- Preface
- Using the Command-Line Interface
- Managing Switch Stacks
- Security Features Overview
- Preventing Unauthorized Access
- Controlling Switch Access with Passwords and Privilege Levels
- Configuring TACACS+
- Configuring RADIUS
- Configuring Kerberos
- Configuring Local Authentication and Authorization
- Configuring Secure Shell (SSH)
- Configuring Secure Socket Layer HTTP
- Configuring IPv4 ACLs
- Configuring IPv6 ACLs
- Configuring DHCP
- Configuring IP Source Guard
- Configuring Dynamic ARP Inspection
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring Web-Based Authentication
- Configuring Port-Based Traffic Control
- Configuring IPv6 First Hop Security
- Configuring FIPS
- Index
Contents
8 - < - A - B - C - D - E - F - H - I - K - L - M - N - O - P - R - S - T - U - V - W - Z -Index
8
802.1x 1<
<$nopage>HTTP over SSL
see HTTPS 1
<$nopage>Secure Copy Protocol 1A
access control entries
See ACEs 1
access groups
Layer 3 1
access groups, applying IPv4 ACLs to interfaces 1
access lists
See ACLs 1
accounting 1 2
with RADIUS 1
with TACACS+ 1 2
accounting, defined 1
ACEs
Ethernet 1
IP 1
ACLs
applying
on bridged packets 1
on multicast packets 1
on routed packets 1
on switched packets 1
time ranges to 1
to an interface 1
comments in 1
compiling 1
defined 1
examples of 1
extended IPv4
creating 1
matching criteria 1
interface 1
IP
implicit deny 1
implicit masks 1
matching criteria 1
undefined 1
IPv4
applying to interfaces 1
creating 1
interfaces 1
matching criteria 1
numbers 1
terminal lines, setting on 1
unsupported features 1
Layer 4 information in 1
logging messages 1
matching 1
monitoring 1
port 1
precedence of 1
router 1
router ACLs and VLAN map configuration guidelines 1
standard IPv4
creating 1
matching criteria 1
support in hardware 1
time ranges to 1
types supported 1
unsupported features
IPv4 1
using router ACLs with VLAN maps 1
VLAN maps
configuration guidelines 1
configuring 1
adding 1 2
and SSH 1
assigning information
member number 1
priority value 1
provisioning a new member 1
attributes
vendor-proprietary 1
vendor-specific 1
attributes, RADIUS
vendor-proprietary 1 2
vendor-specific 1
authenticating to
boundary switch 1
KDC 1
network services 1
authentication 1
local mode with AAA 1
RADIUS
key 1
login 1
TACACS+
defined 1
key 1
login 1
authentication key 1
authentication, defined 1
authorization 1 2
with RADIUS 1
with TACACS+ 1 2
authorization, defined 1
auto-advise 1
auto-copy 1
auto-extract 1
auto-upgrade 1
automatic 1
automatic advise (auto-advise) in switch stacks 1
automatic copy (auto-copy) in switch stacks 1
automatic extraction (auto-extract) in switch stacks 1
automatic upgrades (auto-upgrade) in switch stacks 1
automatic upgrades with auto-upgrade 1B
Berkeley r-tools replacement 1
binding configuration
automatic 1
manual 1
binding database
address, DHCP server
See DHCP, Cisco IOS server database 1
binding table 1
bindings
address, Cisco IOS DHCP server 1
IP source guard 1
boundary switch 1
bridged packets, ACLs on 1C
CA trustpoint
configuring 1
defined 1
changing the default for lines 1
CipherSuites 1
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server 1
CoA Request Commands 1
commands, setting privilege levels 1
communication, global 1 2
communication, per-server 1
configuration examples 1
Configuration Examples for Setting Passwords and Privilege Levels command 1
configuration files
password recovery disable considerations 1
configuration guidelines 1 2
configuring 1 2 3 4 5
accounting 1 2
authentication 1
authentication key 1
authorization 1 2
communication, global 1 2
communication, per-server 1
login authentication 1
member number 1
multiple UDP ports 1
priority value 1
configuring a secure HTTP client 1
configuring a secure HTTP server 1
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication: Example command 1
Configuring the Switch to Use Vendor-Specific RADIUS Attributes: Examples command 1
credentials 1
customizeable web pages, web-based authentication 1D
default configuration 1 2 3
password and privilege level 1
RADIUS 1
SSL 1
TACACS+ 1
default web-based authentication configuration
802.1X 1
defined 1 2
defining AAA server groups 1
described 1 2 3 4
desktop template 1
DHCP
enabling
relay agent 1
server 1
DHCP option 82
displaying 1
forwarding address, specifying 1
helper address 1
overview 1
DHCP server port-based address allocation
default configuration 1
enabling 1
DHCP snooping 1
accepting untrusted packets form edge switch 1
option 82 data insertion 1
trusted interface 1
untrusted messages 1
DHCP snooping binding database
adding bindings 1
binding file
format 1
location 1
configuration guidelines 1
configuring 1
described 1
enabling 1
disabling recovery of 1
displaying 1 2E
enable 1
enable password 1
enable secret 1
enable secret password 1
enabling 1 2
encrypting 1
encryption for passwords 1
encryption methods 1
encryption, CipherSuite 1
EtherChannels 1
Examples for controlling switch access with RADIUS 1
exiting 1F
filtering
non-IP traffic 1
filters, IP
See ACLs, IP [filters
IP 1H
HTTP secure server 1
HTTPS
configuring 1
described 1
self-signed certificate 1I
ICMP
unreachable messages 1
unreachables and ACLs 1
Identifying the RADIUS Server Host: Examples command 1
identifying the server 1 2
IP ACLs
named 1
IP source guard 1 2
802.1x 1
binding configuration
automatic 1
manual 1
binding table 1
configuration guidelines 1
described 1
DHCP snooping 1
enabling 1 2
EtherChannels 1
port security 1
routed ports 1
static bindings
adding 1 2
static hosts 1
TCAM entries 1
trunk interfaces 1
VRF 1
IPv4 ACLs
applying to interfaces 1
extended, creating 1
interfaces 1
named 1
standard, creating 1K
KDC 1 2
described 1
See also Kerberos<$nopage>[KDC
zzz] 1
Kerberos
authenticating to
boundary switch 1
KDC 1
network services 1
configuration examples 1
configuring 1
credentials 1
described 1
KDC 1
operation 1
realm 1
server 1
switch as trusted third party 1
terms 1
TGT 1
tickets 1
key 1 2
key distribution center
See KDC<$nopage> 1L
limiting the services to the user 1 2
local mode with AAA 1
logging into 1
logging messages, ACL 1
login 1 2
login authentication 1
with RADIUS 1
with TACACS+ 1M
MAC address of 1
MAC extended access lists
applying to Layer 2 interfaces 1 2
managing switch stacks 1
manual 1
manual upgrades with auto-advise 1
member number 1
merged 1
monitoring 1
access groups 1
IPv4 ACL configuration 1
VLAN
filters 1
maps 1
multicast packets
ACLs on 1
multiple UDP ports 1N
Network Assistant
managing switch stacks 1
network services 1
non-IP traffic filtering 1O
offline configuration
provisioned configuration, defined 1
provisioned switch, defined 1
provisioning a new member 1
operation 1
operation of 1 2
overview 1 2 3 4P
partitioned 1
password and privilege level 1
password recovery disable considerations 1
passwords
default configuration 1
disabling recovery of 1
encrypting 1
overview 1
setting
enable 1
enable secret 1
Telnet 1
with usernames 1
persistent self-signed certificate 1
port ACLs
defined 1
types of 1
port security 1
port-based authentication
configuration guidelines 1
configuring
RADIUS server 1
RADIUS server parameters on the switch 1
default configuration 1
device roles 1
displaying statistics 1
enabling
802.1X authentication 1
switch
as proxy 1
preventing unauthorized access 1
priority value 1
privilege levels
changing the default for lines 1
exiting 1
logging into 1
overview 1
setting a command with 1
Protecting Enable and Enable Secret Passwords with Encryption: Example command 1
provisioned configuration, defined 1
provisioned switch, defined 1
provisioning a new member 1
provisioning new members for a switch stack 1R
RADIUS 1 2
attributes
vendor-proprietary 1 2
vendor-specific 1
configuring
accounting 1
authentication 1
authorization 1
communication, global 1 2
communication, per-server 1
multiple UDP ports 1
default configuration 1
defining AAA server groups 1
identifying the server 1
key 1
limiting the services to the user 1
login 1
operation of 1
overview 1
suggested network environments 1
tracking services accessed by user 1
RADIUS Change of Authorization 1
realm 1
Remote Authentication Dial-In User Service
See RADIUS 1
removing a provisioned member 1
replacing 1
replacing a failed member 1
restricting access
overview 1
RADIUS 1
TACACS+ 1
RFC 5176 Compliance 1
routed packets, ACLs on 1
routed ports 1
router ACLs
defined 1
types of 1S
SCP
and SSH 1
configuring 1
SDM
switch stack consideration 1
secure HTTP client
configuring 1
displaying 1
secure HTTP server
configuring 1
displaying 1
Secure Shell 1
See also Kerberos<$nopage>[KDC
zzz] 1
see HTTPS 1
See KDC<$nopage> 1
See RADIUS 1
See SCP 1
See TACACS+<$nopage> 1
self-signed certificate 1
server 1
setting
enable 1
enable secret 1
Telnet 1
with usernames 1
setting a command with 1
setting a password 1
Setting a Telnet Password for a Terminal Line: Example command 1
Setting or Changing a Static Enable Password: Example command 1
Setting the Privilege Level for a Command: Example command 1
show access-lists hw-summary command 1
SSH 1
encryption methods 1
user authentication methods, supported 1
SSH server 1
SSL 1
configuration guidelines 1
configuring a secure HTTP client 1
configuring a secure HTTP server 1
monitoring 1
stack changes, effects on
ACL configuration 1
stack member
configuring
member number 1
priority value 1
provisioning a new member 1
removing a provisioned member 1
replacing 1
stacks switch
replacing a failed member 1
stacks, switch
assigning information
priority value 1
provisioning a new member 1
auto-advise 1
auto-extract 1
auto-upgrade 1
MAC address of 1
offline configuration
provisioned configuration, defined 1
provisioned switch, defined 1
provisioning a new member 1
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 1
described 1
upgrades with auto-extract 1
stacks, switch version-mismatch (VM) mode
manual upgrades with auto-advise 1
stacks,switch
assigning information
member number 1
auto-copy 1
merged 1
offline configuration
removing a provisioned member 1
partitioned 1
static bindings
adding 1 2
static hosts 1
statistics
802.1X 1
suggested network environments 1
SVIs
and router ACLs 1
Switch Access
displaying 1
switch as trusted third party 1
switch stack consideration 1
switched packets, ACLs on 1T
TACACS+ 1 2
accounting, defined 1
authentication, defined 1
authorization, defined 1
configuring
accounting 1
authentication key 1
authorization 1
login authentication 1
default configuration 1
defined 1
displaying 1
identifying the server 1
key 1
limiting the services to the user 1
login 1
operation of 1
overview 1
tracking services accessed by user 1
TCAM entries 1
Telnet 1
setting a password 1
temporary self-signed certificate 1
Terminal Access Controller Access Control System Plus
See TACACS+<$nopage> 1
terminal lines, setting a password 1
terms 1
TGT 1
tickets 1
time ranges in ACLs 1 2
time-range command 1
tracking services accessed by user 1 2
traffic
fragmented 1 2
trunk interfaces 1
trustpoints, CA 1U
upgrades with auto-extract 1
user authentication methods, supported 1
username-based authentication 1V
vendor-proprietary 1
vendor-specific 1
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 1
described 1
displaying 1
manual upgrades with auto-advise 1
upgrades with auto-extract 1
VLAN ACLs
See VLAN maps 1
VLAN map entries, order of 1
VLAN maps
applying 1
common uses for 1
configuration guidelines 1
configuring 1
creating 1
defined 1
denying access to a server example 1
denying and permitting packets 1 2
displaying 1
VRF 1W
web-based authentication
customizeable web pages 1
description 1
web-based authentication, interactions with other features 1
with RADIUS 1 2 3
with TACACS+ 1 2 3 4
with usernames 1Z
zzz] 1
Feedback