Skip to content
Skip to search
Skip to footer

Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 10.5(x)

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Results

Updated:: June 2, 2025

Chapter: New and Changed Information

New and Changed Information
New and Changed Information

New and Changed Information

This chapter includes the new and changed features for the Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 10.5(x).

New and Changed Information

Table 1. New and Changed Features
Feature	Description	Changed in Release	Where Documented
MACsec ND ISSU	Two new commands are introduced at the MACsec policy level to support MACsec ND ISSU on Cisco Nexus 9300-H2R switch	10.5(3o)	Guidelines and Limitations for MACsec Configuring a MACsec Policy Verifying the MACsec Configuration
Enhancement to retrieve Type-6 primary key detail	Added new show command to display the stored details (protection-type, time stamp, first-16-characters of primary key hash, length of primary key) of the Type-6 primary key.	10.5(3)F	Verifying the Password Encryption Configuration Configuration Examples for Password Encryption
Caching RADIUS Credentials	The RADIUS Credential Caching feature stores authenticated user credentials locally thus eliminating repeated authentication requests to the RADIUS server for the same credentials.	10.5(3)F	RADIUS credentials cache
Custom CoPP	Added Custom CoPP support on Cisco Nexus 9364E-SG2-Q and 9364E-SG2-O switches.	10.5(3)F	Guidelines and Limitations for CoPP
RACL support for both ingress and egress directions	Added RACL support for both ingress and egress directions on Cisco Nexus 9364E-SG2-Q switches.	10.5(3)F	Guidelines and Limitations for IP ACLs
ACL support	Added ACL support on the Cisco Nexus 9364E-SG2-Q and 9364E-SG2-O switches	10.5(3)F	Guidelines and Limitations for IP ACLs
DHCP relay support	Added DHCP relay support on the Cisco Nexus 9364E-SG2-Q switches	10.5(3)F	Guidelines and Limitations for DHCP
QKD MACsec fallback support	Added QKD MACsec fallback to Pre-Shared Key (PSK) support to establish a secured MKA session when the primary Postquantum Preshared Key (PPK) fails.	10.5(2)F	Postquantum Preshared Keys (PPK) Guidelines and Limitations
CoPP configuration consistency	Added support to check CoPP configuration consistency.	10.5(2)F	CoPP Consistency Checker
DACL support on Cisco Nexus 9300 switches	Extended support for the DACL feature on Cisco Nexus 9300-FX3, GX, GX2, H2R, and H1 Series switches.	10.5(2)F	Guidelines and Limitations for Per-User DACL Support for 802.1X
uRPF support	Added uRPF support on Cisco Nexus 9800 Series switches.	10.5(2)F	Guidelines and Limitations for Unicast RPF
Increase RSA key size to 4096 bits	Extended support for RSA key sizes to 4096 bits for SSH and to 3072 and 4096 bits for cryptographic certificates.	10.5(2)F	Generating SSH Server Keys Configuring SSH Passwordless File Copy Generating an RSA Key Pair
Support for Dot1x with Voice VLAN	Added support for the 802.1X Voice VLAN feature to enable multi-domain 802.1X authentication on a single port, providing authentication support for both VoIP phone and data client behind it.	10.5(2)F	About 802.1X for Voice VLAN Critical Authentication 802.1X Guidelines and Limitations for Voice VLAN Configuring 802.1X for Voice VLAN
Security Group ACL (SGACL) Feature interaction support	Added support of Security Group ACL for the ESI, VXLAN-TE, VXLAN-PBR, CloudSec (DCI), and TRM features.	10.5(1)F	Guidelines and Limitations for IP ACLs

Was this Document Helpful?

Feedback

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)