Image Alt

The NETGEAR Intelligent Edge M4100 series consists of 12 fully managed switches, ranging from 8-port Fast Ethernet to 50-port Gigabit Ethernet. They are ideal for all organizations considering reliable, affordable and simple access layer switching with CLI, advanced scripting capabilities and Layer 3 routing. As a cost-effective component of converged voice, video and data networking solutions, NETGEAR M4100 series delivers a secure edge in commercial buildings and campus LAN environments: PoE (802.3af) and PoE+ (802.3at) versions of M4100 series are perfect for Wireless access points, IP telephony and IP surveillance deployments.

Layer 2+ with static routing

  • image

    M4100 series comes with Port-based / VLAN-based / Subnet-based "static routing" Layer 2+ versions

  • image

    L3 fixed routes to the next hop towards the destination network are added to the routing table.

  • image

    L3 routing is wire-speed in M4100 series hardware with 64 static routes (IPv4)

Engineered for convergence

  • image

    Automatic multi-vendor Voice over IP prioritization based on SIP, H323 and SCCP protocol

  • image

    Voice VLAN and LLDP-MED for automatic IP phones QoS and VLAN configuration

  • image

    Advanced classifier-based hardware for L2, L3, L4 security and prioritization

  • image

    Advanced Multicast filtering with IGMP and MLD snooping and querier modes

High-value performance and IPv6 ready

  • image

    16K MAC addresses; up to 100Gbps switching fabric; 9K jumbo frames; Green Ethernet

  • image

    IPv4/IPv6 ingress traffic filtering (ACLs) and prioritization (QoS - DiffServ)

High availability and PoE/PoE+ full power capability

  • image

    Redundant power supply option for uninterruptible operation (RPS)

  • image

    External power supply option for PoE and PoE+ full power applications (EPS up to 1,440W)

Industry Standard Management

  • image

    Industry standard command line interface (CLI)

  • image

    Fully functional NETGEAR web interface (GUI)

Industry Leading Warranty

  • image

    NETGEAR M4100 series is backed by NETGEAR ProSafe Lifetime Hardware Warranty†

  • image

    Also included ProSupport Lifetime 24x7 Advanced Technical Support*

  • image

    Also included 3-Year Next Business Day Onsite Hardware Replacement**

NETGEAR M4100 Series

As a cost-effective component of converged voice, video and data networking solutions, NETGEAR M4100 series offers ideal, advanced features for a secure edge in commercial buildings and campus LAN environments.

  • High availability and PoE/PoE+ full power capability
  • Industry standard management
  • Industry leading warranty
  • Layer 2+ with static routing
  • Engineered for convergence
  • High-value performance and IPv6 ready

Performance

  • Layer 3 hardware with L2+ software affordability
  • Built upon L3 hardware platform while Layer 2+ software package allows for better budget optimization
  • Uses latest generation silicon low-power 40-nanometer technology
  • L2 and L3 switching features (access control list, classification, filtering, IPv4 routing) are performed in hardware at interface line rate for voice, video, and data convergence
  • Layer 2+ software package provides straight forward IP static routing capabilities for physical interfaces, VLANs and subnets
  • 16K MAC address table, 1K concurrent VLANs and 64 static routes for SMB and small enterprise access layers
  • Increased packet buffering with up to 12 Mb dynamically shared accross all interfaces for most intensive applications
  • Low latency at all network speeds
  • Jumbo frames support of up to 9Kb accelerating storage performance for backup and cloud applications
  • Broad portfolio of access layer solutions, ranging from 8 ports Fast Ethernet to 50 ports Gigabit Ethernet

Connectivity

  • IEEE 802.3af Power over Ethernet (PoE) provides up to 15.4W per port
  • IEEE 802.3at Power over Ethernet Plus (PoE+) provides up to 30W per port
  • Desktop versions can be powered by upstream PoE+ switch
  • M4100-D12G-POE+ can even redistribute PoE power from the upstream PoE+ switch to VoIP phones or other devices in meeting rooms, retail sales floors or other challenging environments without outlet
  • Both IEEE 802.3at Layer 2 LLDP method and 802.3at 2-event classification methods are supported for compatibility with all PoE+ PD devices
  • Automatic MDIX and Auto-negotiation on all ports select the right transmission modes (half or full duplex) as well as data transmission for crossover or straight-through cables dynamically for the admin
  • 100Mbps backward compatiblity on all SFP ports
  • IPv6 support with multicasting (MLD for IPv6 filtering), ACLs and QoS

Ease of Use

  • Fully functional Web console (GUI) for IT admins who prefer an easy to use graphical interface
  • Placement outside the wiring closet (conference rooms, offices, class rooms, sales floor in retail stores, etc)
  • For secure deployment in open areas , desktop versions come with a Wall Mount Kit with four brackets
  • Select desktop versions also come with a set of strong magnets for mounting on any metal surface
  • Automatic configuration with DHCP and BootP Auto Install
  • Both the Switch Serial Number and Switch primary MAC address are reported by a simple "show" command in the CLI
  • Automatic Voice over IP prioritization with Auto-VoIP
  • An associated Voice VLAN can be easily configured with Auto-VoIP for further traffic isolation
  • When deployed IP phones are LLDP-MED compliant, the Voice VLAN will use LLDP-MED to pass on the VLAN ID, 802.1P priority and DSCP values to the IP phones, accelerating convergent deployments
  • DHCP/BootP innovative auto-installation including firmware and configuration file upload automation
  • Dual firmware image and configuration file for updates with minimum service interruption

Security

  • Traffic control MAC Filter and Port Security
  • DHCP Snooping monitors DHCP traffic between DHCP clients and DHCP servers to filter harmful DHCP message and prevent DHCP spoofing attacks
  • IP source guard and Dynamic ARP Inspection for malicious users traffic elimination
  • Layer 2 / Layer 3-v4 / Layer 3-v6 / Layer 4 Access Control Lists (ACLs) can be binded to ports, Layer 2 interfaces, VLANs and LAGs (Link Aggregation Groups or Port channel) for fast unauthorized data prevention and right granularity
  • Bridge protocol data unit (BPDU) Guard allows the network administrator to enforce the Spanning Tree (STP) domain borders and keep the active topology consistent and predictable - unauthorized devices or switches behind the edge ports that have BPDU enabled will not be able to influence the overall STP topology by creating loops
  • Spanning Tree Root Guard (STRG) enforces the Layer 2 network topology by preventing rogue root bridges potential issues when for instance, unauthorized or unexpected new equipment in the network may accidentally become a root bridge for a given VLAN
  • Dynamic 802.1x VLAN assignment mode, including Dynamic VLAN creation mode and Guest VLAN / Unauthenticated VLAN are supported for rigorous user and equipment RADIUS policy server enforcement
  • 802.1x MAC Address Authentication Bypass (MAB)
  • Double VLANs (DVLAN - QoQ) pass traffic from one customer domain to another through the "metro core" in a multi-tenancy environment
  • Private VLANs (with Primary VLAN, Isolated VLAN, Community VLAN, Promiscuous port, Host port, Trunks) provide Layer 2 isolation between ports that share the same broadcast domain
  • Secure Shell (SSH) and SNMPv3 (with or without MD5 or SHA authentication) ensure SNMP and Telnet sessions are secured
  • TACACS+ and RADIUS enhanced administrator management provides strict "Login" and "Enable" authentication enforcement for the switch configuration and authentication based on user domain in addition to user ID and password

NETGEAR Warranty

  • This product is backed by a NETGEAR ProSAFE® Lifetime Hardware Warranty.
  • Lifetime Next Business Day Hardware Replacement. Click here for coverage, availability and terms and conditions.
  • ProSUPPORT 24x7 Advanced Technical Support via phone for 90 days (Remote diagnostics performed by our technical experts for prompt resolution of technical issues). ProSUPPORT coverage can be extended by purchasing one, three, or five year contracts.
  • ProSUPPORT Lifetime 24x7 Advanced Technical Support via chat. (Remote diagnostics performed by our technical experts for prompt resolution of technical issues).
Filter
  • Supported Link Speeds
  • Predominant Port Type
  • Number of ports
  • Power over Ethernet (PoE) Requirements
  • PoE budget
  • High Availability Requirements
View:

The combination of filters you have selected has not produced any results. Please adjust your selection.

M4100-D10-POE

Model: M4100-D10-POE

M4100-26-POE

Model: M4100-26-POE

M4100-50-POE

Model: M4100-50-POE

M4100-D12G

Model: M4100-D12G

M4100-D12G-POE+

Model: M4100-D12G-POE+

M4100-12GF

Model: M4100-12GF

M4100-12G-POE+

Model: M4100-12G-POE+

M4100-26G

Model: M4100-26G

M4100-50G

Model: M4100-50G

M4100-26G-POE

Model: M4100-26G-POE

M4100-24G-POE+

Model: M4100-24G-POE+

M4100-50G-POE+

Model: M4100-50G-POE+

Layer 3 Hardware with L2+ Software Affordability

M4100 series models are built upon L3 hardware platform while Layer 2+ software package allows for better budget optimization

  • image

    M4100 series uses latest generation silicon low-power 40-nanometer technology

  • image

    M4100 series L2 and L3 switching features (access control list, classification, filtering, IPv4 routing) are performed in hardware at interface line rate for voice, video, and data convergence

M4100 series Layer 2+ software package provides straight forward IP static routing capabilities for physical interfaces, VLANs and subnets

  • image

    Fast Ethernet 802.3af PoE: M4100-D10-POE (8 ports desktop); M4100-26-POE (24 ports); M4100-50-POE (48 ports)

  • image

    Gigabit: M4100-D12G (12 ports desktop); M4100-12GF (12 ports Fiber); M4100-26G (26 ports); M4100-50G (50 ports)

  • image

    Gigabit 802.3af PoE: M4100-26G-POE (24 ports)

  • image

    Gigabit 802.3at PoE+: M4100-D12G-POE+ (12 ports desktop); M4100-12G-POE+ (12 ports); M4100-24G-POE+ (24 ports); M4100-50G-POE+ (48 ports)

  • image

    At the edge of campus networks or in the server room, static routes are often preferred for simplicity (L3 fixed routes to the next hop towards the destination network are manually added to the routing table), without any impact on performance because L3 routing is wire-speed in M4100 series hardware

High-value Switching Performance

16K MAC address table, 1K concurrent VLANs and 64 static routes for SMB and small enterprise access layers

80 PLUS certified power supplies for energy high efficiency

Low latency at all network speeds

Increased packet buffering with up to 12 Mb dynamically shared accross all interfaces for most intensive applications

Jumbo frames support of up to 9Kb accelerating storage performance for backup and cloud applications

Green Ethernet with Energy Efficient Ethernet (EEE) defined by IEEE 802.3az Energy Efficient Ethernet Task Force

  • image

    M4100-D12G; M4100-26G; M4100-50G; M4100-26G-POE; M4100-50G-POE+

Green Ethernet with Energy Detect Mode (unused ports automatic power off)

  • image

    (M4100-D10-POE; M4100-26-POE; M4100-50-POE; M4100-D12G-POE+; M4100-12GF; M4100-12G-POE+; M4100-24G-POE+)

Ease of Deployment

Placement outside the wiring closet (conference rooms, offices, class rooms, sales floor in retail stores, etc…)

  • image

    For secure deployment in open areas , desktop versions come with a Wall Mount Kit with four brackets

  • image

    M4100-D10-POE (FSM5210P)

  • image

    M4100-D12G (GSM5212)

  • image

    M4100-D12G-POE+ (GSM5212P)

  • image

    As an option, a Rack Mount Kit is orderable (420-10043-01)

Select desktop versions also come with a set of strong magnets for mounting on any metal surface

  • image

    M4100-D10-POE (FSM5210P)

  • image

    M4100-D12G (GSM5212)

Automatic configuration with DHCP and BootP Auto Install eases large deployments with a scalable configuration files management capability, mapping IP addresses and host names and providing individual configuration files to multiple switches as soon as they are initialized on the network

Automatic Voice over IP prioritization with Auto-VoIP simplifies most complex multi-vendor IP telephones deployments either based on protocols (SIP, H323 and SCCP) or on OUI bytes (default database and user-based OUIs) in the phone source MAC address; providing the best class of service to VoIP streams (both data and signaling) over other ordinary traffic by classifying traffic, and enabling correct egress queue configuration

Both the Switch Serial Number and Switch primary MAC address are reported by a simple "show" command in the CLI - facilitating discovery and remote configuration operations

An associated Voice VLAN can be easily configured with Auto-VoIP for further traffic isolation

When deployed IP phones are LLDP-MED compliant, the Voice VLAN will use LLDP-MED to pass on the VLAN ID, 802.1P priority and DSCP values to the IP phones, accelerating convergent deployments

Versatile Connectivity Including "PoE Passthrough"

  • image

    IEEE 802.3af Power over Ethernet (PoE) provides up to 15.4W per port (M4100-D10-POE; M4100-26-POE; M4100-50-POE; M4100-26G-POE)

  • image

    IEEE 802.3at Power over Ethernet Plus (PoE+) provides up to 30W per port (M4100-D12G-POE+; M4100-12G-POE+; M4100-24G-POE+; M4100-50G-POE+)

  • image

    Desktop versions can be powered by upstream PoE+ switch using their Port-1 (PD, PoE+ 30W): M4100-D12G and M4100-D12G-POE+

  • image

    M4100-D12G-POE+ can even redistribute PoE power from the upstream PoE+ switch to VoIP phones or other devices in meeting rooms, retail sales floors or other challenging environments without outlet

  • image

    Both IEEE 802.3at Layer 2 LLDP method and 802.3at 2-event classification methods are supported for compatibility with all PoE+ PD devices

  • image

    Automatic MDIX and Auto-negotiation on all ports select the right transmission modes (half or full duplex) as well as data transmission for crossover or straight-through cables dynamically for the admin

  • image

    100Mbps backward compatiblity on all SFP ports

  • image

    IPv6 support with multicasting (MLD for IPv6 filtering), ACLs and QoS

Tier 1 Avaiability

Rapid Spanning Tree (RSTP) and Multiple Spanning Tree (MSTP) allow for rapid transitionning of the ports to the Forwarding state and the suppression of Topology Change Notification

IP address conflict detection performed by the embedded DHCP server prevents accidental IP address duplicates from perturbing the overall network stability

Power redundancy for higher availability when mission critical, including hot-swap PSUs and Fans

Ease of Management and Control

Dual firmware image and dual configuration file for transparent firmware updates / configuration changes with minimum service interruption

Flexible Port-Channel / LAG (802.3ad) implementation for maximum compatibility, fault tolerance and load sharing with any type of Ethernet channeling from other vendors switch, server or storage devices conforming to IEEE 802.3ad - including static (selectable hashing algorithms) or dynamic LAGs (highly tunable LACP Link Aggregation Control Protocol )

Port names feature allows for descriptive names on all interfaces and better clarity in real word admin daily tasks

Loopback interfaces management for routing protocols administration

Private VLANs and local Proxy ARP help reduce broadcast with added security

Management VLAN ID is user selectable for best convenience

Industry-standard VLAN management in the command line interface (CLI) for all common operations such as VLAN creation; VLAN names; VLAN "make static" for dynamically created VLAN by GRVP registration; VLAN trunking; VLAN participation as well as VLAN ID (PVID) and VLAN tagging for one interface, a group of interfaces or all interfaces at once

System defaults automatically set per-port broadcast, multicast, and unicast storm control for typical, robust protection against DoS attacks and faulty clients which can, with BYOD, often create network and performance issues

IP Telephony administration is simplified with consistent Voice VLAN capabilities per the industry standards and automatic functions associated

Comprehensive set of "system utilities" and "Clear" commands help troubleshoot connectivity issues and restore various configurations to their factory defaults for maximum admin efficiency: traceroute (to discover the routes that packets actually take when traveling on a hop-by-hop basis and with a synchronous response when initiated from the CLI), clear dynamically learned MAC addresses, counters, IGMP snooping table entries from the Multicast forwarding database etc...

All major centralized software distribution platforms are supported for central software upgrades and configuration files management (HTTP, TFTP), including in highly secured versions (HTTPS, SFTP, SCP)

Simple Network Time Protocol (SNTP) can be used to synchronize network resources and for adaptation of NTP, and can provide synchronized network timestamp either in broadcast or unicast mode (SNTP client implemented over UDP - port 123)

Embedded RMON (4 groups) and sFlow agents permit external network traffic analysis

Engineered for Convergence

Audio (Voice over IP) and Video (multicasting) comprehensive switching, filtering, routing and prioritization

Auto-VoIP, Voice VLAN and LLDP-MED support for IP phones QoS and VLAN configuration

Schedule enablement

IGMP Snooping for IPv4, MLD Snooping for IPv6 and Querier mode facilitate fast receivers joins and leaves for multicast streams and ensure multicast traffic only reaches interested receivers without the need of a Multicast router

Multicast VLAN Registration (MVR) uses a dedicated Multicast VLAN to forward multicast streams and avoid duplication for clients in different VLANs

Enterprise Security

Traffic control MAC Filter and Port Security help restrict the traffic allowed into and out of specified ports or interfaces in the system in order to increase overall security and block MAC address flooding issues

DHCP Snooping monitors DHCP traffic between DHCP clients and DHCP servers to filter harmful DHCP message and builds a bindings database of (MAC address, IP address, VLAN ID, port) tuples that are considered authorized in order to prevent DHCP server spoofing attacks

IP source guard and Dynamic ARP Inspection use the DHCP snooping bindings database per port and per VLAN to drop incoming packets that do not match any binding and to enforce source IP / MAC addresses for malicious users traffic elimination

Layer 2 / Layer 3-v4 / Layer 3-v6 / Layer 4 Access Control Lists (ACLs) can be binded to ports, Layer 2 interfaces, VLANs and LAGs (Link Aggregation Groups or Port channel) for fast unauthorized data prevention and right granularity

Bridge protocol data unit (BPDU) Guard allows the network administrator to enforce the Spanning Tree (STP) domain borders and keep the active topology consistent and predictable - unauthorized devices or switches behind the edge ports that have BPDU enabled will not be able to influence the overall STP topology by creating loops

Spanning Tree Root Guard (STRG) enforces the Layer 2 network topology by preventing rogue root bridges potential issues when for instance, unauthorized or unexpected new equipment in the network may accidentally become a root bridge for a given VLAN

Dynamic 802.1x VLAN assignment mode, including Dynamic VLAN creation mode and Guest VLAN / Unauthenticated VLAN are supported for rigorous user and equipment RADIUS policy server enforcement

  • Up to 48 clients (802.1x) per port are supported, including the authentication of the users domain, in order to facilitate convergent deployments: for instance when IP phones connect PCs on their bridge, IP phones and PCs can authenticate on the same switch port but under different VLAN assignment policies (Voice VLAN versus data VLAN)

802.1x MAC Address Authentication Bypass (MAB) is a

  • image

    A list of authorized MAC addresses of client NICs is maintained on the RADIUS server for MAB purpose

  • image

    MAB can be configured on a per-port basis on the switch

  • image

    MAB initiates only after the dot1x authentication process times out, and only when clients don't respond to any of the EAPOL packets sent by the switch

  • image

    When 802.1X unaware clients try to connect, the switch sends the MAC address of each client to the authentication server

  • image

    The RADIUS server checks the MAC address of the client NIC against the list of authorized addresses

  • image

    The RADIUS server returns the access policy and VLAN assignment to the switch for each client

Double VLANs (DVLAN - QoQ) pass traffic from one customer domain to another through the "metro core" in a multi-tenancy environment: customer VLAN IDs are preserved and a service provider VLAN ID is added to the traffic so the traffic can pass the metro core in a simple, secure manner

Private VLANs (with Primary VLAN, Isolated VLAN, Community VLAN, Promiscuous port, Host port, Trunks) provide Layer 2 isolation between ports that share the same broadcast domain, allowing a VLAN broadcast domain to be partitioned into smaller point-to-multipoint subdomains accross switches in the same Layer 2 network

  • image

    Private VLANs are useful in DMZ when servers are not supposed to communicate with each other but need to communicate with a router; they remove the need for more complex port-based VLANs with respective IP interface/subnets and associated L3 routing

  • image

    Another Private VLANs typical application are carrier-class deployments when users shouldn't see, snoop or attack other users' traffic

Secure Shell (SSH) and SNMPv3 (with or without MD5 or SHA authentication) ensure SNMP and Telnet sessions are secured

TACACS+ and RADIUS enhanced administrator management provides strict "Login" and "Enable" authentication enforcement for the switch configuration, based on latest industry standards: exec authorization using TACACS+ or RADIUS; command authorization using TACACS+ and RADIUS Server; user exec accounting for HTTP and HTTPS using TACACS+ or RADIUS; and authentication based on user domain in addition to user ID and password

Superior Quality of Service

Advanced classifier-based hardware implementation for Layer 2 (MAC), Layer 3 (IP) and Layer 4 (UDP/TCP transport ports) prioritization

8 queues for priorities and various QoS policies based on 802.1p (CoS) and DiffServ can be applied to interfaces and VLANs

Advanced rate limiting down to 1 Kbps granularity and mininum-guaranteed bandwidth can be associated with ACLs for best granularity

Automatic Voice over IP prioritization with Auto-VoIP

Flow Control

802.3x Flow Control implementation per IEEE 802.3 Annex 31 B specifications with Symmetric flow control, Asymmetric flow control or No flow control

  • image

    Asymmetric flow control allows the switch to respond to received PAUSE frames, but the ports cannot generate PAUSE frames

  • image

    Symmetric flow control allows the switch to both respond to, and generate MAC control PAUSE frames

Allows traffic from one device to be throttled for a specified period of time: a device that wishes to inhibit transmission of data frames from another device on the LAN transmits a PAUSE frame