Netgear GSM7212F-100NES User Manual

Loading ...

ProSAFE® Intelligent Edge Managed Switches Data Sheet

M4100 series

Page9of35

802.1x MAC Address Authentication Bypass (MAB)

is an alternative method for non-Radius clients

• A list of authorized MAC addresses of client NICs is maintained on the RADIUS server for MAB pur-

pose

• MAB can be conﬁgured on a per-port basis on the switch

• MAB initiates only aer the dot1x authentication process times out, and only when clients don’t respond

to any of the EAPOL packets sent by the switch

• When 802.1x unaware clients try to connect, the switch sends the MAC address of each client to the

authentication server

• The RADIUS server checks the MAC address of the client NIC against the list of authorized addresses

• The RADIUS server returns the access policy and VLAN assignment to the switch for each client

DoubleVLANs(DVLAN-QinQ)passtracfromonecustomerdomaintoanotherthroughthe“metrocore”inamulti-tenancyenvironment:customerVLANIDsare

preservedandaserviceproviderVLANIDisaddedtothetracsothetraccanpassthemetrocoreinasimple,securemanner

Private VLANs (with Primary VLAN, Isolated VLAN,

CommunityVLAN,Promiscuousport,Hostport,

Trunks) provide Layer 2 isolation between ports

that share the same broadcast domain, allowing a

VLAN broadcast domain to be partitioned into smaller

point-to-multipoint subdomains across switches in

the same Layer 2 network

• Private VLANs are useful in DMZ when servers are not supposed to communicate with each other but

need to communicate with a router; they remove the need for more complex port-based VLANs with

respective IP interface/subnets and associated L3 routing

• Another Private VLANs typical application are carrier-class deployments when users shouldn’t see, snoop

orattackotherusers’trac

SecureShell(SSH)andSNMPv3(withorwithoutMD5orSHAauthentication)ensureSNMPandTelnetsessionsaresecured

TACACS+ and RADIUS enhanced administrator management provides strict "Login" and "Enable" authentication enforcement for the switch conﬁguration, based on

latestindustrystandards:execauthorizationusingTACACS+orRADIUS;commandauthorizationusingTACACS+andRADIUSServer;userexecaccountingforHTTP

andHTTPSusingTACACS+orRADIUS;andauthenticationbasedonuserdomaininadditiontouserIDandpassword

Superior quality of service

Advanced classiﬁer-based hardware implementation for Layer 2 (MAC), Layer 3 (IP) and Layer 4 (UDP/TCP transport ports) prioritization

8queuesforprioritiesandvariousQoSpoliciesbasedon802.1p(CoS)andDiServcanbeappliedtointerfacesandVLANs

Advancedratelimitingdownto1Kbpsgranularityandmininum-guaranteedbandwidthcanbeassociatedwithACLsforbestgranularity

Automatic Voice over IP prioritization with Auto-VoIP

Advanced Layer 2+ routing package

Static Routes/ECMP Static Routes for IPv4

• Static and default routes are conﬁgurable with next IP address hops to any given destination

• 64 static routes are conﬁgurable for IPv4

• Permitting additional routes creates several options for the network administrator

• The admin can conﬁgure multiple next hops to a given destination, intending for the router to load share

across the next hops

• The admin distinguishes static routes by specifying a route preference value: a lower preference value is a

more preferred static route

• A less preferred static route is used if the more preferred static route is unusable (down link, or next hop

cannot be resolved to a MAC address)

Modern access layer features highlights

Loading ...

Netgear ‎GSM7212F-100NES 12-Port Gigabit Ethernet Fully Managed PoE Switch (GSM7212F) - with 4 x PoE+ @ 150W, 12 x 1G SFP (shared), Desktop/Rackmount, and ProSAFE Limited Lifetime Protection, M4100 Series

User Manual - Page 9