A full listing of features for the M4100 line can be found here. Below is a highlight of the features available on the M4100-D12G.
- 12 - 10/100/1000 RJ45 ports
- 2 - shared 100/1000 SFP ports
- 24 Gbps switching fabric
- 802.3az Green Energy Efficient Ethernet (EEE)
- 16k MAC addresses
- 802.1q VLANs (supports 1024 simultaneous VLANs)
- Protocol, subnet, mac, voice, and private VLANs
- Guest VLAN
- Double VLAN Tagging (QoQ)
- 802.1D (STP), 802.1w (RSTP), 802.1s (MST)
- STP Loop Guard, STP Root Guard, BPDU Guard
- 12 LAGs, up to 8 ports per LAG: manual and LACP (802.3ad)
- 802.1ad LLDP, LLDP-MED
- QoS: 802.1p CoS, DSCP, DiffServ, port-based queues, port-based rate limiting, auto-voip, WRED, strict priority
- Security - DHCP Filtering, DoS protection, Port based, IP and MAC ACLs, storm control, 802.1x authentication, Dynamic ARP inspection
- RADIUS and TACACS+
- ACLs – L2/L3/L4, protocol-based, by VLAN, dynamic
- SNMP v1, v2c, v3
- IGMP snooping
- Link down power saving mode
- Port Mirroring
- Can be powered via PoE
- 64 static Layer 3 routes
- 64 IP interfaces
- 9k Jumbo frames
- 802.3x Flow Control
- Multicast – IGMP v2 and v3, IGMP Snooping
- DHCP Server, DHCP Snooping, DHCP Relay, DHCP Bootp
- IPv6 support
- Telnet, SSH, HTTP configuration
- USB, Console ports
A key value to the M4100 series is Layer 3 functionality. The M4100 can support up to 64 IP interfaces and static routes. It can also perform port-based, VLAN-based and subnet based static routing. Individual ports on the M4100 can be converted to routed ports instead of switched ports. In addition, the M4100 can function as a DHCP server for up to 16 networks.
NETGEAR refers to the M4100 series as “Layer 2+” as it supports some Layer 3 functions. For example, the M4100 supports static routes, but does not support dynamic routing protocols, such as RIP and OSPF. Further, the M4100 doesn't perform NAT (network address translation), so you'll still need a router for connection to the Internet.
I set up a couple of VLANs, routed VLAN interfaces, as well as a DHCP server on the M4100 to test a few of its Layer 3 capabilities. In the screenshot below, you can see the route table on the M4100 is showing two connected routes to two different VLANs, a connected route to a loopback interface, as well as a static default route.
A loopback interface is a virtual interface that can be assigned an IP address. Eight loopback interfaces can be created on the M4100. Loopback interfaces are useful for testing routing, as well as for managing dynamic routing configuration.
I also set up a DHCP server on the D12G for VLAN 45, which worked as expected. PCs connected to ports assigned to VLAN 45 got their IP address from the D12G. Below is a screenshot of my DHCP server config on the D12G.
Using a Layer 3 switch like the M4100 to serve as an internal router to forward inter-VLAN traffic and provide internal network security and QoS can also result in improved network performance. A switch with routing capability should route traffic at near wire-speed, faster than the throughput of a typical router.
To get an idea of the value of using a Layer 3 switch to perform internal network routing, I measured the D12G's routed throughput. For my tests, I used iperf with default TCP settings, including a TCP window size of 8KB and no other options. I ran iperf on two PCs running 64-bit Windows 7 with their software firewall disabled. (Running a simple iperf throughput test between two PCs uses the command iperf -s on one PC and iperf -c (ip) on the other PC.)
|PC - PC (reference)||404|
Table 2: L3 routing throughput
As you can see in Table 2, my two Windows 7 PCs directly connected with a wire (cross-over cable) could send traffic between each other at 404 Mbps. My two Windows PCs connected to different VLANs on the M4100 could send traffic between each other at 384 Mbps, a loss of just 20 Mbps (5%).
The NETGEAR specs state the D12G supports up to 1024 simultaneous VLANs. Out of the box, VLANs 1 and 2 are already defined, with VLAN 1 as the default VLAN and VLAN 2 as the Auto VoIP VLAN.
Configuring static VLANs on the D12G is the same as on the GS510TP and GS108T, so I won't go into basic VLAN configs on the M4100 other than to say I had no problem adding and configuring static VLANs on the D12G.
The M4100 series supports several dynamic VLAN modes, including MAC, protocol and IP subnet based VLANs. Dynamic VLANs will assign traffic to specific VLANs based on certain characteristics. A MAC-based VLAN assigns traffic to a VLAN based on the source MAC address. A protocol-based VLAN assigns traffic to a VLAN based on the protocol. An IP subnet-based VLAN assigns traffic to a VLAN based on the source IP address.
The configuration for MAC-based VLANs turned out to be just three steps, although I found the manual's instructions for MAC based VLANs a bit vague and an example on NETGEAR's website misleading. Here's how I got a MAC-based VLAN on the D12G to work. First, you create the VLAN you intend to assign to specific MACs. I created VLAN 2001 for this purpose as shown below.
Second, you assign all ports as untagged members of that VLAN. Below, you can see all twelve ports on the D12G are Untagged members of VLAN 2001.
Third, you enter a MAC to VLAN mapping for each device you want to be a member of that VLAN, shown below.
MAC to VLAN
These three steps were all that was necessary. My PC with the above MAC then showed up in the D12G's Address Table as a member of VLAN 2001.
I went a little further in my test config on the D12G and created a DHCP server for VLAN 2001. I was pleased to see my PC get an IP address from the D12G's DHCP server associated with VLAN 2001, further validating the D12G's MAC based VLAN configuration.
Private VLANs, or port-based VLANs are also an option on the D12G, which can be useful to restrict access within a standard 802.1q VLAN.