Numerics -
A -
B -
C -
D -
F -
I -
K -
L -
M -
N -
P -
R -
S -
T -
U -
V -
Index
Numerics
802.1X
AAA authentication methods 6-11
configuration process 6-9
configuring6-8to 6-22
configuring AAA accounting methods 6-21
description6-1to 6-7
disabling authentication on the device 6-18
disabling on the device 6-19
displaying statistics 6-22
enabling MAC address authentication bypass 6-17
enabling multiply hosts on an interface 6-17
enabling on interfaces 6-12
enabling RADIUS accounting 6-20
enabling single hosts on an interface 6-17
field descriptions 6-23
guidelines 6-8
licensing requirements 6-7
limitations 6-8
MIBs 6-26
multiple host support 6-6
port security on same port 6-6
prerequisites 6-8
single host support 6-6
supported topologies 6-7
virtualization support 6-7
802.1X authentication
authorization states for ports 6-4
controlling on interfaces 6-12
disabling on the device 6-18
initiation 6-3
802.1X feature
disabling on the device 6-19
enabling 6-11
802.1X reauthentication
enabling global periodic 6-13
enabling periodic on interfaces 6-14
setting retry counts on interfaces 6-22
802.1X retry counts
setting globally 6-19
setting on interfaces 6-20
802.1X timers
changes interface timers 6-15
changing global timers 6-14
A
AAA
802.1X authentication methods 6-11
accounting 2-2
authentication 2-2
authorization 2-2
benefits 2-2
configuring2-7to 2-15
description2-1to 2-5
field descriptions 2-15
guidelines 2-6
licensing requirements 2-6
limitations 2-6
MIBs 2-17
monitoring TACACS+ servers 4-3
prerequisites 2-6
RADIUS server groups 3-12, 3-14
standards 2-16
TACACS+ server groups 4-13, 4-15
user login process 2-4
virtualization support 2-5
AAA accounting
adding rule methods 2-11
changing rule methods 2-10
configuring methods for 802.1X 6-21
deleting rule methods 2-13
rearranging rule methods 2-12
AAA authentication rules
adding methods 2-8
changing methods 2-8
deleting methods 2-10
rearranging methods 2-9
AAA protocols
RADIUS 2-1
TACACS+ 2-1
AAA server groups
description 2-3
AAA servers
FreeRADIUS VSA format 3-4
specifying SNMPv3 parameters 2-13, 2-14
specifying user roles 2-14
specifying user roles in VSAs 2-13
AAA services
configuration options 2-3
remote 2-2
security 2-1
access control lists
description7-1to 7-10
order of application 7-3
types of 7-2
See also ARP ACLs
See also IP ACLs
See also MAC ACLs
See also policy-based ACLs
See also port ACLs
See also router ACLs
See also VLAN ACLs
accounting
description 2-2
VDC support 2-5
ARP ACLs
applying to VLANs 12-9
changing 12-16
creating 12-15
description 12-15
priority of ARP ACLs and DHCP snooping entries 12-4
removing 12-17
ARP inspection
See dynamic ARP inspection
authentication
802.1X 6-3
description 2-2
local 2-2
methods 2-3
remote 2-2
user logins 2-4
authentication, authorization, and accounting. See AAA
authorization
description 2-2
user logins 2-4
B
broadcast storms. See traffic storm control
C
Cisco
vendor ID 2-14, 3-3, 4-4
cisco-av-pair
specifying AAA user parameters 2-13, 2-14
D
DHCP binding database
See DHCP snooping binding database
DHCP option 82
description 11-3
DHCP snooping
binding database
See DHCP snooping binding database
description 11-1
displaying DHCP bindings 11-16
enabling feature 11-8
enabling globally 11-9
enabling on a VLAN 11-9
interface trust state 11-11
MAC address verification 11-10
message exchange process 11-4
minimum configuration 11-7
option 82 11-3
overview 11-1
relay agent 11-12
DHCP snooping binding database
described 11-2
entries 11-2
documentation
additional publications iii-xx
dynamic ARP inspection
additional validation 12-10
applying ARP ACLs 12-9
ARP cache poisoning 12-2
ARP requests 12-2
ARP spoofing attack 12-2
configuring log buffer size 12-11
configuring trust state 12-8
description 12-1
DHCP snooping binding database 12-3
enabling on VLANs 12-8
function of 12-3
interface trust states 12-3
logging of dropped packets 12-5
man-in-the middle attack 12-2
network security issues and interface trust states 12-3
priority of ARP ACLs and DHCP snooping entries 12-4
Dynamic Host Configuration Protocol snooping
See DHCP snooping
F
field descriptions
802.1X 6-23
AAA 2-15
TACACS+ 4-20
FreeRADIUS
VSA format for role attributes 2-14, 3-4
I
IDs
Cisco vendor ID 2-14, 3-3, 4-4
interfaces
controlling 802.1X authentication 6-12
enabling 802.1X 6-12
enabling periodic 802.1X reauthentication 6-14
setting 802.1X reauthentication retry counts 6-22
setting 802.1X retransmission retry counts 6-20
IP ACLs
applying to a physical port 7-15
applying to a port channel 7-15
changing an IP ACL 7-13
configuring7-11to 7-16
creating an IP ACL 7-12
field descriptions for IPv4 ACLs 7-16
guidelines 7-10
licensing 7-10
limitations 7-10
prerequisites 7-10
removing an IP ACL 7-14
virtualization support 7-9
IP Source Guard
description 13-1
enabling 13-4
static IP source entries 13-5
K
key chain
end-time 14-2
lifetime 14-2
start-time 14-2
keychain management
configuring a key 14-5
configuring lifetimes 14-6
configuring text for a key 14-5
creating a keychain 14-4
description 14-1
L
licensing
802.1X 6-7
AAA 2-6
IP ACLs 7-10
RADIUS 3-5
TACACS+ 4-5
traffic storm control 15-3
M
MAC ACLs
applying to a physical port 8-5
changing a MAC ACL 8-3
creating a MAC ACL 8-3
description 8-1
removing a MAC ACL 8-4
virtualization support 7-9
MAC addresses
enabling authentication bypass for 802.1X 6-17
MIBs
802.1X 6-26
AAA 2-17
multicast storms. See traffic storm control
multiple hosts
enabling for 802.1X 6-17
N
network-admin user role
description 5-3
network-operator user role
description 5-3
P
passwords
strong characteristics 5-2
port ACLs
definition 7-2
port-based authentication
encapsulation 6-2
ports
authorization states for 802.1X 6-4
port security
802.1X on same port 6-6
description 10-1
enabling globally 10-8
enabling on an interface 10-9
MAC move 10-4
static MAC address 10-10
violations 10-4
preshared keys
TACACS+ 4-3
R
RADIUS
configuring global keys 3-10
configuring servers 3-6
configuring timeout intervals 3-15
configuring transmission retry counts 3-15
description 3-1
licensing 3-5
network environments 3-2
operation 3-2
prerequisites 3-5
specifying server at login 3-14
virtualization support 3-5
VSAs 3-3
RADIUS accounting
enabling for 802.1X 6-20
RADIUS servers
configuration process 3-6
configuring accounting attributes 3-16
configuring authentication attributes 3-16
configuring dead-time intervals 3-18
configuring hosts 3-8, 3-9, 3-10, 3-12, 3-13, 4-11, 4-14, 5-7, 5-20
configuring keys 3-11, 4-12
configuring periodic monitoring 3-17
configuring server groups 3-12, 3-14
configuring timeout interval 3-15
configuring transmission retry count 3-15
deleting hosts 3-19
displaying statistics 3-19
monitoring 3-3
RBAC
configuring 5-12
description 5-3
field descriptions 5-20
See also user roles
related documents iii-xx
router ACLs
definition 7-2
rules. See user role rules
S
server groups. See AAA server groups
single hosts
enabling for 802.1X 6-17
SNMPv3
specifying AAA parameters 2-13
specifying parameters for AAA servers 2-14
statistics
802.1X 6-22
RADIUS servers 3-19
TACACS+ 4-20
traffic storm control 15-5
superuser role. See network-admin user role
T
TACACS+
advantages over RADIUS 4-2
configuring 4-6
configuring global preshared keys 4-12
configuring global timeout interval 4-16
description 4-1
disabling 4-19
displaying statistics 4-20
enabling 4-9
field descriptions 4-20
global preshared keys 4-3
guidelines 4-6
licensing requirements 4-5
limitations 4-6
prerequisites 4-6
preshared key 4-3
specifying TACACS+ servers at login 4-15
user login operation 4-2
virtualization 4-5
VSAs 4-4
TACACS+ servers
configuration process 4-7
configuring dead-time interval 4-19
configuring hosts 4-9, 4-11, 4-14
configuring periodic monitoring 4-18
configuring server groups 4-13, 4-15
configuring TCP ports 4-17
configuring timeout interval 4-17
displaying statistics 4-20
field descriptions 4-20
monitoring 4-3
privilege levels 4-5
TCP ports
TACACS+ servers 4-17
time range
description 7-27
time ranges
absolute 7-8
changing a time range 7-28
configuring7-27to 7-30
creating a time range 7-27
description 7-8
field descriptions 7-30
periodic 7-8
removing a time range 7-28
traffic storm control
configuring 15-4
description 15-1
displaying statistics 15-5
field descriptions 15-5
guidelines 15-3
licensing 15-3
limitations 15-3
virtualization support 15-3
U
unicast storms. See traffic storm control
user accounts
adding roles 5-10
changing expiry date 5-9
changing passwords 5-8
configuring 5-5
creating 5-5
deleting 5-11
deleting roles 5-10
description 5-1
guidelines 5-4
password characteristics 5-2
virtualization support 5-4
user accounts limitations 5-4
user logins
authentication process 2-4
authorization process 2-4
user role rules
description 5-3
user roles
adding rules 5-13
change rules 5-14
change VLAN policies 5-17
changing interface policies 5-16
changing VRF policies 5-19
creating 5-13
defaults 5-3
deleting rules 5-16
description 5-3
guidelines 5-4
limitations 5-4
rearranging rules 5-15
specifying on AAA servers 2-13, 2-14
virtualization support 5-4
V
vdc-admin user role
description 5-3
vdc-operator user role
description 5-3
vendor-specific attributes. See VSAs
virtualization
802.1X 6-7
AAA 2-5
RADIUS 3-5
TACACS+ 4-5
traffic storm control 15-3
user accounts 5-4
user roles 5-4
VLAN ACLs
applying a VACL 9-6
creating and changing VACLs 9-3, 9-4
definition 7-2
description 9-1
removing a VACL 9-5
VSAs
format 2-14
protocol options 2-14, 3-4, 4-4
support description 2-13