All stock codes associated to this product
SMES3G24P, SM-ES3G-24-P
Cisco SM-ES3G-24-P Enhanced EtherSwitch Service Modules
for Cisco 2900 and 3900 Series Routers
Overview
CiscoEnhanced EtherSwitchService Modules can reduce your
company's total cost of ownership by integrating Gigabit Ethernet (GE) and Fast
Ethernet (FE) switch ports within Cisco 3900 and 2900 Series Integrated Services
Routers. This integration allows network administrators to manage a single
device using Cisco management tools orthe router command-line interface (CLI)
for LAN and WAN management needs. This approach reduces network complexity,
lowers maintenance contract costs, lessens staff training needs, simplifies
software qualification efforts, increases availability, and delivers a
consistent user experience at branch offices and headquarters.
The Cisco Enhanced EtherSwitch Service Modules greatly expands
the router's capabilities by integrating industry-leading Layer 2 and Layer 3
switching with feature sets identical to those found in the Cisco
Catalyst3560-E and Catalyst 2960 Series Switches. The new Cisco
Enhanced EtherSwitch Service Modules are the first modules to take advantage of
the increased capabilities on the Cisco 3900 and 2900 Series Integrated Services
Routers. Additionally, these service modules enable Cisco's industry-leading
power initiatives, Cisco EnergyWise, Cisco Enhanced Power over Ethernet
(ePoE), and per-port PoE power monitoring-all of which enhance the ability of
the branch office to scale to next-generation requirements and still meet
important initiatives for IT teams to operate a power efficient network.
Furthermore, the Cisco Enhanced EtherSwitch Service Modules not only perform
local line-rate switching and routing but also support direct service
module-to-service module communication through the Integrated Services Router
Generation 2 multigigabit fabric (MGF) which separates LAN traffic from WAN
resources.
Cisco Enhanced EtherSwitch Service
Modules
Entry-Level and Advanced Cisco Enhanced
EtherSwitch Service Modules
Cisco Enhanced EtherSwitch
Service Module |
Description |
Cisco ES3 Enhanced EtherSwitch
Service Module |
Best-of-class Ethernet
switching
High-density Gigabit Ethernet
support
Layer 2/3 switching in
hardware
Multicast
routing
IPv6 routing, and access
control list (ACL) in hardware
Full feature parity with the
Cisco Catalyst 3560-E IP Base and IP Services Universal
images
IP Base feature set, which
includes advanced quality of service (QoS), a suite of security features,
rate limiting, ACLs, basic static and Routing Information Protocol (RIP)
routing capability, and Hot Standby Router Protocol
(HSRP)
The IP Services feature set
provides a richer set of enterprise-class features, including advanced
hardware-based IP Unicast and IP Multicast routing; Enhanced Interior
Gateway Routing Protocol (EIGRP), Open Shortest Path First (OSPF), Border
Gateway Protocol (BGP), Protocol Independent Multicast (PIM), and IPv6
routing; OSPFv3; EIGRPv6; IP Service-Level Agreement (IPSLA) packet
monitoring; Cisco Port Security; and Virtual Route Forwarding Lite (VRF
Lite)
Cisco EnergyWise technology,
an innovative architecture that promotes companywide sustainability by
reducing energy consumption across an entire corporate infrastructure;
Cisco EnergyWise technology can help your company measure the power
consumption of network infrastructure and network-attached devices and
manage power consumption with specific policies, reducing power
consumption to realize increased cost savings; potentially any powered
device is affected
Power over Ethernet; up to
1014 watts per chassis on a Cisco 3900 Series
router
Cisco Enhanced PoE (ePoE), up
to 20 watts per port
IEEE 802.3af PoE support, up
to 15.4 watts per port
Cisco pre-standard
PoE |
Cisco ES2 Enhanced EtherSwitch
Service Module |
Entry-level, lower-cost
solution
Layer 2 switching in
hardware
Full feature parity with the
Cisco Catalyst 2960 LAN Base image
Cisco
EnergyWise
Power over Ethernet; up to
1014 watts per chassis on Cisco 3900 Series
router
IEEE 802.3af PoE support, up
to 15.4 watts per port
Cisco pre-standard
PoE |
Secure Network Connectivity for Data, Voice, and
Video
When inserted within a Cisco 2900 or 3900 Series
Integrated Services Router, such as the Cisco 3945 the Cisco Enhanced
EtherSwitch Service Modules provide a fully integrated, secure networking and
converged IP communications solution. From a single platform with an integrated
switch, you can connect IP phones, wireless access points, and IP-based video
cameras to your network and power them using the IEEE 802.3af, Cisco ePoE, or
Cisco pre-standard PoE. With the optional integration of Cisco Unified
Communications Manager Express, the router can also provide call-processing for
the phones. As users attempt network access through the Cisco Enhanced
EtherSwitch Service Module, the module can use IEEE 802.1x and a large number of
Cisco 802.1x extensions to validate the credentials of the end device and place
the user in the appropriate VLAN or Cisco TrustSec group. As the end-user data
leaves the LAN, the router can encrypt the traffic and place it on a multitude
of VPNs, securing communications between branch offices and central
sites.
This high degree of convergence simplifies the network
architecture and allows for cost-effective deployment of advanced services at
the branch-office level. Furthermore, because the Cisco Enhanced EtherSwitch
Service Modules support the same feature sets as the Cisco Catalyst 2960 and
Catalyst 3560-E Switches, you can provide a ubiquitous configuration at
headquarters and at the branch office to create a consistent experience
throughout your network.
Cisco EtherSwitch Service Module with a Cisco
3945 Integrated Services Router
Features and Benefits
Architecture Features and
Benefits
The Cisco Enhanced EtherSwitch Service Module helps
ensure maximum availability, high performance, ease of upgrade, and
expandability. The modules have their own processors, switching engines, and
flash memory that run independently of host router resources, helping ensure
maximum concurrent switching and routing performance as well as providing
integrated PoE, security, and increased ease of management. Additionally, Cisco
Enhanced EtherSwitch Service Modules run their own Cisco
IOSSoftware, independent of the router
Cisco IOS Software image, allowing for easy upgrades and ongoing software and
feature commonality with Cisco Catalyst 2960 and Catalyst 3560-E Series
Switches. Table 2 lists some of the features and benefits of this
architecture.
Cisco Enhanced EtherSwitch
Service Module Addresses Customer Needs
Customer Needs |
How Addressed by Cisco
Enhanced EtherSwitch Service Module |
Green IT |
Cisco EnergyWise
technology
Single power supply for Cisco
EtherSwitch device and router |
Cisco EnergyWise technology
helps enable Cisco EtherSwitch devices to automatically reduce off-peak
use of PoE.
The modules offer two to eight
times lower power consumption than standalone
switches.
Because no additional rack
space or power supply is needed, there is less to rack, stack, and
cool. |
Total Cost of Ownership
(TCO) |
Scaling network infrastructure
across multiple sites
Increasing costs of operating
multiple devices at the branch office
Maximizing IT
resources |
An integrated switch solution
lowers operations costs, simplifies troubleshooting, and enables
businesses to scale.
Cisco Catalyst 2960 and
Catalyst 3560-E software parity enables IT to certify and deploy the same
services at the main office and branch
office.
The modules offer lower mean
time to repair (MTTR). One vendor means one support center to decrease
troubleshooting time and eliminate finger pointing among
vendors.
Cisco
SMARTnetsupport covers both integrated services routers and
Cisco EtherSwitch devices. |
Investment
Protection |
Ensuring compatibility of your
network with future networks to deliver leading technology |
The Cisco Enhanced EtherSwitch
Service Module and Cisco Catalyst 2960 and Catalyst 3560-E features,
schedule, and roadmap are aligned to provide a consistent user experience
and to ensure no new hardware is required to support the latest
innovations. |
High
Availability |
Minimizing downtime that
affects business operations |
Cisco Enhanced EtherSwitch
Service Modules run their own Cisco IOS Software images and can be
upgraded independent of the host router
image.
A single-box solution
simplifies remote management and improves services interoperability to
help ensure the highest reliability for all
users.
End-to-end testing for
standards-based and innovative Cisco proprietary features provides
superior services interoperability and excellent
value.
The modules offer optional
redundant power supplies, including an integrated redundant power system
(RPS) on the Cisco 3900 Series and external RPS 2300 support on the Cisco
2911 through Cisco 2951 Integrated Services
Routers.
Fewer components (for example,
power supplies and fans) results in fewer failures and less
downtime.
Mean time between failure
(MTBF) is at least two times higher than that for a standalone
switch. |
Scalability with
High-Performance IP Routing for the LAN (ES3) |
Isolation of LAN traffic and
route between VLANs on the Cisco Enhanced EtherSwitch Service
Module |
Cisco Express Forwarding
hardware routing architecture delivers extremely high-performance IP
routing and promotes scalability.
The modules offer inter-VLAN
IP routing with full local Layer 3 switching between two or more
VLANs.
Traffic can be forwarded
between service modules over the MGF without affecting the router
CPU. |
Cisco EnergyWise Technology
Cisco EnergyWise technology is an innovative architecture
added to a large number of Cisco Catalyst switches, the Cisco 2900 and 3900
Series Integrated Services Routers, and the Cisco ES2 and ES3 Enhanced
EtherSwitch Service Modules to promote companywide sustainability by reducing
energy consumption across an entire network infrastructure.
Cisco EnergyWise technology encompasses a highly
intelligent network-based approach to communicate messages that measure and
control energy between network devices and endpoints. The network discovers
Cisco EnergyWise manageable devices, monitors their power consumption, and takes
action based on business rules to reduce power consumption. The technology uses
an innovative domain-naming system to query and summarize information from large
sets of devices, making it simpler than traditional network management
capabilities. The management interfaces of this technology allow facilities and
network management applications to communicate with endpoints and each other
using the network as a unifying fabric. The management interface uses standard
Simple Network Management Protocol (SNMP) or Secure Sockets Layer (SSL) to
integrate Cisco and third-party management systems.
Cisco EnergyWise technology extends the network as a
platform for the power control plane for gathering, managing, and reducing power
consumption of all devices, resulting in companywide optimized power delivery
and reduced energy costs.
Advanced PoE Support
Although Power over Ethernet (PoE) has been employed for
more than a decade, it is still an evolving technology. New and innovative
applications continue to raise expectations for power requirements. The Cisco
Enhanced EtherSwitch Service Modules are the first EtherSwitch modules to take
advantage of the increased power capabilities of the Cisco 2900 and 3900 Series
routers. Table 3 gives information about total PoE power output. Depending on
the Cisco 2900 and 3900 Series router model, the available PoE power ranges from
200 to 1014 watts. The Cisco Enhanced EtherSwitch Service Module supports not
only IEEE 802.1af (15.4 watts), but also Cisco ePoE (20 watts, ES3 only) as well
as Cisco pre-standard PoE. The support of both new and old power levels
demonstrates Cisco's commitment to protection of your initial investment while
planning for the future. Additional PoE features include:
- Per-port power consumption control allows you to
specify a maximum power setting on an individual port.
- Per-port PoE power sensing measures the
actual power being drawn, enabling more intelligent control of powered
devices.
- The Cisco PoE MIBs provide proactive
visibility into power usage and allow you to set different power-level
thresholds.
- Cisco Discovery Protocol Version 2
allows the Cisco Enhanced EtherSwitch Service Modules to negotiate a more
granular power setting than IEEE classification provides when connecting to a
Cisco powered device such as IP phones or access points.
- The Link Layer Discovery Protocol
Media Endpoint Discovery (LLDP-MED) link layer discovery protocol and MIB
enable interoperability in multivendor networks. Switches exchange speed,
duplex, and power settings with end devices such as IP phones.
Power over Ethernet requires the PoE
versions of the router power supplies. The Cisco 2900 and 3900 Series routers
support multiple PoE powering modes:
- Normal: One PoE power supply
- Redundant:Two PoE internal power supplies (Cisco 3925 and 3945) or one PoE
power supply plus an external Cisco RPS 2300 Redundant Power Supply Unit
(Cisco 2911, 2921, and 2951), where one is active and one is standby
- Boost:Two PoE internal power supplies (Cisco 3925 and 3945) or one PoE
power supply plus an external Cisco RPS2300 (Cisco 2900), where both are
actively supplying PoE power
Power
Output
Router |
Normal PoE with Single POE
Power Supply (Watts) |
Maximum Number of Ports
Running at 15.4W in Normal Mode |
Maximum Number of Ports
Running at 20W in Normal Mode |
Maximum Power with Dual POE
Supplies in Boost Mode (Watts) |
Maximum Number of Ports
Running at 15.4W in Boost Mode |
Maximum Number of Ports
Running at 20W in Boost Mode |
Cisco 3945 |
520 |
33 |
16 |
1040 |
65 |
50 |
Cisco 3925 |
520 |
33 |
16 |
1040 |
65 |
50 |
Cisco 2951 |
370 |
24 |
18 |
750 |
48 |
37 |
Cisco 2921 |
280 |
18 |
16 |
750 |
48 |
37 |
Cisco 2911 |
200 |
12 |
10 |
750 |
48 |
37 |
Secure Networking
Because security needs to be embedded throughout the
network, routers and Cisco EtherSwitch devices play a critical role in any
network defense strategy. Cisco Enhanced EtherSwitch Service Modules provide a
rich set of security features and can be a crucial component of your secure
network strategy. The modules support a comprehensive set of security features
for connectivity and access control, including ACLs, authentication, port-level
security, and identity-based network services with 802.1x and extensions. This
set of comprehensive features not only helps prevent external attacks, but
defends the network against "man-in-the-middle" attacks, a primary concern in
today's business environment. Table 4 highlights the benefits of the Enhanced
EtherSwitch Service Module LAN security features.
LAN Security Features
Feature |
Benefit |
Dynamic ARP Inspection
(DAI) |
DAI helps ensure user
integrity by preventing malicious users from exploiting the insecure
nature of the Address Resolution Protocol (ARP). |
DHCP Snooping |
This feature prevents
malicious users from spoofing a Dynamic Host Configuration Protocol (DHCP)
server and sending out bogus addresses. It is used by other primary
security features to prevent numerous other attacks such as ARP
poisoning. |
IP Source Guard |
IP Source Guard prevents a
malicious user from spoofing or taking over another user's IP address by
creating a binding table between the client's IP and MAC address, port,
and VLAN. |
Private VLANs |
Private VLANs restrict traffic
between hosts in a common segment by segregating traffic at Layer 2,
turning a broadcast segment into a nonbroadcast multiaccess-like segment;
this feature is available in the ES3 only.
Private VLAN Edge provides
security and isolation between switch ports, helping ensure that users
cannot snoop on other users' traffic; this feature is available in the ES3
only. |
Unicast Reverse Path
Forwarding (RPF) |
This feature helps mitigate
problems caused by the introduction of malformed or forged (spoofed) IP
source addresses into a network by discarding IP packets that lack a
verifiable IP source address; it is available in the ES3
only. |
IEEE 802.1x |
IEEE 802.1x allows dynamic,
port-based security, providing user
authentication.
IEEE 802.1x with VLAN
assignment allows a dynamic VLAN assignment for a specific user regardless
of where the user is connected.
IEEE 802.1x with voice VLAN
permits an IP phone to access the voice VLAN irrespective of the
authorized or unauthorized state of the
port.
IEEE 802.1x and port security
are provided to authenticate the port and manage network access for all
MAC addresses, including that of the client.
IEEE 802.1x with an ACL
assignment allows for specific identity-based security policies regardless
of where the user is connected.
IEEE 802.1x with guest VLAN
allows guests without 802.1x clients to have limited network access on the
guest VLAN.
Web authentication for
non-802.1x clients allows non-802.1x clients to use an SSL-based browser
for authentication. |
Multidomain
Authentication |
Multidomain authentication
allows an IP phone and a PC to authenticate on the same switch port while
placing them on the appropriate voice and data VLAN. |
MAC Authentication
Bypass |
MAC Auth Bypass (MAB) for
voice allows third-party IP phones without an 802.1x supplicant to get
authenticated using the MAC address; it is available in the ES3
only. |
Advanced ACLs |
Cisco security VLAN ACLs on
all VLANs prevent unauthorized data flows from being bridged within VLANs;
this feature is available in the ES3 only.
Cisco standard and extended IP
Security router ACLs define security policies on routed interfaces for
control- and data-plane traffic. IPv6 ACLs can be applied to filter IPv6
traffic; this feature is available in the ES3
only.
Port-based ACLs for Layer 2
interfaces allow security policies to be applied on individual switch
ports. |
Administrative Traffic
Protection |
Secure Shell (SSH) Protocol,
Kerberos (ES3 only), and SNMPv3 provide network security by encrypting
administrator traffic during Telnet and SNMP sessions. SSH, Kerberos (ES3
only), and the cryptographic version of SNMPv3 require a special
cryptographic software image because of U.S. export
restrictions. |
Switched Port Analyzer
(SPAN) |
Bidirectional data support on
the SPAN port allows the Cisco Intrusion Detection System (IDS) to take
action when an intruder is detected. |
Centralized
Authentication |
TACACS+ and RADIUS
authentication facilitates centralized control of the switch and restricts
unauthorized users from altering the configuration. |
MAC Address
Authentication |
MAC address notification
allows administrators to be notified of users added to or removed from the
network. |
Port Security |
Port security secures the
access to an access or trunk port based on MAC address. |
Console Security |
Multilevel security on console
access prevents unauthorized users from altering the switch
configuration. |
Bridge Protocol Data Unit
(BPDU) Guard |
BPDU guard shuts down Spanning
Tree PortFast-enabled interfaces when BPDUs are received to avoid
accidental topology loops. |
Spanning-Tree Root Guard
(STRG) |
STRG prevents edge devices not
in the network administrator's control from becoming Spanning Tree
Protocol root nodes. |
Internet Group Management
Protocol (IGMP) Filtering |
IGMP filtering provides
multicast authentication by filtering out nonsubscribers and limits the
number of concurrent multicast streams available per
port. |
Dynamic VLAN
Assignment |
Dynamic VLAN assignment is
supported through implementation of VLAN Membership Policy Server client
capability to provide flexibility in assigning ports to VLANs. Dynamic
VLAN facilitates the fast assignment of IP
addresses. |
Ease of Management and
Troubleshooting
Cisco EtherSwitch Service Modules offer many
ease-of-management advantages. For instance, administrators can manage the
service modules through the host router CLI, providing one point of management
for the LAN and WAN. Because the Cisco Enhanced EtherSwitch Service Modules run
the same software image as the Cisco Catalyst 2960 and Catalyst 3560-E Series,
the CLI commands are identical to those used on these Cisco Catalyst switches.
This setup greatly simplifies management across the LAN and WAN, resulting in
lower training costs, lower software qualifications costs, and a reduction in
the possibility of configuration errors. Additionally, the Cisco Enhanced
EtherSwitch Service Modules can be managed using one of Cisco's advanced GUI
management tools. This provides an easy to use Web-based management interfaces
can be accessed through a standard Web browser. Table 5 lists other management
and troubleshooting features.
Management and Troubleshooting
Features
Feature |
Description |
CLI |
The modules have a single CLI
for configuring branch-office and headquarters switches-reducing
management challenges and easing troubleshooting if network downtime
occurs, significantly reducing operating expenses (OpEx), and increasing
network uptime. You can access the CLI through the router CLI without
additional Telnet sessions or an extra console cable. |
Cisco Configuration
Professional |
This application is a GUI
device-management tool for Cisco IOS Software-based access routers,
including the Cisco 2900 and 3900 Series. In the case of the Cisco
Enhanced EtherSwitch Service Module, Cisco Configuration Professional can
be configured to spawn the Enhance EtherSwitch Service Module's embedded
device manager GUI. |
Cisco Network
Assistant |
This easy-to-use, GUI-based
management interface provides management specifically for the Cisco
Enhanced EtherSwitch Service Modules and Cisco Catalyst 2960, Catalyst
3560, and Catalyst 3560 Switches. Cisco Unified Communications wizards
need just a few user inputs to automatically configure the service module
to optimally manage different types of traffic, including voice, video,
multicast, and high-priority data. A security wizard is provided to
restrict unauthorized access to applications, servers, and networks. You
can also use Cisco Network Assistant to manage Cisco Catalyst switches
connected to the Cisco Enhanced EtherSwitch Service
Module. |
CiscoWorks LAN Management
System (LMS) |
CiscoWorks LMS provides a
robust set of applications for maintaining, monitoring, and
troubleshooting a broad range of devices in an end-to-end Cisco network.
Built upon popular Internet-based standards, CiscoWorks LMS applications
enable network operators to manage the network through a simplified
browser-based interface that can be accessed anytime from anywhere within
the network. |
CiscoView |
CiscoView, available from
CiscoWorks LMS, provides a graphical "front-panel" interface for managing
Cisco devices. It allows you to easily interact with device components for
at-a-glance port status and easy device configuration and
monitoring. |
Auto Spartports |
Cisco Auto Smartports can
simplify the configuration of advanced capabilities, encapsulating years
of Cisco networking expertise. As devices connect to the switch, automatic
port configurations are enabled, rendering devices operational as soon as
they are connected to the network. |
Cisco CNS Configuration
Engine |
The Cisco CNS Configuration
Engine supports the activation of CPE-based network services through
centralized template-based configuration management for zero-touch
deployment, inventory, configuration, and image
management. |
Additional Troubleshooting
Features |
Cisco Express setup simplifies
initial configuration with a web browser, eliminating the need for more
complex terminal emulation programs and CLI
knowledge.
AutoInstall uses DHCP-based
autoconfiguration and image upgrade. This feature automatically downloads
the configuration file and Cisco IOS Software image, and allocates an IP
address and hostname for the switch. You can use AutoInstall to implement
a zero-touch deployment.
Time Domain Reflectometry
(TDR) is used to diagnose and resolve cabling problems on copper Ethernet
ports.
Automatic medium-dependent
interface crossover (Auto-MDIX) automatically adjusts transmit and receive
pairs if an incorrect cable type (crossover or straight-through) is
installed on a copper port.
Unidirectional Link Detection
(UDLD) is a Layer 2 protocol that enables devices connected through
fiber-optic or twisted-pair Ethernet cables to monitor the physical
configuration of the cables and detect when a unidirectional link
occurs.
IPSLA is used to send IP or
Ethernet-based probes to monitor and validate traffic flow levels; it is
available in the ES3 only. |
Summary
As companies strive to lower the costs of running their
networks and to increase the productivity of their end users with network
applications, more intelligent branch-office solutions are required. Cisco
Enhanced EtherSwitch Service Modules enable a higher level of security and offer
enhanced PoE power levels, advanced features for IP communications, easy
expandability, and simplified management at the branch-office level. By
minimizing OpEx without sacrificing any advanced switching features, Cisco
Enhanced EtherSwitch Service Modules can help you maximize your return on
investment for the network infrastructure and accelerate the deployment of
productivity-enhancing services to your enterprise branch offices or small to
midsize business offices.
Specifications
Model |
SM-ES3G-24-P |
Fast Ethernet
Ports |
|
Gigabit Ethernet
Ports |
24 |
Small Form-Factor Pluggable (SFP)
Uplinks |
|
Layer 2
Switching |
|
Layer 2/3
Switching |
X |
PoE |
X |
Service Module
Width |
Single |
Module Support
Model |
Maximum ES2 and ES3 Ports
Using Service Modules |
One Single |
One Double |
Two Single |
One Single + One
Double |
Two Single + One
Double |
Three Single |
Four Single |
Cisco 3945 |
98 |
X |
X |
X |
X |
X |
X |
X |
Cisco 3925 |
74 |
X |
X |
X |
X |
|
|
|
Cisco 2951 |
50 |
X |
X |
X |
|
|
|
|
Cisco 2921 |
50 |
X |
X |
|
|
|
|
|
Cisco 2911 |
24 |
X |
|
|
|
|
|
|
Cisco IOS Software Release Module
Support
Model |
SM-ES3G-24-P |
Default
Software |
Universal Image: IP
Base |
Minimum
Cisco EtherSwitch and Cisco IOS Software
Release |
12.2(52)EX |
Minimum
Router Cisco IOS Software Release |
15(0).1M |
Module Specifications
Model |
SM-ES3G-24-P |
Dimensions:
Wide x Deep x High (cm.) |
20.6 x 20.7 x
4.0 |
Weight
(kg.) |
2.5 |
Operational
Temperature |
0 to
40°C |
Nonoperational
Temperature |
-40 to
70°C |
Operational
Humidity |
5 to
90% |
Nonoperational
Humidity |
5 to
95% |
Ordering Information
Part
Number |
Description |
|
ES2
Modules |
SM-ES3-24-P |
Enhanced EtherSwitch
SM, Layer 2/3 switching, 24 ports GE, POE
capable |