Netgear RPS4000-200NES Datasheet Page 11
- Page / 46
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
Border Gateway Protocol version 4 (BGP4) is
supported for typical routed data center topologies
(IPv4 and IPv6) up to max L3 route table size
(12K routes)
• BGP is an inter-Autonomous System (AS) routing protocol as described in RFC 4271 section-3
• The primary function of a BGP speaking system is to exchange network reachability information with other
BGP systems
• This network reachability information includes information on the list of Autonomous Systems (ASes) that
reachability information traverses
BGP Route Reflection feature as described in RFC
4456 allows to a router to reflect a route received
from an internal peer to another internal peer
• Under conventional BGP rules, a router can only send an internal peer routes learned from an external peer
or routes locally originated
• Route reflection eliminates the need to configure a full mesh of iBGP peering sessions
• The administrator can configure an internal BGP peer to be a route reflector client
• Alternatively, the administrator can configure a peer template to make any inheriting peers route reflector
clients
• The client status of a peer can be configured independently for IPv4 and IPv6 a cluster may have multiple
route reflectors
• A cluster may have multiple route reflectors
The Policy Based Routing feature (PBR) overrides
routing decision taken by the router and makes the
packet to follow dierent actions based on a policy
• It provides freedom over packet routing/forwarding instead of leaving the control to standard routing
protocols based on L3
• For instance, some organizations would like to dictate paths instead of following the paths shown by
routing protocols
• Network Managers/Administrators can set up policies such as:
- My network will not carry trac from the Engineering department
- Trac originating within my network with the following characteristics will take path A, while other
trac will take path B
- When load sharing needs to be done for the incoming trac across multiple paths based on packet
entities in the incoming trac
Enterprise security
Trac control MAC Filter and Port Security help restrict the trac allowed into and out of specified ports or interfaces in the system in order to increase overall
security and block MAC address flooding issues
DHCP Snooping monitors DHCP trac between DHCP clients and DHCP servers to filter harmful DHCP message and builds a bindings database of (MAC address, IP
address, VLAN ID, port) tuples that are considered authorized in order to prevent DHCP server spoofing attacks
IP source guard and Dynamic ARP Inspection use the DHCP snooping bindings database per port and per VLAN to drop incoming packets that do not match any bind-
ing and to enforce source IP / MAC addresses for malicious users trac elimination
Time-based Layer 2 / Layer 3-v4 / Layer 3-v6 / Layer 4 Access Control Lists (ACLs) can be binded to ports, Layer 2 interfaces, VLANs and LAGs (Link Aggregation
Groups or Port channel) for fast unauthorized data prevention and right granularity
For in-band switch management, management ACLs on CPU interface (Control Plane ACLs) are used to define the IP/MAC or protocol through which management
access is allowed for increased HTTP/HTTPS or Telnet/SSH management security
Out-of-band management is available via dedicated service port (1G RJ45 OOB) when in-band management can be prohibited via management ACLs
Bridge protocol data unit (BPDU) Guard allows the network administrator to enforce the Spanning Tree (STP) domain borders and keep the active topology consistent
and predictable - unauthorized devices or switches behind the edge ports that have BPDU enabled will not be able to influence the overall STP by creating loops
Spanning Tree Root Guard (STRG) enforces the Layer 2 network topology by preventing rogue root bridges potential issues when for instance, unauthorized or
unexpected new equipment in the network may accidentally become a root bridge for a given VLAN
Dynamic 802.1x VLAN assignment mode, including
Dynamic VLAN creation mode and Guest VLAN/
Unauthenticated VLAN are supported for
rigorous user
• Up to 48 clients (802.1x) per port are supported, including the authentication of the users domain, in
order to facilitate convergent deployment. For instance when IP phones connect PCs on their bridge, IP
phones and PCs can authenticate on the same switch port but under dierent VLAN assignment policies
(Voice VLAN versus other Production VLANs)
ProSAFE® LAN Access and Aggregation Chassis Switches Data Sheet
M6100 series
Page 11 of 46
© 2020, manymanuals.com. All rights reserved. | 0.463 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals