IPv6

Added support for IPv6.

ipv6 traffic-filter

resequence

IP ARP synchronization

This command was updated.

show ip arp sync-entries

Support for virtual Ethernet interfaces

The following commands were updated to extend support for virtual Ethernet interface configurations:

•ip port access-group

•ipv6 port traffic-filter

•mac port access-group

•show ip arp

ip port access-group

ipv6 port traffic-filter

mac port access-group

show ip arp

IP access group

Added the ip access-group command to apply an IPv4 access control list (ACL) to an interface as a router ACL.

5.0(3)N1(1)

ip access-group

IP Source Guard

This feature was introduced.

The following IP Source Guard commands for Layer 2 Ethernet interfaces were introduced:

•ip verify source dhcp-snooping-vlan

•show ip verify source

5.0(3)N1(1)

ip verify source dhcp-snooping-vlan

show ip verify source

Dynamic ARP Inspection (DAI)

This feature was introduced.

Added the following commands to configure dynamic Address Resolution Protocol (ARP) inspection (DAI) on a Cisco NX-OS switch:

•ip arp inspection log-buffer

•ip arp inspection validate

•ip arp inspection vlan

5.0(3)N1(1)

clear ip arp inspection log

clear ip arp inspection statistics vlan

ip arp inspection log-buffer

ip arp inspection validate

ip arp inspection vlan

show ip arp inspection

show ip arp inspection interfaces

show ip arp inspection log

show ip arp inspection statistics

Unicast RPF

Added the ip verify unicast source reachable-via command to configure Unicast Reverse Path Forwarding (Unicast RPF) on an interface.

5.0(3)N1(1)

ip verify unicast source reachable-via

Release 5.0(2)N2(1)

DHCP Snooping

You can configure DHCP snooping on switches and VLANs.

5.0(2)N2(1)

clear ip dhcp snooping binding

clear ip dhcp snooping statistics

feature dhcp

ip dhcp packet strict-validation

ip dhcp snooping

ip dhcp snooping information option

ip dhcp snooping trust

ip dhcp snooping verify mac-address

ip dhcp snooping vlan

ip source binding

show ip dhcp snooping

show ip dhcp snooping binding

show ip dhcp snooping statistics

show running-config dhcp

show startup-config dhcp

Release 5.0(2)N1(1)

Support for HTTP server

You can enable HTTP or Hypertext Transfer Protocol Secure (HTTPS) on a switch.

5.0(2)N1(1)

feature http-server

Privilege level

You can enable the cumulative privilege of roles for command authorization on RADIUS and TACACS+ servers.

You can also enable a user to move to a higher privilege level, or set a password for a specific privilege level.

5.0(2)N1(1)

enable

enable secret

feature privilege

role name

rule

show privilege

ACLs on VTY

You can configure an access class to restrict incoming or outgoing traffic on a virtual terminal line (VTY).

5.0(2)N1(1)

access-class

ip access-class

ip access-list

show running-config aclmgr

show startup-config aclmgr

Checkpoint and rollback

You can take a snapshot of the current running configuration or roll back to a specified checkpoint to restore the active configuration of the system.

5.0(2)N1(1)

checkpoint

clear checkpoint database

rollback running-config

show checkpoint

show checkpoint summary

show checkpoint system

show checkpoint user

show diff rollback-patch checkpoint

show diff rollback-patch file

show diff rollback-patch running-config

show diff rollback-patch startup-config

show rollback log

SSH

You can set the number of login attempts that a user can try before being disconnected.

5.0(2)N1(1)

ssh login-attempts