NETGEAR for
The NETGEAR Intelligent Edge M4100 series consists of 9 fully managed switches, ranging from 12-port to 50-port Fast and Gigabit Ethernet. They are ideal for all organizations considering reliable, affordable and simple access layer switching with CLI, advanced scripting capabilities and Layer 3 routing. As a cost-effective component of converged voice, video and data networking solutions, NETGEAR M4100 series delivers a secure edge in commercial buildings and campus LAN environments: PoE (802.3af) and PoE+ (802.3at) versions of M4100 series are perfect for Wireless access points, IP telephony and IP surveillance deployments.
M4100 series comes with Port-based / VLAN-based / Subnet-based "static routing" Layer 2+ versions
L3 fixed routes to the next hop towards the destination network are added to the routing table.
L3 routing is wire-speed in M4100 series hardware with 64 static routes (IPv4)
Automatic multi-vendor Voice over IP prioritization based on SIP, H323 and SCCP protocol
Voice VLAN and LLDP-MED for automatic IP phones QoS and VLAN configuration
Advanced classifier-based hardware for L2, L3, L4 security and prioritization
Advanced Multicast filtering with IGMP and MLD snooping and querier modes
16K MAC addresses; up to 100Gbps switching fabric; 9K jumbo frames; Green Ethernet
IPv4/IPv6 ingress traffic filtering (ACLs) and prioritization (QoS - DiffServ)
Redundant power supply option for uninterruptible operation (RPS)
External power supply option for PoE and PoE+ full power applications (EPS up to 1,440W)
Industry standard command line interface (CLI)
Fully functional NETGEAR web interface (GUI)
NETGEAR M4100 series is backed by NETGEAR ProSAFE® Lifetime Hardware Warranty†
Also included ProSUPPORT™ Lifetime 24x7 Advanced Technical Support*
Also included Lifetime Next Business Day Hardware Replacement
As a cost-effective component of converged voice, video and data networking solutions, NETGEAR M4100 series offers ideal, advanced features for a secure edge in commercial buildings and campus LAN environments.
M4100 series models are built upon L3 hardware platform while Layer 2+ software package allows for better budget optimization
M4100 series uses latest generation silicon low-power 40-nanometer technology
M4100 series L2 and L3 switching features (access control list, classification, filtering, IPv4 routing) are performed in hardware at interface line rate for voice, video, and data convergence
M4100 series Layer 2+ software package provides straight forward IP static routing capabilities for physical interfaces, VLANs and subnets
Fast Ethernet 802.3af PoE: M4100-D10-POE (8 ports desktop); M4100-26-POE (24 ports); M4100-50-POE (48 ports)
Gigabit: M4100-D12G (12 ports desktop); M4100-12GF (12 ports Fiber); M4100-26G (26 ports); M4100-50G (50 ports)
Gigabit 802.3af PoE: M4100-26G-POE (24 ports)
Gigabit 802.3at PoE+: M4100-D12G-POE+ (12 ports desktop); M4100-12G-POE+ (12 ports); M4100-24G-POE+ (24 ports); M4100-50G-POE+ (48 ports)
At the edge of campus networks or in the server room, static routes are often preferred for simplicity (L3 fixed routes to the next hop towards the destination network are manually added to the routing table), without any impact on performance because L3 routing is wire-speed in M4100 series hardware
16K MAC address table, 1K concurrent VLANs and 64 static routes for SMB and small enterprise access layers
80 PLUS certified power supplies for energy high efficiency
Low latency at all network speeds
Increased packet buffering with up to 12 Mb dynamically shared accross all interfaces for most intensive applications
Jumbo frames support of up to 9Kb accelerating storage performance for backup and cloud applications
Green Ethernet with Energy Efficient Ethernet (EEE) defined by IEEE 802.3az Energy Efficient Ethernet Task Force
M4100-D12G; M4100-26G; M4100-50G; M4100-26G-POE; M4100-50G-POE+
Green Ethernet with Energy Detect Mode (unused ports automatic power off)
(M4100-D10-POE; M4100-26-POE; M4100-50-POE; M4100-D12G-POE+; M4100-12GF; M4100-12G-POE+; M4100-24G-POE+)
Placement outside the wiring closet (conference rooms, offices, class rooms, sales floor in retail stores, etc…)
For secure deployment in open areas , desktop versions come with a Wall Mount Kit with four brackets
M4100-D10-POE (FSM5210P)
M4100-D12G (GSM5212)
M4100-D12G-POE+ (GSM5212P)
As an option, a Rack Mount Kit is orderable (420-10043-01)
Select desktop versions also come with a set of strong magnets for mounting on any metal surface
Automatic configuration with DHCP and BootP Auto Install eases large deployments with a scalable configuration files management capability, mapping IP addresses and host names and providing individual configuration files to multiple switches as soon as they are initialized on the network
Automatic Voice over IP prioritization with Auto-VoIP simplifies most complex multi-vendor IP telephones deployments either based on protocols (SIP, H323 and SCCP) or on OUI bytes (default database and user-based OUIs) in the phone source MAC address; providing the best class of service to VoIP streams (both data and signaling) over other ordinary traffic by classifying traffic, and enabling correct egress queue configuration
Both the Switch Serial Number and Switch primary MAC address are reported by a simple "show" command in the CLI - facilitating discovery and remote configuration operations
An associated Voice VLAN can be easily configured with Auto-VoIP for further traffic isolation
When deployed IP phones are LLDP-MED compliant, the Voice VLAN will use LLDP-MED to pass on the VLAN ID, 802.1P priority and DSCP values to the IP phones, accelerating convergent deployments
IEEE 802.3af Power over Ethernet (PoE) provides up to 15.4W per port (M4100-D10-POE; M4100-26-POE; M4100-50-POE; M4100-26G-POE)
IEEE 802.3at Power over Ethernet Plus (PoE+) provides up to 30W per port (M4100-D12G-POE+; M4100-12G-POE+; M4100-24G-POE+; M4100-50G-POE+)
Desktop versions can be powered by upstream PoE+ switch using their Port-1 (PD, PoE+ 30W): M4100-D12G and M4100-D12G-POE+
M4100-D12G-POE+ can even redistribute PoE power from the upstream PoE+ switch to VoIP phones or other devices in meeting rooms, retail sales floors or other challenging environments without outlet
Both IEEE 802.3at Layer 2 LLDP method and 802.3at 2-event classification methods are supported for compatibility with all PoE+ PD devices
Automatic MDIX and Auto-negotiation on all ports select the right transmission modes (half or full duplex) as well as data transmission for crossover or straight-through cables dynamically for the admin
100Mbps backward compatiblity on all SFP ports
IPv6 support with multicasting (MLD for IPv6 filtering), ACLs and QoS
Rapid Spanning Tree (RSTP) and Multiple Spanning Tree (MSTP) allow for rapid transitionning of the ports to the Forwarding state and the suppression of Topology Change Notification
IP address conflict detection performed by the embedded DHCP server prevents accidental IP address duplicates from perturbing the overall network stability
Power redundancy for higher availability when mission critical, including hot-swap PSUs and Fans
Dual firmware image and dual configuration file for transparent firmware updates / configuration changes with minimum service interruption
Flexible Port-Channel / LAG (802.3ad) implementation for maximum compatibility, fault tolerance and load sharing with any type of Ethernet channeling from other vendors switch, server or storage devices conforming to IEEE 802.3ad - including static (selectable hashing algorithms) or dynamic LAGs (highly tunable LACP Link Aggregation Control Protocol )
Port names feature allows for descriptive names on all interfaces and better clarity in real word admin daily tasks
Loopback interfaces management for routing protocols administration
Private VLANs and local Proxy ARP help reduce broadcast with added security
Management VLAN ID is user selectable for best convenience
Industry-standard VLAN management in the command line interface (CLI) for all common operations such as VLAN creation; VLAN names; VLAN "make static" for dynamically created VLAN by GRVP registration; VLAN trunking; VLAN participation as well as VLAN ID (PVID) and VLAN tagging for one interface, a group of interfaces or all interfaces at once
System defaults automatically set per-port broadcast, multicast, and unicast storm control for typical, robust protection against DoS attacks and faulty clients which can, with BYOD, often create network and performance issues
IP Telephony administration is simplified with consistent Voice VLAN capabilities per the industry standards and automatic functions associated
Comprehensive set of "system utilities" and "Clear" commands help troubleshoot connectivity issues and restore various configurations to their factory defaults for maximum admin efficiency: traceroute (to discover the routes that packets actually take when traveling on a hop-by-hop basis and with a synchronous response when initiated from the CLI), clear dynamically learned MAC addresses, counters, IGMP snooping table entries from the Multicast forwarding database etc...
All major centralized software distribution platforms are supported for central software upgrades and configuration files management (HTTP, TFTP), including in highly secured versions (HTTPS, SFTP, SCP)
Simple Network Time Protocol (SNTP) can be used to synchronize network resources and for adaptation of NTP, and can provide synchronized network timestamp either in broadcast or unicast mode (SNTP client implemented over UDP - port 123)
Embedded RMON (4 groups) and sFlow agents permit external network traffic analysis
Audio (Voice over IP) and Video (multicasting) comprehensive switching, filtering, routing and prioritization
Auto-VoIP, Voice VLAN and LLDP-MED support for IP phones QoS and VLAN configuration
Schedule enablement
IGMP Snooping for IPv4, MLD Snooping for IPv6 and Querier mode facilitate fast receivers joins and leaves for multicast streams and ensure multicast traffic only reaches interested receivers without the need of a Multicast router
Multicast VLAN Registration (MVR) uses a dedicated Multicast VLAN to forward multicast streams and avoid duplication for clients in different VLANs
Traffic control MAC Filter and Port Security help restrict the traffic allowed into and out of specified ports or interfaces in the system in order to increase overall security and block MAC address flooding issues
DHCP Snooping monitors DHCP traffic between DHCP clients and DHCP servers to filter harmful DHCP message and builds a bindings database of (MAC address, IP address, VLAN ID, port) tuples that are considered authorized in order to prevent DHCP server spoofing attacks
IP source guard and Dynamic ARP Inspection use the DHCP snooping bindings database per port and per VLAN to drop incoming packets that do not match any binding and to enforce source IP / MAC addresses for malicious users traffic elimination
Layer 2 / Layer 3-v4 / Layer 3-v6 / Layer 4 Access Control Lists (ACLs) can be binded to ports, Layer 2 interfaces, VLANs and LAGs (Link Aggregation Groups or Port channel) for fast unauthorized data prevention and right granularity
Bridge protocol data unit (BPDU) Guard allows the network administrator to enforce the Spanning Tree (STP) domain borders and keep the active topology consistent and predictable - unauthorized devices or switches behind the edge ports that have BPDU enabled will not be able to influence the overall STP topology by creating loops
Spanning Tree Root Guard (STRG) enforces the Layer 2 network topology by preventing rogue root bridges potential issues when for instance, unauthorized or unexpected new equipment in the network may accidentally become a root bridge for a given VLAN
Dynamic 802.1x VLAN assignment mode, including Dynamic VLAN creation mode and Guest VLAN / Unauthenticated VLAN are supported for rigorous user and equipment RADIUS policy server enforcement
Up to 48 clients (802.1x) per port are supported, including the authentication of the users domain, in order to facilitate convergent deployments: for instance when IP phones connect PCs on their bridge, IP phones and PCs can authenticate on the same switch port but under different VLAN assignment policies (Voice VLAN versus data VLAN)
802.1x MAC Address Authentication Bypass (MAB) is a
A list of authorized MAC addresses of client NICs is maintained on the RADIUS server for MAB purpose
MAB can be configured on a per-port basis on the switch
MAB initiates only after the dot1x authentication process times out, and only when clients don't respond to any of the EAPOL packets sent by the switch
When 802.1X unaware clients try to connect, the switch sends the MAC address of each client to the authentication server
The RADIUS server checks the MAC address of the client NIC against the list of authorized addresses
The RADIUS server returns the access policy and VLAN assignment to the switch for each client
Double VLANs (DVLAN - QoQ) pass traffic from one customer domain to another through the "metro core" in a multi-tenancy environment: customer VLAN IDs are preserved and a service provider VLAN ID is added to the traffic so the traffic can pass the metro core in a simple, secure manner
Private VLANs (with Primary VLAN, Isolated VLAN, Community VLAN, Promiscuous port, Host port, Trunks) provide Layer 2 isolation between ports that share the same broadcast domain, allowing a VLAN broadcast domain to be partitioned into smaller point-to-multipoint subdomains accross switches in the same Layer 2 network
Private VLANs are useful in DMZ when servers are not supposed to communicate with each other but need to communicate with a router; they remove the need for more complex port-based VLANs with respective IP interface/subnets and associated L3 routing
Another Private VLANs typical application are carrier-class deployments when users shouldn't see, snoop or attack other users' traffic
Secure Shell (SSH) and SNMPv3 (with or without MD5 or SHA authentication) ensure SNMP and Telnet sessions are secured
TACACS+ and RADIUS enhanced administrator management provides strict "Login" and "Enable" authentication enforcement for the switch configuration, based on latest industry standards: exec authorization using TACACS+ or RADIUS; command authorization using TACACS+ and RADIUS Server; user exec accounting for HTTP and HTTPS using TACACS+ or RADIUS; and authentication based on user domain in addition to user ID and password
Advanced classifier-based hardware implementation for Layer 2 (MAC), Layer 3 (IP) and Layer 4 (UDP/TCP transport ports) prioritization
8 queues for priorities and various QoS policies based on 802.1p (CoS) and DiffServ can be applied to interfaces and VLANs
Advanced rate limiting down to 1 Kbps granularity and mininum-guaranteed bandwidth can be associated with ACLs for best granularity
Automatic Voice over IP prioritization with Auto-VoIP
802.3x Flow Control implementation per IEEE 802.3 Annex 31 B specifications with Symmetric flow control, Asymmetric flow control or No flow control
Asymmetric flow control allows the switch to respond to received PAUSE frames, but the ports cannot generate PAUSE frames
Symmetric flow control allows the switch to both respond to, and generate MAC control PAUSE frames
Allows traffic from one device to be throttled for a specified period of time: a device that wishes to inhibit transmission of data frames from another device on the LAN transmits a PAUSE frame
Low Resolution
High Resolution
Data Sheet (PDF)
Data Sheet (Excel)
Product Brief
Brochure
Application Notes - How to Configure Auto-install on Managed Switches
M4100 Overview Video
ProSAFE Visio Stencils
Marketing Automation Platform