The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco NX-OS security commands that begin with S.
To add a server to a RADIUS or TACACS+ server group, use the server command. To delete a server from a server group, use the no form of this command.
server { ipv4-address | ipv6-address | hostname }
no server { ipv4-address | ipv6-address | hostname }
Server name. The name is alphanumeric, case sensitive, and has a maximum of 256 characters. |
RADlUS server group configuration mode
TACACS+ server group configuration mode
|
|
You can configure up to 64 servers in a server group.
Use the aaa group server radius command to enter RADIUS server group configuration mode or aaa group server tacacs+ command to enter TACACS+ server group configuration mode.
If the server is not found, use the radius-server host command or tacacs-server host command to configure the server.
Note You must use the feature tacacs+ command before you configure TACACS+.
This example shows how to add a server to a RADIUS server group:
This example shows how to delete a server from a RADIUS server group:
This example shows how to add a server to a TACACS+ server group:
This example shows how to delete a server from a TACACS+ server group:
|
|
---|---|
To create a Secure Shell (SSH) session using IPv4, use the ssh command.
ssh [ username @ ]{ ipv4-address | hostname } [ vrf { vrf-name | default | management }]
|
|
This example shows how to start an SSH session using IPv4:
|
|
---|---|
To create a Secure Shell (SSH) session using IPv6, use the ssh6 command.
ssh6 [ username @ ]{ ipv6-address | hostname } [ vrf { vrf-name | default | management }]
|
|
This example shows how to start an SSH session using IPv6:
|
|
---|---|
To create a Secure Shell (SSH) server key, use the ssh key command. To remove the SSH server key, use the no form of this command.
ssh key { dsa [ force ] | rsa [ length [ force ]]}
|
|
The Cisco NX-OS software supports SSH version 2.
If you want to remove or replace an SSH server key, you must first disable the SSH server using the no ssh server enable command.
This example shows how to create an SSH server key using RSA with the default key length:
This example shows how to create an SSH server key using RSA with a specified key length:
This example shows how to replace an SSH server key using DSA with the force option:
This example shows how to remove the DSA SSH server key:
This example shows how to remove all SSH server keys:
|
|
---|---|
To enable the Secure Shell (SSH) server, use the ssh server enable command. To disable the SSH server, use the no form of this command.
|
|
This example shows how to enable the SSH server:
This example shows how to disable the SSH server:
|
|
---|---|
To set the suppression level for traffic storm control, use the storm-control level command. To turn off the suppression mode or revert to the default, use the no form of this command.
storm-control { broadcast | multicast | unicast } level percentage [. fraction ]
no storm-control { broadcast | multicast | unicast } level
Specifies the percentage of the suppression level. The range is from 0 to 100 percent. |
|
(Optional) Fraction of the suppression level. The range is from 0 to 99. |
|
|
Enter the storm-control level command to enable traffic storm control on the interface, configure the traffic storm-control level, and apply the traffic storm-control level to all traffic storm-control modes that are enabled on the interface.
The period (.) is required when you enter the fractional-suppression level.
The suppression level is a percentage of the total bandwidth. A threshold value of 100 percent means that no limit is placed on traffic. A threshold value of 0 or 0.0 (fractional) percent means that all specified traffic is blocked on a port.
Use the show interfaces counters storm-control command to display the discard count.
Use one of the following methods to turn off suppression for the specified traffic type:
This example shows how to enable suppression of broadcast traffic and set the suppression threshold level:
This example shows how to disable the suppression mode for multicast traffic:
|
|
---|---|
Displays the storm-control suppression counters for an interface. |
|