Index

Contents

* - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W

Index

*

***
radius-server test {password} 1

8

802.1X
authenticator PAEs 1
configuring 1
default settings 1
description 1
enabling feature 1
example configuration 1
guidelines 1
limitations 1
MAC authenication bypass 1
multiple host support 1
prerequisites 1
single host support 1
supported topologies 1
verifying configuration 1
802.1X authentication
authorization states for ports 1
enabling RADIUS accounting 1
initiation 1
802.1X reauthentication
setting maximum retry count on interfaces 1
802.1X supplicants
manually reauthenticating 1

A

aaa accounting default 1
aaa accounting default group 1
aaa accounting default local 1
aaa accounting dot1x default group 1
aaa authentication dot1x default group 1
aaa authentication login ascii-authentication 1
aaa authentication login chap enable 1
aaa authentication login console 1 2 3
aaa authentication login console group 1 2
aaa authentication login console local 1 2
aaa authentication login console none 1 2
aaa authentication login default 1
aaa authentication login error-enable 1
aaa authentication login {mschap | mschapv2} enable 1
aaa authorization default 1
aaa authorization ssh-certificate default 1
aaa authorization {commands | config-commands} {console | default} {group} 1
aaa authorization {group | local} 1
aaa authorization {ssh-certificate | ssh-publickey} 1
aaa group server ldap 1
aaa group server radius 1
aaa group server tacacs+ 1
aaa user default-role 1
absolute end 1
absolute start 1
accept-lifetime 1
acllog match-log-level 1
action {drop | forward | redirect} 1
authentication
802.1X 1
authentication (bind-first | compare} 1
authenticator PAEs
creating on an interface 1
description 1
removing from an interface 1

B

BGP
using with Unicast RPF 1

C

CA trust points
creating associations for PKI 1
CAs
authenticating 1
configuring 1
deleting certificates 1
description 1
displaying configuration 1
enrollment using cut-and-paste 1
example configuration 1
example of downloading certificate 1
generating identity certificate requests 1
identity 1
installing identity certificates 1
multiple 1
multiple trust points 1
peer certificates 1
purpose 1
certificate authorities. 1
See CAs 1
certificate revocation checking
configuring methods 1
certificate revocation lists 1
See CRLs 1
certificates
example of revoking 1
chgrp 1
chown 1
cipher-suite 1
class 1
class class-default 1
class insert-before 1
class-map 1
class-map type control-plane {match-all | match-any} 1 2 3
clear access-list ipsg stats 1
clear accounting log 1
clear copp statistics 1
clear hardware rate-limiter module 1
clear hardware rate-limiter {all | access-list-log | bfd | exception | fex | layer-3 glean | layer-3 multicast local-groups | span-egress} 1
clear ip access-list counters 1
clear ip arp inspection log 1
clear ip arp inspection statistics 1
clear ip dhcp global statistics 1
clear ip dhcp relay statistics interface 1
clear ip dhcp snooping binding interface ethernet 1
clear ip dhcp snooping binding interface port-channel 1
clear ip dhcp snooping binding vlan 1
clear ip dhcp snooping statistics 1
clear ip dhcp snooping statistics vlan 1
clear ipv6 access-list counters 1
clear ipv6 dhcp relay statistics interface 1
clear ldap-server statistics 1
clear line 1 2
clear mac access-list counters 1
clear port-security dynamic 1
clear port-security dynamic address 1
clear radius-server statistics 1
clear ssh hosts 1
clear tacacs-server statistics 1
conf-offset 1
control-plane 1 2 3
copp copy profile prefix | suffix} 1
copp copy profile {strict | moderate | lenient| dense 1
copp profile 1
copp profile dense 1
copp profile lenient 1
copp profile moderate 1
copp profile strict 1
copy scp 1
copy scp: 1
copy sftp 1
CRLs
configuring 1
description 1
downloading 1
generating 1
importing example 1
publishing 1
crypto ca authenticate 1
crypto ca crl request 1
crypto ca trustpoint 1
cryptographic-algorithm {HMAC-SHA-1 | HMAC-SHA-256 | HMAC-SHA-384 | HMAC-SHA-512 | MD5} 1

D

deadtime 1
deafult settings
port security 1
default settings
802.1X 1
PKI 1
denial-of-service attacks
IP address spoofing, mitigating 1
deny 1 2 3
description 1
device roles
description for 802.1X 1
DHCP client relay on orphan ports
description 1
DHCP relay on VPC Leg
description 1
DHCP relay on-stack
description 1
digital certificates
configuring 1
description 1 2
exporting 1
importing 1
peers 1
purpose 1
DoS attacks
Unicast RPF, deploying 1
dot1x default 1
dot1x host-mode {multi-host | single-host} 1
dot1x max-req 1
dot1x port-control {auto | force-authorized | forced-unauthorized} 1
dot1x re-authentication 1
dot1x timeout quiet-period 1
dot1x timeout ratelimit-period 1
dot1x timeout re-authperiod 1
dot1x timeout server-timeout 1
dot1x timeout supp-timeout 1
dot1x timeout tx-period 1
dynamic mode 1 2

E

enable Cert-DN-match 1
enable user-server-group 1
encryption decrypt type6 1
encryption delete type6 1
encryption re-encrypt obfuscated 1 2 3

F

feature 1
feature dhcp 1
feature dot1x 1
feature ldap 1
feature macsec 1 2
feature password encryption aes tam 1 2
feature port-security 1
feature scp-server 1
feature sftp-server 1
feature ssh 1 2
feature tacacs+ 1
feature telnet 1
FIPS
configuration example 1
disabling 1
enabling 1
self-tests 1
fragments {permit-all | deny-all} 1 2

G

generate type7_encrypted_secret 1 2 3 4 5
guidelines
port security 1

H

hardware access-list tcam region 1 2
hardware access-list tcam region ing-ifacl qualify udf 1 2
hardware profile tcam resource service-template 1
hardware profile tcam resource template 1
hardware rate-limiter access-list-log 1 2
hardware rate-limiter bfd 1
hardware rate-limiter exception 1
hardware rate-limiter fex 1
hardware rate-limiter layer-3 glean 1
hardware rate-limiter layer-3 multicast local-groups 1
hardware rate-limiter span-egress 1
host 1 2
hostnames
configuring for PKI 1

I

identity certificates
deleting for PKI 1
generating requests 1
installing 1
interface policy dent 1
ip access-class 1
ip access-group 1 2
ip access-list 1 2 3 4 5
ip arp inspection log-buffer entries 1
ip arp inspection trust 1
ip arp inspection validate 1
ip arp inspection validate dst-mac 1
ip arp inspection validate ip 1
ip arp inspection validate src-mac 1
ip arp inspection vlan 1 2
ip dhcp packet strict-validation 1 2
ip dhcp relay 1 2
ip dhcp relay address 1
ip dhcp relay address use-vrf 1
ip dhcp relay information option 1
ip dhcp relay information option server-id-override-disable 1
ip dhcp relay information option trust 1
ip dhcp relay information option vpn 1
ip dhcp relay information trust-all 1
ip dhcp relay information trusted 1
ip dhcp relay source-interface 1
ip dhcp relay sub-option circuit-id customized 1
ip dhcp relay sub-option circuit-id format-type string 1
ip dhcp relay sub-option type cisco 1
ip dhcp smart-relay 1
ip dhcp smart-relay global 1
ip dhcp snooping information option 1
ip dhcp snooping ipsg-excluded vlan 1
ip dhcp snooping trust 1
ip dhcp snooping verify mac-address 1
ip dhcp snooping vlan 1
IP domain names
configuring for PKI 1
ip port access group 1
ip radius source-interface 1
ip source binding 1
ip tacacs source-interface 1
ip verify source dhcp-snooping-vlan 1
ip verify unicast source reachable-via 1
ip verify unicast source reachable-via any 1
ipv6 access-class 1
ipv6 access-list 1 2 3
ipv6 address use-link-local-only 1
ipv6 dhcp relay 1
ipv6 dhcp relay address 1
ipv6 dhcp relay option type cisco 1
ipv6 dhcp relay option vpn 1
ipv6 dhcp relay source-interface 1
ipv6 dhcp smart-relay 1
ipv6 dhcp smart-relay global 1
ipv6 port traffic-filter 1
ipv6 traffic-filter 1
ipv6 verify unicast source reachable-via 1
ipv6 verify unicast source reachable-via any 1

K

key 1 2 3 4 5
key chain 1 2 3 4 5
key-chain macsec-psk no-show 1
key-octet-string 1
key-server-priority 1
key-string 1

L

ldap search-map 1
ldap-server deadtime 1 2
ldap-server host 1 2 3 4
ldap-server host idle-time 1
ldap-server host password 1 2
ldap-server host port 1 2
ldap-server host rootDN 1
ldap-server host test rootDN 1
ldap-server host timeout 1 2
ldap-server host username 1
ldap-server timeout 1
limitations
port security 1
line vty 1
logging drop threshold 1
logging ip access-list cache entries 1
logging ip access-list cache interval 1
logging ip access-list cache threshold 1
logging ip access-list detailed 1
login block-for 1
login block-for attempts 1
login on-failure log 1
login on-success log 1
login quiet-mode access-class 1

M

mac access-list 1 2 3
MAC addresses
learning 1
MAC authentication
bypass for 802.1X 1
mac packet-classify 1
mac port access-group 1 2
macsec policy 1
match access-group name 1 2 3
match exception {ip | ipv6} icmp redirect 1
match exception {ip | ipv6} icmp unreachable 1
match exception {ip | ipv6} option 1
match mac address 1
match protocol arp 1
match {ip | ipv6} address 1

N

no aaa authentication login ascii-authentication 1 2
no aaa authentication login {console | default | fallback error local 1 2
no dot1x system-auth-control 1
no feature dot1x 1
no feature ssh 1 2 3 4
no feature tacacs+ 1
no host 1 2
no ip access-list 1
no ipv6 access-list 1
no key chain 1
no mac access-list 1
no object-group {ip address | ipv6 address | ip port} 1
no ssh key dsa 1
no ssh key rsa 1
no time-range 1
no vlan access-map 1
no {periodic | absolute} 1

O

object-group ip address 1
object-group ip port 1
object-group ipv6 address 1

P

password prompt username 1
password strength-check 1
per-user DACL
guidelines 1
limitations 1
periodic 1
permit 1 2 3
permit http-method 1
permit interface 1
permit ip 1
permit mac 1
permit udf 1
permit vlan 1
permit vrf 1
permit | deny 1
PKI
certificate revocation checking 1
configuring hostnames 1
configuring IP domain names 1
default settings 1
description 1
displaying configuration 1
enrollment support 1
example configuration 1
generating RSA key pairs 1
guidelines 1
limitations 1
police 1 2
police cir 1 2
policy-map 1
policy-map type control-plane 1
port security
default settings 1
description 1
guidelines 1
limitations 1
MAC address learning 1
MAC move 1
violations 1
ports
authorization states for 802.1X 1

R

RADIUS accounting
enabling for 802.1X authentication 1
radius-server deadtime 1 2 3
radius-server directed-request 1
radius-server host 1 2 3 4 5 6 7
radius-server host accounting 1
radius-server host acct-port 1
radius-server host auth-port 1
radius-server host authentication 1
radius-server host idle-time 1
radius-server host password 1
radius-server host retransmit 1
radius-server host test 1
radius-server host timeout 1
radius-server host username 1
radius-server key 1 2
radius-server retransmit 1
radius-server test {idle-time} 1
radius-server test {username} 1
radius-server timeout 1
reload 1 2 3 4 5 6
resequence mac access-list 1
resequence time-range 1
resequence {ip | ipv6} access-list 1
role commit 1 2 3 4 5
role feature-group name 1
role name 1 2 3 4
role name priv 1
RSA key pairs
deleting from an Cisco NX-OS device 1
exporting 1
generating for PKI 1
importing 1
RSA key-pairs
description 1
displaying configuration 1
exporting 1
importing 1
multiple 1
rule {deny | permit ) command 1
rule {deny | permit} command 1
rule {deny | permit} {read | read-write} 1
rule {deny | permit} {read | read-write} feature 1
rule {deny | permit} {read | read-write} feature-group 1
rule {deny | permit} {read | read-write} oid 1

S

sak-expiry-time 1
scale-factor 1
secure MAC addresses
learning 1
security
port
MAC address learning 1
security-policy 1
send-lifetime 1 2
server 1 2 3
service-policy 1
service-policy input 1
set cos 1
show aa accounting 1
show aaa accounting 1 2
show aaa authentication 1 2 3 4 5
show aaa authentication login chap 1
show aaa authentication login {ascii-authentication | chap | error-enable | mschap | mschapv2} 1
show aaa authentication login {mschap | mschapv2} 1
show aaa authorization 1 2 3
show aaa authorization all 1
show aaa groups 1
show aaa user default-role 1
show accounting log 1
show class-map type control-plane 1 2
show cli syntax roles network-admin 1
show cli syntax roles network-operator 1
show copp profile 1
show copp status 1 2 3
show crypto ca certificates 1 2
show crypto ca crl 1 2
show dot1x 1 2
show dot1x all 1 2 3 4 5 6
show dot1x interface ethernet 1
show dot1x {all | interface ethernet} 1
show encryption service stat 1 2
show hardware access-list interface input entries detail 1
show hardware access-list tcam region 1 2
show hardware access-list tcam template 1 2
show hardware rate-limiter 1 2 3
show hardware rate-limiter access-list-log 1 2 3
show hardware rate-limiter bfd 1 2 3
show hardware rate-limiter exception 1 2 3
show hardware rate-limiter fex 1 2 3
show hardware rate-limiter layer-3 glean 1 2 3
show hardware rate-limiter layer-3 multicast local-groups 1 2 3
show hardware rate-limiter module 1 2 3
show hardware rate-limiter span-egress 1 2
show incompatibility nxos bootflash: 1
show interface counters storm-control 1 2
show interface ethernet counters storm-control 1
show interface port-channel counters storm-control 1
show interface port-channel counters storm-control multi-threshold 1
show interface port-channel counters storm-control multi-threshold broadcast 1
show interface port-channel counters storm-control multi-threshold multicast 1
show interface port-channel counters storm-control multi-threshold unicast 1
show interface switchport 1 2
show ip access-lists 1 2 3 4 5 6 7
show ip access-lists summary 1
show ip arp inspection 1
show ip arp inspection interface 1
show ip arp inspection interfaces 1
show ip arp inspection log 1
show ip arp inspection statistics 1
show ip arp inspection vlan 1 2
show ip dhcp relay 1 2 3 4 5 6 7
show ip dhcp relay address 1
show ip dhcp relay information trusted-sources 1 2 3
show ip dhcp relay statistics 1
show ip dhcp snooping binding 1 2
show ip interface 1
show ip ver source 1 2
show ip ver source ethernet 1 2
show ip ver source port-channel 1 2
show ipv6 access-lists 1 2 3 4 5
show ipv6 access-lists summary 1
show ipv6 dhcp relay 1 2 3 4 5 6
show ipv6 dhcp relay interface 1
show ipv6 dhcp relay statistics 1
show key chain 1 2 3 4 5 6 7
show key chain mode decrypt 1 2
show ldap-search-map 1 2
show ldap-server 1 2 3 4 5 6 7 8
show ldap-server groups 1 2
show ldap-server statistics 1 2 3
show logging ip access-list cache 1 2
show logging ip access-list status 1
show login 1 2
show login failures 1
show login on-failure log 1
show login on-successful log 1
show mac access-lists 1 2 3 4 5 6
show macsec mka session 1
show macsec mka statistics 1
show macsec mka summary 1
show macsec policy 1 2
show macsec secy statistics 1
show object-group 1 2 3 4 5
show password strength-check 1
show policy-map interface control-plane 1 2 3 4
show policy-map type control-plane 1 2
show policy-map type control-plane expand 1
show policy-map type control-plane name 1
show port-security 1 2
show port-security address 1 2
show port-security address interface 1
show port-security interface 1
show radius {status | pending | pending-diff} 1
show radius-server 1 2 3 4 5 6 7 8 9 10 11 12
show radius-server directed-request 1
show radius-server group 1
show radius-server groups 1
show radius-server statistics 1 2
show role 1 2 3 4 5 6
show role feature 1
show role feature-group 1 2
show role {pending | pending-diff} 1 2 3 4 5
show run interface 1
show running-config aaa 1
show running-config acllog 1
show running-config aclmgr 1 2 3 4 5 6 7 8 9 10 11
show running-config aclmgr all 1 2
show running-config all | i max-login 1 2
show running-config copp 1 2 3 4
show running-config copp all 1
show running-config dhcp 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
show running-config interface 1 2 3
show running-config interface ethernet 1 2 3 4
show running-config interface mgmt 0 1
show running-config interface port-channel 1 2
show running-config interface vlan 1
show running-config interface {ethernet | port-channel} 1 2
show running-config ip 1
show running-config ipv6 1
show running-config ldap 1
show running-config macsec 1
show running-config port-security 1 2 3 4 5 6 7
show running-config radius 1
show running-config security 1 2 3
show running-config security all 1 2 3
show running-config tacacs 1
show running-config tacacs all 1
show ssh key 1 2 3
show ssh key dsa 1
show ssh key md5 1
show ssh key rsa 1
show ssh server 1 2
show startup-config aaa 1
show startup-config acllog 1
show startup-config aclmgr 1 2 3 4
show startup-config aclmgr all 1 2 3
show startup-config dhcp 1
show startup-config dhcp all 1
show startup-config interface ethernet 1
show startup-config ip 1
show startup-config ldap 1
show startup-config radius 1
show startup-config security 1
show startup-config tacacs 1
show system login 1
show system login failures 1
show tacacs+ {pending | pending-diff} 1 2 3 4 5 6 7
show tacacs+ {status | pending | pending-diff} 1
show tacacs-server 1 2 3 4 5 6 7 8 9 10 11
show tacacs-server directed-request 1 2
show tacacs-server groups 1 2
show tacacs-server sorted 1
show tacacs-server statistics 1 2 3
show telnet server 1 2
show time-range 1 2 3
show user-account 1 2 3 4 5 6 7
show username 1
show username keypair 1
show userpassphrase {length | max-length | min-length} 1 2
show users 1 2 3 4
show vlan access-map 1
show vlan filter 1
show {ip | ipv6 | access-lists} 1
ssh 1
ssh key 1
ssh key force 1
ssh key rsa 1
ssh login-attempts 1
ssh vrf 1
ssh6 1
ssh6 vrf 1
statistics per-entry 1 2 3 4 5
storm-control action trap 1 2
storm-control multi unicast 1
storm-control {broadcast | multicast | unicast} 1
storm-control-cpu arp rate 1
switchport 1 2
switchport block ethernet switchport 1 2
switchport block port-channel switchport 1 2
switchport block {multicast | unicast} 1
switchport port-security 1
switchport port-security aging time 1
switchport port-security aging type 1
switchport port-security mac-address 1 2
switchport port-security mac-address sticky 1 2
switchport port-security maximum 1
switchport port-security violation 1
system login block-for 1
system login block-for attempts 1
system login block-for within 1
system login quiet-mode access-class 1

T

tacacs+ commit 1 2 3 4 5 6 7
tacacs-server dead-time 1 2
tacacs-server deadtime 1
tacacs-server directed-request 1
tacacs-server host 1 2 3 4 5 6 7
tacacs-server host port 1
tacacs-server host timeout 1
tacacs-server key 1 2
tacacs-server test 1
tacacs-server test idle-time 1
tacacs-server test username 1
telnet 1
telnet vrf 1
telnet6 1
telnet6 vrf 1
terminal no verify-only 1
terminal no verify-only username 1
terminal verify-only 1
terminal verify-only username 1
test aaa authorization command-type {commands | config-commands} user command 1
test aaa group 1 2
test aaa server radius 1
test aaa server radius vrf 1
test aaa server tacacs+ 1
time-range 1
trust points
description 1
multiple 1
saving configuration across reboots 1

U

udf 1 2
Unicast RPF
BGP attributes 1
BOOTP and 1
default settings 1
deploying 1
description 1
DHCP and 1
example configurations 1
FIB 1
guidelines 1
implementation 1
limitations 1
tunneling and 1
verifying configuration 1
use-vrf 1 2
user max-logins 1
username 1
username keypair export 1
username keypair export {rsa | dsa} 1
username keypair generate 1
username keypair import 1
username keypair import (rsa | dsa} 1
username password 1 2
username sshkey 1
username sshkey file bootflash 1
userpassphrase max-length 1
userpassphrase min-length 1

V

vlan access-map 1
vlan filter 1
vlan policy deny 1
vPC First Hop Security Configuration
description 1
vrf policy deny 1

W

window-size 1