|
|
|
|
Priortize PACL over SUP TCAM for DHCP |
This feature was introduced. Added the hardware profile pacl priority toggle command. |
6.0(2)U6(7) |
hardware profile pacl priority toggle |
Telnet |
The error message displayed when the telnet service is not detected has changed from “telnet service not enabled” to “Telnet service is disabled.” |
7.0(3)I2(1) |
show telnet server |
TCAM |
The output has changed. |
7.0(3)|2(1) |
show hardware profile tcam region |
TCAM |
This command is being deprecated in the 7.0(3)|2(1) release. |
7.0(3)|2(1) |
show platform afm info tcam |
Consistency Checker |
Command to trigger consistency checkers on RACLS added. |
6.0(2)U2(1) |
show consistency-checker racl module |
ACL Logging |
This feature allows you to monitor flows that affect specific access control lists (ACLs) |
6.0(2)U2(1) |
clear logging ip access-list cache logging level acllog show logging ip access-list cache show logging ip access-list status show logging level acllog show running-config acllog show startup-config acllog |
IPv6 DHCP Relay Agent |
You can enable the IPv6 DHCP Relay Agent and view its configuration by using these command. |
6.0(2)U1(2) |
ipv6 dhcp relay ipv6 dhcp relay source-interface show ipv6 dhcp relay clear ipv6 dhcp relay statistics |
AAA accounting log |
You can enable logging of all commands (including show comands). The show accounting log command includes show commands in the command output. |
5.0(3)U5(1e) |
terminal log-all show accounting log |
Syslog Thresholds for System Resources |
This feature was introduced. |
5.0(3)U3(2) |
hardware profile tcam syslog-threshold |
DHCP Relay |
Added support for Option 82 information to be in encoded string format. |
5.0(3)U3(2) |
ip dhcp relay information option |
IPv6 Support |
This feature was introduced. Updated the hardware profile tcam region command. |
5.0(3)U3(1) |
hardware profile tcam region ipv6 access-list ipv6 address ipv6 dhcp relay source-interface ipv6 verify unicast source reachable-via |
Address Resolution Protocol (ARP) ACLs for Control plane policing (CoPP) |
The following commands were added to include support for CoPP ACLs:
- arp access-lists
- deny (ARP)
- permit (ARP)
- show arp access-lists
|
5.0(3)U2(2) |
arp access-list deny (ARP) permit (ARP) show arp access-lists |
Access Control List (ACL) ternary content addressable memory (TCAM) regions |
The following commands were introduced to to change the size of ACL ternary content addressable memory (TCAM) regions:
- hardware profile tcam region
- show hardware profile tcam region
|
5.0(3)U2(1) |
hardware profile tcam region show consistency-checker racl module |
Address Resolution Protocol (ARP) ACLs for Control plane policing (CoPP) |
The following commands were updated to include support for CoPP ACLs:
- deny (IPv4)
- permit (IPv4)
|
5.0(3)U2(1) |
deny (IPv4) permit (IPv4) |
Access control list (ACL) |
This feature was introduced. You can configure ACLs for incoming or outgoing traffic, IPv4 and MAC access lists, or VLAN ACLs. |
5.0(3)U1(1) |
action clear access-list counters deny (IPv4) ip access-group ip access-list ip port access-group mac port access-group match permit (IPv4) permit interface permit vlan remark resequence vlan access-map vlan filter show access-lists show ip access-lists show running-config acllog show startup-config aclmgr show vlan access-list show vlan access-map show vlan filter |
ACLs on VTY |
This feature was introduced. You can configure an access class to restrict incoming or outgoing traffic on a virtual terminal line (VTY). |
5.0(3)U1(1) |
access-class ip access-class |
Dynamic Host Configuration Protocol (DHCP) Snooping |
This feature was introduced. You can configure DHCP snooping on switches and VLANs. |
5.0(3)U1(1) |
clear ip dhcp snooping binding clear ip dhcp snooping statistics feature dhcp ip dhcp packet strict-validation ip dhcp relay information option ip dhcp snooping information option ip dhcp snooping trust ip dhcp snooping verify mac-address ip dhcp snooping vlan ip source binding show ip dhcp snooping show ip dhcp snooping binding show ip dhcp snooping statistics show running-config dhcp show startup-config dhcp |
Dynamic ARP Inspection (DAI) |
This feature was introduced. You can configure dynamic Address Resolution Protocol (ARP) inspection (DAI) on a Cisco NX-OS switch. |
5.0(3)U1(1) |
clear ip arp clear ip arp inspection log clear ip arp inspection statistics vlan ip arp event-history errors ip arp inspection log-buffer ip arp inspection validate ip arp inspection vlan ip arp inspection trust show ip arp show ip arp inspection show ip arp inspection interfaces show ip arp inspection log show ip arp inspection statistics show ip arp inspection vlan show running-config arp show startup-config arp |
Remote Authentication Dial-In User Service (RADIUS) |
This feature was introduced. You can configure RADIUS server parameters, the shared secret key, and the number of retransmissions to RADIUS servers. |
5.0(3)U1(1) |
aaa group server radius deadtime radius-server deadtime radius-server directed-request radius-server host radius-server key radius-server retransmit radius-server timeout server show aaa groups show radius-server show running-config radius |
Secure Shell (SSH) |
This feature was introduced. You can configure a SSH session using IPv4 or IPv6, or create a SSH server key. |
5.0(3)U1(1) |
ssh6 ssh ssh key ssh server enable show running-config security show ssh key show ssh server show startup-config security |
Telnet |
This feature was introduced. You can configure an IPv4 or IPv6 Telnet session and enable a Telnet server. |
5.0(3)U1(1) |
telnet6 telnet telnet server enable show telnet server |
Terminal Access Controller Access-Control System Plus (TACACS+) |
This feature was introduced. You can configure the TACACS+ server parameters, enable a secret password for a privilege level, and create user accounts. |
5.0(3)U1(1) |
deadtime enable enable secret feature privilege feature tacacs+ server tacacs-server deadtime tacacs-server directed-request tacacs-server host tacacs-server key tacacs-server timeout username show privilege show tacacs-server show user-account show users |
Authentication, authorization, and accounting (AAA) |
This feature was introduced. You can configure AAA authentication methods, authorization methods, accounting methods, Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) authentication, or RADIUS server groups. |
5.0(3)U1(1) |
aaa accounting default aaa authentication login default aaa authentication login error-enable aaa authentication login mschap enable aaa authorization commands default aaa authorization config-commands default aaa group server radius aaa user default-role show aaa accounting show aaa authentication show aaa authorization show aaa groups show aaa user show access-lists show accounting log show running-config aaa show startup-config aaa |
User roles |
This feature was introduced. You can create user roles or user role feature groups. |
5.0(3)U1(1) |
description (user role) feature (user role feature group) hardware profile tcam syslog-threshold permit vsan role feature-group name role name rule vlan policy deny vsan policy deny show role show role feature show role feature-group show user-account show users |
Virtual forwarding and routing (VRF) |
This feature was introduced. You can configure VRF, VRF-lite features, and the IP features for a VRF. |
5.0(3)U1(1) |
permit vrf vrf policy deny use-vrf |
System Management |
This feature was introduced. |
5.0(3)U1(1) |
show logging ip access-list cache |
Unicast Routing |
This feature was introduced. |
5.0(3)U1(1) |
ip verify unicast source reachable-via |