Netgear XSM4324FS Product Data Sheet - Page 42

Network Monitoring and Discovery Services, Security, Network Traffic

Get Netgear XSM4324FS PDF manuals and user guides View all Netgear XSM4324FS manuals
Add to My Manuals
Save this manual to your list of manuals

Page 42 highlights

Data Sheet | M4300 series Intelligent Edge Managed Switches Network Monitoring and Discovery Services ISDP (Industry Standard Discovery Protocol) 802.1ab LLDP 802.1ab LLDP - MED SNMP RMON 1,2,3,9 sFlow Security Network Storm Protection, DoS Broadcast, Unicast, Multicast DoS Protection Denial of Service Protection (control plane) Denial of Service Protection (data plane) DoS Attacks Protection CPU Rate Limiting ICMP throttling Management Management ACL (MACAL) Max Rules Out of band Management Radius accounting TACACS+ Malicious Code Detection Network Traffic Access Control Lists (ACLs) Time-based ACLs Protocol-based ACLs ACL over VLANs Dynamic ACLs IEEE 802.1x Radius Port Access Authentication 802.1x MAC Address Authentication Bypass (MAB) Network Authentication Successive Tiering Port Security IP Source Guard DHCP Snooping Dynamic ARP Inspection IPv6 RA Guard Stateless Mode Yes Can interoperate with devices running CDP Yes Yes V1, V2, V3 Yes Yes (IPv4 and IPv6 headers) Yes Yes Switch CPU protection Yes Switch Traffic protection SIPDIP SMACDMAC FIRSTFRAG TCPFRAG TCPFLAG TCPPORT UDPPORT TCPFLAGSEQ TCPOFFSET TCPSYN TCPSYNFIN TCPFINURGPSH L4PORT ICMP ICMPV4 ICMPV6 ICMPFRAG PINGFLOOD SYNACK Yes Applied to IPv4 and IPv6 multicast packets with unknown L3 addresses when IP routing/ multicast enabled Yes Restrict ICMP, PING traffic for ICMP-based DoS attacks Yes Protects management CPU access through 64 the LAN In-band management can be shut down Yes entirely when out-of-band management network Yes RFC 2565 and RFC 2866 Yes Yes Software image files and Configuration files with digital signatures L2 / L3 / L4 Yes Yes Yes Yes Yes Yes MAC, IPv4, IPv6, TCP, UDP Yes Yes Yes Yes Up to 48 clients (802.1x) per port are supported, including the authentication of the users domain Supplemental authentication mechanism for non-802.1x devices, based on their MAC address only Dot1x-> MAP -> Captive Portal successive authentication methods based on configured time-outs Yes IPv4 / IPv6 IPv4 / IPv6 IPv4 / IPv6 Yes PAGE 42 of 60

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
Network Monitoring and Discovery Services
ISDP (Industry Standard Discovery Protocol)
Yes
Can interoperate with devices running CDP
802.1ab LLDP
Yes
802.1ab LLDP - MED
Yes
SNMP
V1, V2, V3
RMON 1,2,3,9
Yes
sFlow
Yes (IPv4 and IPv6 headers)
Security
Network Storm Protection, DoS
Broadcast, Unicast, Multicast DoS Protection
Denial of Service Protection (control plane)
Denial of Service Protection (data plane)
Yes
Yes
Yes
Switch CPU protection
Switch Traffic protection
DoS Attacks Protection
SIPDIP
SMACDMAC
FIRSTFRAG
TCPFRAG
TCPFLAG
TCPPORT
UDPPORT
TCPFLAGSEQ
TCPOFFSET
TCPSYN
TCPSYNFIN
TCPFINURGPSH
L4PORT
ICMP
ICMPV4
ICMPV6
ICMPFRAG
PINGFLOOD
SYNACK
CPU Rate Limiting
Yes
Applied to IPv4 and IPv6 multicast packets with unknown L3 addresses when IP routing/
multicast enabled
ICMP throttling
Yes
Restrict ICMP, PING traffic for ICMP-based
DoS attacks
Management
Management ACL (MACAL)
Max Rules
Yes
64
Protects management CPU access through
the LAN
Out of band Management
Yes
In-band management can be shut down
entirely when out-of-band management
network
Radius accounting
Yes
RFC 2565 and RFC 2866
TACACS+
Yes
Malicious Code Detection
Yes
Software image files and Configuration files
with digital signatures
Network Traffic
Access Control Lists (ACLs)
L2 / L3 / L4
MAC, IPv4, IPv6, TCP, UDP
Time-based ACLs
Yes
Protocol-based ACLs
Yes
ACL over VLANs
Yes
Dynamic ACLs
Yes
IEEE 802.1x Radius Port Access Authentication
Yes
Up to 48 clients (802.1x) per port are sup-
ported, including the authentication of the
users domain
802.1x MAC Address Authentication Bypass (MAB)
Yes
Supplemental authentication mechanism
for non-802.1x devices, based on their MAC
address only
Network Authentication Successive Tiering
Yes
Dot1x-> MAP -> Captive Portal successive
authentication methods based on config
-
ured time-outs
Port Security
Yes
IP Source Guard
Yes
IPv4 / IPv6
DHCP Snooping
Yes
IPv4 / IPv6
Dynamic ARP Inspection
Yes
IPv4 / IPv6
IPv6 RA Guard Stateless Mode
Yes
Intelligent Edge Managed Switches
Data Sheet |
M4300 series
PAGE 42 of 60