Cisco Nexus 1000V Security Configuration Guide, Release 4.2(1)SV1(4b)
Index
Downloads: This chapterpdf (PDF - 215.0KB) The complete bookPDF (PDF - 6.28MB) | Feedback

Index

Table Of Contents

A - C - D - E - F - H - I - L - M - O - P - R - S - T - U - V -

Index

A

AAA

default settings 4-4

description4-1to 4-4

example configuration 4-9

guidelines 4-4

limitations 4-4

monitoring TACACS+ servers 6-3

prerequisites 4-4

server groups description 4-4

services 4-1

standards 4-9

TACACS+ server groups 6-12

verifying configurations 4-8

aaa authentication command 4-6

AAA servers

FreeRADIUS VSA format 5-4

access control lists

order of application 9-2

See ACLs.

types of 9-2

accounting

default 4-4

description 4-3

ACLs

configuring in port profiles 9-12, 10-8

ARP inspection

See dynamic ARP inspection

authentication

console default 4-4

description 4-2

method default 4-4

authentication, authorization, and accounting. See AAA

authorization, description 4-3

av pair 6-3

C

Cisco

vendor ID 5-3, 6-3

class-map limits 17-1

clear a Telnet session 8-4

configuration limits 17-1

console

authentication default 4-4

configure login authentication 4-6

D

defaults

user access 2-4

default settings

AAA 4-4

HTTP 15-2

SSH 7-3

TACACS+ 6-4

Telnet 3-3, 8-2

unknown unicast flooding 16-2

detection, DAI error-disabled interface 13-12

DHCP binding database

See DHCP snooping binding database

DHCP feature

enabling 12-5

DHCP snooping

binding database

See DHCP snooping binding database

displaying DHCP bindings 12-16

enabling globally 12-6

enabling on a VLAN 12-7

error-disable detection 11-17, 12-11, 12-12, 13-12

guidelines and limitations 12-4

information about 12-1

binding database 12-2

high availability 12-3

Relay Agent 12-3

trusted sources 12-2

MAC address verification 12-8

minimum configuration 12-5

overview 12-1

rate limiting DHCP packets 12-10

relay agent, option 82 data, relaying switch and circuit information, DHCP snooping 12-15

trusted and untrusted interfaces 12-9

DHCP snooping binding database

described 12-2

entries 12-2

disable

HTTP 15-2

Telnet 8-2

documentation

additional publications 1-xix

dynamic ARP inspection

additional validation 13-13

ARP requests 13-1

ARP spoofing attack 13-2

configuring trust state 13-6, 13-8

configuring VLANs 13-6

description 13-1

DHCP snooping binding database 13-2

error-disabled detection and recovery 13-12

function of 13-2

network security and trusted interfaces 13-3

rate limits 13-14

Dynamic Host Configuration Protocol snooping

See DHCP snooping

E

enable

authentication failure messages 4-7

port profile 3-6, 3-8

Telnet 8-2

error-disabled interface, DAI 13-12

example configuration

AAA 4-9

blocking unknown unicasts (UUFB) 16-7

Secure Shell (SSH) 7-14

TACACS+ 6-23

user access 2-15

expiration date

information about 2-4

F

feature groups

creating 2-10

flow chart

configuring AAA 4-5

configuring TACACS+ 6-6

FreeRADIUS

VSA format for role attributes 5-4

H

HTTP 15-1

default setting 15-2

disable 15-2

guidelines and limitations 15-1

information about 15-1

I

IDs

Cisco vendor ID 5-3

inside port profile, VSD, outside port profile, VSD 3-4, 3-7

interfaces, VSD 3-1

IP ACLs

changing an IP ACL 9-7

configuring9-5to ??

creating an IP ACL 9-6

default settings 9-5

description 9-1

guidelines 9-5, 10-2

limitations 9-5, 10-2

prerequisites 9-5

removing an IP ACL 9-9

verifying configuration 9-14

IP Source Guard

description 14-1

enabling 14-3

static IP source entries 14-4

L

limits, configuration 17-1

login AAA, about 4-1

login authentication

configuring console methods 4-6

M

MAC ACLs

changing a MAC ACL 10-4

creating a MAC ACL 10-2

description 10-1

removing a MAC ACL 10-5

mac port access-group command 9-13, 10-9

match criteria limit 17-1

O

option 82, DHCP snooping 12-15

P

password

checking strength 2-5, 2-6

passwords

information about 2-3

policy map limits 17-1

port ACLs

applying 9-11, 9-13

port-profile command 3-5

port profiles

ACL 9-12, 10-8

port security

description 11-1

enabling on an interface 11-6

MAC move 11-4

static MAC address 11-9

violations 11-4

preshared keys

TACACS+ 6-2

prohibited words 2-7

R

RADIUS

configuring servers5-5to 5-20

configuring the global key 5-7

configuring transmission retries 5-13

default settings 5-5

description5-1to 5-4

example configurations 5-22

network environments 5-1

operation 5-2

prerequisites 5-4

specifying server at login 5-10

verifying configuration 5-22

VSAs 5-3

RADIUS server groups

configuring 5-9

RADIUS Servers

retries to a single server 5-15

RADIUS servers

configuring accounting attributes 5-16, 5-17

configuring a timeout interval 5-14

configuring authentication attributes 5-16, 5-17

configuring dead-time intervals 5-20

configuring hosts 5-6

configuring keys 5-8

configuring periodic monitoring 5-18

displaying statistics 5-22

example configurations 5-22

manually monitoring 5-21

monitoring 5-2

verifying configuration 5-22

recovery, DAI error-disabled interface 13-12

related documents 1-xix, 1-xx

relay agent, DHCP snooping 12-15

remote session, Telnet IPv4 8-3

roles

example configuration 2-15

information about 2-1

interface access 2-12

limitations 2-4

verifying 2-15

VLAN access 2-13

S

Secure Shell

default settings 7-3

security services, about 4-1

server groups, description 4-4

service policy limits 17-1

service-port command 3-6

services, AAA, about 4-1

session, clearing Telnet 8-3, 8-4

session, starting IPv4 Telnet 8-3

show HTTP server command 15-3

show Telnet server command 8-5

show virtual -service-domain command 3-8

SSH

default settings 7-3

generating server key-pairs 1-3, 7-1

state enabled command 3-6, 3-8

statistics

RADIUS servers 5-22

TACACS+ 6-22

switchport access vlan command 3-7

switchport mode trunk command 3-5

T

TACACS+

configuring6-5to ??

configuring global timeout interval 6-16

configuring shared keys 6-9

default settings 6-4

description6-1to ??

disabling 6-8

displaying statistics 6-22

enabling 6-8

example configurations 6-23

global preshared keys 6-2

guidelines 6-4

limitations 6-4

prerequisites 6-4

preshared key 6-2

specifying TACACS+ servers at login 6-15

user login operation 6-2

VSAs 6-3

TACACS+ servers

configuration overview 6-6

configuring dead-time interval 6-21

configuring hosts 6-11

configuring periodic monitoring 6-20

configuring server groups 6-12

configuring TCP ports 6-18

displaying statistics 6-22

monitoring 6-3

TCP ports

TACACS+ servers 6-18

Telnet 3-1, 8-1

clearing a session 8-4

clear session 8-3

default setting 3-3, 8-2

enable, disable 8-2

information about 8-1

prerequisites for 8-1

start IPv4 session 8-3

Telnet command 8-4

timeout

TACACS+ 6-16

U

unknown unicast flooding

default settings 16-2

user access

defaults 2-4

example configuration 2-15

verifying 2-15

user account

prohibited words 2-7

user accounts

configuring 2-6

guidelines 2-4

information about 2-1

limitations roles

guidelines 2-4

user names

information about 2-3

user roles

creating 2-8

creating feature groups 2-10

UUFB

default settings 16-2

verifying UUFB 16-6

V

vendor ID, Cisco 6-3

vendor-specific attributes (VSAs) 6-3

verifying

unknown unicast flooding 16-6

virtual service domain

create 3-8

display 3-8

interfaces 3-1

port profile

inside or outside 3-4

member 3-7

virtual -service-domain command 3-8

virtual-service-domain command 3-5

vmware port-group command 3-5

VSAs

protocol options 5-3