New and Changed Information
This table summarizes the new and changed features for the Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 10.3(x) and where they are documented.
|
Feature |
Description |
Changed in Release |
Where Documented |
|---|---|---|---|
|
ECC key pair |
Added Elliptic Curve Cryptography key pair support for generating and import/enrollment of certificate. |
10.3(3)F |
|
|
Expanded support for Type-6 password encryption |
Added Type-6 encryption support for RPM legacy keychain. |
10.3(3)F |
Guidelines and Limitations for Password Encryption Configuring a Primary Key and Enabling the AES Password Encryption Feature |
|
SGT forwarding support |
Added support for SGT forwarding on Cisco Nexus 9500 switches with N9K-X97160YC-EX line card. |
10.3(3)F |
|
|
MACsec Cipher key enforcement |
MACsec Cipher key enforcement feature provides the option to define the supported cipher suites from the most preferred to the least preferred. |
10.3(3)F |
|
|
Nested CA bundle with gNMI |
Added support to import CA certificate. |
10.3(3)F |
|
|
Autocomplete ACL name |
Added auto name complete support for ACL names on Cisco Nexus 9000 Series platform switches. |
10.3(3)F |
|
|
Port-security support with VXLAN EVPN (Single VTEP) |
L2 Port security feature is supported on VXLAN BGP EVPN (single VTEP). |
10.3(3)F |
|
|
Uprev all OC model to the latest version - AAA |
Added password criteria to configure AAA for RADIUS and TACACS+. |
10.3(3)F |
|
|
Option to prioritize storm control policer over L3 control packet policers |
Introduced a command to prioritize storm-control policer over the CoPP policer for Layer 3 control frames. |
10.3(3)F |
|
|
MACsec support on 9408 with LEM modules |
Added support for MACsec on Cisco Nexus 9408 with LEM modules N9K-X9400-16W and N9K-X9400-8D on all supported links. |
10.3(2)F |
|
|
Primary key enablement within configuration mode |
Added support to configure primary key using DME payload and non-interactive mode. |
10.3(2)F |
Configuring a Primary Key and Enabling the AES Password Encryption Feature |
|
BGP: RPKI Support |
An RPKI database is used by BGP to validate origin-AS. |
10.3(2)F |
Resource Public Key Infrastructure (RPKI) |
|
Storm Control on Layer 3 Interfaces​ |
Added support for Traffic Storm Control on Layer 3 interfaces. |
10.3(2)F |
|
|
Source CoPP ACLs on Nexus 9504/9508 with -R line cards |
Added support for source IP based filtering for CoPP on Cisco Nexus 9504 and 9508 switches with R/RX line cards. |
10.3(2)F |
|
|
MAB, Critical Authentication, and Multi-auth support |
Added support for MAB, critical authentication, and multi-auth on Cisco Nexus 9508 switches with N9K-X9788TC-FX, and N9K-X97160YC-EX line cards. |
10.3(2)F |
|
|
AAA |
Added support for AAA on Cisco Nexus 9808 platform switches. |
10.3(1)F |
|
|
RADIUS |
Added support for RADIUS on Cisco Nexus 9808 platform switches. |
10.3(1)F |
|
|
TACACS+ |
Added support for TACACS+ on Cisco Nexus 9808 platform switches. |
10.3(1)F |
|
|
LDAP |
Added support for LDAP on Cisco Nexus 9808 platform switches. |
10.3(1)F |
|
|
MACsec |
Added support for MACsec on N9K-X9836DM-A line card of Cisco Nexus 9808 platform switches. |
10.3(1)F |
|
|
ACL Consistency Checker |
Added support for ACL Consistency Checker on Cisco Nexus 9808 platform switches. |
10.3(1)F |
|
|
ACL - Sup, CoPP |
Added support for CoPP ACL on Cisco Nexus 9808 platform switches. |
10.3(1)F |
|
|
RACL(Ingress/Egress/v4/v6) with stats – (no UDF support) |
Added support for RACL (Ingress-IPv4/IPv6 and Egress-IPv4/IPv6) with statistics on Cisco Nexus 9808 platform switches. |
10.3(1)F |
|
|
DHCP relay |
Added support for DHCP relay on Cisco Nexus 9808 platform switches. |
10.3(1)F |
|
|
RadSec support |
RadSec support is provided on Cisco Nexus 9000 Series switches to secure the communication between RADIUS/TCP peers at the transport layer. |
10.3(1)F |
|
|
Type-9 scrypt encryption support |
Type 8 and type 9 password hash is supported on Cisco Nexus 9000 Series switches. |
10.3(1)F |
|
|
Check for password restrictions |
Consecutive characters check in passwords is supported on Cisco Nexus 9000 Series switches. |
10.3(1)F |
Verifying the AAA Configuration |
|
ITD NAT support on non-default VRF |
ITD NAT VRF configuration is provided on Cisco Nexus 9300-GX platform switches. |
10.3(1)F |
Feedback