1 or 1.5 RU 48 port access switch with 4 gig-E SFP uplink ports

For Residential switches

     Power over Ethernet is not required
     10/100 Mb/s auto speed auto duplex access ports (Gig-E not required)
     jumbo frame support not required

Switch Layer 2 protection features:

1.  DHCP Snooping 

     Ports designated as "untrusted" are not permitted to send DHCP
     server messages.  Alternately, unauthorized DHCP servers on
     "untrusted" ports cannot see client DHCP solicitations coming
     from other untrusted ports.

2.  Dynamic ARP inspection

     The switch builds a list of MAC addresses on each port by inspecting
     DHCP offers passing to the ports.  Any ARP replies not matching
     a MAC address in the switch's lease table are dropped and not
     forwarded to the network.

     Note: Building a per port address list MAY require a mechanism like
     DHCP Option-82 if the list is to be built dynamicly.

3.  IP Source guard

     The switch builds a list of IP addresses on each port by inspecting
     DHCP offers passing to the ports.  Any packets not matching the
     IP address in the switch's lease table are dropped and not forwarded
     to the network.  See RFC4388 and RFC6148 for a description of this
     functionality.  Mechanisms to refresh gleaned information by
     query are not a switch requirement.

4.  RA-guard (RFC 6105)

     Static or dynamic restrictions on which switch ports are permitted
     to send RAs.  ACLs would be acceptable.

5.  ND inspection

     IPv6 equivalent of Dynamic ARP Inspection

6.  DHCPv6 snooping

     IPv6 equivalent of DHCP Snooping.

7.  MLD snooping (RFC 4541)

     IPv6 equivalent of IGMPv2 snooping.


--------

required features:

   LLDP (802.1ap), including SNMP MIB for discovered topology information.
   SNMP v2 and v3
   RADIUS, TACACS+, ssh
   IGMP v2 snooping/pruning
   spanning tree
   root guard
   bpdu guard
   802.1x
   802.1x bypass