Table of Contents
Advertisement
Additional PoE features include the following:
Per-port power consumption control allows you to specify a maximum power setting on an individual
●
port.
The Cisco PoE MIBs provide proactive visibility into power usage and allow you to set different power -
●
level thresholds.
Cisco Discovery Protocol Version 2 allows the Cisco SM-X EtherSwitch Service Modules to negotiate a
●
more granular power setting than IEEE classification provides when connecting to a Cisco powered
device such as IP phones or access points.
The Link Layer Discovery Protocol Media Endpoint Discovery (LLDP-MED) link layer discovery protocol
●
and MIB enable interoperability in multivendor networks. Switches exchange speed, duplex, and power
settings with end devices such as IP phones.
Security feature support on SM-X EtherSwitch module
The Cisco SM-X EtherSwitch module supports a variety of security features. The following features are
supported by the product at launch.
Support for 802.1X:
IEEE 802.1X port-based authentication is configured on a device to prevent unauthorized devices (supplicants)
from gaining access to the network. By installing the switch module on the router, the unit can combine the
function of a router and switch, depending on the configuration and chosen options. The Cisco SM -X
EtherSwitch module supports 802.1X configuration on all copper ports. The same ports support Multi -Domain
Authentication (MDA) Guest VLAN and MAC Authentication Bypass (MAB).
Support for MACSec:
MACsec is the IEEE 802.1AE standard for authenticating and encrypting packets between two MACsec-capable
devices. The SM-X EtherSwitch module supports 128-bit (gcm-aes-128) LAN MACSec on the copper ports
In addition to MACSec, the ports support 802.1AE encryption MACSec Key Agreement (MKA) on downlink
ports for encryption between the switch and host device. The MKA Protocol provides the required session keys
and manages the required encryption keys.
Port Security:
Port security is used to restrict input to an interface by limiting and identifying mac addresses of the stations
allowed to access the port. When specific MAC addresses are assigned to a secure port, the port does not
forward packets with source addresses outside the group of defined addresses. If the number of secure MAC
addresses is limited to a single secure MAC address, the workstation attached to that port is assured the full
bandwidth of the port.
3
Supported from IOS-XE 17.3.1
© 2024 Cisco and/or its affiliates. All rights reserved.
-
.
3
Page 6 of 12
Advertisement
Table of Contents
