Skip to content
Skip to search
Skip to footer

Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 10.2(x)

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Results

Updated:: April 26, 2022

Chapter: New and Changed Information

New and Changed Information
New and Changed Information

New and Changed Information

This chapter provides release-specific information for each new and changed feature in the Cisco Nexus 9000 Series NX-OS Security Guide, Release 10.2(x).

New and Changed Information

This table summarizes the new and changed features for the Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 10.2(x) and where they are documented.

Table 1. New and Changed Features
Feature	Description	Changed in Release	Where Documented
Type 6 password portability across devices with same Primary key & Primary key encryption using TAM	Added support for authentication keys using Type-6 encryption for better protection.	10.2(3)F	Configuring a Primary Key and Enabling the AES Password Encryption Feature Configuration Examples for Password Encryption
Increase ACL LOU threshold	Added support for configurable LOU threshold limit for ACL configuration on Cisco Nexus 9500-R platform switches.	10.2(3)F	Logical Operators and Logical Operation Units Guidelines and Limitations for IP ACLs Verifying the IP ACL Configuration
Egress CoPP support	Added egress CoPP supported platform switches.	10.2(3)F	Guidelines and Limitations for CoPP Egress CoPP Configuring ARP ACL Filtering for Egress CoPP Configuring IP ACL Filtering for Egress CoPP
Egress Filtering on Subinterfaces	Added support for Layer 3 subinterface egress router ACL on Cisco Nexus 9300-FX3, 9300-GX, and 9300-GX2 platform switches	10.2(3)F	Guidelines and Limitations for IP ACLs
DHCPv6 Prefix Delegation support	Added a new CLI to add static v6 route for v6 Delegated Prefix so that prefix is routable from switch.	10.2(3)F	IPv6 Availability for Delegated Prefix Through the v6 Relay Agent Enabling or Disabling the DHCPv6 Relay Agent Verifying the DHCP Configuration Clearing DHCPv6-PD Binding
Disable Security and SNMP User Synchronization	Added a new CLI to allow you to disable the user synchronization between the SNMP and security components.	10.2(2)F	Guidelines and Limitations for AAA Guidelines and Limitations for SSH and Telnet Configuring X.509v3 Certificate-Based SSH Authentication Guidelines and Limitations for User Accounts and RBAC Configuring User Accounts
DHCP non-tlv format	Added a new CLI to allow you to remove suboptions of Option 82 information.	10.2(2)F	Enabling or Disabling Option 82 for the DHCP Relay Agent Enabling or Disabling Option 82 Data Insertion and Removal
NDB: Egress Filtering support	Added support for Egress PACL on Cisco on Cisco Nexus 9300-GX as well as N9K-C93108TC-FX3P and N9K-C93180YC-FX3 platform switches.	10.2(2)F	Guidelines and Limitations for IP ACLs
MACsec	Added support for MACsec on Cisco N9K-C9332D-GX2B platform switches.	10.2(1q)F	Guidelines and Limitations for MACsec
VLAN ACLs	Added support for VLAN ACLs on Cisco N9K-C9332D-GX2B platform switches.	10.2(1q)F	Guidelines and Limitations for VACLs
Cisco AV Pair	SNMPV3 attributes can be mentioned before the shell:roles attribute in `cisco-av-pair`	10.2(1)F	Guidelines and Limitations for AAA
Disable Secure Channel Identifier	Secure Channel Identifier (SCI) can be disabled from MACSec security tag (SecTAG)	10.2(1)F	Guidelines and Limitations for MACsec Verifying the MACsec Configuration
DHCPv6 SMART Relay	Added DHCPv6 SMART Relay feature	10.2(1)F	DHCPv6 Smart Relay Agent Guidelines and Limitations for DHCPv6 Smart Relay Enabling or Disabling DHCPv6 Smart Relay Globally Enabling or Disabling DHCPv6 Smart Relay on a Layer 3 Interface
Support MACSec on LC-G	Added PID support to MACsec	10.2(1)F	Guidelines and Limitations for MACsec
DACL	Added Per-User DACL feature	10.2(1)F	About Per-User DACLs Guidelines and Limitations for Per-User DACL Support for 802.1X Configuring Per-User DACLs Configuration Example for Per-User DACL
Egress PACL	Added PID support to Egress PACL	10.2(1)F	Guidelines and Limitations for IP ACLs

Was this Document Helpful?

Feedback

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)