|At a Glance|
|Product||NETGEAR M4100-D12G Intelligent Edge M4100 Series Switch [GSM5212]|
|Summary||Full-featured 12-port Gigabit Smart Switch with 2 SFP|
|Pros||• Layer 2+ features with near wire-speed throughput on Inter-VLAN routing
• Responsive admin GUI
• IPv6 support
Updated 9/19/2013: Corrected Cisco SG300-10SFP comparison
NETGEAR has four product lines of business grade switches, including Fully Managed switches, Smart switches, ProSafe Plus switches, and Unmanaged switches. Within NETGEAR’s Fully Managed switch line are a group of switches called “Intelligent Edge” switches. Within this group, NETGEAR has recently introduced the M4100 series of switches.
M4100 switches range from 8-50 ports in both 10/100 Mbps and 10/100/1000 Mbps models, with support for static Layer 3 routing, PoE and various advanced Layer 2 functions. In this review, I’m going to look at the M4100-D12G, which is a 12 port Gigabit Ethernet switch with 2 shared SFP ports. Note that M4100-D12G is actually the product model name; the model number is GSM5212. I’ll frequently refer to it from here on as the D12G.
Physically, the D12G is housed in a metal case measuring 12.91”w x 6.65”d x 1.7 “w. There are 12 RJ45 network ports and 2 SFP ports, as well as a USB port on the front of the device, shown below. The USB port is used for loading and saving firmware and config files.
Front of M4100-D12G
The D12G is smaller than other members of the M4100 series and can be placed on desktop, magnetically attached to a metal surface, or mounted to a wall. The installation guide indicates the M4100-D12G is shipped with with rubber feet, magnetic feet, and wall mounting brackets. (I would have liked to try the magnetic feet, but my test device only came with the rubber feet and rack mounting brackets.)
The D12G is externally powered and comes with an AC power adapter. The back of the switch has the power connector, a locking cable security slot, a mini USB port, console port and power button, shown below.
Rear of M4100-D12G
The D12G does not have a cooling fan, thus runs silently and is suitable for office desktop use. The D12G runs on a Broadcom BCM53003 600 MHz CPU with 128 MB of RAM and 32 MB of flash, The “top secret” switch components are located under the large heatsinks shown in the photo below.
NETGEAR wouldn’t reveal the make and model numbers of the switch and Ethernet components, saying they “don’t disclose that information”. But it’s a safe bet they are also from Broadcom. Of note, there is also an Altera Max V CPLD (complex programmable logic device) chip on the board.
Multiple models of the M4100 series support PoE. The M4100-D12G does not provide PoE itself, but in a unique arrangement, can be powered from another PoE switch. An Ethernet cable from a PoE switch that supports 802.3at or 802.3af plugged into port 1 on the M4100-D12G will power it up. The M4100-D12G requires 30W to run via PoE.
The look and feel of the M4100 menu is very similar to NETGEAR’s GS510TP and the GS108T. I noted in my review of the GS510TP that there was some menu lag. The M4100 seemed to have a more responsive menu, a nice improvement.
Configuration menus on the M4100 are organized in eight menu tabs. Within each menu are two to nine configuration options. Once a configuration option is selected, additional options are available on the left side of the screen. Table 1 shows the M4100’s menus in the far left column and the configuration options available in each menu.
|System||Mgt||Device View||Services||PoE||SNMP||LLDP||ISDP||Timer Sched|
|Routing||Routing Table||IP||VLAN||ARP||Router Discovery|
|Security||Mgt Security||Access||Port Auth||Traffic Control||Control||ACL|
|Maint||Save Config||Reset||Upload||Dwnload||File Mgt||Trouble-shooting|
|Help||Online Help||User Guide|
Table 1: Menu tree
The M4100 manual, written for the M4100 and M7100 series, is pretty extensive at over 400 pages long. (The M7100 series is similar to the M4100 series, but supports 10G copper interfaces as opposed to the 1G copper interfaces on the M4100.) A nice feature on the M4100 is configuration explanations are also available by clicking the “?” symbol in each menu.
At the end of the manual is a useful section listing default values, plus a section with five configuration examples. The configuration example section covers VLANs, ACLs, DiffServ, 802.1X, and MSTP. The configuration examples in the manual are helpful, but they are basic.
Specifically, the M4100 has Layer 3 functions, yet there are no Layer 3 configuration examples in the manual. However, I found NETGEAR has numerous configuration examples on their support website written for the M5300 series that were useful for figuring out how to configure the M4100.
Of note, configurations on the M4100 need to be applied and saved. Once applied, the configurations are active, but will be lost in a reboot unless you go to the Maintenance menu and click on the Save Configuration screen. This came in handy while I was messing with Security configurations and locked myself out of the switch. Fortunately, I didn’t save my config, so power cycling the switch removed my error and let me back into the switch.
A full listing of features for the M4100 line can be found here. Below is a highlight of the features available on the M4100-D12G.
- 12 – 10/100/1000 RJ45 ports
- 2 – shared 100/1000 SFP ports
- 24 Gbps switching fabric
- 802.3az Green Energy Efficient Ethernet (EEE)
- 16k MAC addresses
- 802.1q VLANs (supports 1024 simultaneous VLANs)
- Protocol, subnet, mac, voice, and private VLANs
- Guest VLAN
- Double VLAN Tagging (QoQ)
- 802.1D (STP), 802.1w (RSTP), 802.1s (MST)
- STP Loop Guard, STP Root Guard, BPDU Guard
- 12 LAGs, up to 8 ports per LAG: manual and LACP (802.3ad)
- 802.1ad LLDP, LLDP-MED
- QoS: 802.1p CoS, DSCP, DiffServ, port-based queues, port-based rate limiting, auto-voip, WRED, strict priority
- Security – DHCP Filtering, DoS protection, Port based, IP and MAC ACLs, storm control, 802.1x authentication, Dynamic ARP inspection
- RADIUS and TACACS+
- ACLs – L2/L3/L4, protocol-based, by VLAN, dynamic
- SNMP v1, v2c, v3
- IGMP snooping
- Link down power saving mode
- Port Mirroring
- Can be powered via PoE
- 64 static Layer 3 routes
- 64 IP interfaces
- 9k Jumbo frames
- 802.3x Flow Control
- Multicast – IGMP v2 and v3, IGMP Snooping
- DHCP Server, DHCP Snooping, DHCP Relay, DHCP Bootp
- IPv6 support
- Telnet, SSH, HTTP configuration
- USB, Console ports
A key value to the M4100 series is Layer 3 functionality. The M4100 can support up to 64 IP interfaces and static routes. It can also perform port-based, VLAN-based and subnet based static routing. Individual ports on the M4100 can be converted to routed ports instead of switched ports. In addition, the M4100 can function as a DHCP server for up to 16 networks.
NETGEAR refers to the M4100 series as “Layer 2+” as it supports some Layer 3 functions. For example, the M4100 supports static routes, but does not support dynamic routing protocols, such as RIP and OSPF. Further, the M4100 doesn’t perform NAT (network address translation), so you’ll still need a router for connection to the Internet.
I set up a couple of VLANs, routed VLAN interfaces, as well as a DHCP server on the M4100 to test a few of its Layer 3 capabilities. In the screenshot below, you can see the route table on the M4100 is showing two connected routes to two different VLANs, a connected route to a loopback interface, as well as a static default route.
A loopback interface is a virtual interface that can be assigned an IP address. Eight loopback interfaces can be created on the M4100. Loopback interfaces are useful for testing routing, as well as for managing dynamic routing configuration.
I also set up a DHCP server on the D12G for VLAN 45, which worked as expected. PCs connected to ports assigned to VLAN 45 got their IP address from the D12G. Below is a screenshot of my DHCP server config on the D12G.
Using a Layer 3 switch like the M4100 to serve as an internal router to forward inter-VLAN traffic and provide internal network security and QoS can also result in improved network performance. A switch with routing capability should route traffic at near wire-speed, faster than the throughput of a typical router.
To get an idea of the value of using a Layer 3 switch to perform internal network routing, I measured the D12G’s routed throughput. For my tests, I used iperf with default TCP settings, including a TCP window size of 8KB and no other options. I ran iperf on two PCs running 64-bit Windows 7 with their software firewall disabled. (Running a simple iperf throughput test between two PCs uses the command iperf -s on one PC and iperf -c (ip) on the other PC.)
|PC – PC (reference)||404|
Table 2: L3 routing throughput
As you can see in Table 2, my two Windows 7 PCs directly connected with a wire (cross-over cable) could send traffic between each other at 404 Mbps. My two Windows PCs connected to different VLANs on the M4100 could send traffic between each other at 384 Mbps, a loss of just 20 Mbps (5%).
The NETGEAR specs state the D12G supports up to 1024 simultaneous VLANs. Out of the box, VLANs 1 and 2 are already defined, with VLAN 1 as the default VLAN and VLAN 2 as the Auto VoIP VLAN.
Configuring static VLANs on the D12G is the same as on the GS510TP and GS108T, so I won’t go into basic VLAN configs on the M4100 other than to say I had no problem adding and configuring static VLANs on the D12G.
The M4100 series supports several dynamic VLAN modes, including MAC, protocol and IP subnet based VLANs. Dynamic VLANs will assign traffic to specific VLANs based on certain characteristics. A MAC-based VLAN assigns traffic to a VLAN based on the source MAC address. A protocol-based VLAN assigns traffic to a VLAN based on the protocol. An IP subnet-based VLAN assigns traffic to a VLAN based on the source IP address.
The configuration for MAC-based VLANs turned out to be just three steps, although I found the manual’s instructions for MAC based VLANs a bit vague and an example on NETGEAR’s website misleading. Here’s how I got a MAC-based VLAN on the D12G to work. First, you create the VLAN you intend to assign to specific MACs. I created VLAN 2001 for this purpose as shown below.
Second, you assign all ports as untagged members of that VLAN. Below, you can see all twelve ports on the D12G are Untagged members of VLAN 2001.
Third, you enter a MAC to VLAN mapping for each device you want to be a member of that VLAN, shown below.
MAC to VLAN
These three steps were all that was necessary. My PC with the above MAC then showed up in the D12G’s Address Table as a member of VLAN 2001.
I went a little further in my test config on the D12G and created a DHCP server for VLAN 2001. I was pleased to see my PC get an IP address from the D12G’s DHCP server associated with VLAN 2001, further validating the D12G’s MAC based VLAN configuration.
Private VLANs, or port-based VLANs are also an option on the D12G, which can be useful to restrict access within a standard 802.1q VLAN.
The M4100 series supports Spanning Tree Protocol (STP = 802.1d), Rapid Spanning Tree Protocol (RSTP = 802.1w), and Multiple Spanning Tree (MST = 802.1s) protocol. RSTP is enabled by default.
A simple STP test is to connect a single Ethernet cable to two ports in the same VLAN of a switch. Without STP enabled, it is likely the switch will crash or become inaccessible due to the loop created. With STP enabled, the switch should take one of the ports on the ends of the Ethernet cable out of service, eliminating the problem caused by the loop.
I connected my Ethernet cable to ports 9 and 10 on the M4100. As you can see in the screenshot, port 10 has been placed in a Discarding state, meaning the M4100 detected the loop and took that port out of service.
The M4100 series supports manual Link Aggregation Groups (LAGs) for using multiple ports to connect switches or servers to the network. NETGEAR’s specs list the M4100 series as supporting up to 12 LAGs with up to 8 ports per LAG.
I tested basic LAG support between the D12G and a Cisco SG200-26 switch. As shown below, my LAG is UP on ports 9 and 10 on the D12G.
Like the GS510TP, the M4100 series supports CoS and DiffServ QoS options, although there are a few more options on the M4100. CoS configuration is a bit easier, DiffServ configuration is more complex.
CoS configuration is based on queuing. Traffic marked with CoS or DSCP values can be directed to one of four queues. Outbound traffic can be shaped by interface and inbound traffic can be given a rate or queuing method. Queued traffic can either use a strict priority scheme or use a weighted priority scheme.
DiffServ configuration allows for identifying traffic classes based on characteristics such as MAC, IP, VLAN, or protocol. Once a traffic class is defined, the class is associated with a policy to mark and/or allocate that traffic to a specific traffic rate. Finally, the policy can be applied to inbound traffic on one or more interfaces.
A simple QoS tool on the D12G is to apply bandwidth limits on a per port basis. Bandwidth limits are applied as a percentage from 1-100. Below is a screenshot of the CoS interface configuration screen where per port bandwidth limits are set to 30%.
Bandwidth shaping configuration
I tested the bandwidth settings with the ports on the D12G running at 1 Gbps. As shown below, I measured throughput of 94.4 Mbps using a setting of 10%, 188 Mbps using a setting of 20%, and 282 Mbps using a setting of 30%, which closely matches the mathematical result of applying each % to 1 Gbps.
Bandwidth shaping performance
GUI configuration of the M4100 is available via HTTP and HTTPs, while CLI configuration is available via SSH, Telnet, and the console. By default, only HTTP, Telnet and the Console port are enabled; you’ll want to change those settings for greater security. I had no problem accessing the M4100 via the HTTP GUI as well as via Telnet. Authentication for configuration access to the M4100 can be via a local user database or via RADIUS or TACACS servers.
End user access to the network can be controlled with 802.1X port security as well as MAC filters. For specific filters, up to 50 Access Control Lists (ACLs) can be created using a wizard or manually, permitting or denying traffic based on interface, MAC, VLAN or IP address.
Traffic security options on the M4100 include multiple Denial of Service (DoS) protections, storm control, DHCP Snooping, IP source guard, and Dynamic ARP Inspection.
The D12G may be physically suitable as a desktop switch, but it is loaded with a lot more features than a typical desktop switch. Additional features of note include support for jumbo frames with frame sizes up to 9216 bytes, port mirroring, Link Layer Discovery Protocol (LLDP), Green Ethernet Power Saving modes and IPv6.
Although IPv6 functionality isn’t equivalent to IPv4 functionality on the M4100, the M4100 does support an IPv6 address for the management interface, IPv6 loopback interfaces, IPv6 routing, and traffic filters based on IPv6 addresses.
I looked for comparable “Layer 2+” switches with similar port densities for the comparison chart below. As you can see, the NETGEAR M4100 is the least expensive of the Layer 2+ switches listed below. I also included the NETGEAR GS110T in the chart as a reference, but note that the GS110T is a more basic Layer 2 switch.
The Cisco SG300-10SFP has two less ports than the NETGEAR M4100-D12G, but has higher routing and VLAN capacity. The Cisco device is also nearly $200 more expensive. D-Link offers a Layer 2+ switch with 20 ports, a faster backplane, greater VLAN capacity, but less routing capacity, for about $100 more than the NETGEAR M4100.
I incorrectly compared the NETGEAR M4100-D12G to the Cisco SG300-10SFP. The Cisco SG300-10SFP, currently available on line for $353.94, has 10 SFP ports while the NETGEAR M4100-D12G has 12 copper ports and 2 shared SFP ports. It is understandable that a switch with 10 SFP ports would be more expensive than a switch with primarily copper ports.
A correct comparison would be between the NETGEAR M4100-D12G and the Cisco SG300-10. The Cisco SG300-10 has 10 copper ports and 2 shared SFP ports, yet has higher routing and VLAN capacity than the NETGEAR M4100-D12G. Current pricing for the NETGEAR M4100-D12G is $184.00 and the Cisco SG300-10 is $199.00.
The bottom line is the Cisco SG300-10 is competitively priced with the NETGEAR M4100-D12G and appears to be an interesting alternative. Table 3 has been updated to reflect the SG300-10.
|Model||Layer 3 Routes||Dynamic Routing||Switching (Gbps)||MAC Table||VLANs||Total Ports||Cooling Fan||Price|
Table 3: Competitive comparison
The NETGEAR M4100 is an interesting switch. If you’re simply looking for a smart switch with VLAN capability, the M4100 could be overkill unless you’re buying a device your network will grow into. If all you need is VLAN capability, NETGEAR’s GS110T fills that need at a lower price. However, if you’re running multiple VLANs on your network and your router is a bottleneck for inter-VLAN traffic, the M4100 is a reasonable solution.
The M4100 carriers NETGEAR’s lifetime warranty, which gives me confidence in the reliability of a network device. I’ve been using NETGEAR switches for years and haven’t had one fail yet. I had a few challenges figuring out some of the configurations on the M4100, but overall, my experience with the M4100-D12G was positive. I recommend you consider NETGEAR’s M4100 switches if you’re looking to aggregate and route inter-VLAN traffic on your network!