Netgear APS1000W Product Data Sheet - Page 30

of 48

Get Netgear APS1000W PDF manuals and user guides View all Netgear APS1000W manuals
Add to My Manuals
Save this manual to your list of manuals

Page 30 highlights

ProSAFE® LAN Access and Aggregation Chassis Switches Data Sheet M6100 series DoS Attacks Protection CPU Rate Limiting ICMP throttling Management Management ACL (MACAL) Max Rules Out of band Management Radius accounting TACACS+ Malicious Code Detection Network Traffic Access Control Lists (ACLs) Time-based ACLs Protocol-based ACLs ACL over VLANs Dynamic ACLs IEEE 802.1x Radius Port Access Authentication 802.1x MAC Address Authentication Bypass (MAB) Network Authentication Successive Tiering Port Security IP Source Guard DHCP Snooping Dynamic ARP Inspection MAC Filtering Port MAC Locking Private Edge VLAN Private VLANs DATACENTER FEATURES Priority Flow Control (PFC) Standardized by IEEE 802.1Qbb Data Center Bridging Exchange Protocol (DCBX) Enhanced Transmission Selection (ETS) SIPDIP SMACDMAC FIRSTFRAG TCPFRAG TCPFLAG TCPPORT Yes Yes UDPPORT TCPFLAGSEQ TCPOFFSET TCPSYN TCPSYNFIN TCPFINURGPSH L4PORT ICMP ICMPV4 ICMPV6 ICMPFRAG PINGFLOOD SYNACK Applied to IPv4 and IPv6 multicast packets with unknown L3 addresses when IP routing/multicast enabled Restrict ICMP, PING traffic for ICMP-based DoS attacks Yes Protects management CPU access through the LAN 64 Yes In-band management can be shut down entirely when out-of-band management network Yes RFC 2565 and RFC 2866 Yes Yes Software image files and Configuration files with digital signatures L2 / L3 / L4 Yes Yes Yes Yes Yes Yes MAC, IPv4, IPv6, TCP, UDP Yes Yes Yes Yes Up to 48 clients (802.1x) per port are supported, including the authentication of the users domain Supplemental authentication mechanism for non802.1x devices, based on their MAC address only Dot1x-> MAP -> Captive Portal successive authentication methods based on configured time-outs Yes IPv4 / IPv6 Yes Yes Yes Yes A protected port doesn't forward any traffic (unicast, multicast, or broadcast) to any other protected port - same switch Scales Private Edge VLANs by providing Layer 2 isolation between ports across switches in same Layer 2 network Yes (CLI only) Yes (CLI only) Yes (CLI only) Enables Flow Control per traffic class on IEEE 802 full-duplex links Support of lossless operation for FCoE or ISCSI traffic when all network elements are DCBX enabled Priority-based processing and bandwidth allocations, different Traffic Class Groups (TCGs) for LAN, SAN Page 30 of 48

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
DoS Attacks Protection
SIPDIP
SMACDMAC
FIRSTFRAG
TCPFRAG
TCPFLAG
TCPPORT
UDPPORT
TCPFLAGSEQ
TCPOFFSET
TCPSYN
TCPSYNFIN
TCPFINURGPSH
L4PORT
ICMP
ICMPV4
ICMPV6
ICMPFRAG
PINGFLOOD
SYNACK
CPU Rate Limiting
Yes
Applied to IPv4 and IPv6 multicast packets with
unknown L3 addresses when IP routing/multicast
enabled
ICMP throttling
Yes
Restrict ICMP, PING traffic for ICMP-based
DoS attacks
Management
Management ACL (MACAL)
Max Rules
Yes
64
Protects management CPU access through the LAN
Out of band Management
Yes
In-band management can be shut down entirely
when out-of-band management network
Radius accounting
Yes
RFC 2565 and RFC 2866
TACACS+
Yes
Malicious Code Detection
Yes
Soſtware image files and Configuration files with
digital signatures
Network Traffic
Access Control Lists (ACLs)
L2 / L3 / L4
MAC, IPv4, IPv6, TCP, UDP
Time-based ACLs
Yes
Protocol-based ACLs
Yes
ACL over VLANs
Yes
Dynamic ACLs
Yes
IEEE 802.1x Radius Port Access Authentication
Yes
Up to 48 clients (802.1x) per port are supported,
including the authentication of the users domain
802.1x MAC Address Authentication Bypass (MAB)
Yes
Supplemental authentication mechanism for non-
802.1x devices, based on their MAC address only
Network Authentication Successive Tiering
Yes
Dot1x-> MAP -> Captive Portal successive authenti-
cation methods based on configured time-outs
Port Security
Yes
IP Source Guard
Yes
IPv4 / IPv6
DHCP Snooping
Yes
Dynamic ARP Inspection
Yes
MAC Filtering
Yes
Port MAC Locking
Yes
Private Edge VLAN
Yes
A protected port doesn’t forward any traffic (unicast,
multicast, or broadcast) to any other protected port
- same switch
Private VLANs
Yes
Scales Private Edge VLANs by providing Layer 2
isolation between ports across switches in same
Layer 2 network
DATACENTER FEATURES
Priority Flow Control (PFC) Standardized by IEEE 802.1Qbb
Yes (CLI only)
Enables Flow Control per traffic class on IEEE 802
full-duplex links
Data Center Bridging Exchange Protocol (DCBX)
Yes (CLI only)
Support of lossless operation for FCoE or ISCSI traffic
when all network elements are DCBX enabled
Enhanced Transmission Selection (ETS)
Yes (CLI only)
Priority-based processing and bandwidth allocations,
different Traffic Class Groups (TCGs) for LAN, SAN
ProSAFE® LAN Access and Aggregation Chassis Switches
Data Sheet
M6100 series
Page 30 of 48