Netgear XSM4216F-100EUS Product Data Sheet

0 (0)

Datasheet | M4250 series

AV Line Managed Switches

Switching

Engineered for AV over IP

The NETGEAR M4250 Switch Series introduces the AV Line, developed and engineered for audio/video professionals with dedicated service and support. M4250 has been built from the ground up for the growing AV over IP market, combining years of networking expertise in AV with M4300 and M4500 series with best practices from leading experts in the professional AV market. AV codecs

generally use 1Gbps or 10Gbps per stream and the AV Line of M4250 targets the widespread 1Gbps codecs.

PoE+, Ultra90 PoE++ and rear-facing ports ensure a clean integration in AV racks. M4250 switches come pre-configured for standard audio and video signals. When requirements are more specific, an AV user interface offers customization with port-based profiles. For audio Dante,

Q-SYS and AES67 profiles are available, as well as an AVB profile requiring an AVB license sold separately. For video the M4250 offers profiles for NVX, SVSI, Q-SYS, NDI, Dante etc. as well as audio/ video/control mixed profiles. When multiple switches, NETGEAR IGMP Plus™ brings automation for you to just connect them together, or with M4300 and M4500 switches.

Highlights

Extended AV features

DedicatedAVweb-basedGUI interface for more specific AV installations

Color-basedAVprofilescanbe applied to the different ports

Dante,Q-SYS,AES67andAVBaudio profiles

AVBrequiresalicense(soldseparately)

NVX,SVSI,Q-SYS,NDIandDante video profiles

Audio/video/controlmixedprofiles

Automaticswitchinterconnectwith

NETGEAR IGMP PlusTM

CommonLayer2andLayer3 switching engine across all M4250 models

Built-inITwebGUI,console,telnet and SSH consistent with other NETGEAR M4300 and M4500 series

Featuresetincludesstatic,RIPandPIM routing,DHCPServerandPTPv2

Audio Video Bridging (AVB) services

AVBisoneofthemanyfeatures designed into the M4250 product line

AVBisanindustrystandardfor transporting content over a network

AVBisusedmostoftenwhenvery low latency is required such as in live performances when lip sync is critical

AlloftheAVLineM4250switchescan be optionally licensed for AVB support

Other IT use cases

Standardorrecessedmountingwithall ports in the back, or all ports in the front

FullyfeaturedL2/L3/L4platformfor midsize Enterprise campus networks, IoT and IPTV

Industry standard management

Industrystandardcommandline interface(CLI),mainNETGEARITweb interface(GUI),SNMP,sFlowandRSPAN

Single-pane-of-glassNMS300 management platform with centralized firmware updates and massconfiguration support

Industry leading warranty

NETGEARM4250seriesiscovered under NETGEAR ProSAFE Limited Lifetime Hardware Warranty*

90daysofTechnicalSupportviaphone and email, Lifetime Technical Support through online chat and Lifetime Next Business Day hardware replacement

PAGE 1 of 44

Datasheet | M4250 series

AV Line Managed Switches

Hardware-at-a-Glance

 

 

 

 

REAR (REVERSIBLE)*

 

 

LEDs

MANAGEMENT

 

 

 

 

 

 

 

 

 

 

 

 

Model

 

Switching

10/100/1000

100/1000/2.5G

1000BASE-X

1000/10G

 

Status

Out-of-band

Model

Form-Factor

BASE-T RJ45

BASE-X

PSU

Name

Fabric

BASE-T RJ45 ports

SFP ports

Information

Console

Number

 

ports

SFP+ ports

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1U rack mount

 

8portsPoE+(125W)

 

2 ports SFP

 

 

 

Ethernet:

 

M4250-10G2F-PoE+

24 Gbps

2 additional ports

-

-

 

 

GSM4212P

440 x 43.2 x 200mm

1G

 

 

1G Out-of-

 

 

 

 

 

 

 

 

 

 

10M, 100M, 1G

 

 

 

Available

band(Rear)

 

 

 

 

 

 

 

 

 

 

1U rack mount

 

8portsPoE+(240W)

 

 

2 ports SFP+

Fixed

both in front

Console:

 

M4250-10G2XF-PoE+

60 Gbps

2 additional ports

-

-

(C14

and in the

RJ45 RS232

GSM4212PX

 

440 x 43.2 x 200mm

 

10M, 100M, 1G

 

 

1G, 10G

connector)

rear:

(Rear)

 

 

 

 

 

 

 

 

 

Console:

 

 

 

 

 

 

 

 

 

 

 

 

1U rack mount

60 Gbps

8portsPoE++**(720W)

 

 

2 ports SFP+

Power

Power LED

USB-C

 

 

 

 

 

(Rear)

 

M4250-10G2XF-PoE++

2 additional ports

-

-

PoE Max LED

GSM4212UX

 

 

 

switch

440 x 43.2 x 257mm

 

1G, 10G

 

 

 

 

 

 

Storage:

 

 

 

10M, 100M, 1G

 

 

 

(PoEmodels)

 

 

 

 

 

 

 

(On/Off)

 

 

 

 

 

 

 

USB-A

 

 

 

 

 

 

 

 

 

 

1U rack mount

 

 

12 ports

 

2 ports SFP+

 

Fan LED

 

M4250-12M2XF

100 Gbps

-

-

 

(Front)

MSM4214X

 

 

 

 

 

440 x 43.2 x 100mm

100M, 1G, 2.5G

1G, 10G

 

Port LEDs

 

 

 

 

 

 

LED Ext:

 

 

 

 

 

 

 

 

 

 

 

M4250-16XF

1U rack mount

320 Gbps

-

 

-

16 ports SFP+

 

 

USB-C

XSM4216F

 

 

 

(Front)

440 x 43.2 x 200mm

 

 

1G, 10G

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

*Reversed mounting is possible when ports are desired on the front of the rack by using the standard rackmout ears, or the included alternate rackmount ears to mount the switch recessed by 2-Inches to allow for the cabling.

**Ultra90 PoE++ 802.3bt is compatible with 802.3af PoE (15.4W), 802.3at PoE++ (30W) and 802.3bt (60W, 75W and 90W).

Acoustic-at-a-Glance

 

FAN OFF MODE Setting / maximum loading*

QUIET MODE Setting at 25ºC ambient**

COOL MODE Setting at 25ºC

 

 

ambient**

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Model

 

 

 

PoE

 

PoE Power

Fan

 

Case

 

Fan

 

Case

 

Model

Fanless State

Ambient

Sensor

Power

Conditions

Sensor

Temp

Acoustic

 

Temp

Acoustic

Name

 

 

 

Load

 

Load

Duty

 

(Top)

 

Duty

 

(Top)

 

Number

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

0dBA/37.1ºC

 

 

 

All ports

 

 

 

 

 

 

 

 

 

 

M4250-10G2F-PoE+

25ºC

<=42ºC

80W

can be

125W

25

<=36ºC

35.9ºC

27.38dBA

100

 

27.2ºC

55dBA

GSM4212P

 

CaseTemp

 

 

 

used

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

0dBA/38.4ºC

 

 

 

All ports

 

 

 

 

 

 

 

 

 

 

M4250-10G2XF-PoE+

25ºC

<=44ºC

90W

can be

240W

25

<=37ºC

40.6ºC

27.4dBA

100

 

30.9ºC

56dBA

GSM4212PX

 

CaseTemp

 

 

 

used

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

0dBA/42.3ºC

 

 

 

All ports

90W

25

<=49ºC

41.1ºC

34.57dBA

 

 

 

 

 

M4250-10G2XF-PoE++

25ºC

<=67ºC

45W

can be

90-180W

30

<=49ºC

40.8ºC

40dBA

100

 

41.8ºC

60dBA

GSM4212UX

CaseTemp

 

 

 

 

 

 

used

180W-720W

40

<=49ºC

52.1ºC

47.19dBA

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

0dBA/56ºC

 

 

 

8 ports

 

 

 

 

 

 

 

 

 

 

M4250-12M2XF

25ºC

<=64ºC

-

2.5G

-

25

<=58ºC

53.5ºC

28.5dBA

100

 

33.2ºC

55dBA

MSM4214X

CaseTemp

 

 

 

 

 

(noSFP+)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

M4250-16XF

0dBA/36.2ºC

25ºC

<=78ºC

-

8 ports

-

25

<=67ºC

41.6ºC

27.44dBA

100

 

30.3ºC

57dBA

XSM4216F

 

CaseTemp

 

 

 

SFP+

 

 

 

 

 

 

 

 

 

 

*Software-controlled fan adjustments enable the fans to be turned off when ambient temperature and PoE loads are appropriate for a totally fanless operation.

**dBAvaluesareSPL(SoundPressureLevel)values,testingfollowingtheISO-7779standard.BystanderMode.ChamberTemp25ºCduringtesting.Full,

100%, Data and PoE loaded. Worst case.

PAGE 2 of 44

Datasheet | M4250 series

AV Line Managed Switches

Software-at-a-Glance

 

 

 

 

 

LITE LAYER 3 PACKAGE

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

IPv4 / IPv6

IPv4 / IPv6

IPv4 / IPv6

Spanning

 

Trunking

IPv4 / IPv6

IPv4 / IPv6

IPv4 / IPv6

 

Model

 

AV

ACLand

Tree

 

Model

Management

Multicast

Policing and

VLANs

Port

Authentication

Static

Dynamic

Name

Dedicated UI

QoS,

Green

Number

 

Filtering

Convergence

 

Channel

Security

Routing

Routing

 

 

 

DiffServ

Ethernet

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

AV web-based

 

 

Auto-VoIP

 

 

 

 

 

 

 

 

 

GUI available at

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

[Switch IP

 

NETGEAR

 

 

 

 

 

 

 

 

 

 

Address]:8080

 

Policy-based

 

 

 

 

Port,

 

 

 

 

 

IGMPTM Plus

 

 

 

 

 

 

 

Out-of-band

 

 

for automated

routing(PBR)

STP, MTP,

Static,

Static LAG,

 

Subnet,

 

 

 

 

 

 

IGMP between

 

Dynamic,

 

VLAN

 

 

 

 

Designed for

 

 

or Dynamic

 

 

 

 

 

 

switches

 

RSTP

Voice,

Successive

routing

 

 

 

IT Web GUI

AV installers

Ingress/

LLDP-MED

LACP

 

 

 

 

 

MAC

Tiering

 

 

 

 

(main)

 

egress

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

PV(R)STP

 

 

(DOT1X;MAB;

Multicast

IPv4: RIP

 

 

 

AV-related

 

IGMPv3

IEEE 1588

 

(LACP

 

 

 

 

 

 

CaptivePortal)

static routes

 

 

 

 

 

MLDv2

 

GVRP/

 

 

 

HTTPs

controls

 

PTPv2

 

automati-

 

 

 

1 Kbps

 

 

 

 

 

M4250

Snooping,

BPDU/STRG

GMRP

 

 

IPv4/IPv6:

All

CLI;Telnet;SSH

 

shaping

1-Step

cally reverts

 

 

 

Proxy ASM

 

DHCP

 

 

series

 

Audio over IP

 

End-to-End

Root Guard

 

to and from

DHCPv4

PIM-SM

models

 

Time-based

& SSM

 

 

 

 

Double

StaticLAG)

Snooping

Server

PIM-DM

 

 

 

profiles

 

 

Transparent

 

 

 

SNMP, MIBs

 

 

 

 

Dynamic ARP

 

 

 

 

 

 

Clock

EEE 802.3az

VLAN

 

 

SSM

 

 

 

 

Single Rate

IGMPv1,v2

 

Inspection

 

 

 

RSPAN

 

mode

Seven(7)

DHCPRelay

 

 

AVB profile*

 

(EEEis

IP Source

 

 

 

 

Policing

Querier

 

 

L2/L3/L4

 

 

 

 

 

 

 

(compatiblev3)

AVB*:

disabled by

 

Guard

 

 

 

 

Radius Users,

 

 

Private

hashing

 

 

 

 

 

 

 

 

default)

 

Stateful

 

 

 

Video over IP

 

 

802.1AS,

algorithms

 

 

 

 

TACACS+

 

 

 

VLANs

 

DHCPv6

 

 

 

profiles

 

ControlPacket

802.1Qav,

 

 

 

 

 

 

 

 

 

 

 

 

Server

 

 

 

 

 

 

802.1Qat MSRP,

 

 

 

 

 

 

 

 

 

 

Flooding

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

802.1ak MMRP,

 

 

 

 

 

 

 

 

 

Mixed Audio and

 

 

 

 

 

 

 

 

 

 

 

 

 

802.1ak MVRP

 

 

 

 

 

 

 

 

 

Video profiles

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

* Requires AVB license, sold separately. All other software features are available, license-free.

Performance-at-a-Glance

 

 

 

 

 

 

TABLE SIZE

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

IP

 

 

Multicast

 

 

 

 

 

MAC

Routing/

 

 

 

 

 

 

IGMP

 

 

 

 

Model

Throughput

Application

Packet

 

Multicast

 

Jumbo

 

 

 

Model

Switching

Latency

CPU

Group

VLANs

DHCP

sFlow

 

Name

ARP/NDP

Capacity

64-byte

Route Scaling

Buffer

 

Routing

 

Frames

member-

 

 

 

Number

 

 

 

 

 

 

 

Entries

 

 

ship

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

M4250-10G2F-PoE+

16KMAC

24 Gbps

17.86

Static:

16Mb

<2.27µs 1G

 

 

 

 

 

 

 

GSM4212P

4K ARP/

Line-Rate

Mpps

894v4/126v6

 

 

 

 

 

 

 

 

NDP

RIP: 32v4

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

M4250-10G2XF-PoE+

16KMAC

60 Gbps

44.64

Static:

16Mb

<2.14µs 1G

 

 

 

 

 

 

 

GSM4212PX

4K ARP/

Line-Rate

Mpps

894v4/126v6

<0.84µs 10G

 

 

 

 

 

DHCP

 

 

NDP

RIP: 32v4

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ARM A9

 

 

 

Server:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1.25Ghz

 

 

 

2K leases

16 samplers

 

 

16KMAC

 

 

Static:

 

 

512 IPv4

2GB

Up to

2K IPv4

4K

 

 

 

60 Gbps

44.64

 

<1.84µs 1G

 

16 pollers

 

 

 

 

 

 

 

M4250-10G2XF-PoE++

4K ARP/

Line-Rate

Mpps

894v4/126v6

16Mb

<0.81µs 10G

128 IPv6

RAM

12K

2K IPv6

VLANs

IPv4: 256

8 receivers

GSM4212UX

 

NDP

 

 

RIP: 32v4

 

 

 

256MB

 

 

 

pools

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Flash

 

 

 

IPv6: 16

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

pools

 

 

M4250-12M2XF

16KMAC

100 Gbps

74.40

Static:

16Mb

<2.84.µs 1G

 

 

 

 

 

 

MSM4214X

 

 

 

 

 

 

 

4K ARP/

Line-Rate

Mpps

894v4/126v6

<6.02µs 2.5G

 

 

 

 

 

 

 

 

NDP

RIP: 32v4

 

<0.81µs 10G

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

M4250-16XF

16KMAC

320 Gbps

238.08

Static:

16Mb

<1.30µs 1G

 

 

 

 

 

 

 

XSM4216F

4K ARP/

Line-Rate

Mpps

894v4/126v6

<0.86µs 10G

 

 

 

 

 

 

 

 

NDP

RIP: 32v4

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

PAGE 3 of 44

Datasheet | M4250 series

AV Line Managed Switches

Product Brief

The NETGEAR AV Line M4250 series was designed with input from AV Professionals. The result is a line of switches built from the ground up to support 1Gb audio and video over IP with customized hardware and software along with dedicated service and support.

NETGEAR M4250 series key features:

Rangesfrom8to16portswithavariety of PoE+ and Ultra90 PoE++ options for 15.4W, 30W, 60W, 75W and 90W AVoIP endpoints

Uplinkoptionsinclude1Gforaudio installations or standalone video installations as well as 10G uplinks for larger scale video deployments

Alsoincludes12-portmulti-gigabit

Ethernet and 16-port 1G/10G fiber models for plug and play aggregation in a star topology

Designedforacleanintegrationwith traditional rack-mounted, AV equipment

TheM4250switchescomewithasleek, black display panel with status in front and all cabling plus additional status in the back

Reversedmountingispossiblewhen ports are desired on the front of the rack

Asecondpairofrackmountearsallows the switches to be mounted recessed by 2-inches to allow for the cabling

Software-controlledfanadjustments enable the fans to be turned off when ambient temperature and PoE loads are appropriate for a totally fanless operation

Threadedholesonthebottom(4xM5 for50x100mmVESA)andinfront (1xM10forclamps)allowforuniversal mounting options outside the rack as well

NETGEAR M4250 series AV software features:

Pre-configuredforaudioandvideo over IP out of the box, the M4250 switches enable encoders and decoders to be connected with zero configuration

Whenmoreconfigurationisrequired, an AV web-based GUI is available at the switch IP address:8080

Thisinterfacehasbeenspecially designed for AV installers with specific AV-related controls made more accessible and with port-based profiles

Foraudio,profilesforDante,Q-SYS and AES67 are built-in, as well as an

AVBprofile (AVBlicensesoldseparately)

Forvideo,theM4250offersprofilesfor

NVX, SVSI, Q-SYS, NDI, Kramer KDS, Aurora Multimedia, ZeeVee, Atlona, Dante and SDVoE

OtherAVCODECsandmanufactures are supported as well as audio/video/ control mixed profiles

Tofurthersimplifystardeployments,

NETGEAR IGMP Plusbrings multicast automation between all M4250 switches, and with M4300/M4500

Simplyconnecttheswitchestogether and you are done!

NETGEAR M4250 series other software features:

AllM4250switchessharethesame high-end NETGEAR Layer 2 / Layer 3 switching engine for a consistent experience

AllswitchesintheM4250serieshave another main, IT web-based GUI for midsize Enterprise campus networks, IoT and IPTV

PAGE 4 of 44

Datasheet | M4250 series

AV Line Managed Switches

Additionalfeaturesincludestatic,

RIP and PIM-SM, DM and SSM multicast routing,DHCPServerandPTPv2 TransparentClock(1-stepE2E)

AVBistheonlyfeaturerequiringa license, all other advanced features are available license-free

Advancedclassifier-based,time-based hardwareimplementationforL2(MAC), L3(IP)andL4(UDP/TCPtransportports) security and prioritization

SelectablePort-Channel/LAG (802.3ad-802.1AX)L2/L3/L4hashing for fault tolerance and load sharing with any type of Ethernet channeling

VoiceVLANwithSIP,H323andSCCP protocols detection and LLDP-MED IP phones automatic QoS and VLAN configuration

Efficientauthenticationtieringwith successiveDOT1X,MABandCaptive

Portal methods for streamlined BYOD

ComprehensiveIPv4/IPv6staticand dynamic routing including Policy-based routing and 6-to-4 tunneling

AdvancedIPv4/IPv6security implementation including malicious codedetection,DHCPSnooping,IP

Source Guard protection and DoS attacks mitigation

NETGEAR M4250 series management features:

DHCP/BootPinnovativeauto-installation including firmware and configuration file upload automation

IndustrystandardSNMP,RMON,MIB,

LLDP, AAA, sFlow, RSPAN and PTPv2

Serviceportforout-of-bandEthernet management(OOB)

StandardRS232straight-throughserial RJ45andUSBType-Cportsforlocal management console

StandardUSB-Aportforlocalstorage, logs, configuration or image files

Dualfirmwareimageforupdateswith minimum service interruption

Single-pane-of-glassNMS300 management platform with mass configuration support

Industrystandardcommandline interface(CLI)forITadminsusedto other vendors commands

FullyfunctionalWebconsole(mainGUI) for IT admins who prefer an easy to use graphical interface

DedicatedAVweb-basedGUIinterface available at [switch IP address:8080] for AV installations

NETGEAR M4250 series warranty and support:

NETGEARProSAFELimitedLifetime

Hardware Warranty**

IncludedLifetimeTechnicalSupport

IncludedLifetimeNextBusinessDay

Hardware Replacement

Offeringfreenetworkdesignservices and installation support, the NETGEAR Engineering Services Team is ready

to help ensure your 1G deployments with the M4250 AV over IP switches go as smooth as possible. Just drop us an email at ProAVDesign@netgear.com to get started!

PAGE 5 of 44

Datasheet | M4250 series

AV Line Managed Switches

Features highlights

Dedicated AV UI available at http://IPAddress:8080

M4250 switch series is pre-configured for Audio and Video over IP out of the box with a dedicated AV web-based GUI interface for more specific AV installations

Color-based AV profiles can be applied to the different ports

Dante, Q-SYS,AES67 and AVB audio profiles (AVB license sold separately)

NVX, SVSI, Q-SYS, NDI, Kramer KDS, Aurora Multimedia, ZeeVee, Atlona, Dante, etc. video profiles

Audio / video / control mixed profiles

Best value switching performance:

16K MAC address table, 4K ARP and 4K concurrent VLANs for typical midsize environnements

Low latency at all network speeds, including 10 Gigabit fiber interfaces

Jumbo frames support of up to 12KB accelerating performance with compatible nodes

Ranges from 8 to 16 ports with a variety of PoE+ and Ultra90 PoE++ 802.3bt options for 15.4W, 30W, 60W, 75W and 90W AVoIP (1G) endpoints

Tier 1 availability

Rapid Spanning Tree (RSTP) and Multiple Spanning Tree (MSTP) allow for rapid transitionning of the ports to the Forwarding state and the suppression of Topology Change Notification

NETGEAR PVSTP implementation follows the same rules than other vendor’s Per VLAN STP for strict interoperability

NETGEAR PVRSTP implementation follows the same rules than other vendor’s Per VLAN RSTP for strict interoperability

Including industry-standard PVST+ interoperability

PVSTP is similar to the MSTP protocol as defined by IEEE 802.1s, the main difference being PVSTP runs one instance per VLAN

In other words, each configured VLAN runs an independent instance of PVSTP

FastUplink feature immediately moves an alternate port with lowest cost to forwarding state when the root port goes down to reduce recovery time

FastBackbone feature selects new indirect port when an indirect port fails

Including industry-standard RPVST+ interoperability

PVRSTP is similar to the RSTP protocol as defined by IEEE 802.1w, the main difference being PVRSTP runs one instance per VLAN

In other words, each configured VLAN runs an independent instance of PVRSTP

Each PVRSTP instance elects a root bridge independent of the other

Hence there are as many Root Bridges in the region as there are VLANs configured

Per VLAN RSTP has in built support for FastUplink and FastBackbone

PAGE 6 of 44

Datasheet | M4250 series

AV Line Managed Switches

IP address conflict detection performed by embedded DHCP servers prevents accidental IP address duplicates from perturbing the overall network stability

IP Event Dampening reduces the effect of interface flaps on routing protocols: the routing protocols temporarily disable their processing (on the unstable interface) until the interface becomes stable, thereby greatly increasing the overall stability of the network

Ease of deployment

Automatic configuration with DHCP and BootP Auto Install eases large deployments with a scalable configuration files management capability, mapping IP addresses and host names and providing individual configuration files to multiple switches as soon as they are initialized on the network

Both the Switch Serial Number and primary MAC address are reported by a simple "show hardware" command in CLI - facilitating discovery and remote configuration operations

M4300 DHCP L2 Relay agents eliminate the need to have a DHCP server on each physical network or subnet

DHCP Relay agents process DHCP messages and generate new DHCP messages

Supports DHCP Relay Option 82 circuit-id and remote-id for VLANs

DHCP Relay agents are typically IP routing-aware devices and can be referred to as Layer 3 relay agents

Automatic Voice over IP prioritization with Auto-VoIP simplifies most complex multi-vendor IP telephones deployments either based on protocols (SIP, H323 and SCCP) or on OUI bytes (default database and user-based OUIs) in the phone source MAC address; providing the best class of service to VoIP streams (both data and signaling) over other ordinary traffic by classifying traffic, and enabling correct egress queue configuration

An associated Voice VLAN can be easily configured with Auto-VoIP for further traffic isolation

When deployed IP phones are LLDP-MED compliant, the Voice VLAN will use LLDP-MED to pass on the VLAN ID, 802.1P priority and DSCP values to the IP phones, accelerating convergent deployments

Ease of management and granular control

Dual firmware image and dual configuration file for transparent firmware updates / configuration changes with minimum service interruption

Flexible Port-Channel/LAG (802.3ad - 802.1AX) implementation for maximum compatibility, fault tolerance and load sharing with any type of Ethernet channeling from other vendors switch, server or storage devices conforming to IEEE 802.3ad - including static (selectable hashing algorithms) - or to IEEE 802.1AX with dynamic LAGs or port-channel (highly tunable LACP Link Aggregation Control Protocol )

LACP mode automatically reverts to and from Static LAG, useful when the host isn’t LACP anymore, for instance during a factory reset or re-configuration

Unidirectional Link Detection Protocol (UDLD) and Aggressive UDLD detect and avoid unidirectional links automatically, in order to prevent forwarding anomalies in a

Layer 2 communication channel in which a bi-directional link stops passing traffic in one direction

Port names feature allows for descriptive names on all interfaces and better clarity in real word admin daily tasks

SDM (System Data Management, or switch database) templates allow for granular system resources distribution depending on IPv4 or IPv6 applications

ARP Entries (the maximum number of entries in the IPv4 Address Resolution Protocol ARP cache for routing interfaces)

IPv4 Unicast Routes (the maximum number of IPv4 unicast forwarding table entries)

IPv6 NDP Entries (the maximum number of IPv6 Neighbor Discovery Protocol NDP cache entries)

IPv6 Unicast Routes (the maximum number of IPv6 unicast forwarding table entries)

ECMP Next Hops (the maximum number of next hops that can be installed in the IPv4 and IPv6 unicast forwarding tables)

IPv4 Multicast Routes (the maximum number of IPv4 multicast forwarding table entries)

IPv6 Multicast Routes (the maximum number of IPv6 multicast forwarding table entries)

Loopback interfaces management for routing protocols administration

Private VLANs and local Proxy ARP help reduce broadcast with added security

Management VLAN ID is user selectable for best convenience

Industry-standard VLAN management in the command line interface (CLI) for all common operations such as VLAN creation; VLAN names; VLAN “make static” for dynamically created VLAN by GVRP registration; VLAN trunking; VLAN participation as well as VLAN ID (PVID) and VLAN tagging for one interface, a group of interfaces or all interfaces at once

Simplified VLAN configuration with industry-standard Access Ports for 802.1Q unaware endpoints and Trunk Ports for switch-to-switch links with Native VLAN

System defaults automatically set per-port broadcast, multicast, and unicast storm control for typical, robust protection against DoS attacks and faulty clients which can, with BYOD, often create network and performance issues

IP Telephony administration is simplified with consistent Voice VLAN capabilities per the industry standards and automatic functions associated

PAGE 7 of 44

Datasheet | M4250 series

AV Line Managed Switches

Comprehensive set of “system utilities” and “Clear” commands help troubleshoot connectivity issues and restore various configurations to their factory defaults for maximum admin efficiency: traceroute (to discover the routes that packets actually take when traveling on a hop-by-hop basis and with a synchronous response when initiated from the CLI), clear dynamically learned MAC addresses, counters, IGMP snooping table entries from the Multicast forwarding database etc...

Syslog and Packet Captures can be sent to USB storage for rapid network troubleshooting

Replaceable factory-default configuration file for predictable network reset in distributed branch offices without IT personnel

All major centralized software distribution platforms are supported for central software upgrades and configuration files management (HTTP,TFTP), including in highly secured versions (HTTPS, SFTP, SCP)

Simple Network Time Protocol (SNTP) can be used to synchronize network resources and for adaptation of NTP, and can provide synchronized network timestamp either in broadcast or unicast mode (SNTP client implemented over UDP - port 123)

Embedded RMON (4 groups) and sFlow agents permit external network traffic analysis

Engineered for convergence and AV-over-IP

Audio (Voice over IP) and Video (multicasting) comprehensive switching, filtering, routing and prioritization

Auto-VoIP, Voice VLAN and LLDP-MED support for IP phones QoS and VLAN configuration

IEEE 1588 (section 10 and 11.5) PTPv2 Transparent Clock (TC) End-to-End implementation considering the residence time of PTPv2 packets from ingress to egress

NETGEAR IGMP PlusTM for automatic multicast across a M4250 / M4300 / M4500 L2 network (Spine and Leaf topologies), removing the need for L3 PIM routing

1-step Transparent Clock mode, using the residence time of the PPTPv2 packet at the egress port level in

Standalone mode, or Stack Master only

The "Sync & Delay_Req" field of passing/egressing out PTPv2 packets is updated with the residence time in the switch, the other fields in PTPv2 packets ("Announce", "Delay_Resp", "Pdelay_Req" and "Pdelay_Resp") are not updated

IGMP Plus is pre-configured on default VLAN 1 out of the box

IGMP Plus can be configured on another VLAN for automatic IGMP across switches on that VLAN (uplinks can make part of that VLAN in trunk mode)

IGMP Plus allow AV-over-IP devices (TX/Encoders and RX/Decoders) to be connected across multiple switches in a star topology

The show igmpsnooping group command in CLI and GUI displays the Source and Group IP addresses along with their corresponding MAC addresses that are learnt through IGMP Snooping in a given VLAN on a given interface

IGMP Snooping and Proxy for IPv4, MLD Snooping and Proxy for IPv6, and Querier mode facilitate fast receivers joins and leaves for multicast streams and ensure multicast traffic only reaches interested receivers everywhere in a Layer 2 or a Layer 3 network, including source-specific (SSM) and any-source (ASM) multicast

Multicast VLAN Registration (MVR) uses a dedicated Multicast VLAN to forward multicast streams and avoid duplication for clients in different VLANs

Multicast routing (PIM-SM and PIM-DM, both IPv4 and IPv6) ensure multicast streams can reach receivers in different L3 subnets

PoE power management and schedule enablement for powering on and powering off PoE nodes connected to the switch

AVB is one of the many features designed into the

• IEEE 802.1BA-2011 Audio Video Bridging (AVB) when an AVB license is properly installed in the switch

M4250 product line

(license sold separately)

 

• IEEE 802.1AS-2011 gPTP, IEEE 802.1Qav-2009 FQTSS, IEEE 802.1Qat-2010 MSRP, IEEE 802.1ak MMRP, IEEE

 

802.1ak MVRP

 

• Maximum of 256 AVB streams per switch

 

• AVB is not supported in LAG (link aggregation groups, or Etherchannel)

Layer 3 routing package

 

Static Routes/ECMP Static Routes for IPv4 and IPv6

• Static and default routes are configurable with next IP address hops to any given destination

 

• Permitting additional routes creates several options for the network administrator

 

• The admin can configure multiple next hops to a given destination, intending for the router to load share

 

across the next hops

 

• The admin distinguishes static routes by specifying a route preference value: a lower preference value is a

 

more preferred static route

 

• A less preferred static route is used if the more preferred static route is unusable (down link, or next hop

 

cannot be resolved to a MAC address)

PAGE 8 of 44

Datasheet | M4250 series

AV Line Managed Switches

Advanced Static Routing functions for administrative traffic control

In order to facilitate VLAN creation and VLAN routing using Web GUI, a VLAN Routing Wizard offers following automated capabilities:

DHCP Relay Agents relay DHCP requests from any routed interface, including VLANs, when DHCP server doesn’t reside on the same IP network or subnet

Router Discovery Protocol is an extension to ICMP and enables hosts to dynamically discover the IP address of routers on local IP subnets

Static Reject Routes are configurable to control the traffic destined to a particular network so that it is not forwarded through the router

Such traffic is discarded and the ICMP destination unreachable message is sent back to the source

Static reject routes can be typically used to prevent routing loops

Default routes are configurable as a preference option

Create a VLAN and generate a unique name for VLAN

Add selected ports to the newly created VLAN and remove selected ports from the default VLAN

Create a LAG, add selected ports to a LAG, then add this LAG to the newly created VLAN

Enable tagging on selected ports if the port is in another VLAN

Disable tagging if a selected port does not exist in another VLAN

Exclude ports that are not selected from the VLAN

Enable routing on the VLAN using the IP address and subnet mask entered as logical routing interface

The agent relays requests from a subnet without a DHCP server to a server or next-hop agent on another subnet

Unlike a router which switches IP packets transparently, a DHCP relay agent processes DHCP messages and generates new DHCP messages

Supports DHCP Relay Option 82 circuit-id and remote-id for VLANs

Multiple Helper IPs feature allows to configure a DHCP relay agent with multiple DHCP server addresses per routing interface and to use different server addresses for client packets arriving on different interfaces on the relay agent server addresses for client packets arriving on different interfaces on the relay agent

Based on RFC 1256 for IPv4

Routers periodically send router discovery messages to announce their presence to locally-attached hosts

The router discovery message advertises one or more IP addresses on the router that hosts can use as their default gateway

Hosts can send a router solicitation message asking any router that receives the message to immediately send a router advertisement

Router discovery eliminates the need to manually configure a default gateway on each host

It enables hosts to switch to a different default gateway if one goes down

Loopback interfaces are available as dynamic, stable IP addresses for other devices on the network, and for routing protocols

Support of Routing Information Protocol (RIPv2) as a distance vector protocol specified in RFC 2453 for

IPv4

Each route is characterized by the number of gateways, or hops, a packet must traverse to reach its intended destination

Categorized as an interior gateway protocol, RIP operates within the scope of an autonomous system

IP Multinetting allows to configure more than one IP address on a network interface (other vendors may call it IP Aliasing or Secondary Addressing)

ICMP Throttling feature adds configuration options for the transmission of various types of ICMP messages

The Policy Based Routing feature (PBR) overrides routing decision taken by the router and makes the packet to follow different actions based on a policy

ICMP Redirects can be used by a malicious sender to perform man-in-the-middle attacks, or divert packets to a malicious monitor, or to cause Denial of Service (DoS) by blackholing the packets

ICMP Echo Requests and other messages can be used to probe for vulnerable hosts or routers

Rate limiting ICMP error messages protects the local router and the network from sending a large number of messages that take CPU and bandwidth

It provides freedom over packet routing/forwarding instead of leaving the control to standard routing protocols based on L3

For instance, some organizations would like to dictate paths instead of following the paths shown by routing protocols

Network Managers/Administrators can set up policies such as:

–– My network will not carry traffic from the Engineering department

–– Traffic originating within my network with the following characteristics will take path A, while other traffic will take path B

–– When load sharing needs to be done for the incoming traffic across multiple paths based on packet entities in the incoming traffic

PAGE 9 of 44

Datasheet | M4250 series

AV Line Managed Switches

Enterprise security

Traffic control MAC Filter and Port Security help restrict the traffic allowed into and out of specified ports or interfaces in the system in order to increase overall security and block MAC address flooding issues

DHCP Snooping monitors DHCP traffic between DHCP clients and DHCP servers to filter harmful DHCP message and builds a bindings database of (MAC address, IP address,VLAN ID, port) tuples that are considered authorized in order to prevent DHCP server spoofing attacks

IP source guard and Dynamic ARP Inspection use the DHCP snooping bindings database per port and per VLAN to drop incoming packets that do not match any binding and to enforce source IP/MAC addresses for malicious users traffic elimination

Time-based Layer 2 / Layer 3-v4 / Layer 3-v6 / Layer 4 Access Control Lists (ACLs) can be binded to ports, Layer 2 interfaces,VLANs and LAGs (Link Aggregation Groups or Port channel) for fast unauthorized data prevention and right granularity

For in-band switch management, management ACLs on CPU interface (Control Plane ACLs) are used to define the IP/MAC or protocol through which management access is allowed for increased HTTP/HTTPS or Telnet/SSH management security

Out-of-band management is available via dedicated service port (1G RJ45 OOB) when in-band management can be prohibited via management ACLs

Bridge protocol data unit (BPDU) Guard allows the network administrator to enforce the Spanning Tree (STP) domain borders and keep the active topology consistent and predictable - unauthorized devices or switches behind the edge ports that have BPDU enabled will not be able to influence the overall STP by creating loops

Spanning Tree Root Guard (STRG) enforces the Layer 2 network topology by preventing rogue root bridges potential issues when for instance, unauthorized or unexpected new equipment in the network may accidentally become a root bridge for a given VLAN

Dynamic 802.1x VLAN assignment mode, including Dynamic VLAN creation mode and Guest VLAN / Unauthenticated VLAN are supported for rigorous user and equipment RADIUS policy server enforcement

802.1x MAC Address Authentication Bypass (MAB) is a supplemental authentication mechanism that lets non-802.1x devices bypass the traditional 802.1x process altogether, letting them authenticate to

the network using their client MAC address as an identifier

With Successive Tiering, the Authentication Manager allows for authentication methods per port for a Tiered Authentication based on configured time-outs

Up to 48 clients (802.1x) per port are supported, including the authentication of the users domain, in order to facilitate convergent deployments. For instance when IP phones connect PCs on their bridge, IP phones and PCs can authenticate on the same switch port but under different VLAN assignment policies (Voice VLAN versus other Production VLANs)

A list of authorized MAC addresses of client NICs is maintained on the RADIUS server for MAB purpose

MAB can be configured on a per-port basis on the switch

MAB initiates after unsuccessful dot1x authentication process (configurable time out), when clients don’t respond to any of EAPOL packets

When 802.1X unaware clients try to connect, the switch sends the MAC address of each client to the authentication server

The RADIUS server checks the MAC address of the client NIC against the list of authorized addresses

The RADIUS server returns the access policy and VLAN assignment to the switch for each client

By default, configuration authentication methods are tried in this order: Dot1x, then MAB, then Captive Portal (web authentication)

With BYOD, such Tiered Authentication is powerful and simple to implement with strict policies

–– For instance, when a client is connecting, M4300 tries to authenticate the user/client using the three methods above, the one after the other

The admin can restrict the configuration such that no other method is allowed to follow the captive portal method, for instance

Double VLANs (DVLAN) pass traffic from one customer domain to another through the “metro core” in a multi-tenancy environment: customer VLAN IDs are preserved and a service provider VLAN ID is added to the traffic so the traffic can pass the metro core in a simple, secure manner

Private VLANs (with Primary VLAN, Isolated VLAN, Community VLAN, Promiscuous port, Host port, Trunks) provide Layer 2 isolation between ports that share the same broadcast domain, allowing a VLAN broadcast domain to be partitioned into smaller point-to-multipoint subdomains accross switches in the same Layer 2 network

Private VLANs are useful in DMZ when servers are not supposed to communicate with each other but need to communicate with a router

They remove the need for more complex port-based VLANs with respective IP interface/subnets and associated L3 routing

Another Private VLANs typical application are carrier-class deployments when users shouldn’t see, snoop or attack other users’ traffic

SSL version 3 and TLS version 2 ensure Web GUI sessions are secured

Secure Shell (SSH version 2) and SNMPv3 (with or without MD5 or SHA authentication) ensure SNMP and Telnet sessions are secured

2048-bit RSA key pairs, SHA2-256 and SHA2-512 cryptographic hash functions for SSLv3 and SSHv2 are supported on all M4300 models

PAGE 10 of 44

Datasheet | M4250 series

AV Line Managed Switches

TACACS+ and RADIUS enhanced administrator management provides strict “Login” and “Enable” authentication enforcement for the switch configuration, based on latest industry standards: exec authorization using TACACS+ or RADIUS; command authorization using TACACS+ and RADIUS Server; user exec accounting for HTTP and HTTPS using TACACS+ or RADIUS; and authentication based on user domain in addition to user ID and password

Superior quality of service

Advanced classifier-based hardware implementation for Layer 2 (MAC), Layer 3 (IP) and Layer 4 (UDP/TCP transport ports) prioritization

8 queues (7 in a stack) for priorities and various QoS policies based on 802.1p (CoS) and DiffServ can be applied to interfaces and VLANs

Advanced rate limiting down to 1 Kbps granularity and mininum-guaranteed bandwidth can be associated with ACLs for best granularity

Single Rate Policing feature enables support for

Single Rate Policer as defined by RFC 2697

Committed Information Rate (average allowable rate for the class)

Committed Burst Size (maximum amount of contiguous packets for the class)

Excessive Burst Size (additional burst size for the class with credits refill at a slower rate than committed burst size)

DiffServ feature applied to class maps

Automatic Voice over IP prioritization with protocol-based (SIP, H323 and SCCP ) or OUI-based Auto-VoIP up to 144 simultaneous voice calls

iSCSI Flow Acceleration and automatic protection / QoS with Auto-iSCSI

Flow Control

802.3x Flow Control implementation per IEEE 802.3

Annex 31B specifications with Symmetric flow control, Asymmetric flow control or No flow control

Allows traffic from one device to be throttled for a specified period of time: a device that wishes to inhibit transmission of data frames from another device on the LAN transmits a PAUSE frame

UDLD Support

UDLD implementation detects unidirectional links physical ports (UDLD must be enabled on both sides of the link in order to detect an unidirectional link)

Asymmetric flow control allows the switch to respond to received PAUSE frames, but the ports cannot generate PAUSE frames

Symmetric flow control allows the switch to both respond to, and generate MAC control PAUSE frames

A device that wishes to inhibit transmission of data frames from another device on the LAN transmits a PAUSE frame

UDLD protocol operates by exchanging packets containing information about neighboring devices

The purpose is to detect and avoid unidirectional link forwarding anomalies in a Layer 2 communication channel

Both “normal-mode” and “aggressive-mode” are supported for perfect compatibility with other vendors implementations, including port “D-Disable” triggering cases in both modes

PAGE 11 of 44

Datasheet | M4250 series

AV Line Managed Switches

Target Application

AnewAVLineof M4250switcheswithout-of-the-boxfunctionalityandanindustry-first:aconcurrentseconduserinterface solely designed with the AV Pro in mind.

NETGEAR has enhanced the experience for AV professionals by including a new user interface designed from the ground up.ProAVcustomers don’t have to settle for an IT-centric interface with settings and IT-specific functionality they will never need. The new M4250 AV interface presents the common AV controls right up front with user-selectable profiles for common AV platforms making it a snap to ensure the settings are correct for a specific audio or video application.

PAGE 12 of 44

Netgear XSM4216F-100EUS Product Data Sheet

Datasheet | M4250 series

AV Line Managed Switches

Components and Modules

M4250 AV Licenses

M4250 AVB Licenses are electronic SKUs. A license registration key is received by email and can be copied and pasted directly in the AV UI [Switch IP Address:8080] when the switch is online.

PAGE 13 of 44

Components and Modules

M4250-10G2F-PoE+

AV Line Managed Switch

Ordering information

Americas: GSM4212P-100NAS

Europe: GSM4212P-100EUS

Asia Pacific: GSM4212P-100AJS

China: GSM4212P-100PRS

Warranty: Lifetime ProSAFE Hardware Warranty

AVB License: AVB4212P-10000S (sold separatel

Datasheet | M4250 series

AV Line Managed Switches

8-port 10/100/1000BASE-T (RJ45) PoE+ with 125W PoE budget

2-port 10/100/1000BASE-T (RJ45)

2-port 1000BASE-X (SFP)

24 Gbps non-blocking fabric across 12 ports

Out-of-band 1G Ethernet management port

USB-C and RJ45 RS232 console ports and USB-A storage port

Front black display panel and all ports in the back

Possible reversed mounting with ports in the front

Rack-mounting standard brackets

Longer brackets for recessed mounting (2 inches / 5 cm)

Threaded hole in front (1xM10) for clamps

Threaded holes on the bottom (4xM5) for 50x100mm VESA plates

Selectable fan modes for fanless, quiet, or cool operation

Dimensions (WxDxH): 440 x 200 x 43.2 mm

Weight: 2.85Kg (6.28lb)

PAGE 14 of 44

Loading...
+ 30 hidden pages