New and Changed Information
Your software release might not support all the features in this document. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release.
Feature |
Description |
Changed in Release |
Where Documented |
---|---|---|---|
Control Plane Policing |
Added the functionality to classify and rate-limit IP unicast RPF failure packets. |
6.2(10) |
|
ACL TCAM bank mapping |
Added a command to display the bank mapping matrix. |
6.2(10) |
|
Cisco TrustSec |
Added SGT support for F3 Series modules. |
6.2(10) |
Configuring Cisco TrustSec |
DHCP relay trusted interfaces |
|
6.2(8) |
|
Cisco TrustSec |
Enabled MACSec support for F2e modules. Added support for batching SGACL programming tasks. |
6.2(6) |
Configuring Cisco TrustSec |
Cisco TrustSec |
Added the ability to map VLANs to SGTs. |
6.2(2) |
Configuring Cisco TrustSec |
Cisco TrustSec |
Added the ability to encrypt the SAP PMK and display the PMK in encrypted format in the running configuration. |
6.2(2) |
Configuring Cisco TrustSec |
Cisco TrustSec |
Added the show cts sap pmk command to display the hexadecimal value of the configured PMK. |
6.2(2) |
Configuring Cisco TrustSec |
Cisco TrustSec |
Added the show cts capability interface command to display the Cisco TrustSec capability of interfaces. |
6.2(2) |
Configuring Cisco TrustSec |
Cisco TrustSec |
Enabled the cts sgt, policy static sgt, and clear cts policy sqt commands to accept decimal values. |
6.2(2) |
Configuring Cisco TrustSec |
Cisco TrustSec |
Added the ability to download sgname tables from ISE and to refresh the environment data manually and upon environment data timer expiry. |
6.2(2) |
Configuring Cisco TrustSec |
Cisco TrustSec |
Added optional keywords to the show cts role-based sgt-map command to display a summary of the SGT mappings or the SGT map configuration for a specific SXP peer, VLAN, or VRF. |
6.2(2) |
Configuring Cisco TrustSec |
Cisco TrustSec |
Added the brief keyword to the show cts interface command to display a brief summary for all CTS-enabled interfaces. |
6.2(2) |
Configuring Cisco TrustSec |
Cisco TrustSec |
Added SGT support for F2 and F2e Series modules. |
6.2(2) |
Configuring Cisco TrustSec |
CoPP |
Updated the output of the show policy-map interface control-plane command to show the 5-minute moving averages and peaks of the conformed and violated byte counts for each policy in each module. |
6.2(2) |
|
CoPP |
Added VRRP6 ACL support to police VRRP IPv6 traffic. The HSRP ACL is modified to reflect the correct destination addresses of control packets. |
6.2(2) |
|
CoPP |
Changed the behavior of multicast traffic from being policed at different rates in different classes to being grouped into three classes (multicast-host, multicast-router, and normal) and policed at consistent rates. |
6.2(2) |
|
CoPP |
Added the ability to monitor CoPP with SNMP. |
6.2(2) |
|
DHCP |
Added support for the DHCPv6 relay agent. |
6.2(2) |
|
IP ACLs |
Added support for ACL TCAM bank mapping. |
6.2(2) |
|
IP ACLs |
Added support for ACL TCAM bank mapping. |
6.2(2) |
|
Rate limits |
Added support for Layer 3 glean fast-path packets. |
6.2(2) |
|
VLAN ACLs |
Added support for deny ACEs in a sequence. |
6.1(3) |
|
Cisco TrustSec |
Removed the requirement for the Advanced Services license. |
6.1(1) |
Configuring Cisco TrustSec |
Cisco TrustSec |
Added MACsec support for 40G and 100G M2 Series modules. |
6.1(1) |
Configuring Cisco TrustSec |
CoPP |
Added a new class for FCoE; added the LISP, LISP6, and MAC Layer 3 IS-IS ACLs to the critical class; added the fcoe-fib-miss match exception to the undesirable class; added the MAC Layer 2 tunnel ACL to the Layer 2 unpoliced class, and added the "permit icmp any any 143" rule to the acl-icmp6-msgs ACL. |
6.1(1) |
|
FIPS |
Added support for digital image signing on switches that contain the Supervisor 2 module. |
6.1(1) |
|
FIPS |
Updated FIPS guidelines for M2 Series modules. |
6.1(1) |
|
IP ACLs and MAC ACLs |
Updated for M2 Series modules. |
6.1(1) |
|
Cisco TrustSec |
Updated for F2 Series modules. |
6.0(1) |
Configuring Cisco TrustSec |
CoPP |
Added the dense default CoPP policy. |
6.0(1) |
|
CoPP |
Added the ability to configure the CoPP scale factor per line card. |
6.0(1) |
|
FIPS |
Updated FIPS guidelines for F2 Series modules. |
6.0(1) |
|
IP ACLs, MAC ACLs, and VACLs |
Updated for F2 Series modules. |
6.0(1) |
Configuring IP ACLs, Configuring MAC ACLs, and Configuring VLAN ACLs |
Rate limits |
Added support for F2 Series modules. |
6.0(1) |
|
RBAC |
Added support for F2 Series modules. |
6.0(1) |
|
TACACS+ |
Added the ability to configure command authorization for a console session. |
6.0(1) |
|
User accounts and RBAC |
Added the ability to configure a read-only or read-and-write rule for an SNMP OID. |
6.0(1) |
|
ACLs and CoPP |
Changed the show running-config aclmgr and show startup-config aclmgr commands to display only the user-configured ACLs (and not also the default CoPP-configured ACLs) in the running and startup configurations. |
5.2(1) |
Configuring IP ACLs, Configuring MAC ACLs, Configuring VLAN ACLs, and Configuring Control Plane Policing |
Cisco TrustSec |
Added support for pause frame encryption and decryption on interfaces. |
5.2(1) |
Configuring Cisco TrustSec |
CoPP |
Added the ability to change or reapply the default CoPP policy without rerunning the setup utility. |
5.2(1) |
|
CoPP |
Changed the CoPP best practice policy to read-only and added the ability to copy the policy in order to modify it. |
5.2(1) |
|
CoPP |
Added the show copp profile and show copp diff profile commands to display the details of the CoPP best practice policy and the differences between policies, respectively. |
5.2(1) |
|
CoPP |
Changed the show copp status command to display which flavor of the CoPP best practice policy is attached to the control plane. |
5.2(1) |
|
CoPP |
Changed the name of the none option for the best practices CoPP profile in the setup utility to skip . |
5.2(1) |
|
CoPP |
Updated the default class maps with support for MPLS LDP, MPLS OAM, MPLS RSVP, DHCP relay, and OTV-AS. |
5.2(1) |
|
DHCP |
Added subnet broadcast support for the DHCP relay agent and support for DHCP smart relay. |
5.2(1) |
|
FCoE ACLs |
Added support for FCoE ACLs on F1 Series modules. |
5.2(1) |
|
IP ACLs |
Added support for ACL capture on M1 Series modules. |
5.2(1) |
|
LDAP |
Deprecated the ldap-server port command. |
5.2(1) |
|
Password encryption |
Added support for AES password encryption and a configurable master encryption key. |
5.2(1) |
|
RADIUS |
Added type-6 encryption support for RADIUS server keys. |
5.2(1) |
|
TACACS+ |
Added type-6 encryption support for TACACS+ server keys. |
5.2(1) |
|
Control plane policy map |
Added the ability to specify the threshold value for dropped packets and generate a syslog if the drop count exceeds the configured threshold. |
5.1(1) |
|
CoPP |
Updated the default policies with the 802.1Q class of service (cos) values. |
5.1(1) |
|
CoPP |
Added support for non-IP traffic classes. |
5.1(1) |
|
DHCP snooping |
Optimized DHCP snooping to work in a vPC environment. |
5.1(1) |
|
FIPS |
Added the ability to configure Federal Information Processing Standards (FIPS) mode. |
5.1(1) |
|
Rate limits |
Added support for F1 Series module packets. |
5.1(1) |
|
Rate limits |
Added the ability to configure rate limits for packets that reach the supervisor module and to log a system message if the rate limit is exceeded. |
5.1(1) |
|
Rate limits |
Added options to disable rate limits and to configure rate limits for a specific module and port range. |
5.1(1) |
|
SCP and SFTP servers |
Added the ability to configure SCP and SFTP servers on the Cisco NX-OS device to support the copy of files to and from a remote device. |
5.1(1) |
|
User roles |
Added the ability to display the syntax of the commands that the network-admin and network-operator roles can use. |
5.1(1) |
|
VTY ACLs |
Added support to control access to traffic received over a VTY line. |
5.1(1) |
|
802.1X |
Supports configuring 802.1X on member ports of a port channel. |
5.0(2) |
|
AAA authorization |
Supports configuring the default AAA authorization method for TACACS+ servers. |
5.0(2) |
|
CHAP authentication |
Allows the enabling or disabling of CHAP authentication. |
5.0(2) |
|
CoPP |
Updated the default policies with support for ACL HSRP6. |
5.0(2) |
|
DHCP |
Allows the DHCP relay agent to support VRFs. Also adds the ip dhcp relay information option vpn command and modifies the ip dhcp relay address command. |
5.0(2) |
|
DHCP |
Supports enabling DHCP to use Cisco proprietary numbers 150, 152, and 151 for the link selection, server ID override, and VRF name/VPN ID relay agent option-82 suboptions. |
5.0(2) |
|
IP ACLs, MAC ACLs, and VACLs |
Allows up to 128K ACL entries when using an XL line card, provided a scalable services license is installed. |
5.0(2) |
Configuring IP ACLs, Configuring MAC ACLs, and Configuring VLAN ACLs |
LDAP |
Supports configuring the Lightweight Directory Access Protocol (LDAP). |
5.0(2) |
|
Local authentication |
Enables fallback to local authentication when remote authentication fails. |
5.0(2) |
|
Local authentication |
Allows the disabling of fallback to local authentication. |
5.0(2) |
|
OTP |
Supports one-time passwords. |
5.0(2) |
|
Periodic server monitoring |
Supports global periodic RADIUS and TACACS+ server monitoring. |
5.0(2) |
|
PKI |
Supports a remote cert-store and certificate mapping filters. |
5.0(2) |
|
Privilege roles |
Supports permitting or denying commands for users of privilege roles. |
5.0(2) |
|
Rate limits |
Supports Layer 2 Tunnel Protocol (L2TP) packets. |
5.0(2) |
|
SGACL policies |
Allows the enabling or disabling of RBACL logging. |
5.0(2) |
|
SGACL policies |
Allows the enabling, disabling, monitoring, and clearing of RBACL statistics. |
5.0(2) |
|
SSH |
Supports configuring a maximum number of SSH login attempts. |
5.0(2) |
|
SSH |
Supports starting SSH sessions from the boot mode of a Cisco NX-OS device in order to connect to a remote device. |
5.0(2) |
|
SSH |
Supports copying files from a Cisco NX-OS device to an SCP or SFTP server without a password. |
5.0(2) |
|
TACACS+ privilege-level authorization |
Supports the mapping of privilege levels configured for users on the TACACS+ server to locally configured user roles on the Cisco NX-OS device. |
5.0(2) |