The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter provides release-specific information for each new and changed feature in the Cisco Nexus 3000 Series NX-OS Security Command Reference. The latest version of this document is available at the following Cisco website:
http://www.cisco.com/en/US/products/ps11541/tsd_products_support_series_home.html
To check for additional information about this Cisco NX-OS Release, see the Cisco Nexus 3000 Series Switch Release Notes available at the following Cisco website:
http://www.cisco.com/en/US/products/ps11541/prod_release_notes_list.html
Table 1 summarizes the new and changed features, and tells you where they are documented.
|
|
|
|
---|---|---|---|
The error message displayed when the telnet service is not detected has changed from “telnet service not enabled” to “Telnet service is disabled.” |
|||
This command is being deprecated in the 7.0(3)|2(1) release. |
|||
This feature allows you to monitor flows that affect specific access control lists (ACLs) |
clear logging ip access-list cache show logging ip access-list cache |
||
You can enable the IPv6 DHCP Relay Agent and view its configuration by using these command. |
|||
You can enable logging of all commands (including show comands). The show accounting log command includes show commands in the command output. |
|||
Added support for Option 82 information to be in encoded string format. |
|||
Address Resolution Protocol (ARP) ACLs for Control plane policing (CoPP) |
The following commands were added to include support for CoPP ACLs: |
||
Access Control List (ACL) ternary content addressable memory (TCAM) regions |
The following commands were introduced to to change the size of ACL ternary content addressable memory (TCAM) regions: |
||
Address Resolution Protocol (ARP) ACLs for Control plane policing (CoPP) |
The following commands were updated to include support for CoPP ACLs: |
||
You can configure ACLs for incoming or outgoing traffic, IPv4 and MAC access lists, or VLAN ACLs. |
|||
You can configure an access class to restrict incoming or outgoing traffic on a virtual terminal line (VTY). |
|||
clear ip dhcp snooping binding clear ip dhcp snooping statistics ip dhcp packet strict-validation ip dhcp relay information option ip dhcp snooping information option ip dhcp snooping verify mac-address |
|||
You can configure dynamic Address Resolution Protocol (ARP) inspection (DAI) on a Cisco NX-OS switch. |
clear ip arp inspection statistics vlan show ip arp inspection interfaces |
||
You can configure RADIUS server parameters, the shared secret key, and the number of retransmissions to RADIUS servers. |
|||
You can configure a SSH session using IPv4 or IPv6, or create a SSH server key. |
|||
You can configure an IPv4 or IPv6 Telnet session and enable a Telnet server. |
|||
Terminal Access Controller Access-Control System Plus (TACACS+) |
You can configure the TACACS+ server parameters, enable a secret password for a privilege level, and create user accounts. |
||
You can configure AAA authentication methods, authorization methods, accounting methods, Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) authentication, or RADIUS server groups. |
aaa authentication login default aaa authentication login error-enable aaa authentication login mschap enable aaa authorization commands default |
||
feature (user role feature group) |
|||
You can configure VRF, VRF-lite features, and the IP features for a VRF. |
|||