Configuring Layer 3 Security

This chapter contains the following sections:

Information About Layer 3 Security

Layer 3 Security (L3Sec) is a framework that secures the internal control plane communications (control and packet traffic) of the Cisco Nexus 1000V in a more robust way than in previous releases. It operates only in Layer 3 Control mode.

When you install a Cisco Nexus 1000V switch with release 5.2(1)SV3(1.1) or higher or when you change the service (svs) mode from Layer 2 to Layer 3 on a switch that is running release 5.2(1)SV3(1.1), the Layer 3 Security (L3sec) feature is enabled by default. However, when you upgrade to release 5.2(1)SV3(1.1), the L3sec setting prior to the upgrade (disabled) is carried over, so the setting is disabled by default. You can enable the L3sec setting manually using the CLI.

Enabling and Disabling the Layer 3 Security Feature

You can enable or disable the Layer 3 security (L3sec) feature.

Before you begin

You are logged in to the CLI in EXEC mode.

Your VSM is configured in Layer 3 control mode.

Procedure

  Command or Action Purpose
Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

svs-domain

Places you into SVS domain configuration mode.

Step 3

[no ] enable l3sec

Enables the L3sec feature.

Using the no option disables the feature.

Step 4

show running-config

Displays the l3sec configuration under svs-domain configuration.

Step 5

(Optional) copy running-config startup-config

(Optional)

Copies the running configuration to the startup configuration.

Example

This example shows how to enable the L3sec feature: 


switch# configure terminal
switch(config)# svs-domain
switch(config-svs-domain)# enable l3sec
switch(config-svs-domain)# copy running-config startup-config

Feature History for Layer 3 Security

This table includes only the updates for those releases that have resulted in additions or changes to the feature.

Feature Name

Releases

Feature Information

L3sec

5.2(1)SV3(1.1)

This feature was introduced.