Data Sheet

ManualsBrandsNETGEAR ManualsComputers & Accessories48x1G PoE+ 480W, 2x10G, 2xSFP+ Managed Switch

Advanced OSPF implementation for large routing

domains

• OSPF NSSA feature supports RFC 3101, The OSPF Not-So-Stubby Area (NSSA) Option

• Forwarding of OSPF Opaque LSAs is enabled by default

• Passive interface feature can disable sending OSPF routing updates on an interface

• Static Area Range Costs feature allows to congure a xed OSPF cost that is always advertised when an area

range is active

• OSPF Equal Cost Multipath (ECMP) feature allows to forward trafc through multiple paths, taking advantage

of more bandwidth

• ECMP routes can be learned dynamically, or congured statically with multiple static routes to same

destination but with different next hops

• OSPF Max Metric feature allows to to override the metric in summary type 3 and type 4 LSAs while in stub

router mode

• Automatic Exiting of Stub Router Mode feature allows to exit stub router mode, reoriginating the router LSA

with proper metric values on transit links

• Static Area Range Costs feature allows to congure a xed OSPF cost that is always advertised when an area

range is active

OSPF LSA Pacing feature improves the efciency of

LSA ooding, reducing or eliminating the packet

drops caused by bursts in OSPF control packets

• LSA transmit pacing limits the rate of LS Update packets that OSPF can send

• With LSA refresh groups, OSPF efciently bundles LSAs into LS Update packets when periodically refreshing

self-originated LSAs

OSPF Flood Blocking feature allows to disable LSA

ooding on an interface with area or AS (domain-

wide) scope

• In that case, OSPF does not advertise any LSAs with area or AS scope in its database description packets sent

to neighbors

OSPF Transit-Only Network Hiding is supported

based on RFC 6860 with transit-only network dened

as a network connecting only routers

• Transit-only networks are usually congured with routable IP addresses which are advertised in LSAs but are

not needed for data trafc

• If router-to-router subnets are advertised, remote attacks can be launched against routers by sending

packets to these transit-only networks

• Hiding transit-only networks speeds up network convergence and reduces vulnerability to remote attacks

• ‘Hiding’ implies that the prexes are not installed in the routing tables on OSPFv2 and OSPFv3 routers

IP Multinetting allows to congure more than one IP address on a network interface (other vendors may call it IP Aliasing or Secondary Addressing)

ICMP Throttling feature adds conguration options

for the transmission of various types of ICMP mes-

sages

• ICMP Redirects can be used by a malicious sender to perform man-in-the-middle attacks, or divert

packets to a malicious monitor, or to cause Denial of Service (DoS) by blackholing the packets

• ICMP Echo Requests and other messages can be used to probe for vulnerable hosts or routers

• Rate limiting ICMP error messages protects the local router and the network from sending a large number of

messages that take CPU and bandwidth

The Policy Based Routing feature (PBR) overrides

routing decision taken by the router and makes the

packet to follow different actions based on a policy

• It provides freedom over packet routing/forwarding instead of leaving the control to standard routing proto-

cols based on L3

• For instance, some organizations would like to dictate paths instead of following the paths shown by

routing protocols

• Network Managers/Administrators can set up policies such as:

– My network will not carry trafc from the Engineering department

– Trafc originating within my network with the following characteristics will take path A, while other trafc

will take path B

– When load sharing needs to be done for the incoming trafc across multiple paths based on packet

entities in the incoming trafc

Enterprise security

Trafc control MAC Filter and Port Securityhelp restrict the trafc allowed into and out of specied ports or interfaces in the system in order to increase overall security

and block MAC address ooding issues

DHCP Snoopingmonitors DHCP trafc between DHCP clients and DHCP servers to lter harmful DHCP message and builds a bindings database of (MAC address, IP

address, VLAN ID, port) tuples that are considered authorized in order to prevent DHCP server spoong attacks

IP source guard and Dynamic ARP Inspection use the DHCP snooping bindings database per port and per VLAN to drop incoming packets that do not match any

binding and to enforce source IP/MAC addresses for malicious users trafc elimination

Time-based Layer 2 / Layer 3-v4 / Layer 3-v6 / Layer 4 Access Control Lists (ACLs) can be binded to ports, Layer 2 interfaces, VLANs and LAGs (Link Aggregation Groups

or Port channel) for fast unauthorized data prevention and right granularity

Intelligent Edge Managed Switches

Data Sheet | M4300 series

PAGE 13 of 60