Cisco Nexus 7000 Series NX-OS Security Command Reference, Release 4.0
N Commands
Download this chapter
N CommandsN Commands
Download the complete book
Cisco Nexus 7000 Series NX-OS Security Command Reference, Release 4.0Cisco Nexus 7000 Series NX-OS Security Command Reference, Release 4.0 (PDF - 3 MB)
give_us_feedback

Table Of Contents

N Commands

nac enable

neq


N Commands

This chapter describes the Cisco NX-OS security commands that begin with N.

nac enable

To enable Network Admission Control (NAC) on an interface, use the nac enable command. To disable NAC, use the no form of this command.

nac enable

no nac enable

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Interface configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

You must use the feature eou command and set the switchport mode to access before using the nac enable command.

You can enable EAPoUDP only on an access mode interface.

This command does not require a license.

Examples

This example shows how to enable NAC on an interface: 

switch# config t

switch(config)# interface ethernet 1/1

switch(config-if)# switchport

switch(config-if)# switchport mode access

switch(config-if)# nac enable

This example shows how to disable NAC on an interface: 

switch# config t

switch(config)# interface ethernet 1/1

switch(config-if)# no nac enable

Related Commands

Command
Description

feature eou

Enables EAPoUDP.

show eou

Displays EAPoUDP information.


neq

To specify a not-equal-to group member for an IP port object group, use the neq command. To remove a not-equal-to group member from port object group, use the no form of this command.

[sequence-number] neq port-number

no {sequence-number | neq port-number}

Syntax Description

sequence-number

(Optional) Sequence number for this group member. Sequence numbers maintain the order of group members within an object group. Valid sequence numbers are from 1 to 4294967295. If you do not specify a sequence number, the device assigns a number that is 10 greater than the largest sequence number in the current object group.

port-number

Port number that this group member does not match. Valid values are from 0 to 65535.


Defaults

None

Command Modes

IP port object group configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

A not-equal-to group member matches port numbers that are not equal to the port number specified in the entry.

IP port object groups are not directional. Whether an neq command matches a source or destination port or whether it applies to inbound or outbound traffic depends upon how you use the object group in an ACL.

This command does not require a license.

Examples

This example shows how to configure an IP port object group named port-group-05 with a group member that matches traffic sent to any port except port 80: 

switch# config t

switch(config)# object-group ip port port-group-05

switch(config-port-ogroup)# neq 80

Related Commands

Command
Description

eq

Specifies an equal-to group member in an IP port object group.

gt

Specifies a greater-than group member in an IP port object group.

lt

Specifies a less-than group member in an IP port object group.

object-group ip port

Configures an IP port object group.

range

Specifies a port-range group member in an IP port object group.

show object-group

Displays object groups.