Guest

Cisco Nexus 1000V Security Configuration Guide, 4.2(1)SV2(1.1)

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

Cisco Nexus 1000V Security Configuration Guide, 4.2(1)SV2(1.1)

Chapter Title

New and Changed Information

Results

Updated:
March 3, 2015

Chapter: New and Changed Information

Contents

New and Changed Information

This chapter lists new and changed content in this document by software release.

New and Changed Information for Security Configuration

This section lists new and changed content in this document by software release.

To find additional information about new features or command changes, see the Cisco Nexus 1000V Release Notes and Cisco Nexus 1000V Command Reference.

Table 1 New and Changed Features
Feature Description Changed in Release Where Documented

Cisco TrustSec

This feature was introduced.

4.2(1)SV2(1.1)

Configuring Cisco TrustSec for Cisco Nexus 1000V

Licensing Changes and advanced features

The following features are available as advanced features that require licenses: Cisco TrustSec, DHCP snooping, IP Source Guard, and Dynamic ARP Inspection.

4.2(1)SV2(1.1)

Configuring DHCP Snooping,Configuring Dynamic ARP Inspection,Configuring IP Source Guard

DHCP Enhancements

You can enable source IP-based filtering on the Cisco Nexus 1000V switch.

4.2(1)SV2(1.1)

Configuring DHCP Snooping

ACL Logging

You can log statistics for flows that match the ACL permit or deny conditions to monitor the flows.

4.2(1)SV1 (5.1)

Configuring MAC ACLs

UUFB

You can block unknown unicast packets from flooding the forwarding path.

4.2(1)SV1(4a)

Blocking Unknown Unicast Flooding

DHCP Snooping Relay Agent (Option 82)

You can configure DHCP to relay VSM MAC and port information in DHCP packets.

4.2(1)SV1(4)

Configuring DHCP Snooping

DHCP Snooping binding table

You can clear DHCP snooping binding table entries for an interface.

4.2(1)SV1(4)

Configuring DHCP Snooping

Enable DHCP

You can enable or disable DHCP globally by using the feature DHCP command.

4.2(1)SV1(4)

Configuring DHCP Snooping

Enable SSH server

You can enable or disable the SSH server by using the feature DHCP command.

4.2(1)SV1(4)

Configuring SSH

Enable Telnet server

You can enable or disable the Telnet server by using the feature DHCP command.

4.2(1)SV1(4)

Configuring Telnet

Disable HTTP Server

You can disable the HTTP server for security purposes.

4.0(4)SV1(4)

Disabling the HTTP Server

VSD

Virtual service domains (VSDs) allow you to classify and separate traffic for network services.

4.0(4)SV1(2)

Chapter 3, "Configuring VSD"

DHCP Snooping

The Dynamic Host Configuration Protocol (DHCP) snooping acts like a firewall between untrusted hosts and trusted DHCP servers.

4.0(4)SV1(2)

Configuring DHCP Snooping

Dynamic ARP Inspection (DAI)

Dynamic ARP-inspection (DAI) provides IP communication within a Layer 2 broadcast domain by mapping an IP address to a MAC address.

4.0(4)SV1(2)

Configuring Dynamic ARP Inspection

IP Source Guard

IP Source Guard is a per-interface traffic permit filter for IP and MAC addresses.

4.0(4)SV1(2)

Configuring IP Source Guard
New and Changed Information

New and Changed Information

This chapter lists new and changed content in this document by software release.

New and Changed Information for Security Configuration

This section lists new and changed content in this document by software release.

To find additional information about new features or command changes, see the Cisco Nexus 1000V Release Notes and Cisco Nexus 1000V Command Reference.

Table 1 New and Changed Features
Feature Description Changed in Release Where Documented

Cisco TrustSec

This feature was introduced.

4.2(1)SV2(1.1)

Configuring Cisco TrustSec for Cisco Nexus 1000V

Licensing Changes and advanced features

The following features are available as advanced features that require licenses: Cisco TrustSec, DHCP snooping, IP Source Guard, and Dynamic ARP Inspection.

4.2(1)SV2(1.1)

Configuring DHCP Snooping,Configuring Dynamic ARP Inspection,Configuring IP Source Guard

DHCP Enhancements

You can enable source IP-based filtering on the Cisco Nexus 1000V switch.

4.2(1)SV2(1.1)

Configuring DHCP Snooping

ACL Logging

You can log statistics for flows that match the ACL permit or deny conditions to monitor the flows.

4.2(1)SV1 (5.1)

Configuring MAC ACLs

UUFB

You can block unknown unicast packets from flooding the forwarding path.

4.2(1)SV1(4a)

Blocking Unknown Unicast Flooding

DHCP Snooping Relay Agent (Option 82)

You can configure DHCP to relay VSM MAC and port information in DHCP packets.

4.2(1)SV1(4)

Configuring DHCP Snooping

DHCP Snooping binding table

You can clear DHCP snooping binding table entries for an interface.

4.2(1)SV1(4)

Configuring DHCP Snooping

Enable DHCP

You can enable or disable DHCP globally by using the feature DHCP command.

4.2(1)SV1(4)

Configuring DHCP Snooping

Enable SSH server

You can enable or disable the SSH server by using the feature DHCP command.

4.2(1)SV1(4)

Configuring SSH

Enable Telnet server

You can enable or disable the Telnet server by using the feature DHCP command.

4.2(1)SV1(4)

Configuring Telnet

Disable HTTP Server

You can disable the HTTP server for security purposes.

4.0(4)SV1(4)

Disabling the HTTP Server

VSD

Virtual service domains (VSDs) allow you to classify and separate traffic for network services.

4.0(4)SV1(2)

Chapter 3, "Configuring VSD"

DHCP Snooping

The Dynamic Host Configuration Protocol (DHCP) snooping acts like a firewall between untrusted hosts and trusted DHCP servers.

4.0(4)SV1(2)

Configuring DHCP Snooping

Dynamic ARP Inspection (DAI)

Dynamic ARP-inspection (DAI) provides IP communication within a Layer 2 broadcast domain by mapping an IP address to a MAC address.

4.0(4)SV1(2)

Configuring Dynamic ARP Inspection

IP Source Guard

IP Source Guard is a per-interface traffic permit filter for IP and MAC addresses.

4.0(4)SV1(2)

Configuring IP Source Guard

Was this Document Helpful?

Feedback

Let Us Help