Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 4.1
New and Changed Information
Downloads: This chapterpdf (PDF - 101.0KB) The complete bookPDF (PDF - 14.52MB) | Feedback

New and Changed Information

Table Of Contents

New and Changed Information


New and Changed Information


This chapter provides release-specific information for each new and changed feature in the Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 4.1. The latest version of this document is available at the following Cisco website:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_1/nx-os/security/configuration/guide/sec_nx-os_cfg.html

To check for additional information about Cisco NX-OS Release 4.1, see the Cisco Nexus 7000 Series NX-OS Release Notes, Release 4.1, available at the following Cisco website:
http://www.cisco.com/en/US/products/ps9372/prod_release_notes_list.html

summarizes the new and changed features for the Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 4.1, and tells you where they are documented.

Table 1 New and Changed Features for Release 4.1 

Feature
Description
Changed in Release
Where Documented

Atomic ACL updates

Configuration of atomic ACL updates can be performed in the default virtual device context (VDC) only but affects all VDCs.

4.1(4)

Chapter 11, "Configuring IP ACLs"

Cisco TrustSec SXP passwords

Added support for encrypted passwords for SXP connections in Cisco TrustSec.

4.1(3)

Chapter 10, "Configuring Cisco TrustSec"

RADIUS CFS support

Cisco Fabric Services (CFS) supports the distribution of the RADIUS configuration.

4.1(2)

Chapter 3, "Configuring RADIUS"

TACACS+ CFS support

CFS supports the distribution of the TACACS+ configuration.

4.1(2)

Chapter 4, "Configuring TACACS+"

Password-aging notification

Added password-aging notification for TACACS+ server-based sessions.

4.1(2)

Chapter 4, "Configuring TACACS+"

RADIUS and TACACS+ server group source interfaces

Added support for source interfaces to use when accessing RADIUS or TACACS+ servers.

4.1(2)

Chapter 3, "Configuring RADIUS"

Chapter 4, "Configuring TACACS+"

Public Key Infrastructure (PKI) support

PKI allows the device to obtain and use digital certificates for secure communication in the network and provides manageability and scalability.

4.1(2)

Chapter 5, "Configuring PKI"

SSH

Added the feature ssh command and deprecated the ssh server enable command.

4.1(2)

Chapter 6, "Configuring SSH and Telnet"

Telnet

Added the feature telnet command and deprecated the telnet server enable command.

4.1(2)

Chapter 6, "Configuring SSH and Telnet"

User role CFS support

CFS supports the distribution of the user role configuration.

4.1(2)

Chapter 7, "Configuring User Accounts and RBAC"

IPv6 ACLs

Added support for IPv6 ACLs.

4.1(2)

Chapter 11, "Configuring IP ACLs"

VLAN access maps

Support was added for multiple entries in VLAN access maps. In addition, each entry supports multiple match commands.

4.1(2)

Chapter 13, "Configuring VLAN ACLs"

DCHP server support

The number of DHCP server addresses that you can configure for each Layer 3 Ethernet interface increased from four to 16.

4.1(2)

Chapter 15, "Configuring DHCP Snooping"

Default policing policies

The definitions of the default policing policies have changed as follows:

All the policing policies are one rate, two color.

Moderate policy has a BC value of 310 ms, except for the important class, which has a value of 1250 ms.

Lenient policy has a BC value of 375 ms, except for the important class, which has a value of 1500 ms.

4.1(2)

Chapter 21, "Configuring Control Plane Policing"

IPv6 ACL support

CoPP supports IPv6 ACLs in the class maps.

4.1(2)

Chapter 21, "Configuring Control Plane Policing"