Cisco Nexus 5500 Series NX-OS Security Command Reference

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Available Languages

Download Options

Book Title

Cisco Nexus 5500 Series NX-OS Security Command Reference

Chapter Title

E Commands

PDF - Complete Book (2.56 MB) PDF - This Chapter (69.0 KB)
View with Adobe Reader on a variety of devices
ePub - Complete Book (247.0 KB)
View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi - Complete Book (731.0 KB)
View on Kindle device or Kindle app on multiple devices

Results

Updated:: January 25, 2018

E Commands

This chapter describes the Cisco NX-OS security commands that begin with E.

enable

To enable a user to move to a higher privilege level after being prompted for a secret password, use the enable command.

enable level

Syntax Description

level

Privilege level to which the user must log in. The only available level is 15.

Command Default

Privilege level 15

Command Modes

EXEC configuration mode

Command History

Release	Modification
5.2(1)N1(1)	This command was introduced.

Usage Guidelines

To use this command, you must enable the cumulative privilege of roles for command authorization on TACACS+ servers using the feature privilege command.

Examples

This example shows how to enable the user to move to a higher privilege level after being prompted for a secret password:

switch# enable 15

switch#

Related Commands

Command	Description
enable secret	Enables a secret password for a specific privilege level.
feature privilege	Enables the cumulative privilege of roles for command authorization on TACACS+ servers.
show privilege	Displays the current privilege level, username, and status of cumulative privilege support.
username	Enables a user to use privilege levels for authorization.

enable secret

To enable a secret password for a specific privilege level, use the enable secret command. To disable the password, use the no form of this command.

enable secret [ 0 | 5 ] password [ all | priv-lvl priv-lvl ]

no enable secret [ 0 | 5 ] password [ all | priv-lvl priv-lvl ]

Syntax Description

0	(Optional) Specifies that the password is in clear text.
5	(Optional) Specifies that the password is in encrypted format.
password	Password for user privilege escalation. It contains up to 64 alphanumeric, case-sensitive characters.
all	(Optional) Adds or removes all privilege level secrets.
priv-lvl priv-lvl	(Optional) Specifies the privilege level to which the secret belongs. The range is from 1 to 15.

Command Default

Disabled

Command Modes

Global configuration mode

Command History

Release	Modification
5.2(1)N1(1)	This command was introduced.

Usage Guidelines

To use this command, you must enable the cumulative privilege of roles for command authorization on TACACS+ servers using the feature privilege command.

Examples

This example shows how to enable a secret password for a specific privilege level:

switch# configure terminal

switch(config)# feature privilege

switch(config)# enable secret 5 def456 priv-lvl 15

switch(config)# username user2 priv-lvl 15

switch(config)#

Related Commands

Command	Description
enable	Enables the user to move to a higher privilege level after being prompted for a secret password.
feature privilege	Enables the cumulative privilege of roles for command authorization on TACACS+ servers.
show privilege	Displays the current privilege level, username, and status of cumulative privilege support.
username	Enables a user to use privilege levels for authorization.

eq

To specify a single port as a group member in an IP port object group, use the eq command. To remove a single port group member from the port object group, use the no form of this command.

[ sequence-number ] eq port-number

no { sequence-number | eq port-number }

Syntax Description

sequence-number	(Optional) Sequence number for this group member. Sequence numbers maintain the order of group members within an object group. Valid sequence numbers are from 1 to 4294967295. If you do not specify a sequence number, the device assigns a number that is 10 greater than the largest sequence number in the current object group.
port-number	Port number that this group member matches. Valid port numbers are from 0 to 65535.

Defaults

None

Command Modes

IP port object group configuration

Command History

Release	Modification
7.3(0)N1(1)	This command was introduced.

Usage Guidelines

IP port object groups are not directional. Whether an eq command matches a source or destination port or whether it applies to inbound or outbound traffic depends upon how you use the object group in an ACL.

This command does not require a license.

Examples

This example shows how to configure an IP port object group named port-group-05 with a group member that matches traffic sent to or from port 443:

switch# config t

switch(config)# object-group ip port port-group-05

switch(config-port-ogroup)# eq 443

Related Commands

Command	Description
gt	Specifies a greater-than group member in an IP port object group.
lt	Specifies a less-than group member in an IP port object group.
neq	Specifies a not-equal-to group member in an IP port object group.
object-group ip port	Configures an IP port object group.
range	Specifies a port-range group member in an IP port object group.
show object-group	Displays object groups.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)