Cisco SM-X - Page 7

12 pages

Save Page as PDF

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

© 2024 Cisco and/or its affiliates. All rights reserved. Page 7 of 12

-

Table 4. Security features supported on SM-X EtherSwitch Module

Feature

Benefit

IEEE 802.1x

● IEEE 802.1x allows dynamic, port-based security, providing user authentication.

● IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of the

authorized or unauthorized state of the port.

● IEEE 802.1x and port security are provided to authenticate the port and manage network access

for all MAC addresses, including that of the client.

● IEEE 802.1x with an ACL assignment allows for specific identity-based security policies

regardless of where the user is connected.

● IEEE 802.1x with guest VLAN allows guests without 802.1x clients to have limited network

access on the guest VLAN.

MACsec

● Exceptional security with integrated hardware support for MACsec is defined in IEEE 802.1AE.

MACsec provides MAC layer encryption over wired networks using out-of-band methods for

encryption keying.

● The MACsec Key Agreement (MKA) Protocol provides the required session keys and manages

the keys required for encryption when configured. MKA and MACsec are implemented following

successful authentication using the 802.1x Extensible Authentication Protocol (EAP) framework.

● In Cisco Enhanced EtherSwitch Service Modules, both the user and down-link ports (links

between the switch and endpoint devices such as a PC or IP phone) as well as the network and

up-link ports can be secured using MACsec.

● With MACsec you can encrypt switch-to-switch links such as access to distribution, or encrypt

dark fiber links within a building or between buildings.

Multidomain authentication

● Multidomain authentication allows an IP phone and a PC to authenticate on the same switch port

while placing them on the appropriate voice and data VLAN.

MAC Authentication Bypass

(MAB)

● MAB for voice allows third-party IP phones without an 802.1x supplicant to get authenticated

using the MAC address.

Switched Port Analyzer

(SPAN and RSPAN)

● Bidirectional data support on the SPAN port allows the any Intrusion Detection System (IDS) to

take action when an intruder is detected.

Centralized authentication

● TACACS+ and RADIUS authentication facilitates centralized control of the switch and restricts

unauthorized users from altering the configuration.

MAC address authentication

● MAC address notification allows administrators to be notified of users added to or removed from

the network.

Port security

● Port security secures the access to an access or trunk port based on MAC address.

Table of Contents

Related product manuals

Cisco Small Business 200

Preview: Cisco Small Business 200 Series

Cisco Small Business 200 Series

Preview: Small Business Unmanaged Switch SR2016

Small Business Unmanaged Switch SR2016

Small Business Unmanaged Switch SR224

Preview: Small Business Unmanaged Switch SD2008

Small Business Unmanaged Switch SD2008

Preview: Cisco SR224

Preview: Cisco SG300

Preview: Cisco SD216

Preview: Cisco SE1500

Preview: Cisco SR2016

Preview: Cisco SD208P