Switch 24-Port 10/100/1000T with 4-Port Gigabit Combo.
Support Jumbo Frame size up to 9KB
IEEE 802.1x Access Control improves network security
Port Mirroring helps supervisor monitoring network
Support Q-in-Q (Double-tag)
IEEE802.1q tag-base VLAN‚ 4094 entries and port-base VLAN
IEEE 802.1d Compatible‚ 802.1w Rapid Spanning Tree and 802.1s Multiple Spanning Tree
Unknown Unicast/Broadcast/Multicast storm control
Multicast VLAN management for IPTV
IP-MAC-Port binding for LAN security
Support QoS (QCL/QCE) for traffic control
ACL based on Ethernet Type/ARP/IPv4 for packets permit or deny‚ rate limitation and port copy
DHCP Snooping (Including DHCP Option 82)
Support IGMPv3 snooping and IGMP proxy
Support ACLs (Access Control List) for performance & security
SSH/SSL/TACACS+/RADIUS (Optional for project requirement) for security network management
Support Power saving for Green Ethernet requirement
Support LLDP (Link Layer Discovery Protocol) provides a standards-based method for enabling switches to advertise themselves
QoS with four priority queues
The QoS (Quality Of Service) feature provides four internal queues to support four different classifications of traffic. High priority packet streams experience less delay inside the switch‚ which supports lower latency for certain delay-sensitive traffic. The INEO-GM2404G can classify the packet as one of the four priorities according to VIP port‚ 802.1p priority tag‚ DiffServ the QoS operates at full wire speed. The actual scheduling at each egress port can be based upon a strict priority‚ weighted round robin or a mix of both.
This mechanism helps track network errors or abnormal packet transmission without interrupting the flow of data‚ allowing ingress traffic to be monitored by a single port that is defined as mirror capture port. The mirror capture port can be any 10/100/1000 port. Mirroring multiple ports is possible but can create congestion at the mirror capture port.
Q-in-Q VLAN for performance & security
The Q-in-Q (Double-Tag) VLAN feature in the switch offers the benefits of both security and performance. VLAN is used to isolate traffic between different users and thus provides better security. Limiting the broadcast traffic to within the same VLAN broadcast domain also enhances performance and use of double VLAN tags.
Isolated Group‚ provides protection for certain ports
The isolated group feature allows certain ports to be designated as protected. All other ports are non-isolated. Traffic between isolated group members is blocked. Traffic can only be sent from isolated group to non-isolated group.
Mac-based 802.3ad LACP with automatic link fail-over
Dynamic fail-over means packets will not get assigned to any trunk member port that has failed. If one of the ports were to fail‚ traffic will automatically get distributed to the remaining active ports.
802.1x Access Control improves network security
802.1x features enable user authentication for each network access attempt. Port security features allow you to limit the number of MAC addresses per port in order to control the number of stations for each port. Static MAC addresses can be defined for each port to ensure only registered machines are allowed to access. By enabling both of these features‚ you can establish an access mechanism based on user and machine identities‚ as well as control the number of access stations.
802.1d Compatible & 802.1w Rapid Spanning Tree & 802.1s Multiple Spanning Tree
For mission critical environments with multiple switches supporting STP‚ you can configure the switches with a redundant backup bridge path‚ so transmission and reception of packets can be guaranteed in event of any fail-over switch on the network. MSTP is according to IEEE 802.1Q 2005 Clause 13 Multiple Spanning Tree Protocol. MSTP allows frames assigned to different VLANs to follow separate paths‚ each based on an independent Multiple Spanning Tree Instance (MSTI)‚ within Multiple Spanning Tree (MST) Regions composed of LANs and or MST Bridges.
DHCP Snooping (Including DHCP Option 82)
This DHCP Snooping enables the Dynamic Host Configuration Protocol (DHCP) relay agent information (option 82) was included in the feature. To include information about itself and the attached client when forwarding DHCP requests from a DHCP client to a DHCP server via Trust Port. The DHCP server can use this information to assign IP addresses‚ gateway‚ subnet mask‚ DNS for each subscriber of a service-provider network. The DHCP Snooping is using Trust Port and Trust DHCP Server IP Address to filter the illegal DHCP server traffic.
By default‚ layer 2 Ethernet switches treat IP multicast traffic in the same manner as broadcast traffic namely‚ by forwarding frames received on one interface to all other interfaces. This may create excessive traffic on the network and degrade the performance of hosts attached to the switches. The IGMPv3 snooping can significantly reduce traffic from streaming media and other bandwidth-intensive IP multicast applications.
The IGMP proxy and IGMPv3 Snooping is the same functional target‚ but mechanism has something different as below:
1. IGMP Proxy can send v1/v2 IGMP query together.
2. IGMP Proxy supports General Query Mac Response Timeout for checking the "client alive status" and speed up the convergence of multicast group member.
3. IGMP Proxy provides Specific (Last member) Query to check (can be multiple times) whether other members interest in the same multicast group exist when the port receives IGMP leave.
4. IGMP Proxy checks (can be multiple times) the latest status of the group member by scheduled polling from General/Specific Query. It avoids instant port link-down that makes the members to be removed from multicast group.
The IGMP Proxy is providing better performance than IGMPv3 Snooping for IGMP join and leave message exchange in the switch.
4 dual media ports for flexible fiber connection
4-Port 21‚22‚23‚24 dual media ports are provided for flexible fiber connection. You can select to install optional transceiver modules in these slots for short‚ medium or long distance fiber backbone attachment. Use of the SFP will disable their corresponding built-in 10/100/1000Base-T connections.
Multicast VLAN Registration (MVR) can support carrier to serve content provider using multicast for Video streaming application in the network. Each content provider Video streaming has a dedicated multicast VLAN. The MVR routes packets received in a multicast source VLAN to one or more receive VLANs. Clients are in the receive VLANs and the multicast server is in the source VLAN.
Broadcast/Multicast/Unknown-Unicast Storm Control
To limit too many broadcast/multicast/unknown-unicast flooding in the network‚ broadcast/multicast storm control is used to restrict excess traffic. Threshold values are available to control the rate limit for each port. Packets are discarded if the count exceeds the configured upper threshold.
The IP network layer uses a four-byte address. The Ethernet link layer uses a six-byte MAC address. Binding these two address types together allows the transmission of data between the layers. The primary purpose of IP-MAC binding is to restrict the access to a switch to a number of authorized users. Only the authorized client can access the Switchs port by checking the pair of IP-MAC Addresses and port number with the pre-configured database. If an unauthorized user tries to access an IP-MAC binding enabled port‚ the system will block the access by dropping its packet.
Access Control List (ACL)
The ACLs are divided into Ether Types. IPv4‚ ARP protocol‚ MAC and VLAN parameters etc. Here we will just go over the standard and extended access lists for TCP/IP. As you create ACEs for ingress classification‚ you can assign a policy for each port‚ the policy number is 1-8‚ and however‚ each policy can be applied to any port. This makes it very easy to determine what type of ACL policy you will be working with.
SSL and SSH for secure Management (Optional by Project requirement)
Secure Sockets Layer (SSL) supports the encryption for all HTTP traffic‚ allowing secure access to the browser-based management GUI in the switch. And Secure Shell (SSH) which supports the encryption for all transmitted data for secure‚ remote command-line interface (CLI) access over IP networks
TACACS+ for Management Authentication (Optional by Project requirement)
The switch supports the TACACS+ authentication for secure switch CLI Logon. It provides more secure authentication for management.
LLDP (IEEE 802.1AB Link Layer Discovery Protocol)
The switch supports the LLDP that automated device discovery protocol for easy mapping by network management applications.
The power saving provide detection the client idle and cable length to provides the different power. It could efficient to save the switch power and reduce the power consumption.