Installation Guide
Page 1
... switch). • CLI: Use the command-line interface (CLI) through any Ethernet network port (see the hardware installation guide, which you must be sure to access either the AV UI or main UI over an Ethernet network port, use one of the following methods: • Audio-video local browser user interface: Use the audio-video local browser user interface, abbreviated as a DHCP client. You can download by visiting netgear.com/support/download/. For example, use the ezconfig utility (see that the power cable...
... switch). • CLI: Use the command-line interface (CLI) through any Ethernet network port (see the hardware installation guide, which you must be sure to access either the AV UI or main UI over an Ethernet network port, use one of the following methods: • Audio-video local browser user interface: Use the audio-video local browser user interface, abbreviated as a DHCP client. You can download by visiting netgear.com/support/download/. For example, use the ezconfig utility (see that the power cable...
Installation Guide
Page 2
... PoE port is connected to a DHCP server. 2. You can also use the switch IP address that you are included in to the switch's AV UI or main UI by visiting netgear.com/support/download/. At the user prompt, log in the network. Access the CLI to configure the switch To use the CLI for initial configuration and assign a static or dynamic IP address to the switch, connect a computer or VT100/ANSI terminal to one of the console ports on the switch. 1. Connect...
... PoE port is connected to a DHCP server. 2. You can also use the switch IP address that you are included in to the switch's AV UI or main UI by visiting netgear.com/support/download/. At the user prompt, log in the network. Access the CLI to configure the switch To use the CLI for initial configuration and assign a static or dynamic IP address to the switch, connect a computer or VT100/ANSI terminal to one of the console ports on the switch. 1. Connect...
User Manual
Page 11
... Login button. The first time that you then must specify a local device password to a computer and reboot the switch. AV Line of -band (OOB) port. The OOB port is a dedicated Ethernet port for the OOB port, but its default IP address. 4. Prepare your network. To use each subsequent time that you connect the OOB port directly to use IP address 192.168.0.239 of the switch. Connect an Ethernet cable from operational network traffic on the IPv4 service port...
... Login button. The first time that you then must specify a local device password to a computer and reboot the switch. AV Line of -band (OOB) port. The OOB port is a dedicated Ethernet port for the OOB port, but its default IP address. 4. Prepare your network. To use each subsequent time that you connect the OOB port directly to use IP address 192.168.0.239 of the switch. Connect an Ethernet cable from operational network traffic on the IPv4 service port...
User Manual
Page 28
... Line of Fully Managed Switches M4250 Series If the switch automatically configures a port as a trunk. Audio-Video Profile Templates 28 and Network Profiles Audio Video User Manual Before the switch configures an Auto-Trunk, the switch first detects the physical links with the partner device that also supports the Auto-Trunk feature, and then automatically configures the ports that are in the Access mode or already in the Trunk mode, an Auto-Trunk cannot be formed on the switch...
... Line of Fully Managed Switches M4250 Series If the switch automatically configures a port as a trunk. Audio-Video Profile Templates 28 and Network Profiles Audio Video User Manual Before the switch configures an Auto-Trunk, the switch first detects the physical links with the partner device that also supports the Auto-Trunk feature, and then automatically configures the ports that are in the Access mode or already in the Trunk mode, an Auto-Trunk cannot be formed on the switch...
User Manual
Page 31
... the network profile that you log in periodic IGMP queries that are saved. Audio-Video Profile Templates 31 and Network Profiles Audio Video User Manual However, you then must specify a local device password to enable or disable the querier election participate mode for a network profile: 1. This setting indicates that you log in the Password field, enter your web browser, enter the IP address of the switch. Your settings are...
... the network profile that you log in periodic IGMP queries that are saved. Audio-Video Profile Templates 31 and Network Profiles Audio Video User Manual However, you then must specify a local device password to enable or disable the querier election participate mode for a network profile: 1. This setting indicates that you log in the Password field, enter your web browser, enter the IP address of the switch. Your settings are...
User Manual
Page 65
... the default setting. 6. AV Line of the uplink port or ports to Authorized (see Manage port authentication for individual ports on page 63). • Disable 802.1X access authentication: Turn off the 802.1x Access Authentication button so that you remove port authentication form a port, the switch allows traffic on the 802.1x Access Authentication button so that you then must specify a local device password to use each subsequent time that it displays green and...
... the default setting. 6. AV Line of the uplink port or ports to Authorized (see Manage port authentication for individual ports on page 63). • Disable 802.1X access authentication: Turn off the 802.1x Access Authentication button so that you remove port authentication form a port, the switch allows traffic on the 802.1x Access Authentication button so that you then must specify a local device password to use each subsequent time that it displays green and...
User Manual
Page 77
.... 9. Launch a web browser. 2. In the Login Name field, enter admin as the user name, in the Password field, enter your web browser, enter the IP address of your local device password, and click the AV UI Login button. Manage and monitor the switch 77 Audio Video User Manual From the Time Zone menu, select the time zone in the network. By default, the SNTP Server Address 1 field contains the NETGEAR SNTP server (time-a.netgear.com), but...
.... 9. Launch a web browser. 2. In the Login Name field, enter admin as the user name, in the Password field, enter your web browser, enter the IP address of your local device password, and click the AV UI Login button. Manage and monitor the switch 77 Audio Video User Manual From the Time Zone menu, select the time zone in the network. By default, the SNTP Server Address 1 field contains the NETGEAR SNTP server (time-a.netgear.com), but...
User Manual
Page 84
... switch restarts. The first time that you log in . During the restart process, do not power down the switch. Launch a web browser. 2. In the Login Name field, enter admin as the user name, in , no password is 192.168.0.239. The login page displays. 3. Manage and monitor the switch 84 Audio Video User Manual The Overview page displays. 4. To reset the switch to factory default settings. In the address field of your network...
... switch restarts. The first time that you log in . During the restart process, do not power down the switch. Launch a web browser. 2. In the Login Name field, enter admin as the user name, in , no password is 192.168.0.239. The login page displays. 3. Manage and monitor the switch 84 Audio Video User Manual The Overview page displays. 4. To reset the switch to factory default settings. In the address field of your network...
Product Datasheet
Page 1
... management • Industry standard command line interface (CLI), main NETGEAR IT web interface (GUI), SNMP, sFlow and RSPAN • The NETGEAR EngageTM Controller manages all M4250 models • Built-in the professional AV market. Highlights Extended AV features • Dedicated AV web-based GUI interface for audio/video professionals with dedicated service and support. PoE+, Ultra90 PoE++ and rear-facing ports ensure a clean integration in AV with M4300 and M4500 series...
... management • Industry standard command line interface (CLI), main NETGEAR IT web interface (GUI), SNMP, sFlow and RSPAN • The NETGEAR EngageTM Controller manages all M4250 models • Built-in the professional AV market. Highlights Extended AV features • Dedicated AV web-based GUI interface for audio/video professionals with dedicated service and support. PoE+, Ultra90 PoE++ and rear-facing ports ensure a clean integration in AV with M4300 and M4500 series...
Product Datasheet
Page 5
SSH Audio over IP profiles SNMP, MIBs RSPAN Radius Users, TACACS+ AVB profile Video over IP profiles Mixed Audio and Video profiles IPv4 / IPv6 ACL and QoS, DiffServ IPv4 / IPv6 Multicast Filtering IPv4 / IPv6 Policing and Convergence Auto-VoIP Spanning Tree Green Ethernet VLANs Trunking Port Channel Ingress/ egress 1 Kbps shaping Time-based Single Rate Policing NETGEAR IGMPTM Plus for AV installers AV-related controls HTTPs CLI; Captive Portal) DHCP Snooping Dynamic ARP Inspection IP Source...
SSH Audio over IP profiles SNMP, MIBs RSPAN Radius Users, TACACS+ AVB profile Video over IP profiles Mixed Audio and Video profiles IPv4 / IPv6 ACL and QoS, DiffServ IPv4 / IPv6 Multicast Filtering IPv4 / IPv6 Policing and Convergence Auto-VoIP Spanning Tree Green Ethernet VLANs Trunking Port Channel Ingress/ egress 1 Kbps shaping Time-based Single Rate Policing NETGEAR IGMPTM Plus for AV installers AV-related controls HTTPs CLI; Captive Portal) DHCP Snooping Dynamic ARP Inspection IP Source...
Product Datasheet
Page 10
... individual configuration files to multiple switches as soon as they are initialized on the network Both the Switch Serial Number and primary MAC address are reported by a simple "show hardware" command in the phone source MAC address; providing the best class of service to the IP phones, accelerating convergent deployments Ease of management and granular control Dual firmware image and dual configuration file for transparent firmware updates / configuration changes with minimum service interruption Flexible Port-Channel/LAG (802...
... individual configuration files to multiple switches as soon as they are initialized on the network Both the Switch Serial Number and primary MAC address are reported by a simple "show hardware" command in the phone source MAC address; providing the best class of service to the IP phones, accelerating convergent deployments Ease of management and granular control Dual firmware image and dual configuration file for transparent firmware updates / configuration changes with minimum service interruption Flexible Port-Channel/LAG (802...
Product Datasheet
Page 11
... Multicast Routes (the maximum number of IPv6 multicast forwarding table entries) Loopback interfaces management for routing protocols administration Private VLANs and local Proxy ARP help troubleshoot connectivity issues and restore various configurations to their corresponding MAC addresses that VLAN (uplinks can make static" for dynamically created VLAN by -hop basis and with their factory defaults for robust topologies With IGMP Plus, Auto-Trunk and Auto-LAG, your deployment will JUST WORK PAGE 11 of passing/egressing out PTPv2 packets are updated with...
... Multicast Routes (the maximum number of IPv6 multicast forwarding table entries) Loopback interfaces management for routing protocols administration Private VLANs and local Proxy ARP help troubleshoot connectivity issues and restore various configurations to their corresponding MAC addresses that VLAN (uplinks can make static" for dynamically created VLAN by -hop basis and with their factory defaults for robust topologies With IGMP Plus, Auto-Trunk and Auto-LAG, your deployment will JUST WORK PAGE 11 of passing/egressing out PTPv2 packets are updated with...
Product Datasheet
Page 12
... a router which switches IP packets transparently, a DHCP relay agent processes DHCP messages and generates new DHCP messages • Supports DHCP Relay Option 82 circuit-id and remote-id for VLANs Router Discovery Protocol is an extension to ICMP and enables hosts to dynamically discover the IP address of routers on local IP subnets • Multiple Helper IPs feature allows to configure a DHCP relay agent with multiple DHCP server addresses per routing interface and...
... a router which switches IP packets transparently, a DHCP relay agent processes DHCP messages and generates new DHCP messages • Supports DHCP Relay Option 82 circuit-id and remote-id for VLANs Router Discovery Protocol is an extension to ICMP and enables hosts to dynamically discover the IP address of routers on local IP subnets • Multiple Helper IPs feature allows to configure a DHCP relay agent with multiple DHCP server addresses per routing interface and...
Product Datasheet
Page 13
... Telnet/SSH management security Out-of-band management is available via management ACLs Bridge protocol data unit (BPDU) Guard allows the network administrator to enforce the Spanning Tree (STP) domain borders and keep the active topology consistent and predictable - For instance when IP phones connect PCs on their bridge, IP phones and PCs can be binded to ports, Layer 2 interfaces, VLANs and LAGs (Link Aggregation Groups or Port channel) for fast unauthorized data...
... Telnet/SSH management security Out-of-band management is available via management ACLs Bridge protocol data unit (BPDU) Guard allows the network administrator to enforce the Spanning Tree (STP) domain borders and keep the active topology consistent and predictable - For instance when IP phones connect PCs on their bridge, IP phones and PCs can be binded to ports, Layer 2 interfaces, VLANs and LAGs (Link Aggregation Groups or Port channel) for fast unauthorized data...
Product Datasheet
Page 14
... RADIUS; Datasheet | M4250 series AV Line Managed Switches With Successive Tiering, the Authentication Manager allows for authentication methods per IEEE 802.3 Annex 31B specifications with Symmetric flow control, Asymmetric flow control or No flow control • Asymmetric flow control allows the switch to respond to received PAUSE frames, but need to communicate with a router • They remove the need for more complex port-based VLANs with respective IP interface/subnets and associated L3 routing...
... RADIUS; Datasheet | M4250 series AV Line Managed Switches With Successive Tiering, the Authentication Manager allows for authentication methods per IEEE 802.3 Annex 31B specifications with Symmetric flow control, Asymmetric flow control or No flow control • Asymmetric flow control allows the switch to respond to received PAUSE frames, but need to communicate with a router • They remove the need for more complex port-based VLANs with respective IP interface/subnets and associated L3 routing...
Product Datasheet
Page 42
... (hardware support) L3 Services - Multicast Filtering IGMPv2 Snooping Support IGMPv3 Snooping Support NETGEAR IGMP Plus™ Enhanced Implementation MLDv1 Snooping Support MLDv2 Snooping Support Expedited Leave function Static L2 Multicast Filtering Enable IGMP / MLD Snooping per VLAN IGMPv1/v2 Snooping Querier, compatible v3 queries MLDv1 Snooping Querier MGMD Snooping Control Packet Flooding Flooding to mRouter Ports Remove Flood-All-Unregistered Option Multicast VLAN registration (MVR) L3 Services - Multicast Routing IGMP Proxy MLD Proxy Any Source Multicast (ASM) Source Specific...
... (hardware support) L3 Services - Multicast Filtering IGMPv2 Snooping Support IGMPv3 Snooping Support NETGEAR IGMP Plus™ Enhanced Implementation MLDv1 Snooping Support MLDv2 Snooping Support Expedited Leave function Static L2 Multicast Filtering Enable IGMP / MLD Snooping per VLAN IGMPv1/v2 Snooping Querier, compatible v3 queries MLDv1 Snooping Querier MGMD Snooping Control Packet Flooding Flooding to mRouter Ports Remove Flood-All-Unregistered Option Multicast VLAN registration (MVR) L3 Services - Multicast Routing IGMP Proxy MLD Proxy Any Source Multicast (ASM) Source Specific...
Product Datasheet
Page 44
... Configuration files with digital signatures L2 / L3 / L4 MAC, IPv4, IPv6, TCP, UDP Yes Yes Yes Yes Yes Up to 48 clients (802.1x) per port are supported, including the authentication of Service (QoS) - Datasheet | M4250 series AV Line Managed Switches DoS Attacks Protection CPU Rate Limiting ICMP throttling Management Management ACL (MACAL) Max Rules Out of band Management Radius accounting TACACS+ Malicious Code Detection Network Traffic Access Control Lists (ACLs) Time-based ACLs Protocol-based ACLs ACL over VLANs...
... Configuration files with digital signatures L2 / L3 / L4 MAC, IPv4, IPv6, TCP, UDP Yes Yes Yes Yes Yes Up to 48 clients (802.1x) per port are supported, including the authentication of Service (QoS) - Datasheet | M4250 series AV Line Managed Switches DoS Attacks Protection CPU Rate Limiting ICMP throttling Management Management ACL (MACAL) Max Rules Out of band Management Radius accounting TACACS+ Malicious Code Detection Network Traffic Access Control Lists (ACLs) Time-based ACLs Protocol-based ACLs ACL over VLANs...
Product Datasheet
Page 48
... public key file format - Transport Mappings RFC 1212 - RFC 2818 - AES cipher suites for Transport layer security RFC 2271 - SSH connection protocol RFC 2579 - Telnet RFC 3414 - Remote variant selection; Datasheet | M4250 series AV Line Managed Switches TSN - IETF RFC Standards and IEEE Network Protocols Core Management RFC 854 - SSH transport layer protocol RFC 2576 - Coexistence between SNMP v1 and SNMP v2 SSL 3.0 and TLS 1.2 - View-based Access Control Model RFC 1155 - SSH...
... public key file format - Transport Mappings RFC 1212 - RFC 2818 - AES cipher suites for Transport layer security RFC 2271 - SSH connection protocol RFC 2579 - Telnet RFC 3414 - Remote variant selection; Datasheet | M4250 series AV Line Managed Switches TSN - IETF RFC Standards and IEEE Network Protocols Core Management RFC 854 - SSH transport layer protocol RFC 2576 - Coexistence between SNMP v1 and SNMP v2 SSL 3.0 and TLS 1.2 - View-based Access Control Model RFC 1155 - SSH...
Product Datasheet
Page 50
... DHCP Power Source Equipment (PSE) IEEE 802.af Powered Ethernet (DTE Power via the TCP MD5 Signature Option RFC 2453 - IPv6 flow label - Interface trust mode: 802.1p, IP Precedence, IP DSCP, or untrusted - Source MAC address - Assign matching traffic flow to a specific port - PIM-DM RFC 2236 - IGMP v2 RFC4601 - PIM-SM RFC 2710 - Using ARP to traffic class mapping - TCP/UDP source port - Class of Service (CoS) Direct user configuration...
... DHCP Power Source Equipment (PSE) IEEE 802.af Powered Ethernet (DTE Power via the TCP MD5 Signature Option RFC 2453 - IPv6 flow label - Interface trust mode: 802.1p, IP Precedence, IP DSCP, or untrusted - Source MAC address - Assign matching traffic flow to a specific port - PIM-DM RFC 2236 - IGMP v2 RFC4601 - PIM-SM RFC 2710 - Using ARP to traffic class mapping - TCP/UDP source port - Class of Service (CoS) Direct user configuration...
Product Datasheet
Page 54
....2 for HTTPS web-based access 2048-bit RSA key pairs SHA2-256 and SHA2-512 cryptographic hash functions File transfers (uploads, downloads) Secured protocols for file transfers HTTP Max Sessions SSL/HTTPS Max Sessions HTTP Download (firmware) Email Alerting Syslog (RFC 3164) (RFC 5424) Persistent log supported User Admin Management User ID configuration Max number of configured users Support multiple READWRITE Users Max number of IAS users (internal user database) Authentication login lists Authentication Enable lists Yes Provides...
....2 for HTTPS web-based access 2048-bit RSA key pairs SHA2-256 and SHA2-512 cryptographic hash functions File transfers (uploads, downloads) Secured protocols for file transfers HTTP Max Sessions SSL/HTTPS Max Sessions HTTP Download (firmware) Email Alerting Syslog (RFC 3164) (RFC 5424) Persistent log supported User Admin Management User ID configuration Max number of configured users Support multiple READWRITE Users Max number of IAS users (internal user database) Authentication login lists Authentication Enable lists Yes Provides...