New and Changed Information
The table below summarizes the new and changed features for this document and shows the releases in which each feature is supported. Your software release might not support all the features in this document. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release.
Feature |
Description |
Changed in Release |
Where Documented |
---|---|---|---|
Cisco TrustSec |
Removed the requirement for the Advanced Services license. |
6.1(1) |
Configuring Cisco TrustSec |
Cisco TrustSec |
Added MACsec support for 40G and 100G M2 Series modules. |
6.1(1) |
Configuring Cisco TrustSec |
CoPP |
Added a new class for FCoE; added the LISP, LISP6, and MAC Layer 3 IS-IS ACLs to the critical class; added the fcoe-fib-miss match exception to the undesirable class; added the MAC Layer 2 tunnel ACL to the Layer 2 unpoliced class, and added the "permit icmp any any 143" rule to the acl-icmp6-msgs ACL. |
6.1(1) |
|
FIPS |
Added support for digital image signing on switches that contain the Supervisor 2 module. |
6.1(1) |
|
FIPS |
Updated FIPS guidelines for M2 Series modules. |
6.1(1) |
|
IP ACLs and MAC ACLs |
Updated for M2 Series modules. |
6.1(1) |
|
ACLs and CoPP |
Changed the show running-config aclmgr and show startup-config aclmgr commands to display only the user-configured ACLs (and not also the default CoPP-configured ACLs) in the running and startup configurations. |
5.2(1) |
Configuring IP ACLs, Configuring MAC ACLs, Configuring VLAN ACLs, and Configuring Control Plane Policing |
Cisco TrustSec |
Added support for pause frame encryption and decryption on interfaces. |
5.2(1) |
Configuring Cisco TrustSec |
CoPP |
Added the ability to change or reapply the default CoPP policy without rerunning the setup utility. |
5.2(1) |
|
CoPP |
Changed the CoPP best practice policy to read-only and added the ability to copy the policy in order to modify it. |
5.2(1) |
|
CoPP |
Added the show copp profile and show copp diff profile commands to display the details of the CoPP best practice policy and the differences between policies, respectively. |
5.2(1) |
|
CoPP |
Changed the show copp status command to display which flavor of the CoPP best practice policy is attached to the control plane. |
5.2(1) |
|
CoPP |
Changed the name of the none option for the best practices CoPP profile in the setup utility to skip . |
5.2(1) |
|
CoPP |
Updated the default class maps with support for MPLS LDP, MPLS OAM, MPLS RSVP, DHCP relay, and OTV-AS. |
5.2(1) |
|
DHCP |
Added subnet broadcast support for the DHCP relay agent and support for DHCP smart relay. |
5.2(1) |
|
FCoE ACLs |
Added support for FCoE ACLs on F1 Series modules. |
5.2(1) |
|
IP ACLs |
Added support for ACL capture on M1 Series modules. |
5.2(1) |
|
LDAP |
Deprecated the ldap-server port command. |
5.2(1) |
|
Password encryption |
Added support for AES password encryption and a configurable master encryption key. |
5.2(1) |
|
RADIUS |
Added type-6 encryption support for RADIUS server keys. |
5.2(1) |
|
TACACS+ |
Added type-6 encryption support for TACACS+ server keys. |
5.2(1) |
|
Control plane policy map |
Added the ability to specify the threshold value for dropped packets and generate a syslog if the drop count exceeds the configured threshold. |
5.1(1) |
|
CoPP |
Updated the default policies with the 802.1Q class of service (cos) values. |
5.1(1) |
|
CoPP |
Added support for non-IP traffic classes. |
5.1(1) |
|
DHCP snooping |
Optimized DHCP snooping to work in a vPC environment. |
5.1(1) |
|
FIPS |
Added the ability to configure Federal Information Processing Standards (FIPS) mode. |
5.1(1) |
|
Rate limits |
Added support for F1 Series module packets. |
5.1(1) |
|
Rate limits |
Added the ability to configure rate limits for packets that reach the supervisor module and to log a system message if the rate limit is exceeded. |
5.1(1) |
|
Rate limits |
Added options to disable rate limits and to configure rate limits for a specific module and port range. |
5.1(1) |
|
SCP and SFTP servers |
Added the ability to configure SCP and SFTP servers on the Cisco NX-OS device to support the copy of files to and from a remote device. |
5.1(1) |
|
User roles |
Added the ability to display the syntax of the commands that the network-admin and network-operator roles can use. |
5.1(1) |
|
VTY ACLs |
Added support to control access to traffic received over a VTY line. |
5.1(1) |
|
802.1X |
Supports configuring 802.1X on member ports of a port channel. |
5.0(2) |
|
AAA authorization |
Supports configuring the default AAA authorization method for TACACS+ servers. |
5.0(2) |
|
CHAP authentication |
Allows the enabling or disabling of CHAP authentication. |
5.0(2) |
|
CoPP |
Updated the default policies with support for ACL HSRP6. |
5.0(2) |
|
DHCP |
Allows the DHCP relay agent to support VRFs. Also adds the ip dhcp relay information option vpn command and modifies the ip dhcp relay address command. |
5.0(2) |
|
DHCP |
Supports enabling DHCP to use Cisco proprietary numbers 150, 152, and 151 for the link selection, server ID override, and VRF name/VPN ID relay agent option-82 suboptions. |
5.0(2) |
|
IP ACLs, MAC ACLs, and VACLs |
Allows up to 128K ACL entries when using an XL line card, provided a scalable services license is installed. |
5.0(2) |
Configuring IP ACLs, Configuring MAC ACLs, and Configuring VLAN ACLs |
LDAP |
Supports configuring the Lightweight Directory Access Protocol (LDAP). |
5.0(2) |
|
Local authentication |
Enables fallback to local authentication when remote authentication fails. |
5.0(2) |
|
Local authentication |
Allows the disabling of fallback to local authentication. |
5.0(2) |
|
OTP |
Supports one-time passwords. |
5.0(2) |
|
Periodic server monitoring |
Supports global periodic RADIUS and TACACS+ server monitoring. |
5.0(2) |
|
PKI |
Supports a remote cert-store and certificate mapping filters. |
5.0(2) |
|
Privilege roles |
Supports permitting or denying commands for users of privilege roles. |
5.0(2) |
|
Rate limits |
Supports Layer 2 Tunnel Protocol (L2TP) packets. |
5.0(2) |
|
SGACL policies |
Allows the enabling or disabling of RBACL logging. |
5.0(2) |
|
SGACL policies |
Allows the enabling, disabling, monitoring, and clearing of RBACL statistics. |
5.0(2) |
|
SSH |
Supports configuring a maximum number of SSH login attempts. |
5.0(2) |
|
SSH |
Supports starting SSH sessions from the boot mode of a Cisco NX-OS device in order to connect to a remote device. |
5.0(2) |
|
SSH |
Supports copying files from a Cisco NX-OS device to an SCP or SFTP server without a password. |
5.0(2) |
|
TACACS+ privilege-level authorization |
Supports the mapping of privilege levels configured for users on the TACACS+ server to locally configured user roles on the Cisco NX-OS device. |
5.0(2) |