New and Changed Information
This table summarizes the new and changed features for the Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.3(x) and where they are documented.
|
Feature |
Description |
Changed in Release |
Were Documented |
|---|---|---|---|
|
Layer 3 subinterface egress RACL |
Added support for Layer 3 subinterface egress router ACL on Cisco Nexus 9300-EX, 9300-FX, and 9300-FX2 platform switches |
9.3(9) |
|
|
Configuring Login Block Per User |
Added ability to configure login block per user |
9.3(7) |
|
|
802.1X Support for VXLAN EVPN |
Added support for Cisco Nexus 9300-GX platform switches. |
9.3(7) |
Guidelines and Limitations for 802.1X Support for VXLAN EVPN |
|
Authentication through MAC Authentication Bypass only |
Added the ability to configure MAB as the default authentication method for all traffic on dot1q enabled ports. This feature is supported on Cisco Nexus 9336-FX2, Nexus 9236C, Nexus 93108TC-EX, and Nexus 93180YC-EX switches. |
9.3(5) |
|
|
Dynamic ACL |
Added the ability to restrict access to the dot1q blocked list of MAB clients. This feature is supported on Cisco Nexus 9336-FX2, Nexus 9236C, Nexus 93108TC-EX, and Nexus 93180YC-EX switches. |
9.3(5) |
|
|
DHCPv6 |
Added support for DHCPv6 Option 79 (client link-layer address) in DHCPv6-relayed packets for Cisco Nexus 9300-GX platform switches. |
9.3(5) |
|
|
IPv6 First Hop Security |
Added support for Cisco Nexus 9300-GX platform switches. |
9.3(5) |
|
|
IPv6 Egress ACL |
Added support for IPv6 egress ACL on Cisco Nexus 9504 and 9508 platform switches with the -R and -RX line cards. |
9.3(5) |
|
|
IP Source Guard (IPSG) |
Added support on Cisco Nexus 9300-GX platform switches. |
9.3(5) |
|
|
MACsec |
Added support on Cisco Nexus N9K-C93180YC-FX3S, Nexus N9K-X9732C-FX, and Nexus N9K-X9788TC-FX line cards. |
9.3(5) |
|
|
NDcPP: OCSP for Syslog |
Added OCSP support for syslog servers. This feature is supported on all Cisco Nexus 9000 Series switches and line cards. |
9.3(5) |
|
|
PACL redirects |
Added support for PACL redirects on Cisco Nexus 9300-GX switches. |
9.3(5) |
|
|
Type-6 encryption of MACsec keys |
Added the ability to store MACsec preshared key in a type-6 encrypted format. This feature is supported on all Nexus 9000 series switches that support MACsec. |
9.3(5) |
|
|
UDP for IP Helper Address |
Added the ability to enable route configuration to relay broadcasts destined for all UDP ports, except the DHCPv4 port numbers 67 and 68. This feature is supported on Nexus 9200, 9300, 9300-EX, Nexus 9300-FX/FX2, and Nexus 9500 switches with the -EX/FX line cards. |
9.3(5) |
|
|
802.1x |
Added support for 802.1X on Cisco Nexus 9300-GX switches. |
9.3(3) |
802.1X Guidelines and Limitations |
|
DAI |
Added support for DAI on Cisco Nexus 9300-GX switches. |
9.3(3) |
|
|
DHCP |
Added support for DHCP snooping and DHCP relay on Cisco Nexus 9300-GX switches. |
9.3(3) |
|
|
DHCP |
Added the ability to disable the server identifier override option for DHCP Option 82 packets. |
9.3(3) |
|
|
DHCP |
Added the ability for the DHCP relay to choose either the primary or the secondary subnet when the interface includes both these subnets. |
9.3(3) |
|
|
DHCPv6 |
Added support for DHCPv6 Option 79 (client link-layer address) in DHCPv6-relayed packets for all Cisco Nexus 9000 Series switches and line cards. |
9.3(3) |
|
|
IP ACLs |
Added support to egress IPv4 and IPv6 RACL on Cisco Nexus 9500 platform switches with -R and -RX line cards. |
9.3(3) |
|
|
MAC UDF |
Ability to configure UDF-based MAC access lists (ACLs) for Cisco Nexus 9300-GX switches. |
9.3(3) |
|
|
MACsec |
Added support for MACsec on Cisco Nexus 93108TC2-FX, Cisco Nexus 93180YC-FX, Cisco Nexus 93216TC-FX2, , and Cisco Nexus 93360YC-FX2 switches. |
9.3(3) |
|
|
User-defined MAC address |
Enables you to configure a user-defined MAC address limit between the range of 16 to 256. |
9.3(2) |
|
|
MAC UDF |
Ability to enable the device to match on user-defined fields (UDFs) and to apply the matching packets to MAC ACLs. |
9.3(2) |
|
|
MACSec |
MACsec is now supported on the Cisco Nexus N9K-C9364C, N9K-C9332C, and N9K-C9348GC-FXP platform switches. |
9.3(1) |
|
| uRPF | uRPF is now supported on Cisco Nexus 9500 Series switches with the family of modular EX and FX line cards. | 9.3(1) | |
| MAC UDF | Ability to configure UDF-based MAC access lists (ACLs) for the Cisco Nexus 9200, 9300, and 9300-EX Series switches. This feature enables the device to match on user-defined fields (UDFs) and to apply the matching packets to MAC ACLs. | 9.3(1) |
Feedback