- Preface
- New and Changed Information
- Overview
- Configuring Authentication, Authorization, and Accounting
- Configuring RADIUS
- Configuring TACACS+
- Configuring SSH and Telnet
- Configuring 802.1X
- Configuring Cisco TrustSec
- Configuring Access Control Lists
- Configuring Port Security
- Configuring DHCP Snooping
- Configuring Dynamic ARP Inspection
- Configuring IP Source Guard
- Configuring Control Plane Policing
- Index
Contents
8 - A - C - D - E - F - G - I - L - M - N - P - R - S - T - U - V
Index
8
802.1Xauthenticator PAEs 1configuration process 1configuring 1configuring AAA accounting methods 1configuring AAA authentication methods 1configuring on member ports 1controlling on interfaces 1default settings 1description 1disabling authentication 1disabling feature 1enabling feature 1enabling MAC authentication bypass 1enabling mulitple hosts mode 1enabling periodic reauthentication on interfaces 1enabling single host mode 1example configuration 1guidelines 1licensing requirements 1limitations 1MAC authenication bypass 1monitoring 1multiple host support 1prerequisites 1setting interface maximum retransmission retry count 1single host support 1supported topologies 1verifying configuration 1802.1X authenticationauthorization states for ports 1changing timers on interfaces 1enabling RADIUS accounting 1initiation 1manually initializing 1802.1X reauthenticationsetting maximum retry count on interfaces 1802.1X supplicantsmanually reauthenticating 1A
AAAaccounting 1authentication 1benefits 1configuring authentication methods for 802.1X 1configuring console login 1configuring for Cisco TrustSec 1configuring for RADIUS servers 1configuring seed device for Cisco TrustSec 1default settings 1description 1enabling MSCHAP authentication 1example configuration 1prerequisites 1user login process 1verifying configurations 1AAA accountingconfiguring default methods 1configuring methods for 802.1X 1AAA accounting logsclearing 1displaying 1AAA authorizationconfiguring on TACACS+ servers 1AAA loginsenabling authentication failure messages 1AAA protocolsRADIUS 1TACACS+ 1AAA server groupsdescription 1AAA serversspecifying user roles 1specifying user roles in VSAs 1AAA servicesconfiguration options 1remote 1accountingdescription 1ACLprocessing order 1sequence numbers 1ACL implicit rules 1ACLsapplications 1creating log entries for 1guidelines 1identifying traffic by protocols 1licensing 1limitations 1prerequisites 1types 1VLAN 1authentication802.1X 1description 1local 1methods 1remote 1user login 1authenticator PAEscreating on an interface 1description 1removing from an interface 1authorizationuser login 1verifying commands 1C
CiscoCisco TrustSec 1architecture 1configuring 1configuring AAA on seed device 1configuring device credentials 1configuring pause frame encryption and decryption on interfaces 1default values 1description 1enabling 1enabling (example) 1environment data download 1example configurations 1guidelines 1licensing 1limitations 1manually configuring SXP 1prerequisites 1SGTs 1verifying configuration 1Cisco TrustSec authenticationconfiguring 1configuring in manual mode 1description 1manual mode configuration examples 1Cisco TrustSec authorizationconfiguring 1Cisco TrustSec device credentialsdescription 1Cisco TrustSec device identitiesdescription 1Cisco TrustSec environment datadownload 1Cisco TrustSec policiesexample enforcement configuration 1Cisco TrustSec seed devicesexample configuration 1Cisco TrustSec user credentialsdescription 1cisco-av-pairclass mapsCoPP 1clearing statisticsCoPP 1commandsdisabing authorization verification 1enabing authorization verification 1configuration statusCoPP 1control planepoliciesapplying 1control plane class mapsverifying the configuration 1control plane policy mapsverifying the configuration 1control plane protectionCoPP 1packet types 1control plane protection, classification 1control plane protection, CoPPrate controlling mechanisms 1CoPP 1class maps 1clearing statistics 1configuration status 1control plane protection 1control plane protection, classification 1default settings 1feature history 1guidelines 1information about 1licensing 1limitations 1monitoring 1policy templates 1restrictions for management interfaces 1verifying the configuration 1CoPP policiesapplying 1customized 1default 1scaled Layer 2 1scaled Layer 3 1CoPP policycustomizedmodifying 1CTS 1See Cisco TrustSec 1customized CoPP policy 1modifying 1D
DAIdefault settings 1guidelines 1limitations 1deafult settingsport security 1default CoPP policy 1default settings802.1X 1AAA 1CoPP 1DAI 1IP Source Guard 1device rolesdescription for 802.1X 1DHCP binding database 1See DHCP snooping binding database 1DHCP Option 82description 1DHCP relay agentenabling or disabling 1enabling or disabling Option 82 1enabling or disabling subnet broadcast support on a Layer 3 Interface 1enabling or disabling VRF support 1VRF support 1DHCP relay binding databasedescription 1DHCP snoopingbinding database 1default settings 1description 1guidelines 1in a vPC environment 1limitations 1message exchange process 1Option 82 1overview 1DHCP snooping binding database 1described 1description 1entries 1See DHCP snooping binding database 1dynamic ARP inspectionARP cache poisoning 1ARP requests 1ARP spoofing attack 1DHCP snooping binding database 1function of 1interface trust states 1logging of dropped packets 1network security issues and interface trust states 1Dynamic Host Configuration Protocol snooping 1See DHCP snooping 1E
examplesAAA configurations 1F
feature historyCoPP 1G
guidelinesACLs 1CoPP 1DAI 1DHCP snooping 1port security 1I
IDsIP ACL implicit rules 1IP ACL statisticsclearing 1monitoring 1IP ACLsapplications 1applying as a Router ACL 1applying as port ACLs 1changing 1changing sequence numbers in 1description 1logical operation units 1logical operators 1removing 1types 1IP Source Guarddefault settings 1L
licensing802.1X 1ACLs 1Cisco TrustSec 1CoPP 1limitationsACLs 1CoPP 1DAI 1DHCP snooping 1port security 1loggingcreating ACL for 1logical operation unitsIP ACLs 1logical operators***IP ACLs 1loginRADIUS servers 1LOU 1See logical operation units 1M
MAC ACL implicit rules 1MAC ACLsACLsMACcreating 1MAC addresseslearning 1MAC authenticationbypass for 802.1X 1enabling bypass in 802.1X 1management interfacesCoPP restrictions 1monitoringCoPP 1RADIUS 1RADIUS servers 1MSCHAPenabling authentication 1N
new in this release 1P
policy templatesdescription 1port ACL 1port securitydefault settings 1guidelines 1limitations 1MAC address learning 1MAC move 1violations 1portsauthorization states for 802.1X 1preshared keysTACACS+ 1privilege level support for TACACS+ authorizationconfiguring 1privilege rolespermitting or denying commands for 1R
RADIUSconfiguring servers 1configuring timeout intervals 1configuring transmission retry counts 1default settings 1description 1example configurations 1monitoring 1network environments 1operations 1prerequisites 1statistics, displaying 1RADIUS accountingenabling for 802.1X authentication 1RADIUS server groupsglobal source interfaces 1RADIUS server preshared keys 1RADIUS serversallowing users to specify at login 1configuring AAA for 1configuring timeout interval 1configuring transmission retry count 1deleting hosts 1displaying statistics 1example configurations 1manually monitoring 1RADIUS statisticsclearing 1RADIUS, global preshared keys 1RADIUS, periodic server monitoring 1RADIUS, server hostsconfiguring 1rate controlling mechanismscontrol plane protection, CoPP 1RBACLclearing statistics 1displaying statistics 1enabling statistics 1RBACL loggingenabling 1remote devicesconnecting to using SSH 1router ACLs 1rulesimplicit 1S
scaled Layer 2 CoPP policy 1scaled Layer 3 CoPP policy 1secure MAC addresseslearning 1securitypoliciesapplying 1portMAC address learning 1security group access lists 1See SGACLs 1security group tag 1See SGT 1server groups 1serversRADIUS 1SGACL policiesclearing 1displaying downloaded policies 1manually configuring 1SGACL policy enforcementenabling on VLANs 1SGACLsconfiguring 1description 1example manual configuration 1SGACLs policiesrefreshing downloaded policies 1SGT Exchange Protocol 1See SXP 1SGTsdescription 1manually configuring 1propagation with SXP 1SNMPv3specifying AAA parameters 1specifying parameters for AAA servers 1source interfacesRADIUS server groups 1TACACS+ server groups 1SSHdescription 1SSH clients 1SSH server keys 1SSH servers 1SSH sessionsclearing 1connecting to remote devices 1statisticsclearing 1for RBACL 1monitoring 1TACACS+ 1SXPchanging retry periods 1configuration process 1configuring default passwords 1configuring default source IP addresses 1configuring manually 1configuring peer connections 1enabling 1SGT propagation 1SXP connectionsexample manual configuration 1T
TACACS+advantages over RADIUS 1configuring 1configuring global timeout interval 1displaying statistics 1example configurations 1field descriptions 1global preshared keys 1limitations 1prerequisites 1preshared key 1user login operation 1verifying command authorization 1verifying configuration 1TACACS+ command authorizationconfiguring 1testing 1TACACS+ server groupsglobal source interfaces 1TACACS+ serversconfiguring hosts 1configuring TCP ports 1configuring timeout interval 1displaying statistics 1field descriptions 1manually monitoring 1verifying configuration 1TCP portsTACACS+ servers 1Telnetdescription 1Telnet serverenabling 1reenabling 1Telnet servers 1Telnet sessionsclearing 1connecting to remote devices 1U
user loginauthentication process 1authorization process 1user rolesV
vendor-specific attributes 1VLAN ACLsinformation about 1vPCsand DHCP snooping 1VSAsformat 1protocol options 1support description 1