Netgear ProSafe M4100-24G-POE+ Ethernet Switch
Unbeatable combination of performance, security and convergence

At a Glance:

Hardware at a glance
		Front				Rear
Model name	Form-Factor	10/100 Base-T RJ45 ports	10/100/ 1000 Base-T RJ45 ports	100/1000X Fiber SFP ports	PoE 802.3af PoE+ 802.3at	Power Supply / Powered by PoE	RPS (connector)	PoE budget (PSU / Passthrough)	PoE budget (with EPS)	Model number
M4100-D10-POE	Desktop	8	2	2 (shared)	8 PoE 802.3af	External / No	-	66W	-	FSM5210P
M4100-26-POE	Rackmount	24	2	2 (shared)	24 PoE 802.3af	Internal / No	1 (RPS)	380W	-	FSM7226P
M4100-50-POE	Rackmount	48	2	2 (shared)	48 PoE 802.3af	Internal / No	1 (RPS or EPS)	380W	Up to 740W (EPS)	FSM7250P
M4100-D12G	Desktop	-	12	2 (shared)	-	External / Yes	PD mode	-	-	GSM5212
M4100-D12G-POE+	Desktop	-	12	4 (shared)	10 PoE+ 802.3at	Internal / Yes	PD mode	120W / 25W	-	GSM5212P v1h2
M4100-12GF	Rackmount	-	12	12 (shared)	4 PoE+ 802.3at	Internal / No	1 (RPS)	150W	-	GSM7212F v1h2
M4100-12G-POE+	Rackmount	-	12	4 (shared)	12 PoE+ 802.3at	Internal / No	1 (RPS)	380W	-	GSM7212P v1h2
M4100-26G	Rackmount	-	26	4 (shared)	-	Internal / No	1 (RPS)	-	-	GSM7224 v2h2
M4100-50G	Rackmount	-	50	4 (shared)	-	Internal / No	1 (RPS)	-	-	GSM7248 v2h2
M4100-26G-POE	Rackmount	-	26	4 (shared)	24 PoE 802.3af	Internal / No	1 (RPS or EPS)	192W	Up to 380W (EPS)	GSM7226LP
M4100-24G-POE+	Rackmount	-	24	4 (shared)	24 PoE+ 802.3at	Internal / No	1 (RPS or EPS)	380W	Up to 720W (EPS)	GSM7224P v1h2
M4100-50G-POE+	Rackmount	-	50	4 (shared)	48 PoE+ 802.3at	Internal / No	1 (RPS or EPS)	380W	Up to 1,440W (EPS)	GSM7248P
Storage (image, config)
1 x USB
Management console
1 x RS232 DB9, 1 x Mini-USB (selectable)

M4100-D10-POE is a desktop 8 x 100Base-T PoE version, Layer 2+ 2 Gigabit ports with 2 shared SFP External PSU, fanless 66W budget	M4100-26-POE is a 24 x 100Base-T PoE version, Layer 2+ 2 Gigabit ports with 2 shared SFP Internal PSU with RPS 380W budget	M4100-50-POE is a 48 x 100Base-T PoE version, Layer 2+ 2 Gigabit ports with 2 shared SFP Internal PSU with RPS/EPS 380W budget and up to 720W with EPS
M4100-D12G is a desktop 12 x 1000Base-T version, Layer 2+ 2 shared SFP External PSU; fanless Can be powered by PoE+	M4100-12GF is a 12 x SFP version for aggregation, Layer 2+ 12 shared 1000Base-T Internal PSU with RPS 4 ports PoE+ with 150W budget	M4100-12G-POE+ is a 12 x 1000Base-T PoE+ version, Layer 2+ 4 shared SFP Internal PSU with RPS 380W budget
M4100-D12G-POE+ is a desktop 12 x 1000Base-T version, Layer 2+ 4 shared SFP; 2 ports PoE+ "in" and 10 ports PoE+ "out" Internal PSU with low acoustics; 120W budget Can be powered by PoE+ and redistribute 25W PoE budget	M4100-26G is a 26 x 1000Base-T version, Layer 2+ 4 shared SFP Internal PSU with RPS	M4100-50G is a 50 x 1000Base-T version, Layer 2+ 4 shared SFP Internal PSU with RPS
M4100-26G-POE is a 24 x 1000Base-T PoE version, Layer 2+ 2 x 1000Base-T and 4 shared SFP Internal PSU with RPS/EPS 192W budget and up to 380W with EPS	M4100-24G-POE+ is a 24 x 1000Base-T PoE+ version, Layer 2 4 shared SFP Internal PSU with RPS/EPS 380W budget and up to 720W with EPS	M4100-50G-POE+ is a 48 x 1000Base-T PoE+ version, Layer 2+ 2 x 1000Base-T and 4 shared SFP Internal PSU with RPS/EPS 380W budget and up to 1,440W with EPS

Software at a glance
	LAYER 2+ PACKAGE
Model name	Management	Pv4 / IPv6 ACL and QoS, DiffServ	IPv4 / IPv6 Multicast filtering	Auto-VoIP	Green Ethernet	VLANs	Convergence	IPv4 Unicast Static Routing	Model number
M4100 series (all models)	Web GUI: HTTPs; CLI: Telnet, SSH; SNMP	IGMP and MLD Snooping, Querier mode, MVR	L2, L3, L4, ingress 1 Kbps	IGMP and MLD Snooping, IGMP and MLD Querier, MVR	Yes	EEE (802.3az) or Energy Detect Mode	Static, Dynamic, Voice, MAC, Subnet, Protocol-based, QoQ, Private VLANs	LLDP-MED, RADIUS, 802.1X, timer	(all models)

Performance at a Glance
	TABLE SIZE
Model name	Packet buffer	CPU	ACLs	MAC address table ARP/NDP table VLANs DHCP server	Fabric	Latency	Static Routes IP interfaces	Multicast IGMP Group membership	Sflow	Model number
M4100 series (all models)	12 Mb	600Mhz 128M RAM 32M Flash	50 ACLs 512 rules (ingress)	16K MAC 512 ARP/NDP VLANs: 1K DHCP: 16 pools 1,024 max leases	Up to 100Gbps all models line-rate	1G <3.91 µs 100M <10.194 µs	64 static routes 64 IP interfaces IPv4	1K	32 samplers 52 pollers 8 receivers	(all models)

Highlights:

Layer 3 hardware with L2+ software affordability:

• M4100 series models are built upon L3 hardware platform while Layer 2+ software package allows for better budget optimization
  • M4100 series uses latest generation silicon low-power 40-nanometer technology
  • M4100 series L2 and L3 switching features (access control list, classification, filtering, IPv4 routing) are performed in hardware at interface line rate for voice, video, and data convergence
• M4100 series Layer 2+ software package provides straight forward IP static routing capabilities for physical interfaces, VLANs and subnets:
  • Fast Ethernet 802.3af PoE: M4100-D10-POE (8 ports desktop); M4100-26-POE (24 ports); M4100-50-POE (48 ports)
  • Gigabit: M4100-D12G (12 ports desktop); M4100-12GF (12 ports Fiber); M4100-26G (26 ports); M4100-50G (50 ports)
  • Gigabit 802.3af PoE: M4100-26G-POE (24 ports)
  • Gigabit 802.3at PoE+: M4100-D12G-POE+ (12 ports desktop); M4100-12G-POE+ (12 ports); M4100-24G-POE+ (24 ports); M4100-50G-POE+ (48 ports)
  • At the edge of campus networks or in the server room, static routes are often preferred for simplicity (L3 fixed routes to the next hop towards the destination network are manually added to the routing table), without any impact on performance because L3 routing is wire-speed in M4100 series hardware

High-value switching performance:

• 16K MAC address table, 1K concurrent VLANs and 64 static routes for SMB and small enterprise access layers
• 80 PLUS certified power supplies for energy high efficiency
• Green Ethernet with Energy Efficient Ethernet (EEE) defined by IEEE 802.3az Energy Efficient Ethernet Task Force
  • M4100-D12G; M4100-26G; M4100-50G; M4100-26G-POE; M4100-50G-POE+
• Green Ethernet with Energy Detect Mode (unused ports automatic power off)
  • M4100-D10-POE; M4100-26-POE; M4100-50-POE; M4100-D12G-POE+; M4100-12GF; M4100-12G-POE+; M4100-24G-POE+
• Increased packet buffering with up to 12 Mb dynamically shared accross all interfaces for most intensive applications
• Low latency at all network speeds
• Jumbo frames support of up to 9Kb accelerating storage performance for backup and cloud applications

Ease of deployment:

• Placement outside the wiring closet (conference rooms, offices, class rooms, sales floor in retail stores, etc...)
  • For secure deployment in open areas , desktop versions come with a Wall Mount Kit with four brackets
  • M4100-D10-POE (FSM5210P)
  • M4100-D12G (GSM5212)
  • M4100-D12G-POE+ (GSM5212P)
  • As an option, a Rack Mount Kit is orderable (420-10043-01)

• Installing M4100 desktop series on a Wall

• Select desktop versions also come with a set of strong magnets for mounting on any metal surface
  • M4100-D10-POE (FSM5210P)
  • M4100-D12G (GSM5212)

• Installing M4100 desktop series using Magnets

• Automatic configuration with DHCP and BootP Auto Install eases large deployments with a scalable configuration files management capability, mapping IP addresses and host names and providing individual configuration files to multiple switches as soon as they are initialized on the network
• Both the Switch Serial Number and Switch primary MAC address are reported by a simple "show" command in the CLI - facilitating discovery and remote configuration operations
• Automatic Voice over IP prioritization with Auto-VoIP simplifies most complex multi-vendor IP telephones deployments either based on protocols (SIP, H323 and SCCP) or on OUI bytes (default database and user-based OUIs) in the phone source MAC address; providing the best class of service to VoIP streams (both data and signaling) over other ordinary traffic by classifying traffic, and enabling correct egress queue configuration
• An associated Voice VLAN can be easily configured with Auto-VoIP for further traffic isolation
• When deployed IP phones are LLDP-MED compliant, the Voice VLAN will use LLDP-MED to pass on the VLAN ID, 802.1P priority and DSCP values to the IP phones, accelerating convergent deployments

Versatile connectivity including "PoE Passthrough":

• IEEE 802.3af Power over Ethernet (PoE) provides up to 15.4W per port (M4100-D10-POE; M4100-26-POE; M4100-50-POE; M4100-26G-POE)
• IEEE 802.3at Power over Ethernet Plus (PoE+) provides up to 30W per port (M4100-D12G-POE+; M4100-12G-POE+; M4100-24G-POE+; M4100-50G-POE+)
• Desktop versions can be powered by upstream PoE+ switch using their Port-1 (PD, PoE+ 30W): M4100-D12G and M4100-D12G-POE+
• M4100-D12G-POE+ can even redistribute PoE power from the upstream PoE+ switch to VoIP phones or other devices in meeting rooms, retail sales floors or other challenging environments without outlet
• Both IEEE 802.3at Layer 2 LLDP method and 802.3at 2-event classification methods are supported for compatibility with all PoE+ PD devices
• Automatic MDIX and Auto-negotiation on all ports select the right transmission modes (half or full duplex) as well as data transmission for crossover or straight-through cables dynamically for the admin
• 100Mbps backward compatiblity on all SFP ports
• IPv6 support with multicasting (MLD for IPv6 filtering), ACLs and QoS

Tier 1 availability:

• Rapid Spanning Tree (RSTP) and Multiple Spanning Tree (MSTP) allow for rapid transitionning of the ports to the Forwarding state and the suppression of Topology Change Notification
• IP address conflict detection performed by the embedded DHCP server prevents accidental IP address duplicates from perturbing the overall network stability
• Power redundancy for higher availability when mission critical, including hot-swap PSUs and Fans

Ease of management and control:

• Dual firmware image and dual configuration file for transparent firmware updates / configuration changes with minimum service interruption
• Flexible Port-Channel / LAG (802.3ad) implementation for maximum compatibility, fault tolerance and load sharing with any type of Ethernet channeling from other vendors switch, server or storage devices conforming to IEEE 802.3ad - including static (selectable hashing algorithms) or dynamic LAGs (highly tunable LACP Link Aggregation Control Protocol)
• Port names feature allows for descriptive names on all interfaces and better clarity in real word admin daily tasks
• Loopback interfaces management for routing protocols administration
• Private VLANs and local Proxy ARP help reduce broadcast with added security
• Management VLAN ID is user selectable for best convenience
• Industry-standard VLAN management in the command line interface (CLI) for all common operations such as VLAN creation; VLAN names; VLAN "make static" for dynamically created VLAN by GRVP registration; VLAN trunking; VLAN participation as well as VLAN ID (PVID) and VLAN tagging for one interface, a group of interfaces or all interfaces at once
• System defaults automatically set per-port broadcast, multicast, and unicast storm control for typical, robust protection against DoS attacks and faulty clients which can, with BYOD , often create network and performance issues
• IP Telephony administration is simplified with consistent Voice VLAN capabilities per the industry standards and automatic functions associated
• Comprehensive set of "system utilities " and "Clear" commands help troubleshoot connectivity issues and restore various configurations to their factory defaults for maximum admin efficiency: traceroute (to discover the routes that packets actually take when traveling on a hop-by-hop basis and with a synchronous response when initiated from the CLI), clear dynamically learned MAC addresses, counters, IGMP snooping table entries from the Multicast forwarding database etc...
• All major centralized software distribution platforms are supported for central software upgrades and configuration files management (HTTP , TFTP), including in highly secured versions (HTTPS , SFTP , SCP)
• Simple Network Time Protocol (SNTP) can be used to synchronize network resources and for adaptation of NTP, and can provide synchronized network timestamp either in broadcast or unicast mode (SNTP client implemented over UDP - port 123)
• EmbeddedRMON (4 groups) and sFlow agents permit external network traffic analysis

Engineered for convergence:

• Audio (Voice over IP) and Video (multicasting) comprehensive switching, filtering, routing and prioritization
• Auto-VoIP, Voice VLAN and LLDP-MED support for IP phones QoS and VLAN configuration
• IGMP Snooping for IPv4, MLD Snooping for IPv6 and Querier mode facilitate fast receivers joins and leaves for multicast streams and ensure multicast traffic only reaches interested receivers without the need of a Multicast router
• Multicast VLAN Registration (MVR) uses a dedicated Multicast VLAN to forward multicast streams and avoid duplication for clients in different VLANs
• Schedule enablement

Enterprise security:

• Traffic control MAC Filter and Port Security help restrict the traffic allowed into and out of specified ports or interfaces in the system in order to increase overall security and block MAC address flooding issues
• DHCP Snooping monitors DHCP traffic between DHCP clients and DHCP servers to filter harmful DHCP message and builds a bindings database of (MAC address, IP address, VLAN ID, port) tuples that are considered authorized in order to prevent DHCP server spoofing attacks
• IP source guard and Dynamic ARP Inspection use the DHCP snooping bindings database per port and per VLAN to drop incoming packets that do not match any binding and to enforce source IP / MAC addresses for malicious users traffic elimination
• Layer 2 / Layer 3-v4 / Layer 3-v6 / Layer 4 Access Control Lists (ACLs) can be binded to ports, Layer 2 interfaces, VLANs and LAGs (Link Aggregation Groups or Port channel) for fast unauthorized data prevention and right granularity
• Bridge protocol data unit (BPDU) Guard allows the network administrator to enforce the Spanning Tree (STP) domain borders and keep the active topology consistent and predictable - unauthorized devices or switches behind the edge ports that have BPDU enabled will not be able to influence the overall STP topology by creating loops
• Spanning Tree Root Guard (STRG) enforces the Layer 2 network topology by preventing rogue root bridges potential issues when for instance, unauthorized or unexpected new equipment in the network may accidentally become a root bridge for a given VLAN
• Dynamic 802.1x VLAN assignment mode, including Dynamic VLAN creation mode and Guest VLAN / Unauthenticated VLAN are supported for rigorous user and equipment RADIUS policy server enforcement
  • Up to 48 clients (802.1x) per port are supported, including the authentication of the users domain, in order to facilitate convergent deployments: for instance when IP phones connect PCs on their bridge, IP phones and PCs can authenticate on the same switch port but under different VLAN assignment policies (Voice VLAN versus data VLAN)
• 802.1x MAC Address Authentication Bypass (MAB) is a
  • A list of authorized MAC addresses of client NICs is maintained on the RADIUS server for MAB purpose
  • MAB can be configured on a per-port basis on the switch
  • MAB initiates only after the dot1x authentication process times out, and only when clients don't respond to any of the EAPOL packets sent by the switch
  • When 802.1X unaware clients try to connect, the switch sends the MAC address of each client to the authentication server
  • The RADIUS server checks the MAC address of the client NIC against the list of authorized addresses
  • The RADIUS server returns the access policy and VLAN assignment to the switch for each client
• Double VLANs (DVLAN - QoQ) pass traffic from one customer domain to another through the "metro core" in a multi-tenancy environment: customer VLAN IDs are preserved and a service provider VLAN ID is added to the traffic so the traffic can pass the metro core in a simple, secure manner
• Private VLANs (with Primary VLAN, Isolated VLAN, Community VLAN, Promiscuous port, Host port, Trunks) provide Layer 2 isolation between ports that share the same broadcast domain, allowing a VLAN broadcast domain to be partitioned into smaller point-to-multipoint subdomains accross switches in the same Layer 2 network
  • Private VLANs are useful in DMZ when servers are not supposed to communicate with each other but need to communicate with a router; they remove the need for more complex port-based VLANs with respective IP interface/subnets and associated L3 routing
  • Another Private VLANs typical application are carrier-class deployments when users shouldn't see, snoop or attack other users' traffic
• Secure Shell (SSH) and SNMPv3 (with or without MD5 or SHA authentication) ensure SNMP and Telnet sessions are secured
• TACACS+ and RADIUS enhanced administrator management provides strict "Login" and "Enable" authentication enforcement for the switch configuration, based on latest industry standards: exec authorization using TACACS+ or RADIUS; command authorization using TACACS+ and RADIUS Server; user exec accounting for HTTP and HTTPS using TACACS+ or RADIUS; and authentication based on user domain in addition to user ID and password

Superior quality of service:

• Advanced classifier-based hardware implementation for Layer 2 (MAC), Layer 3 (IP) and Layer 4 (UDP/TCP transport ports) prioritization
• 8 queues for priorities and various QoS policies based on 802.1p (CoS) and DiffServ can be applied to interfaces and VLANs
• Advanced rate limiting down to 1 Kbps granularity and mininum-guaranteed bandwidth can be associated with ACLs for best granularity
• Automatic Voice over IP prioritization with Auto-VoIP

Flow Control:

• 802.3x Flow Control implementation per IEEE 802.3 Annex 31 B specifications with Symmetric flow control, Asymmetric flow control or No flow control
  • Asymmetric flow control allows the switch to respond to received PAUSE frames, but the ports cannot generate PAUSE frames
  • Symmetric flow control allows the switch to both respond to, and generate MAC control PAUSE frames
• Allows traffic from one device to be throttled for a specified period of time: a device that wishes to inhibit transmission of data frames from another device on the LAN transmits a PAUSE frame

Product Specs:

Physical interfaces
Front	Auto-sensing RJ45 10/100	Auto-sensing RJ45 10/100/1000	Auto-sensing SFP ports 100/1000Base-X	Console port (selectable)	Storage Port
M4100-D10-POE	8	2	2 (shared)	-	1 x USB Firmware, Configuration Files
M4100-50-POE	24	2	2 (shared)	-
M4100-26-POE	48	2	2 (shared)	-
M4100-D12G	-	12	2 (shared)	-
M4100-D12G-POE+	-	12	4 (shared)	Mini-USB
M4100-12GF	-	12	12 (shared)	Mini-USB
M4100-12G-POE+	-	12	4 (shared)	Mini-USB
M4100-26G	-	26	4 (shared)	-
M4100-50G	-	50	4 (shared)	-
M4100-26G-POE	-	26	4 (shared)	-
M4100-24G-POE+	-	24	4 (shared)	Mini-USB
M4100-50G-POE+	-	50	4 (shared)	-
Rear	Power Supply	RPS/EPS connector	Console port (selectable)
M4100-D10-POE	External	-	Serial RS232 DB9, Mini-USB
M4100-26-POE	Fixed, internal	1	Serial RS232 DB9, Mini-USB
M4100-50-POE	Fixed, internal	1	Serial RS232 DB9, Mini-USB
M4100-D12G	External	-	Serial RS232 DB9, Mini-USB
M4100-D12G-POE+	Fixed, internal	-	Serial RS232 DB9
M4100-12GF	Fixed, internal	1	Serial RS232 DB9
M4100-12G-POE+	Fixed, internal	1	Serial RS232 DB9
M4100-26G	Fixed, internal	1	Serial RS232 DB9, Mini-USB
M4100-50G	Fixed, internal	1	Serial RS232 DB9, Mini-USB
M4100-26G-POE	Fixed, internal	1	Serial RS232 DB9, Mini-USB
M4100-24G-POE+	Fixed, internal	1	Serial RS232 DB9
M4100-50G-POE+	Fixed, internal	1	Serial RS232 DB9, Mini-USB
Total Port Count	Fast Ethernet	Gigabit
M4100-D10-POE	8 ports total	2 ports total
M4100-26-POE	24 ports total	2 ports total
M4100-50-POE	48 ports total	2 ports total
M4100-D12G	-	12 ports total
M4100-D12G-POE+	-	12 ports total
M4100-12GF	-	12 ports total
M4100-12G-POE+	-	12 ports total
M4100-26G	-	26 ports total
M4100-50G	-	50 ports total
M4100-26G-POE	-	26 ports total
M4100-24G-POE+	-	24 ports total
M4100-50G-POE+	-	50 ports total

Documentation:

Download the NETGEAR M4100 Data Sheet (PDF).

Download the NETGEAR M4100 Product Brief (PDF).

Download the NETGEAR M4100 Brochure (PDF).