Index

Contents

* - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - - - - - - - - - - - - - - - - - - - - -

Index

*

***
radius-server test {password} 1

8

802.1X
MAC 認証バイパス 1
オーセンティケータ PAE 1
ガイドライン 1
機能のイネーブル化 1
サポートされるトポロジ 1
シングル ホストのサポート 1
制限事項 1
設定 1
設定の確認 1
設定例 1
説明 1
前提条件 1
デフォルト設定 1
マルチ ホストのサポート 1
802.1X サプリカント
手動による再認証 1
802.1X 再認証
インターフェイスでの最大再試行回数の設定 1
802.1X 認証
RADIUS アカウンティングのイネーブル化 1
開始 1
ポートの許可ステート 1

A

aa アカウンティングの表示 1
aaa accounting default 1
aaa accounting default group 1
aaa accounting default local 1
aaa accounting dot1x default group 1
aaa authentication dot1x default group 1
aaa authentication login ascii-authentication 1
aaa authentication login chap enable 1
aaa authentication login console 1 2 3
aaa authentication login console group 1 2
aaa authentication login console local 1 2
aaa authentication login console none 1 2
aaa authentication login default 1
aaa authentication login error-enable 1
aaa authentication login {mschap | mschapv2} enable 1
aaa authorization default 1
aaa authorization ssh-certificate default 1
aaa authorization {commands | config-commands} {console | default} {group} 1
aaa authorization {group | local} 1
aaa authorization {ssh-certificate | ssh-publickey} 1
aaa group server ldap 1
aaa group server radius 1
aaa group server tacacs+ 1
aaa user default-role 1
accept-lifetime 1
acllog match-log-level 1
action {drop | forward | redirect} 1
authentication (bind-first | compare} 1

B

BGP
ユニキャスト RPF との使用 1

C

CA
identity 1
アイデンティティ証明書のインストール 1
アイデンティティ証明書要求の作成 1
カット アンド ペーストによる登録 1
証明書の削除 1
証明書のダウンロードの例 1
設定 1
設定の表示 1
設定例 1
説明 1
認証 1
ピア証明書 1
multiple 1
複数のトラスト ポイント 1
目的 1
CA トラスト ポイント
PKI のアソシエーションの作成 1
chgrp 1
chown 1
cipher-suite 1
class 1
class class-default 1
class insert-before 1
class-map 1
class-map type control-plane {match-all | match-any} 1 2 3
clear access-list ipsg stats 1
clear copp statistics 1
clear hardware rate-limiter module 1
clear hardware rate-limiter {all | access-list-log | bfd | exception | fex | layer-3 glean | layer-3 multicast local-groups | span-egress} 1
clear ip access-list counters 1
clear ip arp inspection log 1
clear ip arp inspection statistics 1
clear ip dhcp global statistics 1
clear ip dhcp relay statistics interface 1
clear ip dhcp snooping binding interface ethernet 1
clear ip dhcp snooping binding interface port-channel 1
clear ip dhcp snooping binding vlan 1
clear ip dhcp snooping statistics 1
clear ip dhcp snooping statistics vlan 1
clear ipv6 access-list counters 1
clear ipv6 dhcp relay statistics interface 1
clear ldap-server statistics 1
clear line 1 2
clear mac access-list counters 1
clear port-security dynamic 1
clear port-security dynamic address 1
clear radius-server statistics 1
clear ssh hosts 1
clear tacacs-server statistics 1
conf-offset 1
control-plane 1 2 3
copp copy profile prefix |サフィックス} 1
copp copy profile {strict | Moderate | lenient |高密度 1
copp profile 1
copp profile dense 1
copp profile lenient 1
copp profile Moderate 1
copp profile strict 1
copy scp: 1 2
copy sftp: 1
CRL
インポートの例 1
生成 1
設定 1
説明 1
ダウンロード 1
パブリッシュ 1
crypto ca aunticate 1
crypto ca crl request 1
crypto ca trustpoint 1

D

deadtime 1
deny 1 2 3
DHCP リレー オンスタック
説明 1
DoS 攻撃
ユニキャスト RPF、配置 1
dot1x default 1
dot1x host-mode {multi-host | single-host} 1
dot1x max-req 1
dot1x port-control {auto | force-authorized | forced-unauthorized} 1
dot1x re-authentication 1
dot1x timeout quiet-period 1
dot1x timeout ratelimit-period 1
dot1x timeout re-authperiod 1
dot1x timeout server-timeout 1
dot1x timeout supp-timeout 1
dot1x timeout tx-period 1

E

enable Cert-DN-match 1
enable secret 1
enable user-server-group 1
encryption decrypt type6 1
encryption delete type6 1
encryption re-encrypt obfuscated 1 2 3
encryption-algorithm {HMAC-SHA-1 | HMAC-SHA-256 | HMAC-SHA-384 | HMAC-SHA-512 | MD5} 1

F

feature 1
feature dhcp 1
feature dot1x 1
feature ldap 1
feature macsec 1 2
feature password encryption aes tam 1 2
feature port-security 1
feature privilege 1
feature scp-server 1
feature sftp-server 1
feature ssh 1 2
feature tacacs+ 1
feature telnet 1
FIPS
設定例 1
セルフテスト 1
無効化 1
イネーブル化 1
fragments {permit-all | deny-all} 1 2

G

generate type7_encrypted_secret 1 2 3 4 5

H

hardware access-list tcam region 1 2
hardware access-list tcam region ing-ifacl qualify udf 1 2
hardware profile tcam resource service-template 1
hardware profile tcam resource template 1
hardware rate-limiter access-list-log 1 2
hardware rate-limiter bfd 1
hardware rate-limiter exception 1
hardware rate-limiter fex 1
hardware rate-limiter layer-3 glean 1
hardware rate-limiter layer-3 multicast local-groups 1
hardware rate-limiter span-egress 1

I

ID 証明書
PKI の削除 1
インストール 1
要求の作成 1
interface policy dent 1
ip access-class 1
ip access-group 1 2
ip access-list 1 2 3 4 5
ip arp inspection log-buffer entries 1
ip arp inspection trust 1
ip arp inspection validate 1
ip arp inspection validate dst-mac 1
ip arp inspection validate ip 1
ip arp inspection validate src-mac 1
ip arp inspection vlan 1 2
ip dhcp packet strict-validation 1 2
ip dhcp relay 1 2
ip dhcp relay address 1
ip dhcp relay address use-vrf 1
ip dhcp relay information option 1
ip dhcp relay information option server-id-override-disable 1
ip dhcp relay information option trust 1
ip dhcp relay information option vpn 1
ip dhcp relay information trust-all 1
ip dhcp relay information trusted 1
ip dhcp relay sub-option circuit-id customized 1
ip dhcp relay sub-option circuit-id format-type string 1
ip dhcp relay sub-option type cisco 1
ip dhcp smart-relay 1
ip dhcp smart-relay global 1
ip dhcp snooping information option 1
ip dhcp snooping ipsg-excluded vlan 1
ip dhcp snooping trust 1
ip dhcp snooping verify mac-address 1
ip dhcp snooping vlan 1
ip port accessgroup 1
ip radius source-interface 1
ip source binding 1
ip tacacs source-interface 1
ip verify source dhcp-snooping-vlan 1
ip verify unicast source reachable-via 1
ip verify unicast source reachable-via any 1
IP ドメイン名
PKI での設定 1
ipdhcprelaysource-interface 1
ipv6 access-class 1
ipv6 access-list 1 2 3
ipv6 address use-link-local-only 1
ipv6 dhcp relay 1
ipv6 dhcp relay address 1
ipv6 dhcp relay option type cisco 1
ipv6 dhcp relay option vpn 1
ipv6 dhcp relay source-interface 1
ipv6 dhcp smart-relay 1
ipv6 dhcp smart-relay global 1
ipv6 port traffic-filter 1
ipv6 traffic-filter 1
ipv6 verify unicast source reachable-via 1
ipv6 verify unicast source reachable-via any 1

K

key-chain macsec-psk no-show 1
key-octet-string 1
key-server-priority 1
key-string 1

L

ldap search-map 1
ldap-server deadtime 1 2
ldap-server host 1 2 3 4
ldap-server host idle-time 1
ldap-server host password 1 2
ldap-server host port 1 2
ldap-server host rootDN 1
ldap-server host test rootDN 1
ldap-server host timeout 1 2
ldap-server host username 1
ldap-server timeout 1
line vty 1
logging drop threshold 1
logging ip access-list cache entries 1
logging ip access-list cache interval 1
logging ip access-list cache threshold 1
logging ip access-list detailed 1
login block-for 1
login block-for attempts 1
login on-failure log 1
login on-success log 1
login quiet-mode access-class 1

M

mac access-list 1 2 3
mac packet-classify 1
mac port access-group 1 2
MAC アドレス
ラーニング 1
MAC 認証
802.1X のバイパス 1
macsec policy 1
match access-group name 1 2 3
match exception {ip | ipv6} icmp redirect 1
match exception {ip | ipv6} icmp unreachable 1
match exception {ip | ipv6} option 1
match mac address 1
match protocol arp 1
match {ip | ipv6} address 1

N

no aaa authentication login ascii-authentication 1 2
no aaa authentication login {console | default | fallback error local 1 2
no dot1x system-auth-control 1
no feature dot1x 1
no feature ssh 1 2 3 4
no feature tacacs+ 1
no host 1 2
no ip access-list 1
no ipv6 access-list 1
no key chain 1
no mac access-list 1
no object-group {ip address | ipv6 address | ip port} 1
no ssh key dsa 1
no ssh key rsa 1
no time-range 1
no vlan access-map 1
no {periodic | absolute} 1

O

object-group ip address 1
object-group ip port 1
object-group ipv6 address 1

P

password prompt username 1
password strength-check 1
permit 1 2 3
permit http-method 1
permit interface 1
permit ip 1
permit mac 1
permit udf 1
permit vlan 1
permit vrf 1
permit | deny 1
PKI
IP ドメイン名の設定 1
RSA キー ペアの生成 1
ガイドライン 1
証明書失効確認 1
制限事項 1
設定の表示 1
設定例 1
説明 1
デフォルト設定 1
登録のサポート 1
ホスト名の設定 1
police 1 2
police cir 1 2
policy-map 1
policy-map type control-plane 1

R

RADIUS アカウンティング
802.1X 認証のイネーブル化 1
radius-server deadtime 1 2 3
radius-server directed-request 1
radius-server host 1 2 3 4 5 6 7
radius-server host accounting 1
radius-server host acct-port 1
radius-server host auth-port 1
radius-server host authentication 1
radius-server host idle-time 1
radius-server host password 1
radius-server host retransmit 1
radius-server host test 1
radius-server host timeout 1
radius-server host username 1
radius-server key 1 2
radius-server retransmit 1
radius-server test {idle-time} 1
radius-server test {username} 1
radius-server timeout 1
reload 1 2 3 4 5 6
resequence mac access-list 1
resequence time-range 1
resequence {ip | ipv6} access-list 1
role commit 1 2 3 4 5
role feature-group name 1
role name 1 2 3 4
role name priv 1
RSA キー ペア
Cisco NX-OS デバイスからの削除 1
PKI に生成 1
インポート 1 2
エクスポート 1 2
設定の表示 1
説明 1
multiple 1
rule {deny | permit ) command 1
rule {deny | permit} command 1
rule {deny | permit} {read | read-write} 1
rule {deny | permit} {read | read-write} feature 1
rule {deny | permit} {read | read-write} feature-group 1
rule {deny | permit} {read | read-write} oid 1

S

sak-expiry-time 1
security-policy 1
send-lifetime 1 2
service-policy 1
service-policy input 1
set cos 1
show aaa accounting 1 2
show aaa authentication 1 2 3 4 5
show aaa authentication login chap 1
show aaa authentication login {ascii-authentication | chap | error-enable | mschap | mschapv2} 1
show aaa authentication login {mschap | mschapv2} 1
show aaa authorization 1 2 3
show aaa authorization all 1
show aaa groups 1
show aaa user default-role 1
show class-map type control-plane 1 2
show cli syntax roles network-admin 1
show cli syntax roles network-operator 1
show copp profile 1
show copp status 1 2 3
show crypto ca certificates 1 2
show crypto ca crl 1 2
show dot1x 1 2
show dot1x all 1 2 3 4 5 6
show dot1x interface ethernet 1
show dot1x {all | interface ethernet} 1
show encryption service stat 1 2
show hardware access-list interface input entries detail 1
show hardware access-list tcam region 1 2
show hardware access-list tcam template 1 2
show hardware rate-limiter 1 2 3
show hardware rate-limiter access-list-log 1 2 3
show hardware rate-limiter bfd 1 2 3
show hardware rate-limiter exception 1 2 3
show hardware rate-limiter fex 1 2 3
show hardware rate-limiter layer-3 glean 1 2 3
show hardware rate-limiter layer-3 multicast local-groups 1 2 3
show hardware rate-limiter module 1 2 3
show hardware rate-limiter span-egress 1 2
show incompatibility nxos bootflash: 1
show interface counters storm-control 1 2
show interface ethernet counters storm-control 1
show interface port-channel counters storm-control 1
show interface port-channel counters storm-control multi-threshold 1
show interface port-channel counters storm-control multi-threshold broadcast 1
show interface port-channel counters storm-control multi-threshold multicast 1
show interface port-channel counters storm-control multi-threshold unicast 1
show interface switchport 1 2
show ip access-lists 1 2 3 4 5 6 7
show ip access-lists summary 1
show ip arp inspection 1
show ip arp inspection interface 1
show ip arp inspection interfaces 1
show ip arp inspection log 1
show ip arp inspection statistics 1
show ip arp inspection vlan 1 2
show ip dhcp relay 1 2 3 4 5 6 7
show ip dhcp relay address 1
show ip dhcp relay information trusted-sources 1 2 3
show ip dhcp relay statistics 1
show ip dhcp snooping binding 1 2
show ip interface 1
show ip ver source 1 2
show ip ver source ethernet 1 2
show ip ver source port-channel 1 2
show ipv6 access-lists 1 2 3 4 5
show ipv6 access-lists summary 1
show ipv6 dhcp relay 1 2 3 4 5 6
show ipv6 dhcp relay interface 1
show ipv6 dhcp relay statistics 1
show key chain 1 2 3 4 5 6 7
show key chain mode decrypt 1 2
show ldap-search-map 1 2
show ldap-server 1 2 3 4 5 6 7 8
show ldap-server groups 1 2
show ldap-server statistics 1 2 3
show logging ip access-list cache 1 2
show logging ip access-list status 1
show login 1 2
show login failures 1
show login on-failure log 1
show login on-successful log 1
show mac access-lists 1 2 3 4 5 6
show macsec mka session 1
show macsec mka statistics 1
show macsec mka summary 1
show macsec policy 1 2
show macsec secy statistics 1
show object-group 1 2 3 4 5
show password strength-check 1
show policy-map interface control-plane 1 2 3 4
show policy-map type control-plane 1 2
show policy-map type control-plane expand 1
show policy-map type control-plane name 1
show port-security 1 2
show port-security address 1 2
show port-security address interface 1
show port-security interface 1
show privilege 1
show radius {status | pending | pending-diff} 1
show radius-server 1 2 3 4 5 6 7 8 9 10 11 12
show radius-server directed-request 1
show radius-server groups 1 2
show radius-server statistics 1 2
show role 1 2 3 4 5 6
show role feature 1
show role feature-group 1 2
show role {pending | pending-diff} 1 2 3 4 5
show run interface 1
show running-config aaa 1
show running-config acllog 1
show running-config aclmgr 1 2 3 4 5 6 7 8 9 10 11
show running-config aclmgr all 1 2
show running-config all | i max-login 1 2
show running-config copp 1 2 3 4
show running-config copp all 1
show running-config dhcp 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
show running-config interface 1 2 3
show running-config interface ethernet 1 2 3 4
show running-config interface mgmt0 1
show running-config interface port-channel 1 2
show running-config interface vlan 1
show running-config interface {ethernet | port-channel} 1 2
show running-config ip 1
show running-config ipv6 1
show running-config ldap 1
show running-config macsec 1
show running-config port-security 1 2 3 4 5 6 7
show running-config radius 1
show running-config security 1 2 3
show running-config security all 1 2 3
show running-config tacacs 1
show running-config tacacs all 1
show ssh key 1 2 3
show ssh key dsa 1
show ssh key md5 1
show ssh key rsa 1
show ssh server 1 2
show startup-config aaa 1
show startup-config acllog 1
show startup-config aclmgr 1 2 3 4
show startup-config aclmgr all 1 2 3
show startup-config dhcp 1
show startup-config dhcp all 1
show startup-config interface ethernet 1
show startup-config ip 1
show startup-config ldap 1
show startup-config radius 1
show startup-config security 1
show startup-config tacacs 1
show system login 1
show system login failures 1
show tacacs+ {pending | pending-diff} 1 2 3 4 5 6 7
show tacacs+ {status | pending | pending-diff} 1
show tacacs-server 1 2 3 4 5 6 7 8 9 10 11
show tacacs-server directed-request 1 2
show tacacs-server groups 1 2
show tacacs-server sorted 1
show tacacs-server statistics 1 2 3
show telnet server 1 2
show time-range 1 2 3
show user-account 1 2 3 4 5 6 7
show username 1
show username keypair 1
show userpassphrase {length | max-length | min-length} 1 2
show users 1 2 3 4
show vlan access-map 1
show vlan filter 1
show {ip | ipv6 | access-lists} 1
ssh 1
ssh key 1
ssh key force 1
ssh key rsa 1
ssh login-attempts 1
ssh vrf 1
ssh6 1
ssh6 vrf 1
statistics per-entry 1 2 3 4 5
storm-control action trap 1 2
storm-control multi unicast 1
storm-control {broadcast | multicast | unicast} 1
storm-control-cpu arp rate 1
switchport 1 2
switchport block ethernet switchport 1 2
switchport block port-channel switchport 1 2
switchport block {multicast | unicast} 1
switchport port-security 1
switchport port-security aging time 1
switchport port-security aging type 1
switchport port-security mac-address 1 2
switchport port-security mac-address sticky 1 2
switchport port-security maximum 1
switchport port-security violation 1
system login block-for 1
system login block-for attempts 1
system login block-for within 1
system login quiet-mode access-class 1

T

tacacs+ commit 1 2 3 4 5 6 7
tacacs-server dead-time 1 2
tacacs-server deadtime 1
tacacs-server directed-request 1
tacacs-server host 1 2 3 4 5 6 7
tacacs-server host port 1
tacacs-server host timeout 1
tacacs-server key 1 2
tacacs-server test 1
tacacs-server test idle-time 1
tacacs-server test username 1
telnet 1
telnet vrf 1
telnet6 1
telnet6 vrf 1
terminal no verify-only 1
terminal no verify-only username 1
terminal verify-only 1
terminal verify-only username 1
test aaa authorization command-type {commands | config-commands} user command 1
test aaa group 1 2
test aaa server radius 1
test aaa server radius vrf 1
test aaa server tacacs + 1
time-range 1

U

udf 1 2
use-vrf 1 2
username 1 2
username keypair export 1
username keypair export {rsa | dsa} 1
username keypair generate 1
username keypair import 1
username keypair import(rsa | dsa} 1
username password 1 2
username sshkey 1
username sshkey file bootflash 1
userpassphrase max-length 1
userpassphrase min-length 1

V

vlan access-map 1
vlan filter 1
vlan policy deny 1
vPC ファーストホップ セキュリティ設定
説明 1
VPC レッグでの DHCP リレー
説明 1
vrf policy deny 1

W

window-size 1

あかうんてぃんぐろぐのしょうきょ 1

アカウンティング ログの表示 1

オーセンティケータ PAE
インターフェイスからの削除 1
インターフェイスの作成 1
説明 1

ガイドライン
ポート セキュリティ 1

キー 1 2 3 4 5
キーチェーン 1 2 3 4 5

サーバ(Server) 1 2 3
サービス拒絶攻撃
IP アドレス スプーフィング、軽減 1

スケール ファクタ 1

セキュア MAC アドレス
ラーニング 1
セキュリティ
ポート
MAC address learning 1

ダイナミック モード 1 2

デジタル証明書
インポート 1
エクスポート 1
設定 1
説明 1 2
peers 1
目的 1
デバイスの役割
802.1X の説明 1
デフォルト設定
802.1X 1
PKI 1
ポート セキュリティ 1

トラスト ポイント
説明 1
multiple 1
リブート後の設定の保存 1

ホスト 1 2
ホスト名
PKI での設定 1

ポート
802.1X の許可ステート 1
ポート セキュリティ
MAC address learning 1
MAC 移動 1
判別 1
ガイドライン 1
制限事項 1
説明 1
デフォルト設定 1

ユニキャスト RPF
BGP 属性 1
BOOTP 1
DHCP 1
FIB 1
ガイドライン 1
実装 1
制限事項 1
設定の確認 1
設定例 1
説明 1
デフォルト設定 1
展開 1
トンネリング 1
ユーザ 最大ログイン数 1
ユーザ単位の DACL
ガイドライン 1
制限事項 1

制限事項
ポート セキュリティ 1

孤立ポートの DHCP クライアント リレー
説明 1

定期 1

絶対終了 1
絶対開始 1

証明書
取り消しの例 1
証明書失効リスト 1
参照: CRL 1
証明書失効確認
方法の設定 1
証明機関。 1
参照: CA 1

認証
802.1X 1

説明 1