New and Changed Information for Security Configuration
This section lists new and changed content in this document by software release.
To find additional information about new features or command changes, see the Cisco Nexus 1000V Release Notes and Cisco Nexus 1000V Command Reference.
Feature | Description | Changed in Release | Where Documented |
---|---|---|---|
802.1X Support |
Support for 802.1X feature that defines a client-server-based access control and authentication protocol to restrict unauthorized clients from connecting to a LAN through publicly accessible ports. |
5.2(1)SV3(4.1) |
|
Cisco TrustSec Subnet-SGT Mapping |
Support for binding SGT to all the host addresses of a specified subnet. |
5.2(1)SV3(2.1) |
|
CTS SXPv3 Protocol Support |
Support for Cisco TrustSec SXPv3 protocol. |
5.2(1)SV3(2.1) |
|
Multi-IP per MAC support for IPSG |
Multiple IP address attached to a MAC address for packet management. |
5.2(1)SV3(2.1) |
|
Cisco TrustSec SXP Peer Connection Modes |
Cisco Nexus 1000V supports both speaker and listener modes for remote peer connections. |
5.2(1)SV3(1.3) |
|
Port Security |
MAC Move Detection and Violation is no longer supported. |
5.2(1)SV3(1.1) |
|
Layer 3 Security |
Layer 3 Security (L3Sec) is a framework that secures the internal control plane communications (control and packet traffic) of the Cisco Nexus 1000V in a more robust way than in previous releases. |
5.2(1)SV3(1.1) |
|
Cisco TrustSec 2.0 |
This feature supports tagging of packets with the Cisco TrustSec command header and SGACL enforcement. |
5.2(1)SV3(1.1) |
|
Traffic Storm Control |
You can implement this feature to control broadcast, multicast, and unknown unicast traffic on ports and to control flooding. |
5.2(1)SV3(1.1) |
|
SSH |
SSH can support IPv6 addresses |
5.2(1)SV3(1.1) |
|
Telnet |
Telnet can support IPv6 addresses. |
5.2(1)SV3(1.1) |
|
IPACLs |
You can configure IPv6 ACLs |
5.2(1)SV3(1.1) |
|
Cisco TrustSec |
This feature was introduced. |
4.2(1)SV2(1.1) |
|
Licensing Changes and advanced features |
The following features are available as advanced features that require licenses: Cisco TrustSec, DHCP snooping, IP Source Guard, and Dynamic ARP Inspection. |
4.2(1)SV2(1.1) |
Configuring DHCP Snooping,Configuring Dynamic ARP Inspection,Configuring IP Source Guard |
DHCP Enhancements |
You can enable source IP-based filtering on the Cisco Nexus 1000V switch. |
4.2(1)SV2(1.1) |
|
ACL Logging |
You can log statistics for flows that match the ACL permit or deny conditions to monitor the flows. |
4.2(1)SV1 (5.1) |
|
UUFB |
You can block unknown unicast packets from flooding the forwarding path. |
4.2(1)SV1(4a) |
|
DHCP Snooping Relay Agent (Option 82) |
You can configure DHCP to relay VSM MAC and port information in DHCP packets. |
4.2(1)SV1(4) |
|
DHCP Snooping binding table |
You can clear DHCP snooping binding table entries for an interface. |
4.2(1)SV1(4) |
|
Enable DHCP |
You can enable or disable DHCP globally by using the feature DHCP command. |
4.2(1)SV1(4) |
|
Enable SSH server |
You can enable or disable the SSH server by using the feature DHCP command. |
4.2(1)SV1(4) |
|
Enable Telnet server |
You can enable or disable the Telnet server by using the feature DHCP command. |
4.2(1)SV1(4) |
|
Disable HTTP Server |
You can disable the HTTP server for security purposes. |
4.0(4)SV1(4) |
|
VSD |
Virtual service domains (VSDs) allow you to classify and separate traffic for network services. |
4.0(4)SV1(2) |
Chapter 3, "Configuring VSD" |
DHCP Snooping |
The Dynamic Host Configuration Protocol (DHCP) snooping acts like a firewall between untrusted hosts and trusted DHCP servers. |
4.0(4)SV1(2) |
|
Dynamic ARP Inspection (DAI) |
Dynamic ARP-inspection (DAI) provides IP communication within a Layer 2 broadcast domain by mapping an IP address to a MAC address. |
4.0(4)SV1(2) |
|
IP Source Guard |
IP Source Guard is a per-interface traffic permit filter for IP and MAC addresses. |
4.0(4)SV1(2) |
|
Secure Login Enhancement |
Support to configure login parameters. |
5.2(1)SV3(4.1a) |