°Cambient(77°F) @50°Cambient(122°F)
M4200-10MG-PoE+ 753,324hours(~85.99years) 172,083hours(~19.6years)
L2 SERVICES - VLANS
IEEE802.1QVLANTagging Yes Upto4,093VLANs-802.1QTagging
ProtocolBasedVLANsIPsubnetARPIPX
YesYesYesYes
SubnetbasedVLANs Yes
MACbasedVLANs Yes
VoiceVLAN Yes BasedonphonesOUIbytes(internaldatabase,oruser-maintained)orprotocols(SIP,H323andSCCP)
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 15 of 31
PrivateEdgeVLAN Yes
PrivateVLAN Yes
IEEE802.1xGuestVLANRADIUSbasedVLANassignmentvia.1xRADIUSbasedFilterIDassignmentvia.1xMAC-based.1xUnauthenticatedVLAN
YesYesYesYesYesYes
IPphonesandPCscanauthenticateonthesameportbutunderdifferentVLANassignmentpolicies
DoubleVLANTagging(QoQ)Enablingdvlan-tunnelmakesinterfaceGlobalethertype(TPID)Interfaceethertype(TPID)CustomerIDusingPVID
YesYesYesYesYes
GARPwithGVRP/GMRP Yes AutomaticregistrationformembershipinVLANsorinmulticastgroups
MultipleRegistrationProtocol(MRP) Yes CanreplaceGARPfunctionality
MulticastVLANRegistrationProtocol(MVRP) Yes CanreplaceGVRPfunctionality
MVR(MulticastVLANregistration) Yes
L2 SERVICES - AVAILABILITY
IEEE802.3ad-LAGsLACPStaticLAGsLocalPreferenceperLAG
YesYesYesYes
Upto5LAGsandupto8portspergroup
LAGHashing Yes
LAGMemberPortFlapsTracking Yes
LAGLocalPreference Yes KnownunicasttrafficegressesonlyoutoflocalbladeLAGinterfarcemembers
StormControl Yes
IEEE802.3x(FullDuplexandflowcontrol)PerportFlowControl
YesYes AsymmetricandSymmetricFlowControl
UDLDSupport(UnidirectionalLinkDetection)Normal-ModeAggressive-Mode
YesYesYes
LinkDependency YesAllowthelinkstatusofspecifiedportstobedependentonthelinkstatusofotherports
IEEE802.1DSpanningTreeProtocol Yes
IEEE802.1wRapidSpanningTree Yes
IEEE802.1sMultipleSpanningTree Yes
PerVLANSTP(PVSTP)withFastUplinkandFastBackbone Yes(CLIonly) PVST+interoperability
PerVLANRapidSTP(PVRSTP) Yes(CLIonly) RPVST+interoperability
STPLoopGuard Yes
STPRootGuard Yes
BPDUGuard Yes
STPBPDUFiltering Yes
STPBPDUFlooding Yes
L2 SERVICES - MULTICAST FILTERING
IGMPv2SnoopingSupport Yes
IGMPv3SnoopingSupport Yes
MLDv1SnoopingSupport Yes
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 16 of 31
MLDv2SnoopingSupport Yes
ExpeditedLeavefunction Yes
StaticL2MulticastFiltering Yes
EnableIGMP/MLDSnoopingperVLAN Yes
IGMPv1/v2SnoopingQuerier Yes
MLDv1SnoopingQuerier Yes
MGMDSnoopingControlPacketFloodingFloodingtomRouterPortsRemoveFlood-All-UnregisteredOption
YesYesYes
MulticastVLANregistration(MVR) Yes
L3 SERVICES - DHCP
DHCPIPv4/DHCPIPv6Client Yes
DHCPIPv4Server Yes
DHCPSnoopingIPv4 Yes
BootPRelayIPv4 Yes
DHCPRelayIPv4 Yes
DHCPRelayOption82circuit-idandremote-idforVLANs Yes
MultipleHelperIPs Yes
AutoInstall(DHCPoptions66,67,150and55,125) Yes
L3 SERVICES - ROUTING
StaticRouting/ECMPStaticRoutingMultiplenexthopstoagivendestinationLoadsharing,RedundancyDefaultroutesStaticRejectroutes
IPv4/IPv6YesYesYesYes
PortBasedRouting Yes
VLANRouting802.3ad(LAG)forrouterports
YesYes
RIPRIPv1/RIPv2
IPv4Yes
IPMultinetting Yes
ICMPthrottling Yes
RouterDiscoveryProtocol Yes
DNSClient IPv4/IPv6
IPHelperMaxIPHelperentries
Yes512
ProxyARP IPv4/IPv6
ICMPICMPredirectdetectioninhardware
IPv4/IPv6Yes
NETWORK MONITORING AND DISCOVERY SERVICES
ISDP(IndustryStandardDiscoveryProtocol) Yes CaninteroperatewithdevicesrunningCDP
802.1abLLDP Yes
802.1abLLDP-MED Yes
SNMP V1,V2,V3
RMON1,2,3,9 Yes
sFlow Yes
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 17 of 31
SECURITY
NetworkStormProtection,DoS
Broadcast,Unicast,MulticastDoSProtectionDenialofServiceProtection(controlplane)DenialofServiceProtection(dataplane)
YesYesYes
SwitchCPUprotectionSwitchTrafficprotection
DoSAttacksProtection SIPDIPSMACDMACFIRSTFRAGTCPFRAGTCPFLAGTCPPORT
UDPPORTTCPFLAGSEQTCPOFFSET
TCPSYNTCPSYNFIN
TCPFINURGPSH
L4PORTICMP
ICMPV4ICMPV6
ICMPFRAGPINGFLOOD
SYNACK
CPURateLimiting Yes AppliedtoIPv4andIPv6multicastpacketswithunknownL3addresseswhenIProuting/multicastenabled
ICMPthrottling Yes RestrictICMP,PINGtrafficforICMP-basedDoSattacks
Management
ManagementACL(MACAL)MaxRules
Yes64
ProtectsmanagementCPUaccessthroughtheLAN(inbandmanagement)
OutofbandManagement Yes In-bandmanagementcanbeshutdownentirelywhenout-of-bandmanagementnetwork
Radiusaccounting Yes RFC2565andRFC2866
TACACS+ Yes
MaliciousCodeDetection Yes SoftwareimagefilesandConfigurationfileswithdigitalsignatures
NetworkTraffic
AccessControlLists(ACLs) L2/L3/L4 MAC,IPv4,IPv6,TCP,UDP
Time-basedACLs Yes
Protocol-basedACLs Yes
ACLoverVLANs Yes
DynamicACLs Yes
IEEE802.1xRadiusPortAccessAuthentication Yes Upto48clients(802.1x)perportaresupported,includingtheauthenticationoftheusersdomain
802.1xMACAddressAuthenticationBypass(MAB) Yes Supplementalauthenticationmechanismfornon-802.1xdevices,basedontheirMACaddressonly
NetworkAuthenticationSuccessiveTiering Yes Dot1x->MAP->CaptivePortalsuccessiveauthenticationmethodsbasedonconfiguredtime-outs
PortSecurity Yes
DHCPSnooping YesIPv4/IPv6
DynamicARPInspection YesIPv4
IPv6RAGuardStatelessMode Yes
MACFiltering Yes
PortMACLocking Yes
PrivateEdgeVLAN Yes Aprotectedportdoesn’tforwardanytraffic(unicast,multicast,orbroadcast)toanyotherprotectedport-sameswitch
PrivateVLANs Yes ScalesPrivateEdgeVLANsbyprovidingLayer2isolationbetweenportsacrossswitchesinsameLayer2network
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 18 of 31
QUALITY OF SERVICE (QOS) - SUMMARY
AccessListsL2MAC,L3IPandL4PortACLsIngressEgressTime-based802.3ad(LAG)forACLassignmentBindingACLstoVLANsACLLoggingSupportforIPv6fields
YesYesYesNoYesYesYesYesYes
DiffServQoSEdgeNodeapplicabilityInteriorNodeapplicability802.3ad(LAG)forserviceinterfaceSupportforIPv6fieldsIngress/Egress
YesYesYesYesYes
Ingressonly
IEEE802.1pCOS802.3ad(LAG)forCOSconfigurationWRED(WeightedDeficitRoundRobin)StrictPriorityqueuetechnology
YesYesYesYes
SingleRatePolicingCommittedInformationRateCommittedBurstSizeExcessiveBurstSizeDiffServfeatureappliedtoclassmaps
Yes(CLIonly)YesYesYesYes
Auto-VoIP Yes,basedonprotocols(SIP,H323andSCCP)oronOUIbytes(defaultdatabaseanduser-basedOUIs)inthephonesourceMACaddress
iSCSIFlowAccelerationDot1pMarkingIPDSCPMarking
YesYesYes
QOS - ACL FEATURE SUPPORT
ACLSupport(general,includesIPACLs)MACACLSupportIPRuleMatchFields:DestinationIPDestinationIPv6IPDestinationL4PortEveryPacketIPDSCPIPPrecedenceIPTOS
YesYes
InboundInboundInboundInboundInboundInboundInbound
ProtocolSourceIP(forMasksupportseebelow)SourceIPv6IPL3IPv6FlowLabelSourceL4PortTCPFlagSupportsMasking
InboundInboundInboundInboundInbound
NoInbound
MACRuleMatchFieldsCOSDestinationMACDestinationMACMaskEthertypeSourceMACSourceMACMaskVLANID
InboundInboundInboundInboundInboundInboundInbound
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 19 of 31
RulesattributesAssignQueueLogging--denyrulesMirror(tosupportedinterfacetypesonly)Redirect(tosupportedinterfacetypesonly)RateLimiting--permitrules
InboundInboundInboundInboundInbound
InterfaceInbounddirectionOutbounddirectionSupportsLAGinterfacesSupportsControl-planeinterfaceMultipleACLsperinterface,dirMixed-typeACLsperinterface,dirMixedL2/IPv4ACLsperinterface,inboundMixedIPv4/IPv6ACLsperinterface,inboundMixedIPv4/IPv6ACLsperinterface,outbound
YesYesYesNoYesYesNoNoNo
QOS - DIFFSERV FEATURE SUPPORT
DiffServSupportedClassTypeAllClassMatchCriteriaCOSCOS2(SecondaryCOS)DestinationIP(forMasksupportseebelow)DestinationIPv6IPDestinationL4PortDestinationMAC(forMasksupportseebelow)EthertypeEveryPacketIPDSCPIPPrecedenceIPTOS(forMasksupportseebelow)ProtocolReferenceClassSourceIP(forMasksupportseebelow)SourceIPv6IPL3IPv6FlowLabelSourceL4PortSourceMAC(forMasksupportseebelow)VLANID(SourceVID)VLANID2(SecondaryVLAN)(SourceVID)SupportsMasking
Yes
Yes
InboundNo
InboundInboundInboundInboundInboundInboundInboundInboundInboundInboundInboundInboundInboundInboundInboundInboundInbound
NoInbound
PolicyOutClassUnrestricted Yes
PolicyAttributes--InboundAssignQueueDropMarkCOSMarkCOS-AS-COS2MarkCOS2(SecondaryCOS)MarkIPDSCPMarkIPPrecedenceMirror(tosupportedinterfacetypesonly)PoliceSimplePoliceSingle-RatePoliceTwo-RatePoliceColorAwareModeRedirect(tosupportedinterfacetypesonly)
YesYesYesNoNoYesYesYesYesNoYesYesYes
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 20 of 31
PolicyAttributes--OutboundDropMarkCOSMarkIPDSCPMarkIPPrecedenceMirror(tosupportedinterfacetypesonly)PoliceSimplePoliceSingle-RatePoliceTwo-RatePoliceColorAwareModeRedirect(tosupportedinterfacetypesonly)
NoNoNoNoNoNoNoNoNoNoNo
ServiceInterfaceInboundSlot.PortconfigurableInbound'All'PortsconfigurableOutboundSlot.PortconfigurableOutbound'All'PortsconfigurableSupportsLAGinterfacesMixedL2/IPv4matchcriteria,inboundMixedIPv4/IPv6matchcriteria,inboundMixedIPv4/IPv6matchcriteria,outbound
YesYesNoNoYesNoNoNo
PHBSupportEFAF4xAF3xAF2xAF1xCS
YesYesYesYesYesYes
Statistics--PolicyInstanceOfferedDiscarded
packetspackets
QOS - COS FEATURE SUPPORT
COSSupportSupportsLAGinterfaces
YesYes
COSMappingConfigConfigurableper-interfaceIPDSCPMapping
YesYes
COSQueueConfigQueueParmsconfigurableper-interfaceDropParmsconfigurableper-interfaceInterfaceTrafficShaping(forwholeegressinterface)MinimumBandwidthWeightedDeficitRoundRobin(WDRR)SupportMaximumQueueWeightWREDSupport
YesYesYesYesYes127Yes
FUNCTIONAL SUMMARY - IETF RFC STANDARDS AND IEEE NETWORK PROTOCOLS
CoreManagement
RFC854—Telnet RFC3414—User-BasedSecurityModel
RFC855—Telnetoptionspecifications RFC3415—View-basedAccessControlModel
RFC1155—SMIv1 RFC3416—Version2ofSNMPProtocolOperations
RFC1157—SNMP RFC3417—TransportMappings
RFC1212—ConciseMIBdefinitions RFC3418—ManagementInformationBase(MIB)fortheSimpleNetworkManagementProtocol(SNMP)
RFC1867—HTML/2.0formswithfileuploadextensions ConfigurableManagementVLAN
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 21 of 31
RFC1901—Community-basedSNMPv2 SSL3.0andTLS1.0–RFC2246—TheTLSprotocol,version1.0–RFC2346—AESciphersuitesforTransportlayersecurity–RFC2818—HTTPoverTLS
RFC1908—CoexistencebetweenSNMPv1andSNMPv2
RFC2068—HTTP/1.1protocolasupdatedbydraft-ietf-http-v11-spec-rev-03
RFC2271—SNMPframeworkMIB
RFC2295—Transparentcontentnegotiation SSH1.5and2.0–RFC4253—SSHtransportlayerprotocol–RFC4252—SSHauthenticationprotocol–RFC4254—SSHconnectionprotocol–RFC4251—SSHprotocolarchitecture–RFC4716—SECSHpublickeyfileformat–RFC4419—Diffie-HellmangroupexchangefortheSSHtransportlayerprotocol
RFC2296—Remotevariantselection;RSVA/1.0statemanagementcookies—draft-ietf-http-state-mgmt-05
RFC2576—CoexistencebetweenSNMPv1,v2,andv3
RFC2578—SMIv2
RFC2579—TextualconventionsforSMIv2
RFC2580—ConformancestatementsforSMIv2
RFC3410—IntroductionandApplicabilityStatementsforInternetStandardManagementFramework
RFC3411—AnArchitectureforDescribingSNMPManagementFrameworks HTML4.0specification,December1997
RFC3412—MessageProcessing&DispatchingJavaScript™1.3
RFC3413—SNMPApplications
AdvancedManagement
Industry-standardCLIwiththefollowingfeatures:–Scriptingcapability–Commandcompletion–Context-sensitivehelp
Optionaluserpasswordencryption MultisessionTelnetserver AutoImageUpgrade
CoreSwitching
IEEE802.1AB—Linkleveldiscoveryprotocol IEEE802.3ac—VLANtagging
IEEE802.1D—Spanningtree IEEE802.3ad—Linkaggregation
IEEE802.1p—Ethernetprioritywithuserprovisioningandmapping IEEE802.3ae—10GbE
IEEE802.1Q—VirtualLANsw/port-basedVLANs IEEE802.3af—PoweroverEthernet
IEEE802.1S—Multiplespanningtreecompatibility IEEE802.3at—PoweroverEthernetPlus
IEEE802.1v—Protocol-basedVLANs IEEE802.3x—Flowcontrol
IEEE802.1W—Rapidspanningtree ANSI/TIA-1057—LLDP-MED
iEEE802.1AB—LLDP GARP—GenericAttributeRegistrationProtocol:clause12,802.1D-2004
IEEE802.1X—Port-basedauthentication GMRP—DynamicL2multicastregistration:clause10,802.1D-2004
IEEE802.3—10Base-T GVRP—DynamicVLANregistration:clause11.2,802.1Q-2003
IEEE802.3u—100Base-T RFC4541—IGMPsnoopingandMLDsnooping
IEEE802.3ab—1000Base-T RFC5171—UniDirectionalLinkDetection(UDLD)Protocol
AdditionalLayer2Functionality
Broadcaststormrecovery IGMPandMLDsnoopingquerier
DoubleVLAN/VMANtagging PortMAClocking
DHCPSnooping MAC-basedVLANs
DynamicARPinspection IPsourceguard
IndependentVLANLearning(IVL)support IPsubnet-basedVLANs
IPv6classificationAPIs VoiceVLANs
JumboEthernetframes Protectedports
Portmirroring IGMPsnooping
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 22 of 31
StaticMACfiltering GreenEthernetpowersavingsmode
SystemFacilities
Eventanderrorloggingfacility RFC2030—SimpleNetworkTimeProtocol(SNTP)V4forIPv4,IPv6,andOSI
Runtimeandconfigurationdownloadcapability RFC2131—DHCPClient/Server
PINGutility RFC2132—DHCPoptionsandBOOTPvendorextensions
XMODEM RFC2865—RADIUSclient
RFC768—UDP RFC2866—RADIUSaccounting
RFC783—TFTP RFC2868—RADIUSattributesfortunnelprotocolsupport
RFC791—IP RFC2869—RADIUSextensions
RFC792—ICMP RFC28869bis—RADIUSsupportforExtensibleAuthenticationProtocol(EAP)
RFC793—TCP RFC5176—RADIUSChangeofAuth
RFC826—ARP RFC3164—TheBSDsyslogprotocolwithRFC5424update
RFC951—BOOTP RFC3580—802.1XRADIUSusageguidelines
RFC1321—Messagedigestalgorithm PowerSourceEquipment(PSE)IEEE802.afPoweredEthernet(DTEPowerviaMDI)standard
RFC1534—InteroperabilitybetweenBOOTPandDHCP IEEEDraftP802.1AS/D6.7—IEEE802.1ASTimeSynchronizationProtocol
CoreRouting
RFC826—EthernetARP RFC3021—Using31-BitPrefixesonPoint-to-PointLinks
RFC894—TransmissionofIPdatagramsoverEthernetnetworks RFC3046—DHCP/BOOTPrelay
RFC896—CongestioncontrolinIP/TCPnetworks VLANrouting
RFC1027—UsingARPtoimplementtransparentsubnetgateways(ProxyARP)
RFC1256—ICMProuterdiscoverymessages
RFC1321—Messagedigestalgorithm
RFC1519—CIDR
RFC1812—RequirementsforIPv4routers
RFC2082—RIP-2MD5authentication
RFC2131—DHCPrelay
RFC2453—RIPv2
QualityofService-DiffServ
RFC2474—Definitionofthedifferentiatedservicesfield(DSField)inIPv4/IPv6headers RFC3246—AnexpeditedforwardingPHB(Per-HopBehavior)
RFC2475—AnarchitecturefordifferentiatedservicesRFC3260—NewterminologyandclarificationsforDiffServ
RFC2597—AssuredforwardingPHBgroup
QualityofService-AccessControlLists(ACLs)
Permit/denyactionsforinboundoroutboundIPtrafficclassificationbasedon:–Typeofservice(ToS)ordifferentiatedservices(DS)DSCPfield–SourceIPaddress–DestinationIPaddress–TCP/UDPsourceport–TCP/UDPdestinationport–IPv6flowlabel–IPprotocolnumber
Permit/denyactionsforinboundoroutboundLayer2trafficclassificationbasedon: –SourceMACaddress –DestinationMACaddress –EtherType –VLANidentifiervalueorrange(outerand/orinnerVLANtag) –802.1puserpriority(outerand/orinnerVLANtag) Optionalruleattributes: –Assignmatchingtrafficflowtoaspecificqueue –Redirectormirror(flow-basedmirroring)matchingtrafficflowtoaspecificport –Generatetraplogentriescontainingrulehitcounts
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 23 of 31
QualityofService-ClassofService(CoS)
Directuserconfigurationofthefollowing:–IPDSCPtotrafficclassmapping–IPprecedencetotrafficclassmapping–Interfacetrustmode:802.1p,IPPrecedence,IPDSCP,oruntrusted–Interfacetrafficshapingrate–Minimumandmaximumbandwidthperqueue–Strictpriorityversusweighted(WRR/WDRR/WFQ)schedulingperqueue–TaildropversusWeightedRandomEarlyDetection(WRED)queuedepthmanagement
AutoVoIP
CoreMulticast
RFC1112—HostextensionsforIPmulticasting Draft-ietf-idmr-dvmrp-v3-10—DVMRP
RFC2236—IGMPv2 Draft-ietf-magma-igmp-proxy-06.txt—IGMP/MLD-basedmulticastforwarding(IGMP/MLDproxying)
RFC2710—MLDv1 Draft-ietf-magma-igmpv3-and-routing-05.txt—IGMPv3andmulticastroutingprotocolinteraction
RFC2365—Administrativelyscopedboundaries
StaticRPconfigurationRFC3376—IGMPv3
RFC3810—MLDv2
CoreIPv6Routing
RFC1981—PathMTUforIPv6 RFC3513—AddressingarchitectureforIPv6
RFC2373—IPv6addressing RFC3542—AdvancedsocketsAPIforIPv6
RFC2460—IPv6protocolspecification RFC3587—IPv6globalunicastaddressformat
RFC2461—Neighbordiscovery RFC4291—AddressingarchitectureforIPv6
RFC2462—Statelessautoconfiguration RFC4443—InternetControlMessageProtocol(ICMPv6)fortheIPv6Specification
RFC2464—IPv6overEthernet RFC6164—Using127-BitIPv6PrefixesonInter-RouterLinks
RFC2711—IPv6routeralert
RFC6583—OperationalNeighborDiscoveryProblems
RFC3056—ConnectionofIPv6DomainsviaIPv4Clouds
RFC3315—DynamicHostConfigurationProtocolforIPv6(DHCPv6)
RFC3484—DefaultaddressselectionforIPv6
RFC3493—BasicsocketinterfaceforIPv6
SUPPORTED MIBS
BasePackageMIBsMIBscanbedowloadedhere:http://support.netgear.com/for_business/default.aspx
ANSI/TIA-1057—LLDP-EXT-MED-MIB RFC2674—Q-BRIDGE-MIB
DIFFSERVDSCPTC(Draft—noRFC) RFC2677—IANAAddressFamilyNumbersMIB
DNS-RESOLVER-MIB(IETFDNSWorkingGroup) RFC2819—RMONMIB
DNS-SERVER-MIB(IETFDNSWorkingGroup) RFC2925—DISMAN-PING-MIBandDISMAN-TRACEROUTE-MIB
GreenEthernetPrivateMIB RFC3273—RMONMIBforHighCapacityNetworks
IANA-ADDRESS-FAMILY-NUMBERS-MIB(IANA(3/2002) RFC3411—SNMPManagementFrameworksMIB
IEEE802.1AB-2004—LLDPMIB RFC3411—SNMP-FRAMEWORK-MIB
IEEE802.1AB-2005—LLDP-EXT-DOT3-MIB RFC3412—SNMP-MPD-MIB
POWERETHERNETMIB(Draft—noRFC) RFC3413—SNMP-NOTIFICATION-MIB
RFC1155—SMI-MIB RFC3413—SNMP-PROXY-MIB(initialrevisionpublishedasRFC2273)
RFC1450—SNMPV2-MIB RFC3413—SNMP-TARGET-MIB(initialrevisionpublishedasRFC2273)
RFC2273—SNMPNotificationMIB,SNMPTargetMIB RFC3414—User-basedSecurityModelforSNMPv3MIB
RFC2392—IANARTPROTO-MIB RFC3415—View-basedAccessControlModelforSNMPMIB
RFC2572—SNMPMessageProcessingandDispatchingMIB RFC3417—SNMPV2-TM
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 24 of 31
RFC2574—User-basedSecurityModelforSNMPv3MIB RFC3418—SNMPv2MIB
RFC2575—View-basedAccessControlModelforSNMPMIB RFC3434—RMONMIBExtensionsforHighCapacityAlarms
RFC2576—SNMPCommunityMIB RFC3584—SNMPCommunityMIB
RFC2578—SNMPV2-SMI RFC3621—POWER-ETHERNET-MIB
RFC2579—SNMPV2-TC SNMP-RESEARCH-MIB—SNMPresearchMIBdefinitions
RFC2580—SNMPV2-CONF SR-AGENT-INFO-MIB—SNMPresearchMIBdefinitions
RFC2613—SMON-MIB USM-TARGET-TAG-MIB—SNMPresearchMIBdefinitions
SwitchingPackageMIBs
RFC1213—MIB-II RFC2011—SNMPv2ManagementInformationBase
ANSI/TIA1057—LLDP-MEDMIB RFC2213—IntegratedServicesMIB
FASTPATHEnterpriseMIBssupportingswitchingfeatures RFC2233—IF-MIB
FASTPATH-MMRP-MIB—MMRPprivateMIBforIEEE802.1Qdevices RFC2233—TheInterfacesGroupMIBusingSMIv2
FASTPATH-MSRP-MIB—MSRPprivateMIBforIEEE802.1Qdevices RFC2674—VLANandEthernetPriorityMIB(P-BridgeMIB)
FASTPATH-MVRP-MIB—MVRPprivateMIBforIEEE802.1Qdevices RFC2737—EntityMIB(Version2)
IANAifType-MIB—IANAifTypeTextualConvention RFC2819—RMONGroups1,2,3,&9
IEEE802.1AB—LLDPMIB RFC2863—InterfacesGroupMIB
IEEE802.3ADMIB(IEEE8021-AD-MIB) RFC3291—INETAddressMIB
IEEEDraftP802.1AS/D7.0(IEEE8021-AS-MIB) RFC3291—TextualConventionsforInternetNetworkAddresses
IEEELAG-MIB—LinkAggregationmoduleformanagingIEEE802.3ad RFC3621—PowerEthernetMIB
LLDP-EXT-DOT3-MIB(partofIEEEStd802.1AB) RFC3635—EtherlikeMIB
LLDP-MIB(partofIEEEStd802.1AB) RFC3636—IEEE802.3MediumAttachmentUnits(MAUs)MIB
PrivateMIBfor802.1Qat,802.1QavConfiguration RFC4022—ManagementInformationBasefortheTransmissionControlProtocol(TCP)
RFC1493—BridgeMIB RFC4113—ManagementInformationBasefortheUserDatagramProtocol(UDP)
RFC1643—DefinitionsofmanagedobjectsfortheEthernet-likeinterfacetypes RFC4444—IS-ISMIB
RoutingPackageMIBs
FASTPATHEnterpriseMIBssupportingroutingfeatures RFC2096—IPForwardingTableMIB
IANA-Address-Family-Numbers-MIB
RFC2668—IEEE802.3MediumAttachmentUnits(MAUs)MIBRFC1724—RIPv2MIBExtension
RFC2096—IPForwardingTableMIB
IPv6ManagementMIBs
RFC3419—TRANSPORT-ADDRESS-MIBIPv6-MIB(draft)
IPv6-ICMP-MIB(draft)
IPv6RoutingMIBs
RFC2465—IPv6MIB RFC2466—ICMPv6MIB
QoSPackageMIB
RFC3289—DIFFSERV-MIB&DIFFSERV-DCSP-TCMIBs PrivateMIBsforfullconfigurationofDiffServ,ACL,andCoSfunctionality
SecurityMIB
RFC2618—RADIUSAuthenticationClientMIB IEEE8021-PAE-MIB—ThePortAccessEntitymoduleformanagingIEEE802.1X
RFC2620—RADIUSAccountingMIB IEEE802.1XMIB(IEEE8021-PAE-MIB2004Revision)
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 25 of 31
MulticastPackageMIBs
draft-ietf-idmr-dvmrp-mib-11.txt—DVMRPMIB draft-ietf-magma-mgmd-mib-05.txt—MulticastGroupMembershipDiscoveryMIB(bothIGMPandMLD) FASTPATHEnterpriseMIBssupportingmulticastfeatures
MANAGEMENT
Passwordmanagement Yes
ConfigurableManagementVLAN Yes
Out-of-bandManagement Yes In-bandmanagementcanbeshutdownusingMan-agementACLswhenseparatemanagementnetwork
AutoInstall(BOOTPandDHCPoptions66,67,150and55,125) Yes Scalabledeploymentprocess(firmware,config)
AdminaccesscontrolviaRadiusandTACACS+ Yes Policies,Enable
IndustrystandardCLI(IS-CLI) Yes CommandLineinterface
CLIcommandsloggedtoaSyslogserver Yes
Web-basedgraphicaluserinterface(GUI) Yes FullyfunctionalGUI(exceptionsarenotedbelow:)
FeatureswithoutWebGUIsupportPV(R)STPAuthorizationListControlPlaneACLUDLDQoSPolicyforSingleRateDHCPv6SnoopingeMailAlertingMMRP
CLIonlyCLIonlyCLIonlyCLIonlyCLIonlyCLIonlyCLIonlyCLIonly
Telnet Yes
IPv6management Yes
DualSoftware(firmware)image Yes Allowsnondisruptivefirmwareupgradeprocess
DualConfigurationfile Yes Text-based(CLIcommands)configurationfile
NondisruptiveConfigManagement Yes Providessynchronizednetworktimestampeitherinbroadcastorunicastmode
IS-CLIScripting Yes
Portdescriptions Yes
SNTPclientoverUDPport123 Yes Providessynchronizednetworktimestampeitherinbroadcastorunicastmode
XMODEM Yes
SNMPv1/v2 Yes
SNMPv3withmultipleIPaddresses Yes
RMON1,2,3,9MaxHistoryentriesMaxbucketsperHistoryentryMaxAlarmentriesMaxEvententriesMaxLogentriesperEvententry
Yes3*(numberofportsinthechassis+LAG+10)
103*(numberofportsinthechassis+LAG+10)3*(numberofportsinthechassis+LAG+10)
10
PortMirroringNumberofmonitorsessionsTx/RxManytoOnePortMirroringLAGsupportedassourceportsMaxsourceportsinasession
Yes1(multiplesessionsareconfigurable)
YesYesYes
Totalswitchportcount
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 26 of 31
RemotePortMirroring(RSPAN) Yes Whenaparticularsessionisenabled,anytrafficenteringorleavingthesourceportsofthatsessioniscopied(mirrored)ontoaRemoteSwitchedPortAnalyzer(RSPAN)VLAN
Flowbasedmirroring Yes
CableTestutility Yes CLI,WebGUI
OutboundTelnet Yes
SSHSSHSessionConfiguration
v1/v2Yes
SecureShell
SSL/HTTPSandTLSv1.0forweb-basedaccess Yes
Filetransfers(uploads,downloads) TFTP/HTTP
Securedprotocolsforfiletransfers SCP/SFTP/HTTPS
HTTPMaxSessions 16
SSL/HTTPSMaxSessions 16
HTTPDownload(firmware) Yes
EmailAlerting Yes(CLIonly)
Syslog(RFC3164)(RFC5424) Yes,forwardingmessagesviaUDPusingtheSyslogprotocoltooneormorecollectorsorrelays
Persistentlogsupported Yes
OpenFlow1.3 Supportsasingle-tableOpenFlow1.3dataforwadingpath
USER ADMIN MANAGEMENT
UserIDconfigurationMaxnumberofconfiguredusersSupportmultipleREADWRITEUsersMaxnumberofIASusers(internaluserdatabase)
Yes6
Yes100
Authenticationloginlists Yes
AuthenticationEnablelists Yes
AuthenticationHTTPlists Yes
AuthenticationHTTPSlists Yes
AuthenticationDot1xlists Yes
AccountingExeclists Yes
AccountingCommandslists Yes
LoginHistory 50
M4200 SERIES - PLATFORM CONSTANTS
MaximumnumberofremoteTelnetconnections 5
MaximumnumberofremoteSSHconnections 5
NumberofMACAddresses 16K
NumberofVLANs 1K
VLANIDRange 1-4093
Numberof802.1pTrafficClasses 8classes
IEEE802.1xNumberof.1xclientsperport 48
NumberofLAGs 5LAGswithupto8portspergroup
Maximummultiplespanningtreeinstances(MSTP) 32
MaximumperVLANspanningtreeinstances(PVST) 32
MACbasedVLANSNumbersupported
Yes256
Numberofnetworkbuffers 246
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 27 of 31
Numberoflogmessagesbuffered 200
StaticfilterentriesUnicastMACandsourceportMulticastMACandsourceportMulticastMACanddestinationport(only)
2020
2048
SubnetbasedVLANsNumbersupported
Yes128
ProtocolBasedVLANsMaxnumberofgroupsMaxprotocols
Yes12816
MaximumMulticastMACAddressesentries 1K
JumboFrameSupportMaxSizeSupported
Yes9k
NumberofIPSourceGuardstations 250
NumberofDHCPsnoopingbindings 8K
NumberofDHCPv6snoopingbindings 8K
NumberofDHCPsnoopingstaticentries 1024
LLDP-MEDnumberofremotenodesLLDPRemoteManagementaddressbuffersLLDPUnknownTLVaddressbuffersLLDPOrganizationallyDefinedLargeTLVbuffersLLDPOrganizationallyDefinedSmallTLVbuffers
2020100100120
PortMACLockingDynamicaddressesperportStaticaddressesperport
Yes409648
sFlowNumberofsamplersNumberofpollersNumberofreceivers
10108
RadiusMaxAuthenticationserversMaxAccountingservers
3232
NumberofRoutes(v4/v6)IPv4onlySDMbuildIPv4/IPv6SDMbuildIPv4routesIPv6routesRIPapplicationroutescaling
64
646432
SDM(SystemDataManagement,orswitchdatabase)
Numberofroutinginterfaces(includingport/vlan) 64
Numberofstaticroutes(v4/v6) 32/32
DHCPServerMaxnumberofpoolsTotalmaxleases
2562K
DNSClientConcurrentrequestsNameserverentriesSeachlistentriesStatichostentriesCacheentriesDomainsearchlistentries
16866412832
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 28 of 31
NumberofHostEntries(ARP/NDP)IPv4onlySDMbuildIPv4/IPv6SDMbuild(v4/v6)Staticv4ARPEntries
1,152768/384
128
SDM(SystemDataManagement,orswitchdatabase)
IGMPv3/MLDv2SnoopingLimitsIGMPv3/MLDv2HWentrieswhenSwitchingonly 32/16
IPMulticastIGMPGroupMembershipspersystem 1KIPv41KIPv6
ACLLimitsMaximumNumberofACLs(anytype)MaximumNumberConfigurableRulesperListMaximumACLRulesperInterfaceandDirectionMaximumACLRulesperInterfaceandDirection(IPv6)MaximumACLRules(system-wide)MaximumACLLoggingRules(system-wide)
100512ingress/0egress512ingress/0egress256ingress/0egress
16K128
COSDeviceCharacteristicsConfigurableQueuesperPortConfigurableDropPrecedenceLevels
8queues3
DiffServDeviceLimitsNumberofQueuesRequiresTLVtocontainallpolicyinstancescombinedMaxRulesperClassMaxInstancesperPolicyMaxAttributesperInstanceMaxServiceInterfacesMaxTableEntriesClassTableClassRuleTablePolicyTablePolicyInstanceTablePolicyAttributeTableMaxNestedClassChainRuleCount
8queuesYes13283
116
3241664
1,7925,37626
AutoVoIPnumberofvoicecalls 20
iSCSIFlowAccelerationMaxMonitoredTCPPorts/IPAddressesMaxSessionsMaxConnections
16192192
OpenFlow1.3NumberofmaxOpenFlowaccessrulesNumberofmaxOpenFlowforwardingrules
1,0241,792
LEDS
Perport Speed,Link,Activity
Perdevice Power,Fan
PHYSICAL SPECIFICATIONS
DimensionsM4200-10MG-PoE+ Width:17.32inches(44cm);Height:1U-1.73inches(4.4cm);Depth:3.94inches(10cm)
WeightM4200-10MG-PoE+ 4.52lb(2.05kg)
POWER CONSUMPTION
Worstcase,allportsused,line-ratetrafficM4200-10MG-PoE+ 281.6Wmax
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 29 of 31
ENVIRONMENTAL SPECIFICATIONS
Operating:TemperatureHumidityAltitude
32°to122°F(0°to50°C)90%maximumrelativehumidity,non-condensing
10,000ft(3,000m)maximum
Storage:TemperatureHumidityAltitude
–4°to158°F(–20°to70°C)95%maximumrelativehumidity,non-condensing
10,000ft(3,000m)maximum
ELECTROMAGNETIC EMISSIONS AND IMMUNITY
Certifications CEmark,commercialFCCPart15ClassA
VCCIClassAClassAEN55022(CISPR22)ClassA
ClassAC-TickEN50082-1EN55024
SAFETY
Certifications CEmark,commercialCSAcertified(CSA22.2#950)
ULlisted(UL1950)/cULIEC950/EN60950
PACKAGE CONTENT
M4200-10MG-PoE+(GSM4210P) M4200-10MG-PoE+SwitchPowercord(s)RJ45straight-throughwiringserialconsolecabletoDB9Mini-USBconsolecableRubbercapsfortheSFP+socketsRack-mountingkit1xMountforattachmenttoawall,roundpole,orrectangularpole2xRubberbelts2xHoseclamps1xPowercordstrapandlockRubberfootpadsfortabletopinstallationInstallationguideResourceCDwiththefollowingmanualsandsoftware:-Softwaresetupmanual-CLImanual-Softwareadministrationguide-Hardwareinstallationguide-ThedriverforusewiththeMini-USBconsolecable
OPTIONAL MODULES
AGM731FAGM732FAGM734AXC761AXC763 AXM761AXM761 (Pack of 10 units)AXM762AXM762 (Pack of 10 units)AXM763
AXM764
1000BASE-SXSFPGBIC(Multimode)1000BASE-LXSFPGBIC(Singlemode)1000BASE-TRJ45SFPGBIC10GSFP+Cu(passive)SFP+toSFP+DirectAttachCable1m10GSFP+Cu(passive)SFP+toSFP+DirectAttachCable3m10GBASE-SRSFP+GBIC(OM3/OM4Multimode)10GBASE-SRSFP+GBIC(OM3/OM4Multimode)10GBASE-LRSFP+GBIC(Singlemode)10GBASE-LRSFP+GBIC(Singlemode)10GBASE-LRMSFP+GBIC(LongReachMultimodeforOM1/OM2,alsocompatiblewithOM3/OM4)10GBASE-LRLITESFP+GBIC(Singlemode)
AGM731FAGM732FAGM734-10000SAXC761-10000SAXC763 -10000SAXM761-10000SAXM761P10-10000SAXM762-10000SAXM762P10-10000SAXM763-10000S AXM764-10000S
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 30 of 31
* This product comes with a limited warranty that is valid only if purchased from a NETGEAR authorized reseller and modifications to product may void the warranty; covers hardware, fans and internal power supplies - not software or external power supplies See http://www.netgear.com/about/warranty/ for details. Lifetime technical support includes basic phone support for 90 days from purchase date and lifetime online chat support when purchased from a NETGEAR authorized reseller.
NETGEAR, the NETGEAR Logo and ProSAFE are trademarks of NETGEAR, Inc. in the United States and/or other countries. Other brand names mentioned herein are for identification purposes only and may be trademarks of their respective holder(s). Information is subject to change without notice. © 2016 NETGEAR, Inc. All rights reserved.
NETGEAR,Inc.350E.PlumeriaDrive,SanJose,CA95134-1911USA,1-888-NETGEAR(638-4327),E-mail:[email protected],www.NETGEAR.com DS-M4200-1
WARRANTY AND SUPPORT
ProSAFELifetimeHardwareWarranty* Included,lifetime
90daysofTechnicalSupportviaphoneandemail* Included,90daysafterpurchase
LifetimeTechnicalSupportthroughonlinechat* Included,lifetime
LifetimeNextBusinessDayhardwarereplacement* Included,lifetime
PROSUPPORT SERVICE PACKS
Installationcontracts
PSB0304-10000S RemoteInstallationSetupandConfigurationServiceContract
PSP1104-10000S OnsiteInstallationSetupandConfigurationServiceContract
Supplementalsupportcontracts
PMP3132-10000S OnSiteNBDReplacement3-yearCAT2
PMB0332-10000S OnCall24x73-yearCAT2
PMB0352-10000S OnCall24x75-yearCAT2
ORDERING INFORMATION
M4200-10MG-PoE+Americas,EuropeAsiaPacificChina
GSM4210P-100NESGSM4210P-100AJSGSM4210P-100PRS
ProSAFE® Intelligent Edge Managed Switches Data Sheet
M4200 series
Page 31 of 31