Cisco SM-X Layer2 EtherSwitch 服务模块通过在 Cisco ISR4000 系列路由器中集成千兆以太网 (GE) 端口来降低您公司的总拥有成本 (TCO)。这种集成扩展了基于意图的网络的功能,允许网络管理员为所有 LAN 和 WAN 需求配置一个盒子,从而降低网络复杂性和维护。
Cisco SM-X EtherSwitch 模块在 Cisco ISR 4000 系列路由器上提供企业级功能线,通过将行业领先的第 2 层交换与基于现有产品线构建的功能集集成,极大地扩展了路由器的功能在 Cisco Catalyst 9200 系列交换机中。
●多达 48 个端口,结合以太网供电 (PoE+) 和通用以太网供电 (UPOE) 功能
●支持数据、PoE+ UPOE 或 2.5G mGig 的单个模块上的多种下行链路能力
●多达 2 个 10G 的 SFP+ 光纤上行链路,与 MGF 交换结构的连接高达 10G[1]
●符合UADP 2.0 Mini 的ASIC 为客户提供优化的规模和更好的成本结构
●通过 AES-128 MACsec 加密[2]和值得信赖的系统增强安全性
●通过 Cisco vManage 支持 SDWAN 配置和设置
●通过支持 802.1x 功能进行设备身份验证
●支持本地线速本地线速交换,还支持通过ISR 4K Multigigabit Fabric (MGF) 实现服务模块到服务模块的直接通信,将LAN 流量与WAN 资源分离。
●思科 IOS XE:
◦支持 IP Base 的服务模块,无需额外的基于模块的许可证
◦通过 Netconf 和 YANG 建模简化编程
●具有可编程管道和微引擎能力的ASIC,支持第2层和第3层转发(与路由器一起)和服务质量(QoS)
Cisco SM-X Layer2 EtherSwitch 服务模块利用 Cisco UADP 模块上增加的功能来提供扩展性、安全性和易于操作性。由于 Cisco SM-X Layer2 EtherSwitch 服务模块支持与 Catalyst 9200 相同的 UADP 1.0 ASIC,它允许该模块在总部和分支机构提供无处不在的配置,从而在整个网络中创建一致的体验。
Cisco SM-X Etherswitch module configuration
|
Modules |
Slot Form Factor |
1G Ports (RJ45) |
2.5G (mGig) Ports (RJ45) |
10G Ports (SFP+) |
|
SM-X-16G4M2X |
Single Wide |
16 |
4 |
2 |
|
SM-X-40G8M2X |
Double Wide |
40 |
8 |
2 |
Figure 1.
Cisco SM-X EtherSwitch Module (48-port (left) and 22-port (right))
Table 2 defines the SFP modules supported on the 1G/ 10G fiber ports. The ports support both single and multi-mode fiber. Each SFP+ port maybe independently configured with a 1G SFP or a 10G SFP+ interface. The two fiber ports maybe aggregated to provide a fault-tolerant Layer 2 port channel.
Ports with similar speed support aggregation leading to port channel. Both PAgP and LACP configuration is supported on the module in addition to automatic port channel support. Up to 4-ports of 1G or 2.5G maybe aggregated to form a single Etherchannel. Ports with unlike speeds may not be aggregated to form port channel.
Security features supported on SM-X EtherSwitch Module
|
Feature |
Benefit |
|
IEEE 802.1x |
● IEEE 802.1x allows dynamic, port-based security, providing user authentication. ● IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of the authorized or unauthorized state of the port. ● IEEE 802.1x and port security are provided to authenticate the port and manage network access for all MAC addresses, including that of the client. ● IEEE 802.1x with an ACL assignment allows for specific identity-based security policies regardless of where the user is connected. ● IEEE 802.1x with guest VLAN allows guests without 802.1x clients to have limited network access on the guest VLAN. |
|
MACsec |
● Exceptional security with integrated hardware support for MACsec is defined in IEEE 802.1AE. MACsec provides MAC layer encryption over wired networks using out-of-band methods for encryption keying. ● The MACsec Key Agreement (MKA) Protocol provides the required session keys and manages the keys required for encryption when configured. MKA and MACsec are implemented following successful authentication using the 802.1x Extensible Authentication Protocol (EAP) framework. ● In Cisco Enhanced EtherSwitch Service Modules, both the user and down-link ports (links between the switch and endpoint devices such as a PC or IP phone) as well as the network and up-link ports can be secured using MACsec. ● With MACsec you can encrypt switch-to-switch links such as access to distribution, or encrypt dark fiber links within a building or between buildings. |
|
Multidomain authentication |
● Multidomain authentication allows an IP phone and a PC to authenticate on the same switch port while placing them on the appropriate voice and data VLAN. |
|
MAC Authentication Bypass (MAB) |
● MAB for voice allows third-party IP phones without an 802.1x supplicant to get authenticated using the MAC address. |
|
Switched Port Analyzer (SPAN and RSPAN) |
● Bidirectional data support on the SPAN port allows the any Intrusion Detection System (IDS) to take action when an intruder is detected. |
|
Centralized authentication |
● TACACS+ and RADIUS authentication facilitates centralized control of the switch and restricts unauthorized users from altering the configuration. |
|
MAC address authentication |
● MAC address notification allows administrators to be notified of users added to or removed from the network. |
|
Port security |
● Port security secures the access to an access or trunk port based on MAC address. |
How Cisco SM-X EtherSwitch Service Module addresses customer needs
|
Customer Needs |
How Addressed by Cisco SM-X EtherSwitch Service Module |
|
Scalability with High-Performance LAN Traffic ● Isolation of LAN traffic and route between ports on the Cisco SM-X EtherSwitch Service Module ● High Speed LAN connections |
● Layer 2 traffic is switched on-board the module ● Traffic can be forwarded between service modules over the MGF without affecting the router CPU ● Maintain Switch to AP Reach at mGig (2.5G) speeds: Support for Access Extensions and Uplinks ● 10G Fiber connections to provide for High Speed Server or LAN backbone connections |
|
Layer 2 Security ● Protecting the Integrity and Confidentiality of all traffic on the Local Area Network |
● 1G Ethernet copper ports support MACSec to LAN end points ● 2.5G (mGig) LAN MACSec to protect traffic to Access Points or High-Speed servers |
|
Total TCO ● Scaling network infrastructure across multiple sites ● Increasing costs of operating multiple devices at the branch office ● Maximizing IT resources |
● An integrated switch solution lowers operating costs, simplifies troubleshooting, and enables businesses to scale. ● Single Unified IOS software ensures the IT team only has to install and certify one software vs two independent software as in the previous generation ● The modules offer lower Mean Time To Repair (MTTR). One vendor means one support center to decrease troubleshooting time and eliminate finger pointing among vendors. ● Cisco SMARTnet ® support covers both integrated services routers and Cisco EtherSwitch devices. |
|
Investment Protection ● Ensuring compatibility of your network with future networks to deliver leading technology |
● Cisco SM-X EtherSwitch Service Module and Cisco Catalyst switches both run the same IOS-XE software ensuring that switches are aligned to provide a consistent user experience. ● Cisco Catalyst and SM-X Etherswitch module both support the latest UADP 2.0 ASIC ensuring cross platform support for latest innovations |
|
High Availability ● Minimizing downtime that affects business operations |
● A single-box and single IOS solution simplifies remote management and improves services interoperability to help ensure the highest reliability ● End-to-end testing for standards-based and innovative Cisco proprietary features provides superior services interoperability and excellent value. ● The modules use optional redundant power supplies in Cisco ISR4000 series routers ● Fewer components (for example, power supplies and fans) results in fewer failures and less downtime |
|
Green IT ● Single power supply for Cisco EtherSwitch device and router |
● The modules offer up to two times lower power consumption than previous generation of switch modules ● Because no additional rack space or power supply is needed, there is less to rack, stack, and cool. |
Physical and environmental specifications
Table 6. Physical and environmental specifications
|
Model |
Dimensions: Wide x Deep x High |
Weight (lb) |
Operational Temperature |
Nonoperational Temperature |
Operational Humidity |
Nonoperational Humidity |
|
SM-X-16G4M2X |
17.25” x 18.5” x 3.5” (43.82 x 46.99 x 8.9 mm) |
19.4 lb |
0 to 40°C |
-20 to 65°C |
5 to 85% |
5 to 95% |
|
SM-X-40G8M2X |
41.2 x 20.7 x 4.0 (104.64 x 52.57 x 42.54 mm) |
40lb |
0 to 40°C |
-20 to 65°C |
5 to 85% |
5 to 95% |
长按屏幕识别二维码
打开手机扫描二维码
