A -
C -
D -
E -
F -
I -
L -
M -
P -
R -
S -
T -
U -
V -
Index
A
AAA
default settings 4-9
description4-1to 4-4
example configuration 4-9
guidelines 4-4
limitations 4-4
monitoring TACACS+ servers 6-3
prerequisites 4-4
server groups description 4-4
services 4-1
standards 4-10
TACACS+ server groups 6-12
verifying configurations 4-8
aaa authentication command 4-6
AAA servers
FreeRADIUS VSA format 5-4
access control lists
order of application 9-2
types of 9-2
accounting
default 4-9
description 4-3
ARP inspection
See dynamic ARP inspection
authentication
console default 4-9
description 4-2
method default 4-9
authentication, authorization, and accounting. See AAA
authorization, description 4-3
av pair 6-4
C
Cisco
vendor ID 5-3, 6-4
class-map limits 15-1
clear a Telnet session 8-4
configuration limits 15-1
console
authentication default 4-9
configure login authentication 4-6
D
defaults
user access 2-16
default settings
AAA 4-9
SSH 7-15
TACACS+ 6-24
Telnet 3-9, 8-5
detection, DAI error-disabled interface 13-9
DHCP binding database
See DHCP snooping binding database
DHCP snooping
binding database
See DHCP snooping binding database
description 12-1
enabling globally 12-4
enabling on a VLAN 12-5
error-disable detection 12-9, 12-10, 13-9
MAC address verification 12-6
minimum configuration 12-3
overview 12-1
rate limiting DHCP packets 12-8
trusted and untrusted interfaces 12-7
DHCP snooping binding database
described 12-2
entries 12-2
disable
Telnet 8-2
documentation
additional publications 1-xvii
dynamic ARP inspection
additional validation 13-10
ARP requests 13-1
ARP spoofing attack 13-2
configuring trust state 13-6
configuring VLANs 13-5
description 13-1
DHCP snooping binding database 13-2
error-disabled detection and recovery 13-9
function of 13-2
network security and trusted interfaces 13-3
rate limits 13-11
Dynamic Host Configuration Protocol snooping
See DHCP snooping
E
enable
authentication failure messages 4-7
port profile 3-5, 3-7
Telnet 8-2
error-disabled interface, DAI 13-9
example configuration
AAA 4-9
Secure Shell (SSH) 7-13
TACACS+ 6-23
user access 2-15
expiration date
information about 2-4
F
feature groups
creating 2-10
flow chart
configuring AAA 4-5
configuring TACACS+ 6-6
FreeRADIUS
VSA format for role attributes 5-4
I
IDs
Cisco vendor ID 5-3
inside port profile, VSD, outside port profile, VSD 3-3, 3-6
interfaces, VSD 3-1
IP ACLs
changing an IP ACL 9-6
configuring9-5to ??
creating an IP ACL 9-5
default settings 9-12
description 9-1
guidelines 9-5
limitations 9-5
prerequisites 9-5
removing an IP ACL 9-8
verifying configuration 9-11
IP Source Guard
description 14-1
enabling 14-2
static IP source entries 14-3
L
limits, configuration 15-1
login AAA, about 4-1
login authentication
configuring console methods 4-6
M
MAC ACLs
changing a MAC ACL 10-3
creating a MAC ACL 10-2
description 10-1
removing a MAC ACL 10-4
match criteria limit 15-1
P
password
checking strength 2-4, 2-5
passwords
information about 2-3
policy map limits 15-1
port ACLs
applying 9-10
port-profile command 3-4
port security
description 11-1
enabling on an interface 11-6
MAC move 11-4
static MAC address 11-8
violations 11-4
preshared keys
TACACS+ 6-3
prohibited words 2-6
R
RADIUS
configuring servers5-4to 5-19
configuring the global key 5-6
configuring transmission retries 5-12
default settings 5-22
description5-1to 5-4
example configurations 5-22
network environments 5-1
operation 5-2
prerequisites 5-4
specifying server at login 5-10
verifying configuration 5-21
VSAs 5-3
RADIUS server groups
configuring 5-8
RADIUS Servers
retries to a single server 5-14
RADIUS servers
configuring accounting attributes 5-15, 5-16
configuring a timeout interval 5-13
configuring authentication attributes 5-15, 5-16
configuring dead-time intervals 5-19
configuring hosts 5-5
configuring keys 5-7
configuring periodic monitoring 5-18
deleting hosts 5-21
displaying statistics 5-22
example configurations 5-22
manually monitoring 5-20
monitoring 5-2
verifying configuration 5-21
recovery, DAI error-disabled interface 13-9
related documents 1-xvii
remote session, Telnet IPv4 8-3
roles
example configuration 2-15
information about 2-1
interface access 2-12
limitations 2-4
verifying 2-15
VLAN access 2-13
S
Secure Shell
default settings 7-15
security services, about 4-1
server groups, description 4-4
service policy limits 15-1
service-port command 3-5
services, AAA, about 4-1
session, clearing Telnet 8-3, 8-4
session, starting IPv4 Telnet 8-3
show Telnet server command 8-5
show virtual -service-domain command 3-7
SSH
default settings 7-15
generating server key-pairs 1-3, 7-1
state enabled command 3-5, 3-7
statistics
RADIUS servers 5-22
TACACS+ 6-22
switchport access vlan command 3-7
switchport mode trunk command 3-4
T
TACACS+
configuring6-5to ??
configuring global timeout interval 6-16
configuring shared keys 6-9
default settings 6-24
description6-1to ??
disabling 6-8
displaying statistics 6-22
enabling 6-8
example configurations 6-23
global preshared keys 6-3
guidelines 6-4
limitations 6-4
prerequisites 6-4
preshared key 6-3
specifying TACACS+ servers at login 6-14
user login operation 6-2
VSAs 6-3
TACACS+ servers
configuration overview 6-6
configuring dead-time interval 6-21
configuring hosts 5-6, 6-11
configuring periodic monitoring 6-20
configuring server groups 6-12
configuring TCP ports 6-18
displaying statistics 6-22
monitoring 6-3
TCP ports
TACACS+ servers 6-18
Telnet 3-1, 8-1
clearing a session 8-4
clear session 8-3
default setting 3-9, 8-5
enable, disable 8-2
information about 8-1
prerequisites for 8-1
start IPv4 session 8-3
Telnet command 8-4
timeout
TACACS+ 6-16
U
user access
defaults 2-16
example configuration 2-15
verifying 2-15
user account
prohibited words 2-6
user accounts
configuring 2-6
guidelines 2-4
information about 2-1
limitations roles
guidelines 2-4
user names
information about 2-3
user roles
creating 2-8
creating feature groups 2-10
V
vendor ID, Cisco 6-4
vendor-specific attributes (VSAs) 6-4
virtual service domain
create 3-7
display 3-7
interfaces 3-1
port profile
inside or outside 3-3
member 3-6
virtual -service-domain command 3-7
virtual-service-domain command 3-4
vmware port-group command 3-5
VSAs
protocol options 5-3