-
Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 4.1
-
New and Changed Information
-
Index
-
Preface
-
Overview
-
Configuring AAA
-
Configuring RADIUS
-
Configuring TACACS+
-
Configuring SSH and Telnet
-
Configuring PKI
-
Configuring User Accounts and RBAC
-
Configuring 802.1X
-
Configuring NAC
-
Configuring Cisco TrustSec
-
Configuring IP ACLs
-
Configuring MAC ACLs
-
Configuring VLAN ACLs
-
Configuring Port Security
-
Configuring DHCP Snooping
-
Configuring Dynamic ARP Inspection
-
Configuring Source Guard
-
Configuring Keychain Management
-
Configuring Traffic Storm Control
-
Configuring Unicast RPF
-
Configuring Control Plane Policing
-
Configuring Rate Limits
-
Feedback
Table Of Contents
New and Changed Information
This chapter provides release-specific information for each new and changed feature in the Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 4.1. The latest version of this document is available at the following Cisco website:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_1/nx-os/security/configuration/guide/sec_nx-os_cfg.htmlTo check for additional information about Cisco NX-OS Release 4.1, see the Cisco Nexus 7000 Series NX-OS Release Notes, Release 4.1, available at the following Cisco website:
http://www.cisco.com/en/US/products/ps9372/prod_release_notes_list.htmlsummarizes the new and changed features for the Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 4.1, and tells you where they are documented.
Table 1 New and Changed Features for Release 4.1
Atomic ACL updates
Configuration of atomic ACL updates can be performed in the default virtual device context (VDC) only but affects all VDCs.
4.1(4)
Cisco TrustSec SXP passwords
Added support for encrypted passwords for SXP connections in Cisco TrustSec.
4.1(3)
RADIUS CFS support
Cisco Fabric Services (CFS) supports the distribution of the RADIUS configuration.
4.1(2)
TACACS+ CFS support
CFS supports the distribution of the TACACS+ configuration.
4.1(2)
Password-aging notification
Added password-aging notification for TACACS+ server-based sessions.
4.1(2)
RADIUS and TACACS+ server group source interfaces
Added support for source interfaces to use when accessing RADIUS or TACACS+ servers.
4.1(2)
Chapter 3, "Configuring RADIUS"
Public Key Infrastructure (PKI) support
PKI allows the device to obtain and use digital certificates for secure communication in the network and provides manageability and scalability.
4.1(2)
SSH
Added the feature ssh command and deprecated the ssh server enable command.
4.1(2)
Telnet
Added the feature telnet command and deprecated the telnet server enable command.
4.1(2)
User role CFS support
CFS supports the distribution of the user role configuration.
4.1(2)
IPv6 ACLs
Added support for IPv6 ACLs.
4.1(2)
VLAN access maps
Support was added for multiple entries in VLAN access maps. In addition, each entry supports multiple match commands.
4.1(2)
DCHP server support
The number of DHCP server addresses that you can configure for each Layer 3 Ethernet interface increased from four to 16.
4.1(2)
Default policing policies
The definitions of the default policing policies have changed as follows:
•
All the policing policies are one rate, two color.
•
•
4.1(2)
IPv6 ACL support
CoPP supports IPv6 ACLs in the class maps.
4.1(2)