Cisco Nexus 1000V Security Configuration Guide, Release 4.0(4)SV1(2)
Index
Downloads: This chapterpdf (PDF - 202.0KB) The complete bookPDF (PDF - 5.67MB) | Feedback

Index

Table Of Contents

A - C - D - E - F - I - L - M - P - R - S - T - U - V -

Index

A

AAA

default settings 4-9

description4-1to 4-4

example configuration 4-9

guidelines 4-4

limitations 4-4

monitoring TACACS+ servers 6-3

prerequisites 4-4

server groups description 4-4

services 4-1

standards 4-10

TACACS+ server groups 6-12

verifying configurations 4-8

aaa authentication command 4-6

AAA servers

FreeRADIUS VSA format 5-4

access control lists

order of application 9-2

types of 9-2

accounting

default 4-9

description 4-3

ARP inspection

See dynamic ARP inspection

authentication

console default 4-9

description 4-2

method default 4-9

authentication, authorization, and accounting. See AAA

authorization, description 4-3

av pair 6-4

C

Cisco

vendor ID 5-3, 6-4

class-map limits 15-1

clear a Telnet session 8-4

configuration limits 15-1

console

authentication default 4-9

configure login authentication 4-6

D

defaults

user access 2-16

default settings

AAA 4-9

SSH 7-15

TACACS+ 6-24

Telnet 3-9, 8-5

detection, DAI error-disabled interface 13-9

DHCP binding database

See DHCP snooping binding database

DHCP snooping

binding database

See DHCP snooping binding database

description 12-1

enabling globally 12-4

enabling on a VLAN 12-5

error-disable detection 12-9, 12-10, 13-9

MAC address verification 12-6

minimum configuration 12-3

overview 12-1

rate limiting DHCP packets 12-8

trusted and untrusted interfaces 12-7

DHCP snooping binding database

described 12-2

entries 12-2

disable

Telnet 8-2

documentation

additional publications 1-xvii

dynamic ARP inspection

additional validation 13-10

ARP requests 13-1

ARP spoofing attack 13-2

configuring trust state 13-6

configuring VLANs 13-5

description 13-1

DHCP snooping binding database 13-2

error-disabled detection and recovery 13-9

function of 13-2

network security and trusted interfaces 13-3

rate limits 13-11

Dynamic Host Configuration Protocol snooping

See DHCP snooping

E

enable

authentication failure messages 4-7

port profile 3-5, 3-7

Telnet 8-2

error-disabled interface, DAI 13-9

example configuration

AAA 4-9

Secure Shell (SSH) 7-13

TACACS+ 6-23

user access 2-15

expiration date

information about 2-4

F

feature groups

creating 2-10

flow chart

configuring AAA 4-5

configuring TACACS+ 6-6

FreeRADIUS

VSA format for role attributes 5-4

I

IDs

Cisco vendor ID 5-3

inside port profile, VSD, outside port profile, VSD 3-3, 3-6

interfaces, VSD 3-1

IP ACLs

changing an IP ACL 9-6

configuring9-5to ??

creating an IP ACL 9-5

default settings 9-12

description 9-1

guidelines 9-5

limitations 9-5

prerequisites 9-5

removing an IP ACL 9-8

verifying configuration 9-11

IP Source Guard

description 14-1

enabling 14-2

static IP source entries 14-3

L

limits, configuration 15-1

login AAA, about 4-1

login authentication

configuring console methods 4-6

M

MAC ACLs

changing a MAC ACL 10-3

creating a MAC ACL 10-2

description 10-1

removing a MAC ACL 10-4

match criteria limit 15-1

P

password

checking strength 2-4, 2-5

passwords

information about 2-3

policy map limits 15-1

port ACLs

applying 9-10

port-profile command 3-4

port security

description 11-1

enabling on an interface 11-6

MAC move 11-4

static MAC address 11-8

violations 11-4

preshared keys

TACACS+ 6-3

prohibited words 2-6

R

RADIUS

configuring servers5-4to 5-19

configuring the global key 5-6

configuring transmission retries 5-12

default settings 5-22

description5-1to 5-4

example configurations 5-22

network environments 5-1

operation 5-2

prerequisites 5-4

specifying server at login 5-10

verifying configuration 5-21

VSAs 5-3

RADIUS server groups

configuring 5-8

RADIUS Servers

retries to a single server 5-14

RADIUS servers

configuring accounting attributes 5-15, 5-16

configuring a timeout interval 5-13

configuring authentication attributes 5-15, 5-16

configuring dead-time intervals 5-19

configuring hosts 5-5

configuring keys 5-7

configuring periodic monitoring 5-18

deleting hosts 5-21

displaying statistics 5-22

example configurations 5-22

manually monitoring 5-20

monitoring 5-2

verifying configuration 5-21

recovery, DAI error-disabled interface 13-9

related documents 1-xvii

remote session, Telnet IPv4 8-3

roles

example configuration 2-15

information about 2-1

interface access 2-12

limitations 2-4

verifying 2-15

VLAN access 2-13

S

Secure Shell

default settings 7-15

security services, about 4-1

server groups, description 4-4

service policy limits 15-1

service-port command 3-5

services, AAA, about 4-1

session, clearing Telnet 8-3, 8-4

session, starting IPv4 Telnet 8-3

show Telnet server command 8-5

show virtual -service-domain command 3-7

SSH

default settings 7-15

generating server key-pairs 1-3, 7-1

state enabled command 3-5, 3-7

statistics

RADIUS servers 5-22

TACACS+ 6-22

switchport access vlan command 3-7

switchport mode trunk command 3-4

T

TACACS+

configuring6-5to ??

configuring global timeout interval 6-16

configuring shared keys 6-9

default settings 6-24

description6-1to ??

disabling 6-8

displaying statistics 6-22

enabling 6-8

example configurations 6-23

global preshared keys 6-3

guidelines 6-4

limitations 6-4

prerequisites 6-4

preshared key 6-3

specifying TACACS+ servers at login 6-14

user login operation 6-2

VSAs 6-3

TACACS+ servers

configuration overview 6-6

configuring dead-time interval 6-21

configuring hosts 5-6, 6-11

configuring periodic monitoring 6-20

configuring server groups 6-12

configuring TCP ports 6-18

displaying statistics 6-22

monitoring 6-3

TCP ports

TACACS+ servers 6-18

Telnet 3-1, 8-1

clearing a session 8-4

clear session 8-3

default setting 3-9, 8-5

enable, disable 8-2

information about 8-1

prerequisites for 8-1

start IPv4 session 8-3

Telnet command 8-4

timeout

TACACS+ 6-16

U

user access

defaults 2-16

example configuration 2-15

verifying 2-15

user account

prohibited words 2-6

user accounts

configuring 2-6

guidelines 2-4

information about 2-1

limitations roles

guidelines 2-4

user names

information about 2-3

user roles

creating 2-8

creating feature groups 2-10

V

vendor ID, Cisco 6-4

vendor-specific attributes (VSAs) 6-4

virtual service domain

create 3-7

display 3-7

interfaces 3-1

port profile

inside or outside 3-3

member 3-6

virtual -service-domain command 3-7

virtual-service-domain command 3-4

vmware port-group command 3-5

VSAs

protocol options 5-3