A -
C -
D -
E -
F -
H -
I -
L -
M -
O -
P -
R -
S -
T -
U -
V -
Index
A
AAA
default settings 4-4
description4-1to 4-4
example configuration 4-9
guidelines 4-4
limitations 4-4
monitoring TACACS+ servers 6-3
prerequisites 4-4
server groups description 4-4
services 4-1
standards 4-9
TACACS+ server groups 6-12
verifying configurations 4-8
aaa authentication command 4-6
AAA servers
FreeRADIUS VSA format 5-4
access control lists
order of application 9-2
See ACLs.
types of 9-2
accounting
default 4-4
description 4-3
ACL flows 9-5
ACL logging 9-5
disabling 9-16
packet counters 9-17
severity levels 9-19
syslog message 9-19
time interval 9-17
verifying configuration 9-20
ACLs
configuring in port profiles 9-14, 10-8
ARP inspection
See dynamic ARP inspection
authentication
console default 4-4
description 4-2
method default 4-4
authentication, authorization, and accounting. See AAA
authorization, description 4-3
av pair 6-3
C
Cisco
vendor ID 5-3, 6-3
class-map limits 17-1
clear a Telnet session 8-4
configuration limits 17-1
console
authentication default 4-4
configure login authentication 4-6
D
defaults
user access 2-4
default settings
AAA 4-4
HTTP 15-2
SSH 7-3
TACACS+ 6-4
Telnet 3-3, 8-2
unknown unicast flooding 16-2
deny flows 9-6
deny flows, configuring 9-18
detection, DAI error-disabled interface 13-12
DHCP binding database
See DHCP snooping binding database
DHCP feature
enabling 12-5
DHCP snooping
binding database
See DHCP snooping binding database
displaying DHCP bindings 12-16
enabling globally 12-6
enabling on a VLAN 12-7
error-disable detection 11-17, 12-11, 12-12, 13-12
guidelines and limitations 12-4
information about 12-1
binding database 12-2
high availability 12-3
Relay Agent 12-3
trusted sources 12-2
MAC address verification 12-8
minimum configuration 12-5
overview 12-1
rate limiting DHCP packets 12-10
relay agent, option 82 data, relaying switch and circuit information, DHCP snooping 12-15
trusted and untrusted interfaces 12-9
DHCP snooping binding database
described 12-2
entries 12-2
disable
HTTP 15-2
Telnet 8-2
documentation
additional publications 1-xix
dynamic ARP inspection
additional validation 13-13
ARP requests 13-1
ARP spoofing attack 13-2
configuring trust state 13-6, 13-8
configuring VLANs 13-6
description 13-1
DHCP snooping binding database 13-2
error-disabled detection and recovery 13-12
function of 13-2
network security and trusted interfaces 13-3
rate limits 13-14
Dynamic Host Configuration Protocol snooping
See DHCP snooping
E
enable
authentication failure messages 4-7
port profile 3-6, 3-8
Telnet 8-2
error-disabled interface, DAI 13-12
example configuration
AAA 4-9
blocking unknown unicasts (UUFB) 16-7
Secure Shell (SSH) 7-14
TACACS+ 6-23
user access 2-15
expiration date
information about 2-4
F
feature groups
creating 2-10
flow chart
configuring AAA 4-5
configuring TACACS+ 6-6
flow definition 9-5
flows
configuring permit and deny 9-17
permit deny 9-6
FreeRADIUS
VSA format for role attributes 5-4
H
HTTP 15-1
default setting 15-2
disable 15-2
guidelines and limitations 15-1
information about 15-1
I
IDs
Cisco vendor ID 5-3
inside port profile, VSD, outside port profile, VSD 3-4, 3-7
interfaces, VSD 3-1
IP ACLs
changing an IP ACL 9-9
configuring9-7to ??
creating an IP ACL 9-8
default settings 9-7
description 9-1
guidelines 9-7, 10-2
limitations 9-7, 10-2
prerequisites 9-7
removing an IP ACL 9-11
verifying configuration 9-20
IP Source Guard
description 14-1
enabling 14-3
static IP source entries 14-4
L
limits, configuration 17-1
logging ACL 9-5
login AAA, about 4-1
login authentication
configuring console methods 4-6
M
MAC ACLs
changing a MAC ACL 10-4
creating a MAC ACL 10-2
description 10-1
removing a MAC ACL 10-5
mac port access-group command 9-15, 10-9
match criteria limit 17-1
O
option 82, DHCP snooping 12-15
P
password
checking strength 2-5, 2-6
passwords
information about 2-3
permit flows
about 9-6
configuring 9-18
policy map limits 17-1
port ACLs
applying 9-13, 9-15
port-profile command 3-5
port profiles
ACL 9-14, 10-8
port security
description 11-1
enabling on an interface 11-7
MAC move 11-4
static MAC address 11-9
violations 11-4
preshared keys
TACACS+ 6-2
prohibited words 2-7
R
RADIUS
configuring servers5-5to 5-20
configuring the global key 5-7
configuring transmission retries 5-13
default settings 5-5
description5-1to 5-4
example configurations 5-22
network environments 5-1
operation 5-2
prerequisites 5-4
specifying server at login 5-10
verifying configuration 5-22
VSAs 5-3
RADIUS server groups
configuring 5-9
RADIUS Servers
retries to a single server 5-15
RADIUS servers
configuring accounting attributes 5-16, 5-17
configuring a timeout interval 5-14
configuring authentication attributes 5-16, 5-17
configuring dead-time intervals 5-20
configuring hosts 5-6
configuring keys 5-8
configuring periodic monitoring 5-18
displaying statistics 5-22
example configurations 5-22
manually monitoring 5-21
monitoring 5-2
verifying configuration 5-22
recovery, DAI error-disabled interface 13-12
related documents 1-xix, 1-xx
relay agent, DHCP snooping 12-15
remote session, Telnet IPv4 8-3
roles
example configuration 2-15
information about 2-1
interface access 2-12
limitations 2-4
verifying 2-15
VLAN access 2-13
S
Secure Shell
default settings 7-3
security services, about 4-1
server groups, description 4-4
service policy limits 17-1
service-port command 3-6
services, AAA, about 4-1
session, clearing Telnet 8-3, 8-4
session, starting IPv4 Telnet 8-3
show HTTP server command 15-3
show Telnet server command 8-5
show virtual -service-domain command 3-8
SSH
default settings 7-3
generating server key-pairs 1-3, 7-1
state enabled command 3-6, 3-8
statistics
RADIUS servers 5-22
TACACS+ 6-22
switchport access vlan command 3-7
switchport mode trunk command 3-5
syslog messages 9-6
syslog server severity levels 9-19
T
TACACS+
configuring6-5to ??
configuring global timeout interval 6-16
configuring shared keys 6-9
default settings 6-4
description6-1to ??
disabling 6-8
displaying statistics 6-22
enabling 6-8
example configurations 6-23
global preshared keys 6-2
guidelines 6-4
limitations 6-4
prerequisites 6-4
preshared key 6-2
specifying TACACS+ servers at login 6-15
user login operation 6-2
VSAs 6-3
TACACS+ servers
configuration overview 6-6
configuring dead-time interval 6-21
configuring hosts 6-11
configuring periodic monitoring 6-20
configuring server groups 6-12
configuring TCP ports 6-18
displaying statistics 6-22
monitoring 6-3
TCP ports
TACACS+ servers 6-18
Telnet 3-1, 8-1
clearing a session 8-4
clear session 8-3
default setting 3-3, 8-2
enable, disable 8-2
information about 8-1
prerequisites for 8-1
start IPv4 session 8-3
Telnet command 8-4
time interval, ACL logging 9-17
timeout
TACACS+ 6-16
U
unknown unicast flooding
default settings 16-2
user access
defaults 2-4
example configuration 2-15
verifying 2-15
user account
prohibited words 2-7
user accounts
configuring 2-6
guidelines 2-4
information about 2-1
limitations roles
guidelines 2-4
user names
information about 2-3
user roles
creating 2-8
creating feature groups 2-10
UUFB
default settings 16-2
verifying UUFB 16-6
V
vendor ID, Cisco 6-3
vendor-specific attributes (VSAs) 6-3
verifying
ACL logging configuration 9-20
unknown unicast flooding 16-6
virtual service domain
create 3-8
display 3-8
interfaces 3-1
port profile
inside or outside 3-4
member 3-7
virtual -service-domain command 3-8
virtual-service-domain command 3-5
vmware port-group command 3-5
VSAs
protocol options 5-3