The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco NX-OS security commands that begin with F.
To configure a feature in a user role feature group, use the feature command. To delete a feature in a user role feature group, use the no form of this command.
Switch feature name as listed in the show role feature command output. |
User role feature group configuration mode
|
|
Use the show role feature command to list the valid feature names to use in this command.
This example shows how to add features to a user role feature group:
This example shows how to remove a feature from a user role feature group:
|
|
---|---|
To enable the Dynamic Host Configuration Protocol (DHCP) snooping feature on the device, use the feature dhcp command. To disable the DHCP snooping feature and remove all configuration related to DHCP snooping, use the no form of this command.
|
|
---|---|
The DHCP snooping feature is disabled by default. DHCP snooping can be enabled or disabled on VLANs.
If you have not enabled the DHCP snooping feature, commands related to DCHP snooping are unavailable.
Dynamic ARP inspection and IP Source Guard depend upon the DHCP snooping feature.
If you disable the DHCP snooping feature, the device discards all configuration related to DHCP snooping configuration, including the following features:
If you want to turn off DHCP snooping and preserve configuration related to DHCP snooping, disable DHCP snooping globally with the no ip dhcp snooping command.
Access-control list (ACL) statistics are not supported if the DHCP snooping feature is enabled.
This example shows how to enable DHCP snooping:
This example shows how to disable DHCP snooping:
|
|
---|---|
Copies the running configuration to the startup configuration. |
|
Displays DHCP snooping configuration, including IP Source Guard configuration. |
To enable HTTP or Hypertext Transfer Protocol Secure (HTTPS) on the switch, use the feature http-server command. To disable the HTTP or HTTPS server, use the no form of this command.
|
|
---|---|
This example shows how to enable the HTTP server on the switch and verify the status of the HTTP server:
|
|
---|---|
Copies the running configuration to the startup configuration. |
|
To enable port security on Layer 2 interfaces, use the feature port-security command. To disable port security, use the no form of this command.
|
|
---|---|
Use the port security feature to secure a port by limiting and identifying the MAC addresses of the switches that are allowed to access the port.
You can enable port security on a virtual port channel (vPC) port only if the following occurs:
This example shows how to enable port security on the switch:
This example shows how to disable port security on the switch:
|
|
---|---|
Displays the features that are enabled or disabled on the switch. |
|
Configures the switchport parameters to establish port security. |
To enable the cumulative privilege of roles for command authorization on RADIUS and TACACS+ servers, use the feature privilege command. To disable the cumulative privilege of roles, use the no form of this command.
|
|
---|---|
When the feature privilege command is enabled, privilege roles inherit the permissions of lower level privilege roles.
This example shows how to enable the cumulative privilege of roles:
This example shows how to disable the cumulative privilege of roles:
|
|
---|---|
Displays the current privilege level, username, and status of cumulative privilege support. |
|
To enable TACACS+, use the feature tacacs+ command. To disable TACACS+, use the no form of this command.
|
|
You must use the feature tacacs+ command before you configure TACACS+.
Note When you disable TACACS+, the Cisco NX-OS software removes the TACACS+ configuration.
This example shows how to enable TACACS+:
This example shows how to disable TACACS+:
|
|
---|---|