A -
C -
D -
E -
F -
I -
L -
M -
P -
R -
S -
T -
U -
V -
Index
A
AAA
default settings 4-4
description4-1to 4-4
example configuration 4-9
guidelines 4-4
limitations 4-4
monitoring TACACS+ servers 6-3
prerequisites 4-4
server groups description 4-4
services 4-1
standards 4-9
TACACS+ server groups 6-12
verifying configurations 4-8
aaa authentication command 4-6
AAA servers
FreeRADIUS VSA format 5-4
access control lists
order of application 9-2
types of 9-2
accounting
default 4-4
description 4-3
ARP inspection
See dynamic ARP inspection
authentication
console default 4-4
description 4-2
method default 4-4
authentication, authorization, and accounting. See AAA
authorization, description 4-3
av pair 6-3
C
Cisco
vendor ID 5-3, 6-3
class-map limits 15-1
clear a Telnet session 8-4
configuration limits 15-1
console
authentication default 4-4
configure login authentication 4-6
D
defaults
user access 2-4
default settings
AAA 4-4
SSH 7-3
TACACS+ 6-4
Telnet 3-3, 8-2
detection, DAI error-disabled interface 13-10
DHCP binding database
See DHCP snooping binding database
DHCP snooping
binding database
See DHCP snooping binding database
description 12-1
enabling globally 12-4
enabling on a VLAN 12-5
error-disable detection 12-9, 12-10, 13-10
MAC address verification 12-6
minimum configuration 12-4
overview 12-1
rate limiting DHCP packets 12-8
trusted and untrusted interfaces 12-7
DHCP snooping binding database
described 12-2
entries 12-2
disable
Telnet 8-2
documentation
additional publications 1-xvii
dynamic ARP inspection
additional validation 13-11
ARP requests 13-1
ARP spoofing attack 13-2
configuring trust state 13-6
configuring VLANs 13-5
description 13-1
DHCP snooping binding database 13-2
error-disabled detection and recovery 13-10
function of 13-2
network security and trusted interfaces 13-3
rate limits 13-12
Dynamic Host Configuration Protocol snooping
See DHCP snooping
E
enable
authentication failure messages 4-7
port profile 3-5, 3-7, 3-10
Telnet 8-2
error-disabled interface, DAI 13-10
example configuration
AAA 4-9
Secure Shell (SSH) 7-14
TACACS+ 6-23
user access 2-15
expiration date
information about 2-4
F
feature groups
creating 2-10
flow chart
configuring AAA 4-5
configuring TACACS+ 6-6
FreeRADIUS
VSA format for role attributes 5-4
I
IDs
Cisco vendor ID 5-3
inside port profile, VSD, outside port profile, VSD 3-3, 3-6, 3-8
interfaces, VSD 3-1
IP ACLs
changing an IP ACL 9-7
configuring9-5to ??
creating an IP ACL 9-5
default settings 9-5
description 9-1
guidelines 9-5, 10-1
limitations 9-5, 10-1
prerequisites 9-5
removing an IP ACL 9-8
verifying configuration 9-11
IP Source Guard
description 14-1
enabling 14-3
static IP source entries 14-4
L
limits, configuration 15-1
login AAA, about 4-1
login authentication
configuring console methods 4-6
M
MAC ACLs
changing a MAC ACL 10-3
creating a MAC ACL 10-2
description 10-1
removing a MAC ACL 10-5
match criteria limit 15-1
P
password
checking strength 2-5, 2-6
passwords
information about 2-3
policy map limits 15-1
port ACLs
applying 9-10
port-profile command 3-4
port security
description 11-1
enabling on an interface 11-6
MAC move 11-4
static MAC address 11-9
violations 11-4
preshared keys
TACACS+ 6-2
prohibited words 2-7
R
RADIUS
configuring servers5-5to 5-19
configuring the global key 5-7
configuring transmission retries 5-12
default settings 5-5
description5-1to 5-4
example configurations 5-22
network environments 5-1
operation 5-2
prerequisites 5-4
specifying server at login 5-10
verifying configuration 5-21
VSAs 5-3
RADIUS server groups
configuring 5-9
RADIUS Servers
retries to a single server 5-14
RADIUS servers
configuring accounting attributes 5-15, 5-16
configuring a timeout interval 5-13
configuring authentication attributes 5-15, 5-16
configuring dead-time intervals 5-19
configuring hosts 5-5
configuring keys 5-8
configuring periodic monitoring 5-18
deleting hosts 5-21
displaying statistics 5-22
example configurations 5-22
manually monitoring 5-20
monitoring 5-2
verifying configuration 5-21
recovery, DAI error-disabled interface 13-10
related documents 1-xvii
remote session, Telnet IPv4 8-3
roles
example configuration 2-15
information about 2-1
interface access 2-12
limitations 2-4
verifying 2-15
VLAN access 2-13
S
Secure Shell
default settings 7-3
security services, about 4-1
server groups, description 4-4
service policy limits 15-1
service-port command 3-5
services, AAA, about 4-1
session, clearing Telnet 8-3, 8-4
session, starting IPv4 Telnet 8-3
show Telnet server command 8-5
show virtual -service-domain command 3-8, 3-10
SSH
default settings 7-3
generating server key-pairs 1-3, 7-1
state enabled command 3-5, 3-7, 3-10
statistics
RADIUS servers 5-22
TACACS+ 6-22
switchport mode trunk command 3-4
switchport trunk allowed vlan, command 3-9
T
TACACS+
configuring6-5to ??
configuring global timeout interval 6-16
configuring shared keys 6-9
default settings 6-4
description6-1to ??
disabling 6-8
displaying statistics 6-22
enabling 6-8
example configurations 6-23
global preshared keys 6-2
guidelines 6-4
limitations 6-4
prerequisites 6-4
preshared key 6-2
specifying TACACS+ servers at login 6-14
user login operation 6-2
VSAs 6-3
TACACS+ servers
configuration overview 6-6
configuring dead-time interval 6-21
configuring hosts 5-6, 6-11
configuring periodic monitoring 6-20
configuring server groups 6-12
configuring TCP ports 6-18
displaying statistics 6-22
monitoring 6-3
TCP ports
TACACS+ servers 6-18
Telnet 3-1, 8-1
clearing a session 8-4
clear session 8-3
default setting 3-3, 8-2
enable, disable 8-2
information about 8-1
prerequisites for 8-1
start IPv4 session 8-3
Telnet command 8-4
timeout
TACACS+ 6-16
U
user access
defaults 2-4
example configuration 2-15
verifying 2-15
user account
prohibited words 2-7
user accounts
configuring 2-6
guidelines 2-4
information about 2-1
limitations roles
guidelines 2-4
user names
information about 2-3
user roles
creating 2-8
creating feature groups 2-10
V
vendor ID, Cisco 6-3
vendor-specific attributes (VSAs) 6-3
virtual service domain
create 3-7, 3-9
display 3-8, 3-10
interfaces 3-1
port profile
inside or outside 3-3
member 3-6, 3-8
virtual -service-domain command 3-7, 3-9
virtual-service-domain command 3-4
vmware port-group command 3-5
VSAs
protocol options 5-3