New and Changed Information
Your software release might not support all the features in this document. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release.
Feature |
Description |
Changed in Release |
Where Documented |
---|---|---|---|
X.509 certificate based SSH Authorization using TACACS |
Beginning with Cisco NX-OS Release 8.4(10), authorization of X.509 certificates for SSH using a TACACS+ server can be configured using the aaa authorization ssh-certificate default group command. |
8.4(10) |
|
Scale ACL |
Starting from Cisco NX-OS Release 8.4(2), Scale ACL is supported on M3 series modules for RACL policies. |
8.4(2) |
|
ACL name length |
Starting from Cisco NX-OS Release 8.4(2), the IP ACL name length can have upto 256 characters. |
8.4(2) |
|
Router ACL |
Starting from Cisco NX-OS Release 8.4(1), Router ACL is supported on Bridge domain interfaces. |
8.4(1) |
Configuring IP ACLs |
4096 bit RSA Keys |
Starting from Cisco NX-OS Release 8.4(1), you can use 4096 bit RSA keys to secure SSH, SCP and SFTP sessions. You can also associate a 4096 bit RSA key with a trust point. |
8.4(1) |
|
Non-standard Ethernet Type and DMAC Support for MACsec |
Added support for changing the EAPoL destination address and the Ethernet Type values to non-standard values. |
8.3(1) |
|
CoPP |
Support for uRPF exception CoPP class is introduced in Cisco NX-OS Release 8.2(6). |
8.2(6) |
|
MACsec Enhancements |
Enhanced the following—should-secure security policy, break-out capability of PSK, MKA Unique PSK scale support up to 400, MKA Unrecoverable SAK support, SECurity entitY MIB IEEE8021-SECY-MIB support. |
8.2(3) |
|
Flexible ACL TCAM Bank Chaining |
Added the support for Cisco Nexus M2 series modules for the flexible ACL TCAM bank chaining feature. |
8.2(1) |
|
DHCP Redirect Response |
Added support for the DHCP redirect response feature. |
8.2(1) |
|
MACsec Key Agreement |
Added support for the MACsec Key Agreement protocol. |
8.2(1) |
|
SGT Tagging Exemption for Layer 2 Protocols |
Added support to exempt SGT tagging for L2 control packets. |
8.1(1) |
|
SGACL Policy Enforcement Per Interface |
Added the support to enable or disable SGACL policy enforcement on L3 physical interfaces and port-channels. |
8.0(1) |
|
Flexible ACL TCAM Bank Chaining |
Added the support for Cisco Nexus M3 series modules for the flexible ACL TCAM bank chaining feature. |
8.0(1) |
|
X.509v3 Certificate-Based SSH Authentication |
Added the support for the X.509v3 Certificate-Based SSH Authentication feature. |
8.0(1) |
|
System Security Monitoring |
Added the functionality to monitor status for the system security features. |
8.0(1) |
|
IPv6 First Hop Security |
Added the support for the IPv6 First-Hop Security features. |
8.0(1) |
|
SGACL Egress Policy Overwrite |
Added the support for the SGACL Egress Policy Overwrite feature. |
8.0(1) |
|
Runtime Integrity Assurance |
Added the support for the Runtime Integrity Assurance feature. |
8.0(1) |
|
SXPv4 |
Added the support for the SGT Exchange Protocol Version 4. |
8.0(1) |