Netgear M4500-48XF8C Administration Manual
M4500 Intelligent Fully Managed Switches
Software Version 7.0.0
Model M4500-32C
Model M4500-48XF8C
July 2020
202-12039-02
NETGEAR, Inc.
350 E. Plumeria Drive
San Jose, CA 95134, USA
Publication Part
Publish Date
Comments
202-12039-02
July 2020
We added the PTP End-to-End Transparent Clock feature.
202-12039-01
September 2019
First publication.
Support and Community
Visit netgear.com/support to get your questions answered and access the latest downloads.
You can also check out our NETGEAR Community for helpful advice at community.netgear.com.
Regulatory and Legal
Si ce produit est vendu au Canada, vous pouvez accéder à ce document en français canadien à
https://www.netgear.com/support/download/.
(If this product is sold in Canada, you can access this document in Canadian French at
https://www.netgear.com/support/download/.)
For regulatory compliance information including the EU Declaration of Conformity, visit
https://www.netgear.com/about/regulatory/.
See the regulatory compliance document before connecting the power supply.
For NETGEAR’s Privacy Policy, visit https://www.netgear.com/about/privacy-policy.
By using this device, you are agreeing to NETGEAR’s Terms and Conditions at
https://www.netgear.com/about/terms-and-conditions. If you do not agree, return the device to your
place of purchase within your return period.
Trademarks
© NETGEAR, Inc., NETGEAR, and the NETGEAR Logo are trademarks of NETGEAR, Inc. Any non-NETGEAR
trademarks are used for reference purposes only.
Revision History
Number
NETGEAR M4500 Series Switches Software Administration Manual 2
Contents
1. Supported Features on the M4500 Series Switches .................... 12
1.1. Switching Features Introduction ................................................................................... 12
1.1.1. VLAN Support ................................................................................................................................................ 12
1.1.2. Double VLANs ................................................................................................................................................ 12
1.1.3. Switching Modes ........................................................................................................................................... 12
1.1.4. Spanning Tree Protocols (STP) ...................................................................................................................... 12
1.1.5. Rapid Spanning Tree ..................................................................................................................................... 12
1.1.6. Multiple Spanning Tree ................................................................................................................................. 13
1.1.7. Bridge Protocol Data Unit (BPDU) Guard ...................................................................................................... 13
1.1.8. Port-channel .................................................................................................................................................. 13
1.1.9. Link Aggregate Control Protocol (LACP) ........................................................................................................ 13
1.1.10. Multi Chassis Link Aggregation Group (MLAG) ............................................................................................. 13
1.1.11. Flow Control Support (IEEE 802.3x) .............................................................................................................. 13
1.1.12. Asymmetric Flow Control .............................................................................................................................. 14
1.1.13. Alternate Store and Forward (ASF) ............................................................................................................... 14
1.1.14. Jumbo Frames Support ................................................................................................................................. 14
1.1.15. Auto-MDI/MDIX Support .............................................................................................................................. 14
1.1.16. Unidirectional Link Detection (UDLD) ........................................................................................................... 14
1.1.17. Expandable Port Configuration ..................................................................................................................... 14
1.1.18. VLAN-aware MAC-based Switching .............................................................................................................. 15
1.1.19. Back Pressure Support .................................................................................................................................. 15
1.1.20. Auto Negotiation ........................................................................................................................................... 15
1.1.21. Storm Control ................................................................................................................................................ 15
1.1.22. Port Mirroring ............................................................................................................................................... 15
1.1.23. sFlow ............................................................................................................................................................. 16
1.1.24. Static and Dynamic MAC Address Tables ...................................................................................................... 16
1.1.25. Link Layer Discovery Protocol (LLDP) ............................................................................................................ 16
1.1.26. Link Layer Discovery Protocol (LLDP) for Media Endpoint Device ................................................................ 16
1.1.27. DHCP Layer 2 Relay ....................................................................................................................................... 16
1.1.28. MAC Multicast Support ................................................................................................................................. 16
1.1.29. IGMP Snooping ............................................................................................................................................. 17
1.1.30. SDVoE ............................................................................................................................................................ 17
1.1.31. Source Specific Multicasting (SSM) ............................................................................................................... 17
1.1.32. Control Packet Flooding ................................................................................................................................ 17
NETGEAR M4500 Series Switches Software Administration Manual 3
1.1.33.
Flooding to mRouter Ports ............................................................................................................................ 17
1.1.34. IGMP Snooping Querier ................................................................................................................................ 17
1.1.35. Management and Control Plane ACLs .......................................................................................................... 18
1.1.36. Remote Switched Port Analyzer (RSPAN) ..................................................................................................... 18
1.1.37. Link Dependency ........................................................................................................................................... 18
1.1.38. IPv6 Router Advertisement Guard ................................................................................................................ 18
1.1.39. FIP Snooping .................................................................................................................................................. 19
1.1.40. ECN Support .................................................................................................................................................. 19
1.2. Security Features .......................................................................................................... 20
1.2.1. Configurable Access and Authentication Profiles ......................................................................................... 20
1.2.2. AAA Command Authorization ....................................................................................................................... 20
1.2.3. Password-protected Management Access .................................................................................................... 20
1.2.4. Strong Password Enforcement ...................................................................................................................... 20
1.2.5. MAC-based Port Security .............................................................................................................................. 20
1.2.6. RADIUS Client ................................................................................................................................................ 20
1.2.7. TACACS+ Client .............................................................................................................................................. 20
1.2.8. Dot1x Authentication (IEEE 802.1X) .............................................................................................................. 21
1.2.9. MAC Authentication Bypass .......................................................................................................................... 21
1.2.10. DHCP Snooping ............................................................................................................................................. 21
1.2.11. DHCPv6 Snooping .......................................................................................................................................... 21
1.2.12. Dynamic ARP Inspection ............................................................................................................................... 22
1.2.13. IP Source Address Guard ............................................................................................................................... 22
1.3. Quality of Service Features ........................................................................................... 22
1.3.1. Access Control Lists (ACL) ............................................................................................................................. 22
1.3.2. ACL Remarks ................................................................................................................................................. 22
1.3.3. ACL Rule Priority............................................................................................................................................ 22
1.3.4. Differentiated Service (DIffServ) ................................................................................................................... 23
1.3.5. Class of Service (CoS) .................................................................................................................................... 23
1.4. Management Features .................................................................................................. 23
1.4.1. Management Options ................................................................................................................................... 23
1.4.2. Management of Basic Network Information ................................................................................................ 23
1.4.3. File Management .......................................................................................................................................... 23
1.4.4. Malicious Code Detection ............................................................................................................................. 24
1.4.5. Automatic Installation of Firmware and Configuration ................................................................................ 24
1.4.6. Warm Reboot ................................................................................................................................................ 24
1.4.7. SNMP Alarms and Trap Logs ......................................................................................................................... 24
NETGEAR M4500 Series Switches Software Administration Manual 4
1.4.8.
Remote Monitoring (RMON) ......................................................................................................................... 24
1.4.9. Statistics Application ..................................................................................................................................... 24
1.4.10. Log Messages ................................................................................................................................................ 25
1.4.11. System Time Management ........................................................................................................................... 25
1.4.12. Source IP Address Configuration ................................................................................................................... 25
1.4.13. Multiple Linux Routing Tables ....................................................................................................................... 25
1.4.14. Open Network Install Environment Support ................................................................................................. 25
1.4.15. Interface Error Disable and Auto Recovery ................................................................................................... 25
1.4.16. CLI Scheduler ................................................................................................................................................. 26
1.5. Routing Features ........................................................................................................... 26
1.5.1. IP Unnumbered ............................................................................................................................................. 26
1.5.2. Open Shortest Path First (OSPF) ................................................................................................................... 26
1.5.3. Border Gateway Protocol (BGP) .................................................................................................................... 26
1.5.4. VLAN Routing ................................................................................................................................................ 27
1.5.5. IP Configuration ............................................................................................................................................ 27
1.5.6. Address Resolution Protocol (ARP) Table Management ............................................................................... 28
1.5.7. BOOTP/DHCP Relay Agent ............................................................................................................................ 28
1.5.8. IP Helper and UDP Relay ............................................................................................................................... 28
1.5.9. Routing Table ................................................................................................................................................ 28
1.5.10. Virtual Router Redundancy Protocol (VRRP) ................................................................................................ 28
1.5.11. Algorithmic Longest Prefix Match (ALPM) .................................................................................................... 28
1.5.12. Bidirectional Forwarding Detection .............................................................................................................. 28
1.5.13. VRF Lite Operation and Configuration .......................................................................................................... 29
1.6. Layer 3 Multicast Features ............................................................................................ 29
1.6.1. Internet Group Management Protocol ......................................................................................................... 29
1.6.2. Protocol Independent Multicast ................................................................................................................... 29
1.6.3. MLD/MLDv2 (RFC2710/RFC3810) ................................................................................................................. 30
1.7. Data Center Features .................................................................................................... 30
1.7.1. Priority-Based Flow Control .......................................................................................................................... 30
1.7.2. Data Center Bridging Exchange Protocol ...................................................................................................... 30
1.7.3. CoS Queuing and Enhanced Transmission Selection .................................................................................... 30
1.7.4. VXLAN Gateway ............................................................................................................................................ 30
2. Getting Started .......................................................................... 32
2.1. Accessing the switch Command-Line Interface .............................................................. 32
2.1.1. Connecting to the Switch Console ................................................................................................................ 32
2.1.2. Login User ID and Password .......................................................................................................................... 33
NETGEAR M4500 Series Switches Software Administration Manual 5
2.1.3.
Accessing the Switch CLI through the Network ............................................................................................ 33
2.1.4. Using the Service Port or Management VLAN Interface for Remote Management ..................................... 34
2.1.5. DHCP Option 61 ............................................................................................................................................ 35
2.2. Understanding the User Interfaces................................................................................ 36
2.2.1. Using the Command-Line Interface .............................................................................................................. 37
2.2.2. Using SNMP ................................................................................................................................................... 37
3. Configuring L2 Switching Features .............................................. 43
3.1. Port Configuration ........................................................................................................ 43
3.1.1. 100G Port-mode Command .......................................................................................................................... 43
3.2. Virtual Local Area Networks .......................................................................................... 44
3.2.1. VLAN Tagging ................................................................................................................................................ 45
3.2.2. Double-VLAN Tagging ................................................................................................................................... 46
3.2.3. Default VLAN Behavior .................................................................................................................................. 47
3.2.4. VLAN Configuration Example ........................................................................................................................ 47
3.3. Switchport Modes ......................................................................................................... 51
3.4. Port-channels – Operation and Configuration ............................................................... 53
3.4.1. Static and Dynamic Port-channel .................................................................................................................. 53
3.4.2. Port-channel Hashing .................................................................................................................................... 54
3.4.3. Port-channel Interface Overview .................................................................................................................. 55
3.4.4. Port-channel Interaction with Other Features .............................................................................................. 56
3.4.5. Port-channel Configuration Guidelines ......................................................................................................... 57
3.5. LACP Fallback Configuration .......................................................................................... 60
3.5.1. Configuring Dynamic Port-channels .............................................................................................................. 60
3.5.2. Configuring Static Port-channels ................................................................................................................... 61
3.6. MLAG – Operation and Configuration ........................................................................... 62
3.6.1. Overview ....................................................................................................................................................... 62
3.6.2. Deployment Scenarios .................................................................................................................................. 63
3.6.3. MLAG Fast Failover ....................................................................................................................................... 67
3.6.4. MLAG Configuration ...................................................................................................................................... 67
3.7. Unidirectional Link Detection (UDLD) ............................................................................ 70
3.7.1. UDLD Modes ................................................................................................................................................. 71
3.7.2. UDLD and Port-channel Interfaces ................................................................................................................ 71
3.7.3. Configuring UDLD .......................................................................................................................................... 71
3.8. Port Mirroring ............................................................................................................... 73
3.8.1. Configuring Port Mirroring ............................................................................................................................ 73
NETGEAR M4500 Series Switches Software Administration Manual 6
3.8.2.
Configuring RSPAN ........................................................................................................................................ 74
3.8.3. VLAN-based Mirroring .................................................................................................................................. 76
3.8.4. Flow-based Mirroring .................................................................................................................................... 76
3.9. Spanning Tree Protocol ................................................................................................. 77
3.9.1. Classic STP, Multiple STP, and Rapid STP ...................................................................................................... 77
3.9.2. STP Operation ............................................................................................................................................... 77
3.9.3. MSTP in the Network .................................................................................................................................... 78
3.9.4. Optional STP Features ................................................................................................................................... 81
3.9.5. STP Configuring Examples ............................................................................................................................. 83
3.10. IGMP Snooping ............................................................................................................. 84
3.10.1. IGMP Snooping Querier ................................................................................................................................ 84
3.10.2. Configuring IGMP Snooping .......................................................................................................................... 85
3.10.3. IGMPv3/SSM Snooping ................................................................................................................................. 88
3.11. SDVoE ........................................................................................................................... 88
3.11.1. IGMP & IGMP Snooping Enhancements for IGMP V1 & V2 .......................................................................... 88
3.11.2. SDVoE Configuration Example ...................................................................................................................... 91
3.12. MLD Snooping ............................................................................................................... 93
3.12.1. MLD Snooping Configuration Example ......................................................................................................... 93
3.12.2. MLD Snooping First Leave Configuration Example ....................................................................................... 96
3.12.3. MLD Snooping Querier Configuration Example ............................................................................................ 97
3.13. LLDP and LLDP-MED ...................................................................................................... 98
3.13.1. LLDP and Data Center Application ................................................................................................................ 99
3.13.2. Configuring LLDP ........................................................................................................................................... 99
3.14. sFlow .......................................................................................................................... 101
3.14.1. sFlow Sampling............................................................................................................................................ 102
3.14.2. Configuring sFlow ........................................................................................................................................ 103
3.15. Link Dependency ......................................................................................................... 104
3.16. FIP Snooping ............................................................................................................... 105
3.17. ECN ............................................................................................................................. 109
3.17.1. Enabling ECN in Microsoft Windows ........................................................................................................... 110
3.17.2. Example 1: SLA Example ............................................................................................................................. 110
3.17.3. Example 2: Data Center TCP (DCTCP) Configuration ................................................................................... 113
3.18. Storm Control ............................................................................................................. 114
3.18.1. Storm Control Configuration Example ........................................................................................................ 114
3.19. Jumbo Frames ............................................................................................................. 115
NETGEAR M4500 Series Switches Software Administration Manual 7
3.19.1.
Jumbo Frame Configuration Example ......................................................................................................... 115
3.20. Port-Backup ................................................................................................................ 116
3.20.1. Port-Backup Configuration Example ........................................................................................................... 116
3.21. PTP End-to-End Transparent Clock .............................................................................. 117
3.21.1. PTP Time Stamp Operation ......................................................................................................................... 118
3.21.2. PTP Transparent Clocks ............................................................................................................................... 119
3.21.3. Manage the PTP End-to-End Transparent Clock ......................................................................................... 119
3.21.4. Globally Reenable PTP End-to-End Transparent Clock ............................................................................... 120
3.21.5. Reenable PTP End-to-End Transparent Clock for an Interface.................................................................... 120
3.21.6. Display the PTP End-to-End Transparent Clock Status ................................................................................ 120
4. Configuring Security Features ................................................... 122
4.1. Controlling Management Access ................................................................................. 122
4.1.1. Using RADIUS Servers for Management Security ....................................................................................... 122
4.1.2. Using TACACS+ to Control Management Access......................................................................................... 123
4.1.3. Configuring and Applying Authentication Profiles ...................................................................................... 124
4.1.4. Configuring the Primary and Secondary RADIUS Servers ........................................................................... 126
4.1.5. Configuring an Authentication Profile ........................................................................................................ 126
4.2. Configuring DHCP Snooping, DAI, and IPSG ................................................................. 128
4.2.1. DHCP Snooping Overview ........................................................................................................................... 128
4.2.2. IP Source Guard Overview .......................................................................................................................... 130
4.2.3. Dynamic ARP Inspection Overview ............................................................................................................. 131
4.2.4. Increasing Security with DHCP Snooping, DAI, and IPSG ............................................................................ 131
4.2.5. Configuring DHCP Snooping ........................................................................................................................ 132
4.2.6. Configuring IPSG ......................................................................................................................................... 133
4.3. Configuring DHCPv6 Snooping .................................................................................... 134
4.3.1. DHCPv6 Snooping Configuration Example .................................................................................................. 134
4.4. ACLs ............................................................................................................................ 136
4.4.1. MAC ACLs .................................................................................................................................................... 137
4.4.2. IP ACLs ......................................................................................................................................................... 137
4.4.3. ACL Redirect Function ................................................................................................................................. 138
4.4.4. ACL Mirror Function .................................................................................................................................... 138
4.4.5. ACL Logging ................................................................................................................................................. 138
4.4.6. Time-based ACLs ......................................................................................................................................... 138
4.4.7. ACL Rule Remarks ....................................................................................................................................... 139
4.4.8. ACL Rule Priority.......................................................................................................................................... 139
4.4.9. ACL Limitations ............................................................................................................................................ 140
NETGEAR M4500 Series Switches Software Administration Manual 8
4.4.10.
ACL Configuration Process .......................................................................................................................... 140
4.4.11. Preventing False ACL Matches .................................................................................................................... 140
4.4.12. IPv6 ACL Qualifies........................................................................................................................................ 141
4.4.13. ACL Configuration Examples ....................................................................................................................... 142
4.5. Control Plane Policing (CoPP) ...................................................................................... 146
4.5.1. CoPP Configuration Examples ..................................................................................................................... 146
5. Configuring Quality of Service .................................................. 149
5.1. CoS .............................................................................................................................. 149
5.1.1. Trusted and Untrusted Port Modes ............................................................................................................ 149
5.1.2. Traffic Shaping on Egress Traffic ................................................................................................................. 149
5.1.3. Defining Traffic Queues ............................................................................................................................... 150
5.2. DiffServ ....................................................................................................................... 152
5.2.1. DiffServ Functionality and Switch Roles ...................................................................................................... 153
5.2.2. Elements of DiffServ Configuration ............................................................................................................. 153
5.2.3. Configuration DiffServ to Provide Subnets Equal Access to External Network........................................... 154
6. Configuring Switch Management Features ............................... 156
6.1. Managing Images and Files ......................................................................................... 156
6.1.1. Supported File Management Methods ....................................................................................................... 157
6.1.2. Uploading and Downloading Files ............................................................................................................... 157
6.1.3. Managing Configuration Files ..................................................................................................................... 157
6.1.4. Saving the Running Configuration ............................................................................................................... 159
6.1.5. File and Image Management Configuration Examples ............................................................................... 159
6.2. Enabling Automatic System Configuration .................................................................. 163
6.2.1. DHCP Auto Install Process ........................................................................................................................... 163
6.2.2. Monitoring and Completing the DHCP Auto Install Process ....................................................................... 164
6.2.3. DHCP Auto Install Dependencies ................................................................................................................ 165
6.2.4. Default Auto Install Values .......................................................................................................................... 165
6.2.5. Enabling DHCP Auto Install ......................................................................................................................... 165
6.3. Configuring System Log Example ................................................................................. 166
6.3.1. Example 1 to Add Syslog Host ..................................................................................................................... 166
6.3.2. Example 2 to Verify Syslog Host Configuration ........................................................................................... 166
6.4. Configuring CLI Scheduler (Kron) ................................................................................. 169
6.4.1. CLI Scheduler Policy Lists ............................................................................................................................ 169
6.4.2. CLI Scheduler Occurrences .......................................................................................................................... 170
6.4.3. Configuration Example ................................................................................................................................ 170
NETGEAR M4500 Series Switches Software Administration Manual 9
7. Configuring Routing ................................................................. 171
7.1. Basic Routing and Features ......................................................................................... 171
7.1.1. VLAN Routing .............................................................................................................................................. 171
7.1.2. IP Routing Configuration Example .............................................................................................................. 172
7.1.3. IP Unnumbered Configuration Example ..................................................................................................... 175
7.2. OSPF ........................................................................................................................... 177
7.2.1. Configuring an OSPF Border Router and Setting Interface Costs ................................................................ 178
7.3. VRRP ........................................................................................................................... 180
7.3.1. VRRP Operation in the Network ................................................................................................................. 180
7.3.2. VRRP Configuration Example ...................................................................................................................... 182
7.4. IP Helper ..................................................................................................................... 187
7.4.1. Relay Agent Configuration Example ............................................................................................................ 189
7.5. Border Gateway Patrol (BGP) ...................................................................................... 191
7.5.1. BGP Topology .............................................................................................................................................. 192
7.5.2. BGP Behavior .............................................................................................................................................. 193
7.5.3. BGP Configuration Example ........................................................................................................................ 194
7.6. IPv6 Routing ................................................................................................................ 199
7.6.1. How Does IPv6 Compare with IPv6 ............................................................................................................. 199
7.6.2. How are IPv6 Interface Configured ............................................................................................................. 200
7.6.3. Default IPv6 Routing Values ........................................................................................................................ 200
7.6.4. Configuring IPv6 Routing Features .............................................................................................................. 201
7.7. ECMP Hash Selection .................................................................................................. 205
7.8. Bidirectional Forwarding Detection............................................................................. 206
7.8.1. Configuring BFD .......................................................................................................................................... 206
7.9. VRF Lite Operation and Configuration ......................................................................... 207
7.9.1. Route Leaking .............................................................................................................................................. 208
7.9.2. Adding Leaked Routes ................................................................................................................................. 208
7.9.3. Using Leaked Routes ................................................................................................................................... 208
7.9.4. CPU-Originated Traffic ................................................................................................................................ 208
7.9.5. VRF Features Support ................................................................................................................................. 209
7.9.6. VRF Lite Development Scenarios ................................................................................................................ 211
7.9.7. VRF Configuration Example ......................................................................................................................... 213
8. Configuring Multicast Routing .................................................. 215
8.1. L3 Multicast Overview ................................................................................................ 215
8.1.1. IP Multicast Traffic ...................................................................................................................................... 215
NETGEAR M4500 Series Switches Software Administration Manual 10
8.1.2.
Multicast Protocol Switch Support ............................................................................................................. 215
8.1.3. Multicast Protocol Roles ............................................................................................................................. 216
8.1.4. Multicast Switch Requirements .................................................................................................................. 216
8.1.5. Determining which Multicast Protocols to Enable ...................................................................................... 216
8.1.6. Multicast Routing Tables ............................................................................................................................. 216
8.1.7. Multicast Tunneling .................................................................................................................................... 216
8.1.8. IGMP ........................................................................................................................................................... 217
8.1.9. MLD Protocol .............................................................................................................................................. 217
8.1.10. PIM Protocol ............................................................................................................................................... 218
8.2. Default L3 Multicast Values ........................................................................................ 219
8.3. L3 Multicast Configuration Examples .......................................................................... 221
8.3.1. Configuring Multicast VLAN Routing with IGMP and PIM-SM .................................................................... 221
8.3.2. Example 1: MLDv1 Configuration ................................................................................................................ 223
8.3.3. Example 2: MLDv2 Configuration ................................................................................................................ 224
8.3.4. Example 3: MLD Configuration Verification ................................................................................................ 225
9. Configuring Data Center Features ............................................ 226
9.1. Data Center Technology Overview .............................................................................. 226
9.2. Priority-based Flow Control ........................................................................................ 226
9.2.1. PFC Operation and Behavior ....................................................................................................................... 227
9.2.2. Configuring PFC ........................................................................................................................................... 227
9.3. Data Center Bridging Exchange Protocol ..................................................................... 228
9.3.1. Interoperability with IEEE DCBX .................................................................................................................. 229
9.3.2. DCBX and Port Roles ................................................................................................................................... 229
9.3.3. Configuration Source Port Selection Process .............................................................................................. 230
9.3.4. Configuring DCBX ........................................................................................................................................ 231
9.4. CoS Queuing ............................................................................................................... 232
9.4.1. CoS Queuing Function and Behavior ........................................................................................................... 233
9.4.2. Configuring CoS Queuing and ETS ............................................................................................................... 235
9.5. Enhanced Transmission Selection ............................................................................... 237
9.5.1. ETS Operation and Dependencies ............................................................................................................... 237
9.6. VXLAN Gateway Operation and Configuration ............................................................ 238
9.6.1. Overview ..................................................................................................................................................... 238
9.6.2. Functional Description ................................................................................................................................ 239
9.6.3. VXLAN Configuration Examples .................................................................................................................. 244
Appendix A: Term and Acronyms .................................................... 249
NETGEAR M4500 Series Switches Software Administration Manual 11
1. Supported Features on the M4500 Series Switches
This section provides a brief overview of the supported features on the M4500 Series Switches. The features
are categorized as follows:
1.1. Switching Features Introduction
1.1.1. VLAN Support
VLANs are collections of switching ports that comprise a single broadcast domain. Packets are classified as
belonging to a VLAN based on either the VLAN tag or a combination of the ingress port and packet contents.
Packets sharing common attributes can be groups in the same VLAN. The switch software is in full compliance
with IEEE 802.1Q VLAN tagging.
1.1.2. Double VLANs
The Double VLAN feature (IEEE 802.1QinQ) allows the use of a second tag on network traffic. The additional
tag helps differentiate between customers in the Metropolitan Area Networks (MAN) while preserving
individual customer’s VLAN identification when they enter their own 802.1Q domain.
1.1.3. Switching Modes
The switchport mode feature helps to minimize the potential for configuration errors. The feature also makes
VLAN configuration easier by reducing the amount of commands needed for port configuration. For example,
to configure a port connected to an end user, you can configure the port in Access mode. Ports connected to
other switches can be configured in Trunk mode. VLAN assignments and tagging behavior are automatically
configured as appropriate for the connection type.
1.1.4. Spanning Tree Protocols (STP)
Spanning Tree Protocol (IEEE 802.1D) is a standard requirement of Layer 2 switches that allows bridges to
automatically prevent and resolve L2 forwarding loops. The STP feature supports a variety of per-port settings
including path cost, priority settings, Port Fast mode, STP Root Guard, Loop Guard, TCN Guard, and Auto
Edge. These settings are also configurable per-Port-channel.
1.1.5. Rapid Spanning Tree
Rapid Spanning Tree Protocol (RSTP) detects and uses network topologies to enable faster spanning tree
convergence after a topology change, without creating forwarding loops. The port settings supported by STP
are also supported by RSTP.
NETGEAR M4500 Series Switches Software Administration Manual 12
1.1.6. Multiple Spanning Tree
Multiple Spanning Tree (MSTP) operation maps VLANs to spanning tree instances. Packets assigned to
various VLANs are transmitted along different paths within MSTP Regions (MST Regions). Regions are one or
more interconnected MSTP bridges with identical MSTP settings. The MSTP standard lets administrators
assign VLAN traffic to unique paths.
The switch supports IEEE 802.1Q-2005, which is a version of corrects problems associated with the previous
version, provides for faster transition-to-forwarding, and incorporates new features for a port (restricted role
and restricted TCN).
1.1.7. Bridge Protocol Data Unit (BPDU) Guard
Spanning Tree BPDU Guard is used to disable the port in case a new device tries to enter the already existing
topology of STP. Thus devices, which were originally not a part of STP, are not allowed to influence the STP
topology.
1.1.8. Port-channel
Up to 32 ports can combine to form a single Port-Channel. This enables fault tolerance protection from
physical link disruption, higher bandwidth connections and improved bandwidth granularity.
A Port-channel is composed of ports of the same speed, set to full-duplex operation.
1.1.9. Link Aggregate Control Protocol (LACP)
Link Aggregate Control Protocol (LACP) uses peer exchanges across links to determine, on an ongoing basis,
the aggregation capability of various links, and continuously provides the maximum level of aggregation
capability achievable between a given pair of systems. LACP automatically determines, configures, binds, and
monitors the binding of ports to aggregators within the system.
1.1.10. Multi Chassis Link Aggregation Group (MLAG)
This feature enables a Port-channel to be created across two independent units, which creates a scenario
where some member ports of the MLAG can reside on one unit and the other members of the MLAG can
reside on the other unit. The partner device on the remote side can be a MLAG unaware unit. For the MLAG
unaware unit, the MLAG appears to be a single Port-channel connected to a single unit.
1.1.11. Flow Control Support (IEEE 802.3x)
Flow control enables lower speed switches to communicate with higher speed switches by requesting that
the higher speed switch refrains from sending packets. Transmissions are temporarily halted to prevent
buffer overflows.
NETGEAR M4500 Series Switches Software Administration Manual 13
1.1.12. Asymmetric Flow Control
When in asymmetric flow control mode, the switch responds to PAUSE frames received from peers by
stopping packet transmission, but the switch does not initiate MAC control PAUSE frames.
When the switch is configured in asymmetric flow control (or no flow control mode), the device is placed in
egress drop mode. Egress drop mode maximizes the throughput of the system at the expense of packet loss
in a heavily congested system, and this mode avoids head of line blocking.
Asymmetric flow control is not supported on Fast Ethernet platforms because support was introduced to the
physical layer with the Gigabit PHY specifications.
1.1.13. Alternate Store and Forward (ASF)
The Alternate Store and Forward (ASF) feature, which is also known as cut-through mode, reduces latency for
large packets. When ASF is enabled, the memory management unit (MMU) can forward a packet to the
egress port before it has been entirely received on the Cell Buffer Pool (CBP) memory.
1.1.14. Jumbo Frames Support
Jumbo frames enable transporting data in fewer frames to ensure less overhead, lower processing time, and
fewer interrupts. The maximum transmission unit (MTU) size is configurable per-port.
1.1.15. Auto-MDI/MDIX Support
Your switch supports auto-detection between crossed and straight-through cables. Media-Dependent
Interface (MDI) is the standard wiring for end stations, and the standard wiring for hubs and switches is
known as Media- Dependent Interface with Crossover (MDIX).
1.1.16. Unidirectional Link Detection (UDLD)
The UDLD feature detects unidirectional links physical ports by exchanging packets containing information
about neighboring devices. The purpose of the UDLD feature is to detect and avoid unidirectional links. A
unidirectional link is a forwarding anomaly in a Layer 2 communication channel in which a bidirectional link
stops passing traffic in one direction.
1.1.17. Expandable Port Configuration
Expandable ports allow you to configure a 100GbE port in either 4×25/10GbE mode or 1×40GbE mode. When
the 100GbE port is operating in 4×25/10GbE mode, the port operates as four 25/10GbE ports, each on a
separate lane. This mode requires the use of a suitable 4×25GbE to 1×100GbE pigtail cable.
Expandable port capability can be enabled on 100G ports using the CLI command [no] port-mode. A change
to the port mode is made effective immediately.
NETGEAR M4500 Series Switches Software Administration Manual 14
1.1.18. VLAN-aware MAC-based Switching
Packets arriving from an unknown source address are sent to the CPU and added to the Hardware Table.
Future packets addressed to or from this address are more efficiently forwarded.
1.1.19. Back Pressure Support
On half-duplex links, a receiver may prevent buffer overflows by jamming the link so that it is unavailable for
additional traffic. On full duplex links, a receiver may send a PAUSE frame indicating that the transmitter
should cease transmission of frames for a specified period.
When flow control is enabled, the switch will observe received PAUSE frames or jamming signals, and will
issue them when congested.
1.1.20. Auto Negotiation
Auto negotiation allows the switch to advertise modes of operation. The auto negotiation function provides
the means to exchange information between two switches that share a point-to-point link segment, and to
automatically configure both switches to take maximum advantage of their transmission capabilities.
The switch enhances auto negotiation by providing configuration of port advertisement. Port advertisement
allows the system administrator to configure the port speeds that are advertised.
1.1.21. Storm Control
When Layer 2 frames are forwarded, broadcast, unknown unicast, and multicast frames are flooded to all
ports on the relevant virtual local area network (VLAN). The flooding occupies bandwidth, and loads all nodes
connected on all ports. Storm control limits the amount of broadcast, unknown unicast, and multicast frames
accepted and forwarded by the switch.
Per-port and per-storm control type (broadcast, multicast, or unicast), the storm control feature can be
configured to automatically shut down a port when a storm condition is detected on the port; or to send a
trap to the system log. When configured to shut down, the port is put into a diagnostic-disabled state. The
user must manually re-enable the interface for it to be operational. When configured to send a trap, the trap
is sent once in every 30 seconds. When neither action is configured, the switch rate-limits the traffic when
storm conditions occur.
1.1.22. Port Mirroring
Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets
from up to four source ports to a monitoring port. The switch also supports flow-based mirroring, which
allows you to copy certain types of traffic to a single destination port. This provides flexibility—instead of
mirroring all ingress or egress traffic on a port the switch can mirror a subset of that traffic. You can configure
the switch to mirror flows based on certain kinds of Layer 2, Layer 3, and Layer 4 information.
The switch supports up to four monitor sessions. Port mirroring, flow based mirroring, RSPAN, and VLAN
mirroring can be configured at the same time on the switch using different sessions IDs and in any
NETGEAR M4500 Series Switches Software Administration Manual 15
combinations. Any two sessions cannot be identical. Multiple mirroring sessions are supported for all types of
mirroring.
A given interface can be used as a source interface for different sessions. For example a mirroring session can
be created with source interface as port A and destination interface as port B. Another session can be
created with source interface as port A and destination interface as port C. An interface cannot be configured
as a destination interface for more than one session.
An IP/MAC access-list can be attached to any mirroring session or to all sessions at the same time.
1.1.23. sFlow
sFlow is the standard for monitoring high-speed switched and routed networks. sFlow technology is built into
network equipment and gives complete visibility into network activity, enabling effective management and
control of network resources. The switch supports sFlow version 5.
1.1.24. Static and Dynamic MAC Address Tables
You can add static entries to the switch’s MAC address table and configure the aging time for entries in the
dynamic MAC address table. You can also search for entries in the dynamic table based on several different
criteria.
1.1.25. Link Layer Discovery Protocol (LLDP)
The IEEE 802.1AB defined standard, Link Layer Discovery Protocol (LLDP), allows the switch to advertise
major capabilities and physical descriptions. This information can help you identify system topology and
detect bad configurations on the LAN.
1.1.26. Link Layer Discovery Protocol (LLDP) for Media Endpoint Device
The Link Layer Discovery Protocol for Media Endpoint Devices (LLDP-MED) provides an extension to the LLDP
standard for network configuration and policy, device location, Power over Ethernet management, and
inventory management.
1.1.27. DHCP Layer 2 Relay
This feature permits Layer 3 Relay agent functionality in Layer 2 switched networks. The switch supports L2
DHCP relay configuration on individual ports, Port-channels and VLANs.
1.1.28. MAC Multicast Support
Multicast service is a limited broadcast service that allows one-to-many and many-to-many connections. In
Layer 2 multicast services, a single frame addressed to a specific multicast address is received, and copies of
the frame to be transmitted on each relevant port are created.
NETGEAR M4500 Series Switches Software Administration Manual 16
1.1.29. IGMP Snooping
Internet Group Management Protocol (IGMP) Snooping is a feature that allows a switch to forward multicast
traffic intelligently on the switch. Multicast IP traffic is traffic that is destined to a host group. Host groups are
identified by class D IP addresses, which range from 224.0.0.0 to 239.255.255.255. Based on the IGMP query
and report messages, the switch forwards traffic only to the ports that request the multicast traffic. This
prevents the switch from broadcasting the traffic to all ports and possibly affecting network performance.
1.1.30. SDVoE
SDVoE (Software Defined Video-over-Ethernet) is the latest high-performance, software-based AV-over-IP
platform for control and distribution of audio and video over Ethernet and fiber networks.
1.1.31. Source Specific Multicasting (SSM)
This mechanism provides the ability for a host to report interest in receiving a particular multicast stream
only from among a set of specific source addresses, or its interest in receiving a multicast stream from any
source other than a set of specific source addresses.
1.1.32. Control Packet Flooding
This feature enhances the MGMD Snooping functionality to flood multicast packets with DIP=224.0.0.x to all
members of the incoming VLAN irrespective of the configured filtering behavior. This enhancement depends
on the ability of the switch to flood packets with DIP=224.0.0.x irrespective of the entries in the L2 Multicast
Forwarding Tables.
1.1.33. Flooding to mRouter Ports
This feature enhances the MGMD Snooping functionality to flood unregistered multicast streams to all
mRouter ports in the VLAN irrespective of the configured filtering behavior. This enhancement depends on
the ability of the switch to flood packets to specific ports in the incoming VLAN when there are no entries in
the L2 Multicast Forwarding Tables for the specific stream. In platforms that do not have the hardware
capability, incoming multicast streams are always flooded in the ingress VLAN when the switch supports an
“L2 multicast miss.”
1.1.34. IGMP Snooping Querier
When Protocol Independent Multicast (PIM) and IGMP are enabled in a network with IP multicast routing,
the IP multicast router acts as the IGMP querier. However, if it is desirable to keep the multicast network
Layer 2 switched only, the IGMP Snooping Querier can perform the query functions of a Layer 3 multicast
router.
NETGEAR M4500 Series Switches Software Administration Manual 17
1.1.35. Management and Control Plane ACLs
This feature provides hardware-based filtering of traffic to the CPU. An optional 'management' feature is
available to apply the ACL on the CPU port. Currently, control packets like BPDU are dropped because of the
implicit 'deny all' rule added at the end of the list. To overcome this rule, you must add rules that allow the
control packets.
Support for user-defined simple rate limiting rule attributes for inbound as well as outbound traffic is also
available. This attribute is supported on all QoS capable interfaces - physical, Port-channel, and control-plane.
1.1.36. Remote Switched Port Analyzer (RSPAN)
Along with the physical source ports, the network traffic received/transmitted on a VLAN can be monitored.
A port mirroring session is operationally active if and only if both a destination (probe) port and at least one
source port or VLAN is configured. If neither is true, the session is inactive. The switch supports remote port
mirroring. The switch also supports VLAN mirroring. Traffic from/to all the physical ports which are members
of that particular VLAN is mirrored.
Note: The source for a port mirroring session can be either physical ports or VLAN.
For Flow-based mirroring, ACLs are attached to the mirroring session. The network traffic that matches the ACL
is only sent to the destination port. This feature is supported for remote monitoring also. IP/MAC access-list can
be attached to the mirroring session.
Note: Flow-based mirroring is supported only if QoS feature exists in the package.
Up to four RSPAN sessions can be configured on the switch and up to four RSPAN VLANs are supported. An
RSPAN VLAN cannot be configured as a source for more than one session at the same time. To configure four
RSPAN mirroring sessions, it is required to configure 4 RSPAN VLANs.
1.1.37. Link Dependency
The Link Dependency feature supports enabling/disabling ports based on the link state of other ports (i.e.,
making the link state of some ports dependent on the link state of others). In the simplest form, if port A is
dependent on port B and switch detects link loss on B, the switch automatically brings down link on port A.
When the link is restored to port B, the switch automatically restores link to port A. The link action command
option determines whether link A will come up/go down, depending upon the state of link B.
1.1.38. IPv6 Router Advertisement Guard
The switch support IPv6 Router Advertisement Guard (RA-Guard) to protect against attacks via rogue Router
Advertisements in accordance with RFC 6105. RA Guard supports Stateless RA-Guard, for which you can
configure the interface to allow received router advertisements and router redirect message to be
processed/forwarded or dropped.
By default, RA-Guard is not enabled on any interfaces. RA-Guard is enabled/disabled on physical interfaces or
Port-channels. RA-Guard does not require IPv6 routing to be enabled.
NETGEAR M4500 Series Switches Software Administration Manual 18
1.1.39. FIP Snooping
The FCoE Initialization Protocol (FIP) is used to perform the functions of FC_BB_E device discovery,
initialization, and maintenance. FIP uses a separate EtherType from FCoE to distinguish discovery,
initialization, and maintenance traffic from other FCoE traffic. FIP frames are standard Ethernet size (1518
Byte 802.1q frame), whereas FCoE frames are a maximum of 2240 bytes.
FIP snooping is a frame inspection method used by FIP Snooping Bridges to monitor FIP frames and apply
policies based upon the L2 header information in those frames.
FIP snooping allows for:
• Auto-configuration of Ethernet ACLs based on information in the Ethernet headers of FIP frames.
• Emulation of FC point-to-point links within the DCB Ethernet network.
• Enhanced FCoE security/robustness by preventing FCoE MAC spoofing.
• The role of FIP snooping-enabled ports on the switch falls under one of the following types:
o Perimeter or Edge port (connected directly to a Fiber Channel end node or ENode).
o Fiber Channel forwarder (FCF) facing port (that receives traffic from FCFs targeted to the
ENodes).
Note: The FIP Snooping Bridge feature supports the configuration of the perimeter port role and FCF-
facing port roles and is intended for use only at the edge of the switched network.
The default port role in an FCoE-enabled VLAN is as a perimeter port. FCF-facing ports are configured by the
user.
1.1.40. ECN Support
Explicit Congestion Notification (ECN) is defined in RFC 3168. Conventional TCP networks signal congestion by
dropping packets. A Random Early Discard scheme provides earlier notification than tail drop by dropping
packets already queued for transmission. ECN marks congested packets that would otherwise have been
dropped and expects an ECN capable receiver to signal congestion back to the transmitter without the need
to retransmit the packet that would have been dropped. For TCP, this means that the TCP receiver signals a
reduced window size to the transmitter but does not request retransmission of the CE marked packet.
The switch implements ECN capability as part of the WRED configuration process. It is configured as
parameter in the random-detect command. Eligible packets are marked by hardware based upon the WRED
configuration. You can configure any CoS queue to operate in ECN marking mode and can configure different
discard thresholds for each color.
NETGEAR M4500 Series Switches Software Administration Manual 19
1.2. Security Features
1.2.1. Configurable Access and Authentication Profiles
You can configure rules to limit access to the switch management interface based on criteria such as access
type and source IP address of the management host. You can also require the user to be authenticated locally
or by an external server, such as a RADIUS server.
1.2.2. AAA Command Authorization
This feature enables AAA Command Authorization on the switch.
1.2.3. Password-protected Management Access
Access to the CLI and SNMP management interfaces is password protected, and there are no default users on
the system.
1.2.4. Strong Password Enforcement
The Strong Password feature enforces a baseline password strength for all locally administered users.
Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force
attacks. The strength of a password is a function of length, complexity and randomness. Using strong
passwords lowers overall risk of a security breach.
1.2.5. MAC-based Port Security
The port security feature limits access on a port to users with specific MAC addresses. These addresses are
manually defined or learned on that port. When a frame is seen on a locked port, and the frame source MAC
address is not tied to that port, the protection mechanism is invoked.
1.2.6. RADIUS Client
The switch has a Remote Authentication Dial In User Service (RADIUS) client and can support up to 32
authentication and accounting RADIUS servers.
1.2.7. TACACS+ Client
The switch has a TACACS+ client. TACACS+ provides centralized security for validation of users accessing the
switch. TACACS+ provides a centralized user management system while still retaining consistency with RADIUS
and other authentication processes.
NETGEAR M4500 Series Switches Software Administration Manual 20
1.2.8. Dot1x Authentication (IEEE 802.1X)
Dot1x authentication enables the authentication of system users through a local internal server or an external
server. Only authenticated and approved system users can transmit and receive data. Supplicants are
authenticated using the Extensible Authentication Protocol (EAP). Also supported are PEAP, EAP-TTL, EAPTTLS, and EAP-TLS.
The switch supports RADIUS-based assignment (via 802.1X) of VLANs, including guest and unauthenticated
VLANs. The Dot1X feature also supports RADIUS-based assignment of filter IDs as well as MAC-based
authentication, which allows multiple supplicants connected to the same port to each authenticate
individually.
1.2.9. MAC Authentication Bypass
The switch supports the MAC-based Authentication Bypass (MAB) feature, which provides 802.1x- unaware
clients (such as printers and fax machines) controlled access to the network using the devices' MAC address
as an identifier. This requires that the known and allowable MAC address and corresponding access rights be
pre-populated in the authentication server. MAB works only when the port control mode of the port is MACbased.
1.2.10. DHCP Snooping
DHCP Snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP server. It
filters harmful DHCP messages and builds a bindings database of (MAC address, IP address, VLAN ID, port)
tuples that are specified as authorized. DHCP snooping can be enabled globally and on specific VLANs. Ports
within the VLAN can be configured to be trusted or untrusted. DHCP servers must be reached through trusted
ports. This feature is supported for both IPv4 and IPv6 packets.
1.2.11. DHCPv6 Snooping
In an IPv6 domain, a node can obtain an IPv6 address using the following mechanisms:
• IPv6 address auto-configuration using router advertisements
• The DHCPv6 protocol
In a typical man-in-the-middle (MiM) attack, the attacker can snoop or spoof the traffic act as a rogue
DHCPv6 server. To prevent such attacks, DHCPv6 snooping helps to secure the IPv6 address configuration in
the network.
DHCPv6 snooping enables the Brocade device to filter untrusted DHCPv6 packets in a subnet on an IPv6
network. DHCPv6 snooping can ward off MiM attacks, such as a malicious user posing as a DHCPv6 server
sending false DHCPv6 server reply packets with the intention of misdirecting other users. DHCPv6 snooping
can also stop unauthorized DHCPv6 servers and prevent errors due to user misconfiguration of DHCPv6
servers.
NETGEAR M4500 Series Switches Software Administration Manual 21
1.2.12. Dynamic ARP Inspection
Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. The feature
prevents a class of
by poisoning the ARP caches of its unsuspecting neighbors. The malicious station sends ARP requests or
responses mapping another station's IP address to its own MAC address.
man-in-the-middle
attacks, where an unfriendly station intercepts traffic for other stations
1.2.13. IP Source Address Guard
IP Source Guard and Dynamic ARP Inspection use the DHCP snooping bindings database. When IP Source
Guard is enabled, the switch drops incoming packets that do not match a binding in the bindings database. IP
Source Guard can be configured to enforce just the source IP address or both the source IP address and source
MAC address. Dynamic ARP Inspection uses the bindings database to validate ARP packets. This feature is
supported for both IPv4 and IPv6 packets.
1.3. Quality of Service Features
1.3.1. Access Control Lists (ACL)
Access Control Lists (ACLs) ensure that only authorized users have access to specific resources while blocking
off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control,
restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and above all
provide security for the network. The switch supports the following ALC types:
• IPv4 ACLs
• IPv6 ACLs
• MAC ACLs
For all ACL types, you can apply the ACL rule when the packet enters or exits the physical port, Port-channel,
or VLAN interface.
1.3.2. ACL Remarks
Users can use ACL remarks to include comments for ACL rule entries in any MAC ACL. Remarks assist the user
in understanding ACL rules easily.
1.3.3. ACL Rule Priority
This feature allows user to add sequence numbers to ACL rule entries and re-sequence them. When a new
ACL rule entry is added, the sequence number can be specified so that the new ACL rule entry is placed in the
desired position in the access list.
NETGEAR M4500 Series Switches Software Administration Manual 22
1.3.4. Differentiated Service (DIffServ)
The QoS Differentiated Services (DiffServ) feature allows traffic to be classified into streams and given certain
QoS treatment in accordance with defined per-hop behaviors. The switch supports both IPv4 and IPv6 packet
classification.
1.3.5. Class of Service (CoS)
The Class of Service (CoS) queueing feature lets you directly configure certain aspects of switch queuing. This
provides the desired QoS behavior for different types of network traffic when the complexities of DiffServ are
not required. CoS queue characteristics, such as minimum guaranteed bandwidth and transmission rate
shaping, are configurable at the queue (or port) level.
1.4. Management Features
1.4.1. Management Options
You can use the following methods to manage the switch:
• Use a telnet client, SSH client, or a direct console connection to access the CLI. The CLI syntax and
semantics conform as much as possible to common industry practice.
• Use a network management system (NMS) to manage and monitor the system through SNMP. The
switch supports SNMP v1/v2c/v3 over the UDP/IP transport protocol.
1.4.2. Management of Basic Network Information
The DHCP client on the switch allows the switch to acquire information such as the IP address and default
gateway from a network DHCP server. You can also disable the DHCP client and configure static network
information. Other configurable network information includes a Domain Name Server (DNS), host name to IP
address mapping, and a default domain name.
The switch also includes a DHCPv6 client for acquiring IPv6 addresses, prefixes, and other IPv6 network
configuration information.
1.4.3. File Management
You can upload and download files such as configuration files and system images by using TFTP, Secure FTP
(SFTP), or Secure Copy (SCP). Configuration file uploads from the switch to a server are a good way to back up
the switch configuration. You can also download a configuration file from a server to the switch to restore the
switch to the configuration in the downloaded file.
NETGEAR M4500 Series Switches Software Administration Manual 23
1.4.4. Malicious Code Detection
This feature provides a mechanism to detect the integrity of the image, if the software binary is corrupted or
tampered with while end user attempts to download the software image to the switch. This release
addresses this problem by using digital signatures to verify the integrity of the binary image. It also provides
flexibility to download a digitally signed configuration script and verify the digital signature to ensure the
integrity of the downloaded configuration file.
1.4.5. Automatic Installation of Firmware and Configuration
The Auto Install feature allows the switch to upgrade the configuration file automatically during device
initialization with limited administrative configuration on the device. The switch can obtain the necessary
information from a DHCP server on the network.
1.4.6. Warm Reboot
The Warm Reboot feature reduces the time it takes to reboot the switch thereby reducing the traffic
disruption in the network during a switch reboot. For a typical switch, the traffic disruption is reduced from
about two minutes for a cold reboot to about 20 seconds for a warm reboot.
1.4.7. SNMP Alarms and Trap Logs
The system logs events with severity codes and timestamps. The events are sent as SNMP traps to a trap
recipient list.
1.4.8. Remote Monitoring (RMON)
RMON is a standard Management Information Base (MIB) that defines current and historical MAC-layer
statistics and control objects, allowing real-time information to be captured across the entire network. The
data collected is defined in the RMON MIB, RFC 2819 (32-bit counters), RFC 3273 (64-bit counters), and RFC
3434 (High Capacity Alarm Table).
1.4.9. Statistics Application
The statistics application collects the statistics at a configurable time interval. The user can specify the port
number(s) or a range of ports for statistics to be displayed. The configured time interval applies to all ports.
Detailed statistics are collected between the specified time range in date and time format. The time range can
be defined as having an absolute time entry and/or a periodic time. For example, a user can specify the statistics
to be collected and displayed between 9:00 12 NOV 2011 (START) and 21:00 12 NOV 2011 (END) or schedule it
on every MON, WED and FRI 9:00 (START) to 21:00 (END).
The user receives these statistics in a number of ways as listed below:
• Use
• User can configure the device to display statistics using syslog or email alert. The syslog or email alert
r requests through CLI for a set of counters.
messages are sent by statistics application at END time.
NETGEAR M4500 Series Switches Software Administration Manual 24
Note: The statistics are presented on the console at END time.
1.4.10. Log Messages
The switch
so that the switch sends log messages to a remote log server. You can also configure the switch to send log
messages to a configured SMTP server. This allows you to receive the log message in an e-mail account of your
choice. Switch auditing messages, CLI command logging, and SNMP logging can be enabled or disabled.
maintains in-memory
log
messages
as well as
persistent
logs. You can also
configure
remote logging
1.4.11. System Time Management
The switch will obtain the system time and date through NTP (Network Time Protocol) service of Linux
server, or you can set the time and date locally or configure the time zone on the switch via Linux.
1.4.12. Source IP Address Configuration
Syslog, TACACS, SNTP, sFlow, SNMP Trap, RADIUS, and DNS Clients allow the IP Stack to select the source IP
address while generating the packet. This feature provides an option for the user to select an interface for the
source IP address while the management protocol transmits packets to management stations. The source
address is specified for each protocol.
1.4.13. Multiple Linux Routing Tables
On Linux systems, local and default IPv4 routes for the service port and network port are installed in routing
tables dedicated to each management interface.
the source IP address of the packet matches an address on one of these interfaces. This feature allows the
Linux IP stack to use default routes for different interfaces simultaneously.
Locally-originated
IPv4 packets use these routing tables when
1.4.14. Open Network Install Environment Support
Open Network Install Environment (ONIE) allows customers to install their choice of network operating
system (NOS) onto a switch. When the switch boots, ONIE enables the switch to fetch a NOS stored on a
remote server. The remote server can hold multiple NOS images, and you can specify which NOS to load and
run on the switch. ONIE support in the switch software facilitates automated data center provisioning by
enabling a bare-metal network switch ecosystem.
ONIE is a small operating system. It is preinstalled as firmware and requires an ONIE-compliant boot loader
(U-Boot/BusyBox), a kernel (Linux) and the ONIE discovery and execution application. For more information
about ONIE, see http://onie.github.io/onie
.
1.4.15. Interface Error Disable and Auto Recovery
If the switch detects an error condition for an interface, it places the interface in the diagnostic disabled state
by shutting down the interface. The error-disabled interface does not allow any traffic until it is reenabled. You
NETGEAR M4500 Series Switches Software Administration Manual 25
can manually reenable the interface, or, if the Auto Recovery feature is enabled, the interface can be reenabled
automatically after a configurable time-out period.
There are multiple reasons that may cause the switch to place an interface in the
Recovery can be configured to take effect if an interface is error-disabled for any reason, or for some reasons
but not others.
error-disabled
state. Auto
1.4.16. CLI Scheduler
The CLI scheduler allows customers to schedule fully-qualified EXEC mode CLI commands to run once, at
specified intervals, at specified calendar dates and times, or upon system startup.
CLI scheduler has two basic processes. A policy list is configured containing lines of fully-qualified EXEC CLI
commands to be run at the same time or same interval. One or more policy lists are then scheduled to run
after a specified interval of time, at a specified calendar date and time, or upon system startup. Each
scheduled occurrence can be set to run either once only or on a recurring basis.
1.5. Routing Features
1.5.1. IP Unnumbered
Each routing interface can be configured to borrow the IP address from the loopback interfaces and use this
IP for all routing activities.
The IP Unnumbered feature was initially developed to avoid wasting an entire subnet on point-to-point serial
links.
The IP Unnumbered feature can also be used in situations where adjacencies are transient and adjacent
interfaces cannot be easily configured with IPv4 addresses in the same subnet. It also helps in reducing the
configuration overhead in large scale Data-Center deployments.
1.5.2. Open Shortest Path First (OSPF)
Open Shortest Path First (OSPF) is a dynamic routing protocol commonly used within medium-to-large
enterprise networks. OSPF is an interior gateway protocol (IGP) that operates within a single autonomous
system.
1.5.3. Border Gateway Protocol (BGP)
BGP is an exterior routing protocol used in large-scale networks to transport routing information between
autonomous systems (AS). As an interdomain routing protocol, BGP is used when AS path information is
required to provide partial or full Internet routing downstream. The switch supports BGP version 4.
NETGEAR M4500 Series Switches Software Administration Manual 26
The following BGP features are supported:
• Proprietary BGP MIB support for reporting status variables and internal counters.
• Additional route map support:
o Match as-path
o Set as-path
o Set local-preference
o Set metric
• Supports for inbound and outbound neighbor-specific route maps.
• Handles the BGP RTO full condition.
• Supports for the show ip bgp command.
• Supports for the show ip bgp traffic command.
• Supports for the bgp always-compare-med command.
• Supports for the maximum number of BGP neighbors: 128.
• A prefix list is supported to filter the output of the show ip bgp command.
• Configurable maximum length of a received AS_PATH.
• Show command to list the routes accepted from a specific neighbor.
• Show command to list the routes rejected from a specific neighbor.
• Supports for BGP communities.
• Supports for IPv6.
• IPv6 Transport and Prefix list
Supports for BGP peer templates to simplify neighbor configuration.
1.5.4. VLAN Routing
The switch supports VLAN routing. You can also configure the software to allow traffic on a VLAN to be
treated as if the VLAN were a router port.
1.5.5. IP Configuration
The switch IP configuration settings to allow you to configure network information for VLAN routing
interfaces such as IP address and subnet mask, MTU size, and ICMP redirects. Global IP configuration settings
for the switch allow you to enable or disable the generation of several types of ICMP messages and enable or
disable the routing mode.
NETGEAR M4500 Series Switches Software Administration Manual 27
1.5.6. Address Resolution Protocol (ARP) Table Management
You can create static ARP entries and manage many settings for the dynamic ARP table, such as age time for
entries, retries, and cache size.
1.5.7. BOOTP/DHCP Relay Agent
The switch BOOTP/DHCP Relay Agent feature relays BOOTP and DHCP messages between DHCP clients and
DHCP servers that are located in different IP subnets.
1.5.8. IP Helper and UDP Relay
The IP Helper and UDP Relay features provide the ability to relay various protocols to servers on a different
subnet.
1.5.9. Routing Table
The routing table displays information about the routes that have been dynamically learned. You can
configure static and default routes and route preferences. A separate table shows the routes that have been
manually configured.
1.5.10. Virtual Router Redundancy Protocol (VRRP)
VRRP provides hosts with redundant routers in the network topology without any need for the hosts to
reconfigure or know that there are multiple routers. If the primary (master) router fails, a secondary router
assumes control and continues to use the virtual router IP (VRIP) address.
VRRP Route Interface Tracking extends the capability of VRRP to allow tracking of specific route/interface IP
states within the router that can alter the priority level of a virtual router for a VRRP group.
1.5.11. Algorithmic Longest Prefix Match (ALPM)
Algorithmic Longest Prefix Match (ALPM) is a protocol used by routers to select an entry from a forwarding
table. When an exact match is not found in the forwarding table, the match with the longest subnet mask,
also called longest prefix match, is chosen. It is called the longest prefix match because it is also the entry
where the largest number of leading address bits of the destination address match those in the table entry.
ALPM enables support for large number of routes. (For BGP, 32k IPv4 routes and 24k IPv6 are supported.)
The SDM template, “dual-ipv4-and-ipv6 alpm” is available to accommodate a large number of routes.
1.5.12. Bidirectional Forwarding Detection
Bidirectional Forwarding Detection (BFD) is presented as a service to its user applications, providing the
options to create and destroy a session with a peer device and reporting upon the session status. On the
NETGEAR M4500 Series Switches Software Administration Manual 28
switch, OSPF and BGP can use BFD for monitoring of their neighbors' availability in the network and for fast
detection of connection faults with them.
1.5.13. VRF Lite Operation and Configuration
The Virtual Routing and Forwarding feature enables a router to function as multiple routers. Each virtual
router manages its own routing domain, with its own IP routes, routing interfaces, and host entries. Each
virtual router makes its own routing decisions, independent of other virtual routers. More than one virtual
routing table may contain a route to a given
the router's interfaces to be associated with each virtual router. The router routes packets according to the
virtual routing table associated with the packet's ingress interface. Eac
most one virtual router.
destination.
The
network administrator
h interface can be associated with at
can
configure
a subset of
1.6. Layer 3 Multicast Features
1.6.1. Internet Group Management Protocol
The Internet Group Management Protocol (IGMP) is used by IPv4 systems (hosts and routers) to report their
IP multicast group memberships to any neighboring multicast routers. The switch performs the “multicast
router part” of the IGMP protocol, which means it collects the membership information needed by the active
multicast router.
1.6.2. Protocol Independent Multicast
1.6.2.1. Spare Mode (PIM-SM)
Protocol Independent Multicast-Sparse Mode (PIM-SM) is used to efficiently route multicast traffic to
multicast groups that may span wide area networks, and where bandwidth is a constraint. PIM-SM uses
shared trees by default and implements source-based trees for efficiency. This data threshold rate is used to
toggle between trees.
1.6.2.2. Source Specific Multicast (PIM-SSM)
Protocol Independent Multicast—Source Specific Multicast (PIM-SSM) is a subset of PIM-SM and is used for
one-to-many multicast routing applications, such as audio or video broadcasts. PIM-SSM does not use shared
trees.
1.6.2.3. PIM IPv6 Support
PIM-DM and PIM-SM support IPv6 routes.
NETGEAR M4500 Series Switches Software Administration Manual 29
1.6.3. MLD/MLDv2 (RFC2710/RFC3810)
MLD is used by IPv6 systems (listeners and routers) to report their IP multicast addresses memberships to
any neighboring multicast routers. The implementation of MLD v2 is backward compatible with MLD v1.
MLD protocol enables the IPv6 router to discover the presence of multicast listeners, the nodes that want to
receive the multicast data packets, on its directly attached interfaces. The protocol specifically discovers
which multicast addresses are of interest to its neighboring nodes and provides this information to the
multicast routing protocol that make the decision on the flow of the multicast data packets.
1.7. Data Center Features
1.7.1. Priority-Based Flow Control
The Priority-Based Flow Control (PFC) feature allows the user to pause or inhibit transmission of individual
priorities within a single physical link. By configuring PFC to pause a congested priority (priorities)
independently, protocols that are highly loss sensitive can share the same link with traffic that has different
loss tolerances. Priorities are differentiated by the priority field of the 802.1Q VLAN header.
An interface that is configured for PFC is automatically disabled for 802.3x flow control.
1.7.2. Data Center Bridging Exchange Protocol
The Data Center Bridging Exchange Protocol (DCBX) is used by data center bridge devices to exchange
configuration information with directly-connected peers. The protocol is also used to detect misconfiguration
of the peer DCBX devices and optionally, for configuration of peer DCBX devices.
1.7.3. CoS Queuing and Enhanced Transmission Selection
The CoS Queuing feature allows the switch administrator to directly configure certain aspects of the device
hardware queuing to provide the desired QoS behavior for different types of network traffic. The priority of a
packet arriving at an interface can be used to steer the packet to the appropriate outbound CoS queue
through a mapping table. CoS queue characteristics such as minimum guaranteed bandwidth, transmission
rate shaping, etc. are user configurable at the queue (or port) level.
Enhanced Transmission Selection (ETS) allows Class of Service (CoS) configuration settings to be advertised to
other devices in a data center network through DCBX ETS TLVs. CoS information is exchanged with peer DCBX
devices using ETS TLVs.
1.7.4. VXLAN Gateway
Logically segregated virtual networks in a data center are sometimes referred to as data center VPNs. The
VXLAN Gateway is a solution that allows VXLAN to communicate with another network, particularly a VLAN.
It offers VXLAN Tunnel Endpoint (VTEP) functionality for VXLAN tunnels on the switch.
NETGEAR M4500 Series Switches Software Administration Manual 30
Loading...