Cisco DCNM Security Configuration Guide, Release 4.0
Index
Downloads: This chapterpdf (PDF - 267.0KB) The complete bookPDF (PDF - 6.74MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - F - I - K - L - M - N - P - R - S - T - U - V -

Index

Numerics

802.1X

configuration process 6-9

configuring6-8to 6-22

configuring AAA accounting methods 6-21

description6-1to 6-7

disabling authentication on the device 6-18

disabling on the device 6-19

displaying statistics 6-22

enabling MAC address authentication bypass 6-17

enabling multiply hosts on an interface 6-17

enabling on interfaces 6-12

enabling RADIUS accounting 6-20

enabling single hosts on an interface 6-17

field descriptions 6-23

guidelines 6-8

licensing requirements 6-7

limitations 6-8

MIBs 6-26

multiple host support 6-6

port security on same port 6-6

prerequisites 6-8

single host support 6-6

supported topologies 6-7

virtualization support 6-7

802.1X authentication

authorization states for ports 6-4

controlling on interfaces 6-12

disabling on the device 6-18

initiation 6-3

802.1X feature

disabling on the device 6-19

enabling 6-10

802.1X reauthentication

enabling global periodic 6-13

enabling periodic on interfaces 6-14

setting retry counts on interfaces 6-22

802.1X retry counts

setting globally 6-19

setting on interfaces 6-20

802.1X timers

changes interface timers 6-15

changing global timers 6-14

A

AAA

accounting 2-2

authentication 2-2

authorization 2-2

benefits 2-2

configuring2-7to 2-15

description2-1to 2-5

field descriptions 2-15

guidelines 2-6

licensing requirements 2-6

limitations 2-6

MIBs 2-17

monitoring TACACS+ servers 4-3

prerequisites 2-6

standards 2-16

TACACS+ server groups 3-11, 3-13, 4-12, 4-14

user login process 2-4

virtualization support 2-5

AAA accounting

adding rule methods 2-11

changing rule methods 2-10

configuring methods for 802.1X 6-21

deleting rule methods 2-13

rearranging rule methods 2-12

AAA authentication rules

adding methods 2-8

changing methods 2-8

deleting methods 2-10

rearranging methods 2-9

AAA protocols

RADIUS 2-1

TACACS+ 2-1

AAA server groups

description 2-3

AAA servers

FreeRADIUS VSA format 3-4

specifying SNMPv3 parameters 2-13, 2-14

specifying user roles 2-14

specifying user roles in VSAs 2-13

AAA services

configuration options 2-3

remote 2-2

security 2-1

access control lists

description7-1to 7-8

order of application 7-2

types of 7-2

See also ARP ACLs

See also IP ACLs

See also MAC ACLs

See also policy-based ACLs

See also port ACLs

See also router ACLs

See also VLAN ACLs

accounting

description 2-2

VDC support 2-5

ARP ACLs

applying to VLANs 12-9

changing 12-17

creating 12-16

description 12-16

priority of ARP ACLs and DHCP snooping entries 12-4

removing 12-18

ARP inspection

See dynamic ARP inspection

authentication

802.1X 6-3

description 2-2

local 2-2

methods 2-3

remote 2-2

user logins 2-4

authentication, authorization, and accounting. See AAA

authorization

description 2-2

user logins 2-4

B

broadcast storms. See traffic storm control

C

Cisco

vendor ID 2-14, 3-3, 4-4

cisco-av-pair

specifying AAA user parameters 2-13, 2-14

D

DHCP binding database

See DHCP snooping binding database

DHCP option 82

description 11-3

DHCP snooping

binding database

See DHCP snooping binding database

description 11-1

displaying DHCP bindings 11-16

enabling feature 11-8

enabling globally 11-9

enabling on a VLAN 11-10

interface trust state 11-12

MAC address verification 11-10

message exchange process 11-4

minimum configuration 11-7

option 82 11-3

overview 11-1

relay agent 11-12

DHCP snooping binding database

described 11-2

entries 11-2

documentation

additional publications iii-xviii

dynamic ARP inspection

additional validation 12-11

applying ARP ACLs 12-9

ARP cache poisoning 12-2

ARP requests 12-2

ARP spoofing attack 12-2

configuring log buffer size 12-11

configuring trust state 12-8

description 12-1

DHCP snooping binding database 12-3

enabling on VLANs 12-8

error-disabled recovery 12-10

function of 12-3

interface trust states 12-3

logging of dropped packets 12-5

man-in-the middle attack 12-2

network security issues and interface trust states 12-3

priority of ARP ACLs and DHCP snooping entries 12-4

Dynamic Host Configuration Protocol snooping

See DHCP snooping

F

field descriptions

802.1X 6-23

AAA 2-15

TACACS+ 4-19

FreeRADIUS

VSA format for role attributes 2-14, 3-4

I

IDs

Cisco vendor ID 2-14, 3-3, 4-4

interfaces

controlling 802.1X authentication 6-12

enabling 802.1X 6-12

enabling periodic 802.1X reauthentication 6-14

setting 802.1X reauthentication retry counts 6-22

setting 802.1X retransmission retry counts 6-20

IP ACLs

applying to a physical port 7-11

applying to a port channel 7-12

changing an IP ACL 7-10

configuring7-9to 7-13

creating an IP ACL 7-10

field descriptions for IPv4 ACLs 7-13

guidelines 7-8

licensing 7-8

limitations 7-8

prerequisites 7-8

removing an IP ACL 7-11

virtualization support 7-8

IP Source Guard

description 13-1

enabling 13-3

static IP source entries 13-4

K

key chain

end-time 14-2

lifetime 14-2

start-time 14-2

keychain management

configuring a key 14-5

configuring lifetimes 14-6

configuring text for a key 14-5

creating a keychain 14-4

description 14-1

L

licensing

802.1X 6-7

AAA 2-6

IP ACLs 7-8

RADIUS 3-4

TACACS+ 4-5

traffic storm control 15-3

M

MAC ACLs

applying to a physical port 8-4

changing a MAC ACL 8-3

creating a MAC ACL 8-3

removing a MAC ACL 8-4

virtualization support 7-8

MAC addresses

enabling authentication bypass for 802.1X 6-17

MIBs

802.1X 6-26

AAA 2-17

multicast storms. See traffic storm control

multiple hosts

enabling for 802.1X 6-17

N

network-admin user role

description 5-3

network-operator user role

description 5-3

P

passwords

strong characteristics 5-2

port ACLs

definition 7-2

port-based authentication

encapsulation 6-2

ports

authorization states for 802.1X 6-4

port security

802.1X on same port 6-6

description 10-1

enabling globally 10-8

enabling on an interface 10-9

MAC move 10-4

static MAC address 10-10

violations 10-4

preshared keys

TACACS+ 4-3

R

RADIUS

configuring global preshared keys 3-9

configuring servers3-5to 3-16

configuring timeout intervals 3-14

configuring transmission retry counts 3-14

description3-1to 3-5

licensing 3-4

network environments 3-1

operation 3-2

prerequisites 3-5

specifying server at login 3-13

virtualization support 3-4

VSAs 3-3

RADIUS accounting

enabling for 802.1X 6-20

RADIUS servers

configuration process 3-6

configuring accounting attributes 3-15

configuring authentication attributes 3-15

configuring dead-time intervals 3-16

configuring hosts 3-8, 3-11, 4-13

configuring periodic monitoring 3-15

configuring preshared keys 3-10

configuring timeout interval 3-14

configuring transmission retry count 3-14

deleting hosts 3-17

displaying statistics 3-17

monitoring 3-2

RBAC

configuring5-11to 5-19

description 5-2

field descriptions 5-19

See also user roles

related documents iii-xviii

router ACLs

definition 7-2

rules. See user role rules

S

server groups. See AAA server groups

single hosts

enabling for 802.1X 6-17

SNMPv3

specifying AAA parameters 2-13

specifying parameters for AAA servers 2-14

statistics

802.1X 6-22

RADIUS servers 3-17

TACACS+ 4-19

traffic storm control 15-5

superuser role. See network-admin user role

T

TACACS+

advantages over RADIUS 4-2

configuring4-6to 4-19

configuring global preshared keys 4-11

configuring global timeout interval 4-15

description4-1to 4-5

disabling 4-18

displaying statistics 4-19

enabling 4-9

field descriptions 4-19

global preshared keys 4-3

guidelines 4-6

licensing requirements 4-5

limitations 4-6

prerequisites 4-6

preshared key 4-3

specifying TACACS+ servers at login 4-14

user login operation 4-2

virtualization 4-5

VSAs 4-4

TACACS+ servers

configuration process 4-7

configuring dead-time interval 4-18

configuring hosts 3-9, 3-12, 4-9, 4-10, 4-14

configuring periodic monitoring 4-17

configuring preshared keys 4-11

configuring server groups 3-11, 3-13, 4-12, 4-14

configuring TCP ports 4-16

configuring timeout interval 4-16

displaying statistics 4-19

field descriptions 4-19

monitoring 4-3

privilege levels 4-5

TCP ports

TACACS+ servers 4-16

time ranges

absolute 7-6

changing a time range 7-19

configuring7-18to 7-20

creating a time range 7-18

description 7-6

field descriptions 7-20

periodic 7-7

removing a time range 7-20

traffic storm control

configuring 15-4

description 15-1

displaying statistics 15-5

field descriptions 15-5

guidelines 15-3

licensing 15-3

limitations 15-3

virtualization support 15-3

U

unicast storms. See traffic storm control

user accounts

adding roles 5-9

changing expiry date 5-8

changing passwords 5-8

configuring5-5to 5-10

creating 5-5

deleting 5-10

deleting roles 5-9

description 5-1

guidelines 5-4

password characteristics 5-2

virtualization support 5-3

user accounts limitations 5-4

user logins

authentication process 2-4

authorization process 2-4

user role rules

description 5-3

user roles

adding rules 5-12

change rules 5-13

change VLAN policies 5-16

changing interface policies 5-15

changing VRF policies 5-18

creating 5-12

defaults 5-3

deleting rules 5-15

description 5-2

guidelines 5-4

limitations 5-4

rearranging rules 5-14

specifying on AAA servers 2-13, 2-14

virtualization support 5-3

V

vdc-admin user role

description 5-3

vdc-operator user role

description 5-3

vendor-specific attributes. See VSAs

virtualization

802.1X 6-7

AAA 2-5

RADIUS 3-4

TACACS+ 4-5

traffic storm control 15-3

user accounts 5-3

user roles 5-3

VLAN ACLs

applying a VACL 9-5

creating and changing VACLs 9-3

definition 7-2

description 9-1

removing a VACL 9-4

VSAs

format 2-14

protocol options 2-14, 3-3, 4-4

support description 2-13