Cisco DCNM Security Configuration Guide, Release 4.1
Index
Downloads: This chapterpdf (PDF - 231.0KB) The complete bookPDF (PDF - 7.51MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - F - I - K - L - M - N - P - R - S - T - U - V -

Index

Numerics

802.1X

AAA authentication methods 6-11

configuration process 6-9

configuring6-8to 6-22

configuring AAA accounting methods 6-21

description6-1to 6-7

disabling authentication on the device 6-18

disabling on the device 6-19

displaying statistics 6-22

enabling MAC address authentication bypass 6-17

enabling multiply hosts on an interface 6-17

enabling on interfaces 6-12

enabling RADIUS accounting 6-20

enabling single hosts on an interface 6-17

field descriptions 6-23

guidelines 6-8

licensing requirements 6-7

limitations 6-8

MIBs 6-26

multiple host support 6-6

port security on same port 6-6

prerequisites 6-8

single host support 6-6

supported topologies 6-7

virtualization support 6-7

802.1X authentication

authorization states for ports 6-4

controlling on interfaces 6-12

disabling on the device 6-18

initiation 6-3

802.1X feature

disabling on the device 6-19

enabling 6-11

802.1X reauthentication

enabling global periodic 6-13

enabling periodic on interfaces 6-14

setting retry counts on interfaces 6-22

802.1X retry counts

setting globally 6-19

setting on interfaces 6-20

802.1X timers

changes interface timers 6-15

changing global timers 6-14

A

AAA

802.1X authentication methods 6-11

accounting 2-2

authentication 2-2

authorization 2-2

benefits 2-2

configuring2-7to 2-15

description2-1to 2-5

field descriptions 2-15

guidelines 2-6

licensing requirements 2-6

limitations 2-6

MIBs 2-17

monitoring TACACS+ servers 4-3

prerequisites 2-6

RADIUS server groups 3-12, 3-14

standards 2-16

TACACS+ server groups 4-13, 4-15

user login process 2-4

virtualization support 2-5

AAA accounting

adding rule methods 2-11

changing rule methods 2-10

configuring methods for 802.1X 6-21

deleting rule methods 2-13

rearranging rule methods 2-12

AAA authentication rules

adding methods 2-8

changing methods 2-8

deleting methods 2-10

rearranging methods 2-9

AAA protocols

RADIUS 2-1

TACACS+ 2-1

AAA server groups

description 2-3

AAA servers

FreeRADIUS VSA format 3-4

specifying SNMPv3 parameters 2-13, 2-14

specifying user roles 2-14

specifying user roles in VSAs 2-13

AAA services

configuration options 2-3

remote 2-2

security 2-1

access control lists

description7-1to 7-10

order of application 7-3

types of 7-2

See also ARP ACLs

See also IP ACLs

See also MAC ACLs

See also policy-based ACLs

See also port ACLs

See also router ACLs

See also VLAN ACLs

accounting

description 2-2

VDC support 2-5

ARP ACLs

applying to VLANs 12-9

changing 12-16

creating 12-15

description 12-15

priority of ARP ACLs and DHCP snooping entries 12-4

removing 12-17

ARP inspection

See dynamic ARP inspection

authentication

802.1X 6-3

description 2-2

local 2-2

methods 2-3

remote 2-2

user logins 2-4

authentication, authorization, and accounting. See AAA

authorization

description 2-2

user logins 2-4

B

broadcast storms. See traffic storm control

C

Cisco

vendor ID 2-14, 3-3, 4-4

cisco-av-pair

specifying AAA user parameters 2-13, 2-14

D

DHCP binding database

See DHCP snooping binding database

DHCP option 82

description 11-3

DHCP snooping

binding database

See DHCP snooping binding database

description 11-1

displaying DHCP bindings 11-16

enabling feature 11-8

enabling globally 11-9

enabling on a VLAN 11-9

interface trust state 11-11

MAC address verification 11-10

message exchange process 11-4

minimum configuration 11-7

option 82 11-3

overview 11-1

relay agent 11-12

DHCP snooping binding database

described 11-2

entries 11-2

documentation

additional publications iii-xx

dynamic ARP inspection

additional validation 12-10

applying ARP ACLs 12-9

ARP cache poisoning 12-2

ARP requests 12-2

ARP spoofing attack 12-2

configuring log buffer size 12-11

configuring trust state 12-8

description 12-1

DHCP snooping binding database 12-3

enabling on VLANs 12-8

function of 12-3

interface trust states 12-3

logging of dropped packets 12-5

man-in-the middle attack 12-2

network security issues and interface trust states 12-3

priority of ARP ACLs and DHCP snooping entries 12-4

Dynamic Host Configuration Protocol snooping

See DHCP snooping

F

field descriptions

802.1X 6-23

AAA 2-15

TACACS+ 4-20

FreeRADIUS

VSA format for role attributes 2-14, 3-4

I

IDs

Cisco vendor ID 2-14, 3-3, 4-4

interfaces

controlling 802.1X authentication 6-12

enabling 802.1X 6-12

enabling periodic 802.1X reauthentication 6-14

setting 802.1X reauthentication retry counts 6-22

setting 802.1X retransmission retry counts 6-20

IP ACLs

applying to a physical port 7-15

applying to a port channel 7-15

changing an IP ACL 7-13

configuring7-11to 7-16

creating an IP ACL 7-12

field descriptions for IPv4 ACLs 7-16

guidelines 7-10

licensing 7-10

limitations 7-10

prerequisites 7-10

removing an IP ACL 7-14

virtualization support 7-9

IP Source Guard

description 13-1

enabling 13-4

static IP source entries 13-5

K

key chain

end-time 14-2

lifetime 14-2

start-time 14-2

keychain management

configuring a key 14-5

configuring lifetimes 14-6

configuring text for a key 14-5

creating a keychain 14-4

description 14-1

L

licensing

802.1X 6-7

AAA 2-6

IP ACLs 7-10

RADIUS 3-5

TACACS+ 4-5

traffic storm control 15-3

M

MAC ACLs

applying to a physical port 8-5

changing a MAC ACL 8-3

creating a MAC ACL 8-3

description 8-1

removing a MAC ACL 8-4

virtualization support 7-9

MAC addresses

enabling authentication bypass for 802.1X 6-17

MIBs

802.1X 6-26

AAA 2-17

multicast storms. See traffic storm control

multiple hosts

enabling for 802.1X 6-17

N

network-admin user role

description 5-3

network-operator user role

description 5-3

P

passwords

strong characteristics 5-2

port ACLs

definition 7-2

port-based authentication

encapsulation 6-2

ports

authorization states for 802.1X 6-4

port security

802.1X on same port 6-6

description 10-1

enabling globally 10-8

enabling on an interface 10-9

MAC move 10-4

static MAC address 10-10

violations 10-4

preshared keys

TACACS+ 4-3

R

RADIUS

configuring global keys 3-10

configuring servers 3-6

configuring timeout intervals 3-15

configuring transmission retry counts 3-15

description 3-1

licensing 3-5

network environments 3-2

operation 3-2

prerequisites 3-5

specifying server at login 3-14

virtualization support 3-5

VSAs 3-3

RADIUS accounting

enabling for 802.1X 6-20

RADIUS servers

configuration process 3-6

configuring accounting attributes 3-16

configuring authentication attributes 3-16

configuring dead-time intervals 3-18

configuring hosts 3-8, 3-9, 3-10, 3-12, 3-13, 4-11, 4-14, 5-7, 5-20

configuring keys 3-11, 4-12

configuring periodic monitoring 3-17

configuring server groups 3-12, 3-14

configuring timeout interval 3-15

configuring transmission retry count 3-15

deleting hosts 3-19

displaying statistics 3-19

monitoring 3-3

RBAC

configuring 5-12

description 5-3

field descriptions 5-20

See also user roles

related documents iii-xx

router ACLs

definition 7-2

rules. See user role rules

S

server groups. See AAA server groups

single hosts

enabling for 802.1X 6-17

SNMPv3

specifying AAA parameters 2-13

specifying parameters for AAA servers 2-14

statistics

802.1X 6-22

RADIUS servers 3-19

TACACS+ 4-20

traffic storm control 15-5

superuser role. See network-admin user role

T

TACACS+

advantages over RADIUS 4-2

configuring 4-6

configuring global preshared keys 4-12

configuring global timeout interval 4-16

description 4-1

disabling 4-19

displaying statistics 4-20

enabling 4-9

field descriptions 4-20

global preshared keys 4-3

guidelines 4-6

licensing requirements 4-5

limitations 4-6

prerequisites 4-6

preshared key 4-3

specifying TACACS+ servers at login 4-15

user login operation 4-2

virtualization 4-5

VSAs 4-4

TACACS+ servers

configuration process 4-7

configuring dead-time interval 4-19

configuring hosts 4-9, 4-11, 4-14

configuring periodic monitoring 4-18

configuring server groups 4-13, 4-15

configuring TCP ports 4-17

configuring timeout interval 4-17

displaying statistics 4-20

field descriptions 4-20

monitoring 4-3

privilege levels 4-5

TCP ports

TACACS+ servers 4-17

time range

description 7-27

time ranges

absolute 7-8

changing a time range 7-28

configuring7-27to 7-30

creating a time range 7-27

description 7-8

field descriptions 7-30

periodic 7-8

removing a time range 7-28

traffic storm control

configuring 15-4

description 15-1

displaying statistics 15-5

field descriptions 15-5

guidelines 15-3

licensing 15-3

limitations 15-3

virtualization support 15-3

U

unicast storms. See traffic storm control

user accounts

adding roles 5-10

changing expiry date 5-9

changing passwords 5-8

configuring 5-5

creating 5-5

deleting 5-11

deleting roles 5-10

description 5-1

guidelines 5-4

password characteristics 5-2

virtualization support 5-4

user accounts limitations 5-4

user logins

authentication process 2-4

authorization process 2-4

user role rules

description 5-3

user roles

adding rules 5-13

change rules 5-14

change VLAN policies 5-17

changing interface policies 5-16

changing VRF policies 5-19

creating 5-13

defaults 5-3

deleting rules 5-16

description 5-3

guidelines 5-4

limitations 5-4

rearranging rules 5-15

specifying on AAA servers 2-13, 2-14

virtualization support 5-4

V

vdc-admin user role

description 5-3

vdc-operator user role

description 5-3

vendor-specific attributes. See VSAs

virtualization

802.1X 6-7

AAA 2-5

RADIUS 3-5

TACACS+ 4-5

traffic storm control 15-3

user accounts 5-4

user roles 5-4

VLAN ACLs

applying a VACL 9-6

creating and changing VACLs 9-3, 9-4

definition 7-2

description 9-1

removing a VACL 9-5

VSAs

format 2-14

protocol options 2-14, 3-4, 4-4

support description 2-13