Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 4.2
Downloads: This chapterpdf (PDF - 464.0 KB) The complete bookPDF (PDF - 8.33 MB) | Feedback



This preface describes the audience, organization, and conventions of the Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 4.2. It also provides information on how to obtain related documentation.


This publication is for experienced network administrators who configure and maintain Cisco NX-OS devices.

Document Organization

This document is organized into the following chapters:



"New and Changed Information"

Describes the new and changed information for the new Cisco NX-OS software software releases.


Describes the security features supported by the Cisco NX-OS software.

"Configuring AAA"

Describes how to configure authentication, authorization, and accounting (AAA) features.

"Configuring RADIUS"

Describes how to configure the RADIUS security protocol.

"Configuring TACACS+"

Describes how to configure the TACACS+ security protocol.

"Configuring SSH and Telnet"

Describes how to configure certificate authorities and digital certificates in the Public Key Infrastructure (PKI).

"Configuring PKI"

Describes how to configure Secure Shell (SSH) and Telnet.

"Configuring User Accounts and RBAC"

Describes how to configure user accounts and role-based access control (RBAC).

"Configuring 802.1X"

Describes how to configure 802.1X authentication.

"Configuring NAC"

Describes how to configure Network Admission Control (NAC).

Configuring Cisco Trustsec"

Describes how to configure Cisco TrustSec integrated security.

"Configuring IP ACLs"

Describes how to configure IP access control lists (ACLs).

"Configuring MAC ACLs"

Describes how to configure MAC ACLs.

"Configuring VLAN ACLs"

Describes how to configure VLAN ACLs.

"Configuring Port Security"

Describes how to configure port security.

"Configuring DHCP"

Describes how to configure Dynamic Host Configuration Protocol (DHCP) snooping.

"Configuirng Dynamic ARP Inspection"

Describes how to configure Address Resolution Protocol (ARP) inspection.

"Configuring IP Source Guard"

Describes how to configure IP Source Guard.

"Configuring Keychain Management"

Describes how to configure keychain management.

"Configuring Traffic Storm Control"

Describes how to configure traffic storm control.

"Configuring Unicast RPF"

Describes how to configure Unicast Reverse Path Forwarding (Unicast RPF).

"Configuring Control Plane Policing"

Describes how to configure control plane policing on ingress traffic.

"Configuring Rate Limits"

Describes how to configure rate limits on egress traffic.

Document Conventions

Command descriptions use the following conventions:

Convention Description

Bold text indicates the commands and keywords that you enter literally as shown.


Italic text indicates arguments for which the user supplies the values.


Square brackets enclose an optional element(keyword or argument).

[x | y]

Square brackets enclosing keywords or arguments separated by a vertical bar indicate an optional choice.

{x | y}

Braces enclosing keywords or arguments separated by a vertical bar indicate a required choice.

[x {y | z}]

Nested set of square brackets or braces indicate optional or required choices within optional or required elements. Braces and a vertical bar within square brackets indicate a required choice within an optional element.


Indicates a variable for which you supply values, in context where italics cannot be used.

string A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks.

Screen examples use the following conventions:

Convention Description
screen font

Terminal sessions and information the switch displays are in screen font.

boldface screen font

Information you must enter is in boldface screen font.

italic screen font

Arguments for which you supply values are in italic screen font.

< >

Nonprinting characters, such as passwords, are in angle brackets.

[ ]

Default responses to system prompts are in square brackets.

!, #

An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line.

This document uses the following conventions:


Means reader take note. Notes contain helpful suggestions or references to material not covered in the manual.


Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.

Related Documentation for Nexus 7000 Series NX-OS Software

Cisco NX-OS documentation is available at the following URL:

The documentation set for the Cisco NX-OS software includes the following documents:

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.