Cisco Nexus 5500 Series NX-OS Security Command Reference

checkpoint-name

(Optional) Checkpoint name. The name can be a maximum of 32 characters.

description descp-text

(Optional) Specifies a description for the given checkpoint. The text can be a maximum of 80 characters and can contain spaces.

file

(Optional) Specifies that a file be created to store the configuration rollback checkpoint.

bootflash:

Specifies the bootflash local writable storage file system.

volatile:

Specifies the volatile local writable storage file system.

// server

(Optional) Name of the server. Valid values are ///, //module-1/, //sup-1/, //sup-active/, or //sup-local/. The double slash (//) is required.

directory /

(Optional) Name of a directory. The directory name is case sensitive.

filename

(Optional) Name of the checkpoint configuration file. The filename is case sensitive.

5.2(1)N1(1)

This command was introduced.

clear checkpoint

Clears the checkpoints on the switch.

rollback

Rolls back the switch to any of the saved checkpoints.

show checkpoint all

Displays all checkpoints configured in the switch.

show checkpoint summary

Displays a summary of all checkpoints configured in the switch.

show checkpoint summary user

Displays all checkpoints created by an user.

show checkpoint system

Displays all checkpoints that were automatically created in the system.

7.3(0)N1(1)

This command was introduced.

aaa authentication rejected

Configures the login block per user.

show aaa authentication

Displays the AAA authentication configuration.

show aaa local user blocked

Displays the blocked local users.

access-list-name

(Optional) Name of the IPv4 ACL whose counters the switch clears. The name can be a maximum of 64 alphanumeric characters.

5.2(1)N1(1)

This command was introduced.

access-class

Applies an IPv4 ACL to a VTY line.

ip access-group

Applies an IPv4 ACL to an interface.

ip access-list

Configures an IPv4 ACL.

show access-lists

Displays information about one or all IPv4, IPv6, and MAC ACLs.

show ip access-lists

Displays information about one or all IPv4 ACLs.

5.2(1)N1(1)

This command was introduced.

show accounting log

Displays the accounting log contents.

system

Clears the configuration rollback checkpoint database for system checkpoints.

user

Clears the configuration rollback checkpoint database for user checkpoints.

5.2(1)N1(1)

This command was introduced.

checkpoint

Creates a checkpoint.

show checkpoint

Displays all configured checkpoints.

vlan vlan-id

(Optional) Clears the ARP information for a specified VLAN. The range is from 1 to 4094, except for the VLANs reserved for internal use.

force-delete

(Optional) Clears the entries from ARP table without refresh.

vrf

(Optional) Specifies the virtual routing and forwarding (VRF) to clear from the ARP table.

vrf-name

VRF name. The name can be a maximum of 32 alphanumeric characters and is case sensitive.

all

Specifies that all VRF entries be cleared from the ARP table.

default

Specifies that the default VRF entry be cleared from the ARP table.

management

Specifies that the management VRF entry be cleared from the ARP table.

5.2(1)N1(1)

This command was introduced.

show ip arp

Displays the ARP configuration status.

5.2(1)N1(1)

This command was introduced.

ip arp inspection log-buffer entries

Configures the DAI logging buffer size.

show ip arp inspection

Displays the DAI configuration status.

show ip arp inspection log

Displays the DAI log configuration.

show ip arp inspection statistics

Displays the DAI statistics.

vlan vlan-list

Specifies the VLANs whose DAI statistics this command clears. The vlan-list argument allows you to specify a single VLAN ID, a range of VLAN IDs, or comma-separated IDs and ranges. Valid VLAN IDs are from 1 to 4094, except for the VLANs reserved for the internal switch use.

5.2(1)N1(1)

This command was introduced.

clear ip arp inspection log

Clears the DAI logging buffer.

ip arp inspection log-buffer

Configures the DAI logging buffer size.

show ip arp inspection

Displays the DAI configuration status.

show ip arp inspection vlan

Displays DAI status for a specified list of VLANs.

vlan vlan-id

(Optional) Specifies the VLAN ID of the DHCP snooping binding database entry to be cleared. Valid VLAN IDs are from 1 to 4094, except for the VLANs reserved for the internal switch use.

mac-address mac-address

(Optional) Specifies the MAC address of the binding database entry to be cleared. Enter the mac-address argument in dotted hexadecimal format.

ip ip-address

(Optional) Specifies the IPv4 address of the binding database entry to be cleared. Enter the ip-address argument in dotted decimal format.

interface

(Optional) Specifies the Ethernet or EtherChannel interface.

ethernet slot / [QSFP-module/] port

(Optional) Specifies the Ethernet interface and its slot number and port number. The slot number is from 1 to 255. The QSFP-module number is from 1 to 4. The port number is from 1 to 128.

Note The QSFP-module number applies only to the QSFP+ Generic Expansion Module (GEM).

port-channel channel-number

(Optional) Specifies the Ethernet port channel of the binding database entry to be cleared.

6.0(2)N1(2)

Support for the QSFP+ GEM was added.

5.2(1)N1(1)

This command was introduced.

copy running-config startup-config

Copies the running configuration to the startup configuration.

show ip dhcp snooping binding

Displays IP-MAC address bindings, including the static IP source entries.

show running-config dhcp

Displays DHCP snooping configuration, including the IP Source Guard configuration.

5.2(1)N2(1)

This command was introduced.

copy running-config startup-config

Copies the running configuration to the startup configuration.

show ip dhcp snooping statistics

Displays DHCP snooping statistics.

show running-config dhcp

Displays DHCP snooping configuration, including the IP Source Guard configuration.

7.3(0)N1(1)

This command was introduced.

6.0(2)N2(2)

This command was introduced.