Cisco Cisco SM-X Layer 2 3 EtherSwitch Service Module
Cisco SM-X Layer 2/3 EtherSwitch Service Module (ESM) Configuration Guide for Cisco 2900 and Cisco 3900 Series
Information About the Cisco SM-X Layer 2/3 ESMs
4
Cisco SM-X Layer 2/3 EtherSwitch Service Module (ESM) Configuration Guide for Cisco 2900 and Cisco 3900 Series ISRs
•
•
•
•
•
•
Cisco Trust Sec encryption
The Cisco TrustSec security architecture builds secure networks by establishing clouds of trusted
network devices. Each device in the cloud is authenticated by its neighbors. Communication on the links
between devices in the cloud is secured with a combination of encryption, message integrity checks, and
data-path replay protection mechanisms. Cisco TrustSec also uses the device and user identification
information acquired during authentication for classifying, or coloring, the packets as they enter the
network. This packet classification is maintained by tagging packets on ingress to the Cisco TrustSec
network so that they can be properly identified for the purpose of applying security and other policy
criteria along the data path. The tag, also called the security group tag (SGT), allows the network to
enforce the access control policy by enabling the endpoint device to act upon the SGT to filter traffic.
See
network devices. Each device in the cloud is authenticated by its neighbors. Communication on the links
between devices in the cloud is secured with a combination of encryption, message integrity checks, and
data-path replay protection mechanisms. Cisco TrustSec also uses the device and user identification
information acquired during authentication for classifying, or coloring, the packets as they enter the
network. This packet classification is maintained by tagging packets on ingress to the Cisco TrustSec
network so that they can be properly identified for the purpose of applying security and other policy
criteria along the data path. The tag, also called the security group tag (SGT), allows the network to
enforce the access control policy by enabling the endpoint device to act upon the SGT to filter traffic.
See
Chapter in the
IEEE 802.1x Protocol
The IEEE 802.1x standard defines a client-server-based access control and authentication protocol that
prevents clients from connecting to a LAN through publicly accessible ports unless they are
authenticated. The authentication server authenticates each client connected to a port before making
available any services offered by the router or the LAN.
prevents clients from connecting to a LAN through publicly accessible ports unless they are
authenticated. The authentication server authenticates each client connected to a port before making
available any services offered by the router or the LAN.
Until the client is authenticated, IEEE 802.1x access control allows only Extensible Authentication
Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP)
traffic through the port to which the client is connected. After authentication, normal traffic can pass
through the port. See
Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP)
traffic through the port to which the client is connected. After authentication, normal traffic can pass
through the port. See
Chapter in the
for information on
configuring this feature.
Licensing and Software Activation
The Cisco SM-X Layer 2/3 ESM utilizes the Cisco licensing software activation mechanism for different
levels of technology software packages. This mechanism is referred to as technology package licensing and
leverages the universal technology package based licensing solution. A universal image containing all levels
of a software package is loaded on your Cisco SM-X Layer 2/3 ESM.
During startup, the Cisco SM-X Layer 2/3 ESM determines the highest level of license and loads the corre-
sponding software features.
The Cisco SM-X Layer 2/3 ESM has a right to use (RTU) license, also known as honor-based license.
The RTU license on Cisco SM-X Layer 2/3 ESM supports the following three feature sets:
levels of technology software packages. This mechanism is referred to as technology package licensing and
leverages the universal technology package based licensing solution. A universal image containing all levels
of a software package is loaded on your Cisco SM-X Layer 2/3 ESM.
During startup, the Cisco SM-X Layer 2/3 ESM determines the highest level of license and loads the corre-
sponding software features.
The Cisco SM-X Layer 2/3 ESM has a right to use (RTU) license, also known as honor-based license.
The RTU license on Cisco SM-X Layer 2/3 ESM supports the following three feature sets:
•
LAN Base: Enterprise access Layer 2 switching features
•
IP Base: Enterprise access Layer 3 switching features
•
IP Services: Advanced Layer 3 switching (IPv4 and IPv6) features.