Cisco NX-OS Security Command Reference, Release 4.0
F Commands
Download this chapter
F CommandsF Commands
Download the complete book
Cisco NX-OS Security Command Reference, Release 4.0Cisco NX-OS Security Command Reference, Release 4.0 (PDF - 3 MB)
give_us_feedback

Table Of Contents

F Commands

feature (user role feature group)

feature cts

feature dhcp

feature dot1x

feature eou

feature port-security

feature tacacs+


F Commands

This chapter describes the Cisco NX-OS security commands that begin with F.

feature (user role feature group)

To configure a feature in a user role feature group, use the feature command. To delete a feature in a user role feature group, use the no form of this command.

feature feature-name

no feature feature-name

Syntax Description

feature-name

NX-OS feature name as listed in the show role feature command output.


Defaults

None

Command Modes

User role feature group configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

Use the show role feature command to list the valid feature names to use in this command.

This command does not require a license.

Examples

This example shows add features to a user role feature group: 

switch# config t

switch(config)# role feature-group name SecGroup

switch(config-role-featuregrp)# feature aaa

switch(config-role-featuregrp)# feature radius

switch(config-role-featuregrp)# feature tacacs

This example shows how to remove a feature from user role feature group: 

switch# config t

switch(config)# role feature-group name MyGroup

switch(config-role-featuregrp)# no feature callhome

Related Commands

Command
Description

show role feature-group

Displays the user role feature groups.


feature cts

To enable the Cisco TrustSec feature, use the feature cts command. To revert to the default, use the no form of this command.

feature cts

no feature cts

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Global configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

To use this command, you must enable the Cisco TrustSec feature using the feature dot1x command.

Note The Cisco TrustSec feature does not have a license grace period. You must install the Advanced Services license to configure this feature.

This command requires the Advanced Services license.

Examples

This example shows how to enable the Cisco TrustSec feature: 

switch# config t

switch(config)# feature cts

This example shows how to disable the Cisco TrustSec feature: 

switch# config t

switch(config)# no feature cts

Related Commands

Command
Description

feature dot1x

Enables the 802.1X feature.

show cts

Displays the Cisco TrustSec status information.



feature dhcp

To enable the DHCP snooping feature on the device, use the feature dhcp command. To disable the DHCP snooping feature, use the no form of this command.

feature dhcp

no feature dhcp

Syntax Description

This command has no arguments or keywords.

Defaults

None

Command Modes

Global configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

The DHCP snooping feature is disabled by default.

If you have not enabled the DHCP snooping feature, commands related to DCHP snooping are unavailable.

Dynamic ARP inspection and IP Source Guard depend upon the DHCP snooping feature.

If you disable the DHCP snooping feature, the device discards all DHCP snooping configuration. If you want to turn off DHCP snooping and preserve your DHCP snooping configuration, disable DHCP snooping globally with the no ip dhcp snooping command.

This command does not require a license.

Examples

This example shows how to enable DHCP snooping: 

switch# configure terminal

switch(config)# feature dhcp

switch(config)#

Related Commands

Command
Description

clear ip dhcp snooping binding

Clears the DHCP snooping binding database.

ip dhcp snooping

Globally enables DHCP snooping on the device.

service dhcp

Enables or disables the DHCP relay agent.

show ip dhcp snooping

Displays general information about DHCP snooping.

show running-config dhcp

Displays DHCP snooping configuration, including IP Source Guard configuration.


feature dot1x

To enable the 802.1X feature, use the feature dot1x command. To revert to the default, use the no form of this command.

feature dot1x

no feature dot1x

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Global configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

You must use the feature dot1x command before you configure 802.1X.

Note If you disable the 802.1X feature, all 802.1X configuration is lost. If you want to disable 802.1X authentication, use the no dot1x system-auth-control command.

This command does not require a license.

Examples

This example shows how to enable 802.1X: 

switch# config t

switch(config)# feature dot1x

This example shows how to disable 802.1X: 

switch# config t

switch(config)# no feature dot1x

Related Commands

Command
Description

show dot1x

Displays 802.1X status information.


feature eou

To enable Extensible Authentication Protocol over User Datagram Protocol (EAPoUDP), use the feature eou command. To disable EAPoUDP, use the no form of this command.

feature eou

no feature eou

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Global configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

You must use the feature eou command before you configure EAPoUDP.

Note When you disable EAPoUDP, the NX-OS software removes the EAPoUDP configuration.

This command does not require a license.

Examples

This example shows how to enable EAPoUDP: 

switch# config t

switch(config)# feature eou

This example shows how to disable EAPoUDP: 

switch# config t

switch(config)# no feature eou

Related Commands

Command
Description

feature eou

Enables EAPoUDP.

show eou

Displays EAPoUDP information.


feature port-security

To enable the port security feature globally, use the feature port-security command. To disable the port security feature globally, use the no form of this command.

feature port-security

no feature port-security

Syntax Description

This command has no arguments or keywords.

Defaults

None

Command Modes

Global configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

Port security is disabled globally by default.

Port security is local to each virtual device context (VDC). If necessary, switch to the correct VDC before using this command.

This command does not require a license.

Enabling Port Security

If you enable port security globally, all other commands related to port security become available.

If you are reenabling port security, no port security configuration is restored from the last time that port security was enabled.

Disabling Port Security

If you disable port security globally, all port security configuration is removed, including any interface configuration for port security and all secured MAC addresses, regardless of the method by which the device learned the addresses.

Examples

This example shows how to enable port security globally: 

switch# config t

switch(config)# feature port-security

switch(config)#

Related Commands

Command
Description

clear port-security

Clears dynamically learned, secure MAC addresses.

debug port-security

Provides debugging information for port security.

show port-security

Shows information about port security.

switchport port-security

Enables port security on a Layer 2 interface.


feature tacacs+

To enable TACACS+, use the feature tacacs+ command. To disable TACACS+, use the no form of this command.

feature tacacs+

no feature tacacs+

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Global configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

You must use the feature tacacs+ command before you configure TACACS+.

Note When you disable TACACS+, the NX-OS software removes the TACACS+ configuration.

This command does not require a license.

Examples

This example shows how to enable TACACS+: 

switch# config t

switch(config)# feature tacacs+

This example shows how to disable TACACS+: 

switch# config t

switch(config)# no feature tacacs+

Related Commands

Command
Description

show tacacs+

Displays TACACS+ information.