Manualshelf

Technical data

ManualsBrandsCisco ManualsComputer equipment4451-X
12345678910
Cisco SM-X Layer 2/3 EtherSwitch Service Module Configuration Guide for Cisco 4451-X ISR
Software Features
3
Cisco SM-X Layer 2/3 EtherSwitch Service Module Configuration Guide for Cisco 4451-X ISR
Hardware Overview
Cisco SM-X Layer 2/3 ESM are modules to which you can connect devices such as Cisco IP phones,
Cisco wireless access points, workstations, and other network devices such as servers, routers, and
switches.
The Cisco SM-X Layer 2/3 EtherSwitch Service Module can be deployed as backbone switches,
aggregating 10BASE-T, 100BASE-TX, and 1000BASE-T Ethernet traffic from other network devices.
The following Cisco enhanced EtherSwitch service modules are available:
SM-X-ES3-16-P—16-port 10/100/1000 Gigabit Ethernet, PoE+, MAC-Sec enabled Service Module
single-wide form factor
SM-X-ES3-24-P—24-port 10/100/1000 Gigabit Ethernet, PoE+, MAC-Sec enabled Service
Module, single-wide form factor
SM-X-ES3D-48-P—48-port, 10/100/1000 Gigabit Ethernet, 2 SFP Ports, PoE+, MACSec enabled
Service Module, double-wide form factor
For complete information about the Cisco SM-X Layer 2/3 ESMs hardware,
see the Connecting Cisco SM-X Layer 2/3 ESMs to the Network guide.
Software Features
The following are the switching software features supported on the Cisco SM-X Layer 2/3 ESM:
Cisco TrustSec Encryption, page 3
IEEE 802.1x Protocol, page 4
Licensing and Software Activation, page 4
MACsec Encryption, page 4
Power over Ethernet (Plus) Features, page 5
Cisco TrustSec Encryption
The Cisco TrustSec security architecture builds secure networks by establishing clouds of trusted
network devices. Each device in the cloud is authenticated by its neighbors. Communication on the links
between devices in the cloud is secured with a combination of encryption, message integrity checks, and
data-path replay protection mechanisms. Cisco TrustSec also uses the device and user identification
information acquired during authentication for classifying, or coloring, the packets as they enter the
network. This packet classification is maintained by tagging packets on ingress to the Cisco TrustSec
network so that they can be properly identified for the purpose of applying security and other policy
criteria along the data path. The tag, also called the security group tag (SGT), allows the network to
enforce the access control policy by enabling the endpoint device to act upon the SGT to filter traffic.
See Configuring Cisco TrustSec chapter in the Catalyst 3560 Switch Software Configuration Guide, Cisco
IOS Release 15.0(2)SE and Later.