All stock codes associated to this product
SMDES3G48P=, SM-D-ES3G-48-P=
Cisco SM-D-ES3G-48-P= Enhanced EtherSwitch Service
Modules for Cisco 2900 and 3900 Series Routers
Overview
CiscoEnhanced EtherSwitchService Modules can reduce your
company's total cost of ownership by integrating Gigabit Ethernet (GE) and Fast
Ethernet (FE) switch ports within Cisco 3900 and 2900 Series Integrated Services
Routers. This integration allows network administrators to manage a single
device using Cisco management tools orthe router command-line interface (CLI)
for LAN and WAN management needs. This approach reduces network complexity,
lowers maintenance contract costs, lessens staff training needs, simplifies
software qualification efforts, increases availability, and delivers a
consistent user experience at branch offices and headquarters.
The Cisco Enhanced EtherSwitch Service Modules greatly expands
the router's capabilities by integrating industry-leading Layer 2 and Layer 3
switching with feature sets identical to those found in the Cisco
Catalyst3560-E and Catalyst 2960 Series Switches. The new Cisco
Enhanced EtherSwitch Service Modules are the first modules to take advantage of
the increased capabilities on the Cisco 3900 and 2900 Series Integrated Services
Routers. Additionally, these service modules enable Cisco's industry-leading
power initiatives, Cisco EnergyWise, Cisco Enhanced Power over Ethernet
(ePoE), and per-port PoE power monitoring-all of which enhance the ability of
the branch office to scale to next-generation requirements and still meet
important initiatives for IT teams to operate a power efficient network.
Furthermore, the Cisco Enhanced EtherSwitch Service Modules not only perform
local line-rate switching and routing but also support direct service
module-to-service module communication through the Integrated Services Router
Generation 2 multigigabit fabric (MGF) which separates LAN traffic from WAN
resources.
Cisco Enhanced EtherSwitch Service
Modules
Entry-Level and Advanced Cisco Enhanced
EtherSwitch Service Modules
Cisco Enhanced
EtherSwitch Service Module |
Description |
Cisco ES3 Enhanced
EtherSwitch Service Module |
Best-of-class
Ethernet switching
High-density Gigabit
Ethernet support
Layer 2/3 switching
in hardware
Multicast
routing
IPv6 routing, and
access control list (ACL) in hardware
Full feature parity
with the Cisco Catalyst 3560-E IP Base and IP Services Universal
images
IP Base feature set,
which includes advanced quality of service (QoS), a suite of security
features, rate limiting, ACLs, basic static and Routing Information
Protocol (RIP) routing capability, and Hot Standby Router Protocol
(HSRP)
The IP Services
feature set provides a richer set of enterprise-class features, including
advanced hardware-based IP Unicast and IP Multicast routing; Enhanced
Interior Gateway Routing Protocol (EIGRP), Open Shortest Path First
(OSPF), Border Gateway Protocol (BGP), Protocol Independent Multicast
(PIM), and IPv6 routing; OSPFv3; EIGRPv6; IP Service-Level Agreement
(IPSLA) packet monitoring; Cisco Port Security; and Virtual Route
Forwarding Lite (VRF Lite)
Cisco EnergyWise
technology, an innovative architecture that promotes companywide
sustainability by reducing energy consumption across an entire corporate
infrastructure; Cisco EnergyWise technology can help your company measure
the power consumption of network infrastructure and network-attached
devices and manage power consumption with specific policies, reducing
power consumption to realize increased cost savings; potentially any
powered device is affected
Power over Ethernet;
up to 1014 watts per chassis on a Cisco 3900 Series
router
Cisco Enhanced PoE
(ePoE), up to 20 watts per port
IEEE 802.3af PoE
support, up to 15.4 watts per port
Cisco pre-standard
PoE |
Cisco ES2 Enhanced
EtherSwitch Service Module |
Entry-level,
lower-cost solution
Layer 2 switching in
hardware
Full feature parity
with the Cisco Catalyst 2960 LAN Base image
Cisco
EnergyWise
Power over Ethernet;
up to 1014 watts per chassis on Cisco 3900 Series
router
IEEE 802.3af PoE
support, up to 15.4 watts per port
Cisco pre-standard
PoE |
Secure Network Connectivity for Data, Voice, and Video
When inserted within a Cisco 2900 or 3900 Series Integrated Services Router,
such as the Cisco 3945 the Cisco Enhanced EtherSwitch Service Modules provide a
fully integrated, secure networking and converged IP communications solution.
From a single platform with an integrated switch, you can connect IP phones,
wireless access points, and IP-based video cameras to your network and power
them using the IEEE 802.3af, Cisco ePoE, or Cisco pre-standard PoE. With the
optional integration of Cisco Unified Communications Manager Express, the router
can also provide call-processing for the phones. As users attempt network access
through the Cisco Enhanced EtherSwitch Service Module, the module can use IEEE
802.1x and a large number of Cisco 802.1x extensions to validate the credentials
of the end device and place the user in the appropriate VLAN or Cisco TrustSec
group. As the end-user data leaves the LAN, the router can encrypt the traffic
and place it on a multitude of VPNs, securing communications between branch
offices and central sites.
This high degree of convergence simplifies the network architecture and
allows for cost-effective deployment of advanced services at the branch-office
level. Furthermore, because the Cisco Enhanced EtherSwitch Service Modules
support the same feature sets as the Cisco Catalyst 2960 and Catalyst 3560-E
Switches, you can provide a ubiquitous configuration at headquarters and at the
branch office to create a consistent experience throughout your network.
Cisco EtherSwitch Service Module with a Cisco 3945 Integrated
Services Router
Features and Benefits
Architecture Features and Benefits
The Cisco Enhanced EtherSwitch Service Module helps ensure maximum
availability, high performance, ease of upgrade, and expandability. The modules
have their own processors, switching engines, and flash memory that run
independently of host router resources, helping ensure maximum concurrent
switching and routing performance as well as providing integrated PoE, security,
and increased ease of management. Additionally, Cisco Enhanced EtherSwitch
Service Modules run their own Cisco IOSSoftware, independent of the
router Cisco IOS Software image, allowing for easy upgrades and ongoing software
and feature commonality with Cisco Catalyst 2960 and Catalyst 3560-E Series
Switches. Table 2 lists some of the features and benefits of this
architecture.
Cisco Enhanced EtherSwitch
Service Module Addresses Customer Needs
Customer Needs |
How Addressed by Cisco
Enhanced EtherSwitch Service Module |
Green IT |
Cisco EnergyWise
technology
Single power supply for Cisco
EtherSwitch device and router |
Cisco EnergyWise technology
helps enable Cisco EtherSwitch devices to automatically reduce off-peak
use of PoE.
The modules offer two to eight
times lower power consumption than standalone
switches.
Because no additional rack
space or power supply is needed, there is less to rack, stack, and
cool. |
Total Cost of Ownership
(TCO) |
Scaling network infrastructure
across multiple sites
Increasing costs of operating
multiple devices at the branch office
Maximizing IT
resources |
An integrated switch solution
lowers operations costs, simplifies troubleshooting, and enables
businesses to scale.
Cisco Catalyst 2960 and
Catalyst 3560-E software parity enables IT to certify and deploy the same
services at the main office and branch
office.
The modules offer lower mean
time to repair (MTTR). One vendor means one support center to decrease
troubleshooting time and eliminate finger pointing among
vendors.
Cisco
SMARTnetsupport covers both integrated services routers and
Cisco EtherSwitch devices. |
Investment
Protection |
Ensuring compatibility of your
network with future networks to deliver leading technology |
The Cisco Enhanced EtherSwitch
Service Module and Cisco Catalyst 2960 and Catalyst 3560-E features,
schedule, and roadmap are aligned to provide a consistent user experience
and to ensure no new hardware is required to support the latest
innovations. |
High
Availability |
Minimizing downtime that
affects business operations |
Cisco Enhanced EtherSwitch
Service Modules run their own Cisco IOS Software images and can be
upgraded independent of the host router
image.
A single-box solution
simplifies remote management and improves services interoperability to
help ensure the highest reliability for all
users.
End-to-end testing for
standards-based and innovative Cisco proprietary features provides
superior services interoperability and excellent
value.
The modules offer optional
redundant power supplies, including an integrated redundant power system
(RPS) on the Cisco 3900 Series and external RPS 2300 support on the Cisco
2911 through Cisco 2951 Integrated Services
Routers.
Fewer components (for example,
power supplies and fans) results in fewer failures and less
downtime.
Mean time between failure
(MTBF) is at least two times higher than that for a standalone
switch. |
Scalability with
High-Performance IP Routing for the LAN (ES3) |
Isolation of LAN traffic and
route between VLANs on the Cisco Enhanced EtherSwitch Service
Module |
Cisco Express Forwarding
hardware routing architecture delivers extremely high-performance IP
routing and promotes scalability.
The modules offer inter-VLAN
IP routing with full local Layer 3 switching between two or more
VLANs.
Traffic can be forwarded
between service modules over the MGF without affecting the router
CPU. |
Cisco EnergyWise Technology
Cisco EnergyWise technology is an innovative architecture added to a large
number of Cisco Catalyst switches, the Cisco 2900 and 3900 Series Integrated
Services Routers, and the Cisco ES2 and ES3 Enhanced EtherSwitch Service Modules
to promote companywide sustainability by reducing energy consumption across an
entire network infrastructure.
Cisco EnergyWise technology encompasses a highly intelligent network-based
approach to communicate messages that measure and control energy between network
devices and endpoints. The network discovers Cisco EnergyWise manageable
devices, monitors their power consumption, and takes action based on business
rules to reduce power consumption. The technology uses an innovative
domain-naming system to query and summarize information from large sets of
devices, making it simpler than traditional network management capabilities. The
management interfaces of this technology allow facilities and network management
applications to communicate with endpoints and each other using the network as a
unifying fabric. The management interface uses standard Simple Network
Management Protocol (SNMP) or Secure Sockets Layer (SSL) to integrate Cisco and
third-party management systems.
Cisco EnergyWise technology extends the network as a platform for the power
control plane for gathering, managing, and reducing power consumption of all
devices, resulting in companywide optimized power delivery and reduced energy
costs.
Advanced PoE Support
Although Power over Ethernet (PoE) has been employed for more than a decade,
it is still an evolving technology. New and innovative applications continue to
raise expectations for power requirements. The Cisco Enhanced EtherSwitch
Service Modules are the first EtherSwitch modules to take advantage of the
increased power capabilities of the Cisco 2900 and 3900 Series routers. Table 3
gives information about total PoE power output. Depending on the Cisco 2900 and
3900 Series router model, the available PoE power ranges from 200 to 1014 watts.
The Cisco Enhanced EtherSwitch Service Module supports not only IEEE 802.1af
(15.4 watts), but also Cisco ePoE (20 watts, ES3 only) as well as Cisco
pre-standard PoE. The support of both new and old power levels demonstrates
Cisco's commitment to protection of your initial investment while planning for
the future. Additional PoE features include:
- Per-port power consumption control allows you to specify a maximum
power setting on an individual port.
- Per-port PoE power sensing measures the actual power being
drawn, enabling more intelligent control of powered devices.
- The Cisco PoE MIBs provide proactive visibility into power
usage and allow you to set different power-level thresholds.
- Cisco Discovery Protocol Version 2 allows the Cisco
Enhanced EtherSwitch Service Modules to negotiate a more granular power
setting than IEEE classification provides when connecting to a Cisco powered
device such as IP phones or access points.
- The Link Layer Discovery Protocol Media Endpoint
Discovery (LLDP-MED) link layer discovery protocol and MIB enable
interoperability in multivendor networks. Switches exchange speed, duplex, and
power settings with end devices such as IP
phones.
Power over Ethernet requires the PoE versions of the router
power supplies. The Cisco 2900 and 3900 Series routers support multiple PoE
powering modes:
- Normal: One PoE power supply
- Redundant:Two PoE internal power supplies (Cisco
3925 and 3945) or one PoE power supply plus an external Cisco RPS 2300
Redundant Power Supply Unit (Cisco 2911, 2921, and 2951), where one is active
and one is standby
- Boost:Two PoE internal power supplies (Cisco
3925 and 3945) or one PoE power supply plus an external Cisco RPS2300 (Cisco
2900), where both are actively supplying PoE
power
Power
Output
Router |
Normal PoE with Single POE
Power Supply (Watts) |
Maximum Number of Ports
Running at 15.4W in Normal Mode |
Maximum Number of Ports
Running at 20W in Normal Mode |
Maximum Power with Dual POE
Supplies in Boost Mode (Watts) |
Maximum Number of Ports
Running at 15.4W in Boost Mode |
Maximum Number of Ports
Running at 20W in Boost Mode |
Cisco 3945 |
520 |
33 |
16 |
1040 |
65 |
50 |
Cisco 3925 |
520 |
33 |
16 |
1040 |
65 |
50 |
Cisco 2951 |
370 |
24 |
18 |
750 |
48 |
37 |
Cisco 2921 |
280 |
18 |
16 |
750 |
48 |
37 |
Cisco 2911 |
200 |
12 |
10 |
750 |
48 |
37 |
Secure Networking
Because security needs to be embedded throughout the network, routers and
Cisco EtherSwitch devices play a critical role in any network defense strategy.
Cisco Enhanced EtherSwitch Service Modules provide a rich set of security
features and can be a crucial component of your secure network strategy. The
modules support a comprehensive set of security features for connectivity and
access control, including ACLs, authentication, port-level security, and
identity-based network services with 802.1x and extensions. This set of
comprehensive features not only helps prevent external attacks, but defends the
network against "man-in-the-middle" attacks, a primary concern in today's
business environment. Table 4 highlights the benefits of the Enhanced
EtherSwitch Service Module LAN security features.
LAN Security Features
Feature |
Benefit |
Dynamic ARP Inspection
(DAI) |
DAI helps ensure user
integrity by preventing malicious users from exploiting the insecure
nature of the Address Resolution Protocol (ARP). |
DHCP Snooping |
This feature prevents
malicious users from spoofing a Dynamic Host Configuration Protocol (DHCP)
server and sending out bogus addresses. It is used by other primary
security features to prevent numerous other attacks such as ARP
poisoning. |
IP Source Guard |
IP Source Guard prevents a
malicious user from spoofing or taking over another user's IP address by
creating a binding table between the client's IP and MAC address, port,
and VLAN. |
Private VLANs |
Private VLANs restrict traffic
between hosts in a common segment by segregating traffic at Layer 2,
turning a broadcast segment into a nonbroadcast multiaccess-like segment;
this feature is available in the ES3 only.
Private VLAN Edge provides
security and isolation between switch ports, helping ensure that users
cannot snoop on other users' traffic; this feature is available in the ES3
only. |
Unicast Reverse Path
Forwarding (RPF) |
This feature helps mitigate
problems caused by the introduction of malformed or forged (spoofed) IP
source addresses into a network by discarding IP packets that lack a
verifiable IP source address; it is available in the ES3
only. |
IEEE 802.1x |
IEEE 802.1x allows dynamic,
port-based security, providing user
authentication.
IEEE 802.1x with VLAN
assignment allows a dynamic VLAN assignment for a specific user regardless
of where the user is connected.
IEEE 802.1x with voice VLAN
permits an IP phone to access the voice VLAN irrespective of the
authorized or unauthorized state of the
port.
IEEE 802.1x and port security
are provided to authenticate the port and manage network access for all
MAC addresses, including that of the client.
IEEE 802.1x with an ACL
assignment allows for specific identity-based security policies regardless
of where the user is connected.
IEEE 802.1x with guest VLAN
allows guests without 802.1x clients to have limited network access on the
guest VLAN.
Web authentication for
non-802.1x clients allows non-802.1x clients to use an SSL-based browser
for authentication. |
Multidomain
Authentication |
Multidomain authentication
allows an IP phone and a PC to authenticate on the same switch port while
placing them on the appropriate voice and data VLAN. |
MAC Authentication
Bypass |
MAC Auth Bypass (MAB) for
voice allows third-party IP phones without an 802.1x supplicant to get
authenticated using the MAC address; it is available in the ES3
only. |
Advanced ACLs |
Cisco security VLAN ACLs on
all VLANs prevent unauthorized data flows from being bridged within VLANs;
this feature is available in the ES3 only.
Cisco standard and extended IP
Security router ACLs define security policies on routed interfaces for
control- and data-plane traffic. IPv6 ACLs can be applied to filter IPv6
traffic; this feature is available in the ES3
only.
Port-based ACLs for Layer 2
interfaces allow security policies to be applied on individual switch
ports. |
Administrative Traffic
Protection |
Secure Shell (SSH) Protocol,
Kerberos (ES3 only), and SNMPv3 provide network security by encrypting
administrator traffic during Telnet and SNMP sessions. SSH, Kerberos (ES3
only), and the cryptographic version of SNMPv3 require a special
cryptographic software image because of U.S. export
restrictions. |
Switched Port Analyzer
(SPAN) |
Bidirectional data support on
the SPAN port allows the Cisco Intrusion Detection System (IDS) to take
action when an intruder is detected. |
Centralized
Authentication |
TACACS+ and RADIUS
authentication facilitates centralized control of the switch and restricts
unauthorized users from altering the configuration. |
MAC Address
Authentication |
MAC address notification
allows administrators to be notified of users added to or removed from the
network. |
Port Security |
Port security secures the
access to an access or trunk port based on MAC address. |
Console Security |
Multilevel security on console
access prevents unauthorized users from altering the switch
configuration. |
Bridge Protocol Data Unit
(BPDU) Guard |
BPDU guard shuts down Spanning
Tree PortFast-enabled interfaces when BPDUs are received to avoid
accidental topology loops. |
Spanning-Tree Root Guard
(STRG) |
STRG prevents edge devices not
in the network administrator's control from becoming Spanning Tree
Protocol root nodes. |
Internet Group Management
Protocol (IGMP) Filtering |
IGMP filtering provides
multicast authentication by filtering out nonsubscribers and limits the
number of concurrent multicast streams available per
port. |
Dynamic VLAN
Assignment |
Dynamic VLAN assignment is
supported through implementation of VLAN Membership Policy Server client
capability to provide flexibility in assigning ports to VLANs. Dynamic
VLAN facilitates the fast assignment of IP
addresses. |
Ease of Management and Troubleshooting
Cisco EtherSwitch Service Modules offer many ease-of-management advantages.
For instance, administrators can manage the service modules through the host
router CLI, providing one point of management for the LAN and WAN. Because the
Cisco Enhanced EtherSwitch Service Modules run the same software image as the
Cisco Catalyst 2960 and Catalyst 3560-E Series, the CLI commands are identical
to those used on these Cisco Catalyst switches. This setup greatly simplifies
management across the LAN and WAN, resulting in lower training costs, lower
software qualifications costs, and a reduction in the possibility of
configuration errors. Additionally, the Cisco Enhanced EtherSwitch Service
Modules can be managed using one of Cisco's advanced GUI management tools. This
provides an easy to use Web-based management interfaces can be accessed through
a standard Web browser. Table 5 lists other management and troubleshooting
features.
Management and Troubleshooting
Features
Feature |
Description |
CLI |
The modules have a single CLI
for configuring branch-office and headquarters switches-reducing
management challenges and easing troubleshooting if network downtime
occurs, significantly reducing operating expenses (OpEx), and increasing
network uptime. You can access the CLI through the router CLI without
additional Telnet sessions or an extra console cable. |
Cisco Configuration
Professional |
This application is a GUI
device-management tool for Cisco IOS Software-based access routers,
including the Cisco 2900 and 3900 Series. In the case of the Cisco
Enhanced EtherSwitch Service Module, Cisco Configuration Professional can
be configured to spawn the Enhance EtherSwitch Service Module's embedded
device manager GUI. |
Cisco Network
Assistant |
This easy-to-use, GUI-based
management interface provides management specifically for the Cisco
Enhanced EtherSwitch Service Modules and Cisco Catalyst 2960, Catalyst
3560, and Catalyst 3560 Switches. Cisco Unified Communications wizards
need just a few user inputs to automatically configure the service module
to optimally manage different types of traffic, including voice, video,
multicast, and high-priority data. A security wizard is provided to
restrict unauthorized access to applications, servers, and networks. You
can also use Cisco Network Assistant to manage Cisco Catalyst switches
connected to the Cisco Enhanced EtherSwitch Service
Module. |
CiscoWorks LAN Management
System (LMS) |
CiscoWorks LMS provides a
robust set of applications for maintaining, monitoring, and
troubleshooting a broad range of devices in an end-to-end Cisco network.
Built upon popular Internet-based standards, CiscoWorks LMS applications
enable network operators to manage the network through a simplified
browser-based interface that can be accessed anytime from anywhere within
the network. |
CiscoView |
CiscoView, available from
CiscoWorks LMS, provides a graphical "front-panel" interface for managing
Cisco devices. It allows you to easily interact with device components for
at-a-glance port status and easy device configuration and
monitoring. |
Auto Spartports |
Cisco Auto Smartports can
simplify the configuration of advanced capabilities, encapsulating years
of Cisco networking expertise. As devices connect to the switch, automatic
port configurations are enabled, rendering devices operational as soon as
they are connected to the network. |
Cisco CNS Configuration
Engine |
The Cisco CNS Configuration
Engine supports the activation of CPE-based network services through
centralized template-based configuration management for zero-touch
deployment, inventory, configuration, and image
management. |
Additional Troubleshooting
Features |
Cisco Express setup simplifies
initial configuration with a web browser, eliminating the need for more
complex terminal emulation programs and CLI
knowledge.
AutoInstall uses DHCP-based
autoconfiguration and image upgrade. This feature automatically downloads
the configuration file and Cisco IOS Software image, and allocates an IP
address and hostname for the switch. You can use AutoInstall to implement
a zero-touch deployment.
Time Domain Reflectometry
(TDR) is used to diagnose and resolve cabling problems on copper Ethernet
ports.
Automatic medium-dependent
interface crossover (Auto-MDIX) automatically adjusts transmit and receive
pairs if an incorrect cable type (crossover or straight-through) is
installed on a copper port.
Unidirectional Link Detection
(UDLD) is a Layer 2 protocol that enables devices connected through
fiber-optic or twisted-pair Ethernet cables to monitor the physical
configuration of the cables and detect when a unidirectional link
occurs.
IPSLA is used to send IP or
Ethernet-based probes to monitor and validate traffic flow levels; it is
available in the ES3 only. |
Summary
As companies strive to lower the costs of running their networks and to
increase the productivity of their end users with network applications, more
intelligent branch-office solutions are required. Cisco Enhanced EtherSwitch
Service Modules enable a higher level of security and offer enhanced PoE power
levels, advanced features for IP communications, easy expandability, and
simplified management at the branch-office level. By minimizing OpEx without
sacrificing any advanced switching features, Cisco Enhanced EtherSwitch Service
Modules can help you maximize your return on investment for the network
infrastructure and accelerate the deployment of productivity-enhancing services
to your enterprise branch offices or small to midsize business offices.
Specifications
Model |
SM-D-ES3G-48-P |
Fast
Ethernet Ports |
|
Gigabit
Ethernet Ports |
48 |
Small
Form-Factor Pluggable (SFP) Uplinks |
2 |
Layer 2
Switching |
|
Layer 2/3
Switching |
X |
PoE |
X |
Service
Module Width |
Double |
Module Support
Model |
Maximum ES2 and ES3 Ports
Using Service Modules |
One Single |
One Double |
Two Single |
One Single + One
Double |
Two Single + One
Double |
Three Single |
Four Single |
Cisco 3945 |
98 |
X |
X |
X |
X |
X |
X |
X |
Cisco 3925 |
74 |
X |
X |
X |
X |
|
|
|
Cisco 2951 |
50 |
X |
X |
X |
|
|
|
|
Cisco 2921 |
50 |
X |
X |
|
|
|
|
|
Cisco 2911 |
24 |
X |
|
|
|
|
|
|
Cisco IOS Software Release Module Support
Model |
SM-D-ES3G-48-P |
Default
Software |
Universal Image: IP
Base |
Minimum
Cisco EtherSwitch and Cisco IOS Software
Release |
12.2(52)EX |
Minimum
Router Cisco IOS Software Release |
15(0).1M |
Module Specifications
Model |
SM-D-ES3G-48-P |
Dimensions:
Wide x Deep x High (cm.) |
41.2 x 20.7 x 4.0 |
Weight
(kg.) |
5 |
Operational
Temperature |
0 to 40 °C |
Nonoperational
Temperature |
-40 to 70 °C |
Operational
Humidity |
5 to
90% |
Nonoperational
Humidity |
5 to
95% |
Ordering Information
Part
Number |
Description |
|
ES3
Modules |
SM-D-ES3G-48-P |
Enhanced EtherSwitch
SM, Layer 2/3 switching, 48 ports GE, 2 ports Small Form factor Pluggable
(SFP), POE capable |