Cisco Nexus 1000V Security Configuration Guide, Release 4.0(4)SV1(3)
Index
Downloads: This chapterpdf (PDF - 205.0KB) The complete bookPDF (PDF - 5.77MB) | Feedback

Index

Table Of Contents

A - C - D - E - F - I - L - M - P - R - S - T - U - V -

Index

A

AAA

default settings 4-4

description4-1to 4-4

example configuration 4-9

guidelines 4-4

limitations 4-4

monitoring TACACS+ servers 6-3

prerequisites 4-4

server groups description 4-4

services 4-1

standards 4-9

TACACS+ server groups 6-12

verifying configurations 4-8

aaa authentication command 4-6

AAA servers

FreeRADIUS VSA format 5-4

access control lists

order of application 9-2

types of 9-2

accounting

default 4-4

description 4-3

ARP inspection

See dynamic ARP inspection

authentication

console default 4-4

description 4-2

method default 4-4

authentication, authorization, and accounting. See AAA

authorization, description 4-3

av pair 6-3

C

Cisco

vendor ID 5-3, 6-3

class-map limits 15-1

clear a Telnet session 8-4

configuration limits 15-1

console

authentication default 4-4

configure login authentication 4-6

D

defaults

user access 2-4

default settings

AAA 4-4

SSH 7-3

TACACS+ 6-4

Telnet 3-3, 8-2

detection, DAI error-disabled interface 13-10

DHCP binding database

See DHCP snooping binding database

DHCP snooping

binding database

See DHCP snooping binding database

description 12-1

enabling globally 12-4

enabling on a VLAN 12-5

error-disable detection 12-9, 12-10, 13-10

MAC address verification 12-6

minimum configuration 12-4

overview 12-1

rate limiting DHCP packets 12-8

trusted and untrusted interfaces 12-7

DHCP snooping binding database

described 12-2

entries 12-2

disable

Telnet 8-2

documentation

additional publications 1-xvii

dynamic ARP inspection

additional validation 13-11

ARP requests 13-1

ARP spoofing attack 13-2

configuring trust state 13-6

configuring VLANs 13-5

description 13-1

DHCP snooping binding database 13-2

error-disabled detection and recovery 13-10

function of 13-2

network security and trusted interfaces 13-3

rate limits 13-12

Dynamic Host Configuration Protocol snooping

See DHCP snooping

E

enable

authentication failure messages 4-7

port profile 3-5, 3-7, 3-10

Telnet 8-2

error-disabled interface, DAI 13-10

example configuration

AAA 4-9

Secure Shell (SSH) 7-14

TACACS+ 6-23

user access 2-15

expiration date

information about 2-4

F

feature groups

creating 2-10

flow chart

configuring AAA 4-5

configuring TACACS+ 6-6

FreeRADIUS

VSA format for role attributes 5-4

I

IDs

Cisco vendor ID 5-3

inside port profile, VSD, outside port profile, VSD 3-3, 3-6, 3-8

interfaces, VSD 3-1

IP ACLs

changing an IP ACL 9-7

configuring9-5to ??

creating an IP ACL 9-5

default settings 9-5

description 9-1

guidelines 9-5, 10-1

limitations 9-5, 10-1

prerequisites 9-5

removing an IP ACL 9-8

verifying configuration 9-11

IP Source Guard

description 14-1

enabling 14-3

static IP source entries 14-4

L

limits, configuration 15-1

login AAA, about 4-1

login authentication

configuring console methods 4-6

M

MAC ACLs

changing a MAC ACL 10-3

creating a MAC ACL 10-2

description 10-1

removing a MAC ACL 10-5

match criteria limit 15-1

P

password

checking strength 2-5, 2-6

passwords

information about 2-3

policy map limits 15-1

port ACLs

applying 9-10

port-profile command 3-4

port security

description 11-1

enabling on an interface 11-6

MAC move 11-4

static MAC address 11-9

violations 11-4

preshared keys

TACACS+ 6-2

prohibited words 2-7

R

RADIUS

configuring servers5-5to 5-19

configuring the global key 5-7

configuring transmission retries 5-12

default settings 5-5

description5-1to 5-4

example configurations 5-22

network environments 5-1

operation 5-2

prerequisites 5-4

specifying server at login 5-10

verifying configuration 5-21

VSAs 5-3

RADIUS server groups

configuring 5-9

RADIUS Servers

retries to a single server 5-14

RADIUS servers

configuring accounting attributes 5-15, 5-16

configuring a timeout interval 5-13

configuring authentication attributes 5-15, 5-16

configuring dead-time intervals 5-19

configuring hosts 5-5

configuring keys 5-8

configuring periodic monitoring 5-18

deleting hosts 5-21

displaying statistics 5-22

example configurations 5-22

manually monitoring 5-20

monitoring 5-2

verifying configuration 5-21

recovery, DAI error-disabled interface 13-10

related documents 1-xvii

remote session, Telnet IPv4 8-3

roles

example configuration 2-15

information about 2-1

interface access 2-12

limitations 2-4

verifying 2-15

VLAN access 2-13

S

Secure Shell

default settings 7-3

security services, about 4-1

server groups, description 4-4

service policy limits 15-1

service-port command 3-5

services, AAA, about 4-1

session, clearing Telnet 8-3, 8-4

session, starting IPv4 Telnet 8-3

show Telnet server command 8-5

show virtual -service-domain command 3-8, 3-10

SSH

default settings 7-3

generating server key-pairs 1-3, 7-1

state enabled command 3-5, 3-7, 3-10

statistics

RADIUS servers 5-22

TACACS+ 6-22

switchport mode trunk command 3-4

switchport trunk allowed vlan, command 3-9

T

TACACS+

configuring6-5to ??

configuring global timeout interval 6-16

configuring shared keys 6-9

default settings 6-4

description6-1to ??

disabling 6-8

displaying statistics 6-22

enabling 6-8

example configurations 6-23

global preshared keys 6-2

guidelines 6-4

limitations 6-4

prerequisites 6-4

preshared key 6-2

specifying TACACS+ servers at login 6-14

user login operation 6-2

VSAs 6-3

TACACS+ servers

configuration overview 6-6

configuring dead-time interval 6-21

configuring hosts 5-6, 6-11

configuring periodic monitoring 6-20

configuring server groups 6-12

configuring TCP ports 6-18

displaying statistics 6-22

monitoring 6-3

TCP ports

TACACS+ servers 6-18

Telnet 3-1, 8-1

clearing a session 8-4

clear session 8-3

default setting 3-3, 8-2

enable, disable 8-2

information about 8-1

prerequisites for 8-1

start IPv4 session 8-3

Telnet command 8-4

timeout

TACACS+ 6-16

U

user access

defaults 2-4

example configuration 2-15

verifying 2-15

user account

prohibited words 2-7

user accounts

configuring 2-6

guidelines 2-4

information about 2-1

limitations roles

guidelines 2-4

user names

information about 2-3

user roles

creating 2-8

creating feature groups 2-10

V

vendor ID, Cisco 6-3

vendor-specific attributes (VSAs) 6-3

virtual service domain

create 3-7, 3-9

display 3-8, 3-10

interfaces 3-1

port profile

inside or outside 3-3

member 3-6, 3-8

virtual -service-domain command 3-7, 3-9

virtual-service-domain command 3-4

vmware port-group command 3-5

VSAs

protocol options 5-3