Audience
This publication is for experienced network administrators who configure and maintain Cisco NX-OS devices.
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This preface describes the audience, organization, and conventions of the Cisco Nexus 7000 Series NX-OS Security Configuration Guide. It also provides information on how to obtain related documentation.
This publication is for experienced network administrators who configure and maintain Cisco NX-OS devices.
This document is organized into the following chapters:
Chapter |
Description |
---|---|
"New and Changed Information" |
Describes the new and changed information for the new Cisco NX-OS software software releases. |
"Overview" |
Describes the security features supported by the Cisco NX-OS software. |
"Configuring AAA" |
Describes how to configure authentication, authorization, and accounting (AAA) features. |
"Configuring RADIUS" |
Describes how to configure the RADIUS security protocol. |
"Configuring TACACS+" |
Describes how to configure the TACACS+ security protocol. |
"Configuring LDAP" |
Describes how to configure the LDAP security protocol. |
"Configuring SSH and Telnet" |
Describes how to configure certificate authorities and digital certificates in the Public Key Infrastructure (PKI). |
"Configuring PKI" |
Describes how to configure Secure Shell (SSH) and Telnet. |
"Configuring User Accounts and RBAC" |
Describes how to configure user accounts and role-based access control (RBAC). |
"Configuring 802.1X" |
Describes how to configure 802.1X authentication. |
"Configuring NAC" |
Describes how to configure Network Admission Control (NAC). |
Configuring Cisco Trustsec" |
Describes how to configure Cisco TrustSec integrated security. |
"Configuring IP ACLs" |
Describes how to configure IP access control lists (ACLs). |
"Configuring MAC ACLs" |
Describes how to configure MAC ACLs. |
"Configuring VLAN ACLs" |
Describes how to configure VLAN ACLs. |
"Configuring Port Security" |
Describes how to configure port security. |
"Configuring DHCP" |
Describes how to configure Dynamic Host Configuration Protocol (DHCP) snooping. |
"Configuirng Dynamic ARP Inspection" |
Describes how to configure Address Resolution Protocol (ARP) inspection. |
"Configuring IP Source Guard" |
Describes how to configure IP Source Guard. |
"Configuring Password Encryption" |
Describes how to configure password encryption. |
"Configuring Keychain Management" |
Describes how to configure keychain management. |
"Configuring Traffic Storm Control" |
Describes how to configure traffic storm control. |
"Configuring Unicast RPF" |
Describes how to configure Unicast Reverse Path Forwarding (Unicast RPF). |
"Configuring Control Plane Policing" |
Describes how to configure control plane policing on ingress traffic. |
"Configuring Rate Limits" |
Describes how to configure rate limits on egress traffic. |
Note |
As part of our constant endeavor to remodel our documents to meet our customers' requirements, we have modified the manner in which we document configuration tasks. As a result of this, you may find a deviation in the style used to describe these tasks, with the newly included sections of the document following the new format. |
Command descriptions use the following conventions:
Convention | Description |
---|---|
bold |
Bold text indicates the commands and keywords that you enter literally as shown. |
Italic |
Italic text indicates arguments for which the user supplies the values. |
[x] |
Square brackets enclose an optional element (keyword or argument). |
[x | y] |
Square brackets enclosing keywords or arguments separated by a vertical bar indicate an optional choice. |
{x | y} |
Braces enclosing keywords or arguments separated by a vertical bar indicate a required choice. |
[x {y | z}] |
Nested set of square brackets or braces indicate optional or required choices within optional or required elements. Braces and a vertical bar within square brackets indicate a required choice within an optional element. |
variable
|
Indicates a variable for which you supply values, in context where italics cannot be used. |
string | A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks. |
Examples use the following conventions:
Convention | Description |
---|---|
screen
font
|
Terminal sessions and information the switch displays are in screen font. |
boldface screen font
|
Information you must enter is in boldface screen font. |
italic screen font |
Arguments for which you supply values are in italic screen font. |
< > |
Nonprinting characters, such as passwords, are in angle brackets. |
[ ] |
Default responses to system prompts are in square brackets. |
!, # |
An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line. |
This document uses the following conventions:
Note |
Means reader take note. Notes contain helpful suggestions or references to material not covered in the manual. |
Caution |
Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data. |
The documentation set for the Cisco Nexus 7000 Series Switches is available at the following URLs:
The release notes are available at the following URL:
The installation and upgrade guides are available at the following URL:
The command references are available at the following URL:
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
To submit a service request, visit Cisco Support.
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.
To obtain general networking, training, and certification titles, visit Cisco Press.
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.