Netgear ProSafe M4100-24G-POE+ Ethernet Switch
Unbeatable combination of performance, security and convergence
Sorry, this product is no longer available, replaced by the GSM4328PA-100NES.
Overview:
The NETGEAR® Intelligent Edge M4100 series consists of 12 fully managed switches, ranging from 8-port Fast Ethernet to 50-port Gigabit Ethernet.
They are ideal for all organizations considering reliable, affordable and simple access layer switching with CLI, advanced scripting capabilities and Layer 3 routing.
As a cost-effective component of converged voice, video and data networking solutions, NETGEAR M4100 series delivers a secure edge in commercial buildings and campus LAN environments: PoE (802.3af) and PoE+ (802.3at) versions of M4100 series are perfect for Wireless access points, IP telephony and IP surveillance deployments.
Layer 2+ with static routing- M4100 series comes with Port-based / VLAN-based / Subnet-based "static routing" Layer 2+ versions
- L3 fixed routes to the next hop towards the destination network are added to the routing table
- L3 routing is wire-speed in M4100 series hardware with 64 static routes (IPv4)
- Automatic multi-vendor Voice over IP prioritization based on SIP, H323 and SCCP protocol
- Voice VLAN and LLDP-MED for automatic IP phones QoS and VLAN configuration
- Advanced classifier-based hardware for L2, L3, L4 security and prioritization
- Advanced Multicast filtering with IGMP and MLD snooping and querier modes
- 16K MAC addresses; up to 100Gbps switching fabric; 9K jumbo frames; Green Ethernet
- IPv4/IPv6 ingress traffic filtering (ACLs) and prioritization (QoS - DiffServ)
- Redundant power supply option for uninterruptible operation (RPS)
- External power supply option for PoE and PoE+ full power applications (EPS up to 1,440W)
- Industry standard command line interface (CLI)
- Fully functional NETGEAR web interface (GUI)
- NETGEAR M4100 series is backed by NETGEAR ProSafe Lifetime Hardware Warranty†
- Also included ProSupport Lifetime 24x7 Advanced Technical Support*
- Also included 3-Year Next Business Day Onsite Hardware Replacement**
† Lifetime warranty for product purchased after 05/01/2007. For product purchased before 05/01/2007, warranty is 5 years.
* 24x7 Lifetime Advanced Technical Support includes Remote Diagnostics performed by our technical experts for prompt resolution of technical issues.
** 3-year Next business day onsite hardware replacement support included.
At a Glance:
Hardware at a glance | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
Front | Rear | |||||||||
Model name | Form-Factor | 10/100 Base-T RJ45 ports |
10/100/ 1000 Base-T RJ45 ports |
100/1000X Fiber SFP ports |
PoE 802.3af PoE+ 802.3at |
Power Supply / Powered by PoE |
RPS (connector) |
PoE budget (PSU / Passthrough) |
PoE budget (with EPS) |
Model number |
M4100-D10-POE | Desktop | 8 | 2 | 2 (shared) | 8 PoE 802.3af | External / No | - | 66W | - | FSM5210P |
M4100-26-POE | Rackmount | 24 | 2 | 2 (shared) | 24 PoE 802.3af | Internal / No | 1 (RPS) | 380W | - | FSM7226P |
M4100-50-POE | Rackmount | 48 | 2 | 2 (shared) | 48 PoE 802.3af | Internal / No | 1 (RPS or EPS) | 380W | Up to 740W (EPS) | FSM7250P |
M4100-D12G | Desktop | - | 12 | 2 (shared) | - | External / Yes | PD mode | - | - | GSM5212 |
M4100-D12G-POE+ | Desktop | - | 12 | 4 (shared) | 10 PoE+ 802.3at | Internal / Yes | PD mode | 120W / 25W | - | GSM5212P v1h2 |
M4100-12GF | Rackmount | - | 12 | 12 (shared) | 4 PoE+ 802.3at | Internal / No | 1 (RPS) | 150W | - | GSM7212F v1h2 |
M4100-12G-POE+ | Rackmount | - | 12 | 4 (shared) | 12 PoE+ 802.3at | Internal / No | 1 (RPS) | 380W | - | GSM7212P v1h2 |
M4100-26G | Rackmount | - | 26 | 4 (shared) | - | Internal / No | 1 (RPS) | - | - | GSM7224 v2h2 |
M4100-50G | Rackmount | - | 50 | 4 (shared) | - | Internal / No | 1 (RPS) | - | - | GSM7248 v2h2 |
M4100-26G-POE | Rackmount | - | 26 | 4 (shared) | 24 PoE 802.3af | Internal / No | 1 (RPS or EPS) | 192W | Up to 380W (EPS) | GSM7226LP |
M4100-24G-POE+ | Rackmount | - | 24 | 4 (shared) | 24 PoE+ 802.3at | Internal / No | 1 (RPS or EPS) | 380W | Up to 720W (EPS) | GSM7224P v1h2 |
M4100-50G-POE+ | Rackmount | - | 50 | 4 (shared) | 48 PoE+ 802.3at | Internal / No | 1 (RPS or EPS) | 380W | Up to 1,440W (EPS) | GSM7248P |
Storage (image, config) | ||||||||||
1 x USB | ||||||||||
Management console | ||||||||||
1 x RS232 DB9, 1 x Mini-USB (selectable) |
M4100-D10-POE is a desktop 8 x 100Base-T PoE version, Layer 2+
|
M4100-26-POE is a 24 x 100Base-T PoE version, Layer 2+
|
M4100-50-POE is a 48 x 100Base-T PoE version, Layer 2+
|
M4100-D12G is a desktop 12 x 1000Base-T version, Layer 2+
|
M4100-12GF is a 12 x SFP version for aggregation, Layer 2+
|
M4100-12G-POE+ is a 12 x 1000Base-T PoE+ version, Layer 2+
|
M4100-D12G-POE+ is a desktop 12 x 1000Base-T version, Layer 2+
|
M4100-26G is a 26 x 1000Base-T version, Layer 2+
|
M4100-50G is a 50 x 1000Base-T version, Layer 2+
|
M4100-26G-POE is a 24 x 1000Base-T PoE version, Layer 2+
|
M4100-24G-POE+ is a 24 x 1000Base-T PoE+ version, Layer 2
|
M4100-50G-POE+ is a 48 x 1000Base-T PoE+ version, Layer 2+
|
Software at a glance | |||||||||
---|---|---|---|---|---|---|---|---|---|
LAYER 2+ PACKAGE | |||||||||
Model name | Management | Pv4 / IPv6 ACL and QoS, DiffServ |
IPv4 / IPv6 Multicast filtering |
Auto-VoIP | Green Ethernet |
VLANs | Convergence | IPv4 Unicast Static Routing |
Model number |
M4100 series (all models) |
Web GUI: HTTPs; CLI: Telnet, SSH; SNMP |
IGMP and MLD Snooping, Querier mode, MVR |
L2, L3, L4, ingress 1 Kbps |
IGMP and MLD Snooping, IGMP and MLD Querier, MVR |
Yes | EEE (802.3az) or Energy Detect Mode | Static, Dynamic, Voice, MAC, Subnet, Protocol-based, QoQ, Private VLANs |
LLDP-MED, RADIUS, 802.1X, timer |
(all models) |
Performance at a Glance | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
TABLE SIZE | ||||||||||
Model name | Packet buffer | CPU | ACLs | MAC address table ARP/NDP table VLANs DHCP server |
Fabric | Latency | Static Routes IP interfaces |
Multicast IGMP Group membership |
Sflow | Model number |
M4100 series (all models) |
12 Mb | 600Mhz 128M RAM 32M Flash |
50 ACLs 512 rules (ingress) |
16K MAC 512 ARP/NDP VLANs: 1K DHCP: 16 pools 1,024 max leases |
Up to 100Gbps all models line-rate |
1G <3.91 µs 100M <10.194 µs |
64 static routes 64 IP interfaces IPv4 |
1K | 32 samplers 52 pollers 8 receivers |
(all models) |
Highlights:
Layer 3 hardware with L2+ software affordability:
- M4100 series models are built upon L3 hardware platform while Layer 2+ software package allows for better budget optimization
- M4100 series uses latest generation silicon low-power 40-nanometer technology
- M4100 series L2 and L3 switching features (access control list, classification, filtering, IPv4 routing) are performed in hardware at interface line rate for voice, video, and data convergence
- M4100 series Layer 2+ software package provides straight forward IP static routing capabilities for physical interfaces, VLANs and subnets:
- Fast Ethernet 802.3af PoE: M4100-D10-POE (8 ports desktop); M4100-26-POE (24 ports); M4100-50-POE (48 ports)
- Gigabit: M4100-D12G (12 ports desktop); M4100-12GF (12 ports Fiber); M4100-26G (26 ports); M4100-50G (50 ports)
- Gigabit 802.3af PoE: M4100-26G-POE (24 ports)
- Gigabit 802.3at PoE+: M4100-D12G-POE+ (12 ports desktop); M4100-12G-POE+ (12 ports); M4100-24G-POE+ (24 ports); M4100-50G-POE+ (48 ports)
- At the edge of campus networks or in the server room, static routes are often preferred for simplicity (L3 fixed routes to the next hop towards the destination network are manually added to the routing table), without any impact on performance because L3 routing is wire-speed in M4100 series hardware
- 16K MAC address table, 1K concurrent VLANs and 64 static routes for SMB and small enterprise access layers
- 80 PLUS certified power supplies for energy high efficiency
- Green Ethernet with Energy Efficient Ethernet (EEE) defined by IEEE 802.3az Energy Efficient Ethernet Task Force
- M4100-D12G; M4100-26G; M4100-50G; M4100-26G-POE; M4100-50G-POE+
- Green Ethernet with Energy Detect Mode (unused ports automatic power off)
- M4100-D10-POE; M4100-26-POE; M4100-50-POE; M4100-D12G-POE+; M4100-12GF; M4100-12G-POE+; M4100-24G-POE+
- Increased packet buffering with up to 12 Mb dynamically shared accross all interfaces for most intensive applications
- Low latency at all network speeds
- Jumbo frames support of up to 9Kb accelerating storage performance for backup and cloud applications
- Placement outside the wiring closet (conference rooms, offices, class rooms, sales floor in retail stores, etc...)
- For secure deployment in open areas , desktop versions come with a Wall Mount Kit with four brackets
- M4100-D10-POE (FSM5210P)
- M4100-D12G (GSM5212)
- M4100-D12G-POE+ (GSM5212P)
- As an option, a Rack Mount Kit is orderable (420-10043-01)
-
Installing M4100 desktop series on a Wall
- Select desktop versions also come with a set of strong magnets for mounting on any metal surface
- M4100-D10-POE (FSM5210P)
- M4100-D12G (GSM5212)
-
Installing M4100 desktop series using Magnets
- Automatic configuration with DHCP and BootP Auto Install eases large deployments with a scalable configuration files management capability, mapping IP addresses and host names and providing individual configuration files to multiple switches as soon as they are initialized on the network
- Both the Switch Serial Number and Switch primary MAC address are reported by a simple "show" command in the CLI - facilitating discovery and remote configuration operations
- Automatic Voice over IP prioritization with Auto-VoIP simplifies most complex multi-vendor IP telephones deployments either based on protocols (SIP, H323 and SCCP) or on OUI bytes (default database and user-based OUIs) in the phone source MAC address; providing the best class of service to VoIP streams (both data and signaling) over other ordinary traffic by classifying traffic, and enabling correct egress queue configuration
- An associated Voice VLAN can be easily configured with Auto-VoIP for further traffic isolation
- When deployed IP phones are LLDP-MED compliant, the Voice VLAN will use LLDP-MED to pass on the VLAN ID, 802.1P priority and DSCP values to the IP phones, accelerating convergent deployments
- IEEE 802.3af Power over Ethernet (PoE) provides up to 15.4W per port (M4100-D10-POE; M4100-26-POE; M4100-50-POE; M4100-26G-POE)
- IEEE 802.3at Power over Ethernet Plus (PoE+) provides up to 30W per port (M4100-D12G-POE+; M4100-12G-POE+; M4100-24G-POE+; M4100-50G-POE+)
- Desktop versions can be powered by upstream PoE+ switch using their Port-1 (PD, PoE+ 30W): M4100-D12G and M4100-D12G-POE+
- M4100-D12G-POE+ can even redistribute PoE power from the upstream PoE+ switch to VoIP phones or other devices in meeting rooms, retail sales floors or other challenging environments without outlet
- Both IEEE 802.3at Layer 2 LLDP method and 802.3at 2-event classification methods are supported for compatibility with all PoE+ PD devices
- Automatic MDIX and Auto-negotiation on all ports select the right transmission modes (half or full duplex) as well as data transmission for crossover or straight-through cables dynamically for the admin
- 100Mbps backward compatiblity on all SFP ports
- IPv6 support with multicasting (MLD for IPv6 filtering), ACLs and QoS
- Rapid Spanning Tree (RSTP) and Multiple Spanning Tree (MSTP) allow for rapid transitionning of the ports to the Forwarding state and the suppression of Topology Change Notification
- IP address conflict detection performed by the embedded DHCP server prevents accidental IP address duplicates from perturbing the overall network stability
- Power redundancy for higher availability when mission critical, including hot-swap PSUs and Fans
- Dual firmware image and dual configuration file for transparent firmware updates / configuration changes with minimum service interruption
- Flexible Port-Channel / LAG (802.3ad) implementation for maximum compatibility, fault tolerance and load sharing with any type of Ethernet channeling from other vendors switch, server or storage devices conforming to IEEE 802.3ad - including static (selectable hashing algorithms) or dynamic LAGs (highly tunable LACP Link Aggregation Control Protocol)
- Port names feature allows for descriptive names on all interfaces and better clarity in real word admin daily tasks
- Loopback interfaces management for routing protocols administration
- Private VLANs and local Proxy ARP help reduce broadcast with added security
- Management VLAN ID is user selectable for best convenience
- Industry-standard VLAN management in the command line interface (CLI) for all common operations such as VLAN creation; VLAN names; VLAN "make static" for dynamically created VLAN by GRVP registration; VLAN trunking; VLAN participation as well as VLAN ID (PVID) and VLAN tagging for one interface, a group of interfaces or all interfaces at once
- System defaults automatically set per-port broadcast, multicast, and unicast storm control for typical, robust protection against DoS attacks and faulty clients which can, with BYOD , often create network and performance issues
- IP Telephony administration is simplified with consistent Voice VLAN capabilities per the industry standards and automatic functions associated
- Comprehensive set of "system utilities " and "Clear" commands help troubleshoot connectivity issues and restore various configurations to their factory defaults for maximum admin efficiency: traceroute (to discover the routes that packets actually take when traveling on a hop-by-hop basis and with a synchronous response when initiated from the CLI), clear dynamically learned MAC addresses, counters, IGMP snooping table entries from the Multicast forwarding database etc...
- All major centralized software distribution platforms are supported for central software upgrades and configuration files management (HTTP , TFTP), including in highly secured versions (HTTPS , SFTP , SCP)
- Simple Network Time Protocol (SNTP) can be used to synchronize network resources and for adaptation of NTP, and can provide synchronized network timestamp either in broadcast or unicast mode (SNTP client implemented over UDP - port 123)
- EmbeddedRMON (4 groups) and sFlow agents permit external network traffic analysis
- Audio (Voice over IP) and Video (multicasting) comprehensive switching, filtering, routing and prioritization
- Auto-VoIP, Voice VLAN and LLDP-MED support for IP phones QoS and VLAN configuration
- IGMP Snooping for IPv4, MLD Snooping for IPv6 and Querier mode facilitate fast receivers joins and leaves for multicast streams and ensure multicast traffic only reaches interested receivers without the need of a Multicast router
- Multicast VLAN Registration (MVR) uses a dedicated Multicast VLAN to forward multicast streams and avoid duplication for clients in different VLANs
- Schedule enablement
- Traffic control MAC Filter and Port Security help restrict the traffic allowed into and out of specified ports or interfaces in the system in order to increase overall security and block MAC address flooding issues
- DHCP Snooping monitors DHCP traffic between DHCP clients and DHCP servers to filter harmful DHCP message and builds a bindings database of (MAC address, IP address, VLAN ID, port) tuples that are considered authorized in order to prevent DHCP server spoofing attacks
- IP source guard and Dynamic ARP Inspection use the DHCP snooping bindings database per port and per VLAN to drop incoming packets that do not match any binding and to enforce source IP / MAC addresses for malicious users traffic elimination
- Layer 2 / Layer 3-v4 / Layer 3-v6 / Layer 4 Access Control Lists (ACLs) can be binded to ports, Layer 2 interfaces, VLANs and LAGs (Link Aggregation Groups or Port channel) for fast unauthorized data prevention and right granularity
- Bridge protocol data unit (BPDU) Guard allows the network administrator to enforce the Spanning Tree (STP) domain borders and keep the active topology consistent and predictable - unauthorized devices or switches behind the edge ports that have BPDU enabled will not be able to influence the overall STP topology by creating loops
- Spanning Tree Root Guard (STRG) enforces the Layer 2 network topology by preventing rogue root bridges potential issues when for instance, unauthorized or unexpected new equipment in the network may accidentally become a root bridge for a given VLAN
- Dynamic 802.1x VLAN assignment mode, including Dynamic VLAN creation mode and Guest VLAN / Unauthenticated VLAN are supported for rigorous user and equipment RADIUS policy server enforcement
- Up to 48 clients (802.1x) per port are supported, including the authentication of the users domain, in order to facilitate convergent deployments: for instance when IP phones connect PCs on their bridge, IP phones and PCs can authenticate on the same switch port but under different VLAN assignment policies (Voice VLAN versus data VLAN)
- 802.1x MAC Address Authentication Bypass (MAB) is a
- A list of authorized MAC addresses of client NICs is maintained on the RADIUS server for MAB purpose
- MAB can be configured on a per-port basis on the switch
- MAB initiates only after the dot1x authentication process times out, and only when clients don't respond to any of the EAPOL packets sent by the switch
- When 802.1X unaware clients try to connect, the switch sends the MAC address of each client to the authentication server
- The RADIUS server checks the MAC address of the client NIC against the list of authorized addresses
- The RADIUS server returns the access policy and VLAN assignment to the switch for each client
- Double VLANs (DVLAN - QoQ) pass traffic from one customer domain to another through the "metro core" in a multi-tenancy environment: customer VLAN IDs are preserved and a service provider VLAN ID is added to the traffic so the traffic can pass the metro core in a simple, secure manner
- Private VLANs (with Primary VLAN, Isolated VLAN, Community VLAN, Promiscuous port, Host port, Trunks) provide Layer 2 isolation between ports that share the same broadcast domain, allowing a VLAN broadcast domain to be partitioned into smaller point-to-multipoint subdomains accross switches in the same Layer 2 network
- Private VLANs are useful in DMZ when servers are not supposed to communicate with each other but need to communicate with a router; they remove the need for more complex port-based VLANs with respective IP interface/subnets and associated L3 routing
- Another Private VLANs typical application are carrier-class deployments when users shouldn't see, snoop or attack other users' traffic
- Secure Shell (SSH) and SNMPv3 (with or without MD5 or SHA authentication) ensure SNMP and Telnet sessions are secured
- TACACS+ and RADIUS enhanced administrator management provides strict "Login" and "Enable" authentication enforcement for the switch configuration, based on latest industry standards: exec authorization using TACACS+ or RADIUS; command authorization using TACACS+ and RADIUS Server; user exec accounting for HTTP and HTTPS using TACACS+ or RADIUS; and authentication based on user domain in addition to user ID and password
- Advanced classifier-based hardware implementation for Layer 2 (MAC), Layer 3 (IP) and Layer 4 (UDP/TCP transport ports) prioritization
- 8 queues for priorities and various QoS policies based on 802.1p (CoS) and DiffServ can be applied to interfaces and VLANs
- Advanced rate limiting down to 1 Kbps granularity and mininum-guaranteed bandwidth can be associated with ACLs for best granularity
- Automatic Voice over IP prioritization with Auto-VoIP
- 802.3x Flow Control implementation per IEEE 802.3 Annex 31 B specifications with Symmetric flow control, Asymmetric flow control or No flow control
- Asymmetric flow control allows the switch to respond to received PAUSE frames, but the ports cannot generate PAUSE frames
- Symmetric flow control allows the switch to both respond to, and generate MAC control PAUSE frames
- Allows traffic from one device to be throttled for a specified period of time: a device that wishes to inhibit transmission of data frames from another device on the LAN transmits a PAUSE frame
Product Specs:
Physical interfaces | |||||
---|---|---|---|---|---|
Front | Auto-sensing RJ45 10/100 | Auto-sensing RJ45 10/100/1000 | Auto-sensing SFP ports 100/1000Base-X | Console port (selectable) | Storage Port |
M4100-D10-POE | 8 | 2 | 2 (shared) | - | 1 x USB Firmware, Configuration Files |
M4100-50-POE | 24 | 2 | 2 (shared) | - | |
M4100-26-POE | 48 | 2 | 2 (shared) | - | |
M4100-D12G | - | 12 | 2 (shared) | - | |
M4100-D12G-POE+ | - | 12 | 4 (shared) | Mini-USB | |
M4100-12GF | - | 12 | 12 (shared) | Mini-USB | |
M4100-12G-POE+ | - | 12 | 4 (shared) | Mini-USB | |
M4100-26G | - | 26 | 4 (shared) | - | |
M4100-50G | - | 50 | 4 (shared) | - | |
M4100-26G-POE | - | 26 | 4 (shared) | - | |
M4100-24G-POE+ | - | 24 | 4 (shared) | Mini-USB | |
M4100-50G-POE+ | - | 50 | 4 (shared) | - | |
Rear | Power Supply | RPS/EPS connector | Console port (selectable) | ||
M4100-D10-POE | External | - | Serial RS232 DB9, Mini-USB | ||
M4100-26-POE | Fixed, internal | 1 | Serial RS232 DB9, Mini-USB | ||
M4100-50-POE | Fixed, internal | 1 | Serial RS232 DB9, Mini-USB | ||
M4100-D12G | External | - | Serial RS232 DB9, Mini-USB | ||
M4100-D12G-POE+ | Fixed, internal | - | Serial RS232 DB9 | ||
M4100-12GF | Fixed, internal | 1 | Serial RS232 DB9 | ||
M4100-12G-POE+ | Fixed, internal | 1 | Serial RS232 DB9 | ||
M4100-26G | Fixed, internal | 1 | Serial RS232 DB9, Mini-USB | ||
M4100-50G | Fixed, internal | 1 | Serial RS232 DB9, Mini-USB | ||
M4100-26G-POE | Fixed, internal | 1 | Serial RS232 DB9, Mini-USB | ||
M4100-24G-POE+ | Fixed, internal | 1 | Serial RS232 DB9 | ||
M4100-50G-POE+ | Fixed, internal | 1 | Serial RS232 DB9, Mini-USB | ||
Total Port Count | Fast Ethernet | Gigabit | |||
M4100-D10-POE | 8 ports total | 2 ports total | |||
M4100-26-POE | 24 ports total | 2 ports total | |||
M4100-50-POE | 48 ports total | 2 ports total | |||
M4100-D12G | - | 12 ports total | |||
M4100-D12G-POE+ | - | 12 ports total | |||
M4100-12GF | - | 12 ports total | |||
M4100-12G-POE+ | - | 12 ports total | |||
M4100-26G | - | 26 ports total | |||
M4100-50G | - | 50 ports total | |||
M4100-26G-POE | - | 26 ports total | |||
M4100-24G-POE+ | - | 24 ports total | |||
M4100-50G-POE+ | - | 50 ports total |
Documentation:
Download the NETGEAR M4100 Data Sheet (PDF).
Download the NETGEAR M4100 Product Brief (PDF).
Download the NETGEAR M4100 Brochure (PDF).