STIGQter: STIG Summary: Cisco NX-OS Switch L2S Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 08 May 2020:

The Cisco switch must not use the default VLAN for management traffic.

DISA Rule

SV-110361r1_rule

Vulnerability Number

V-101257

Group Title

SRG-NET-000512-L2S-000010

Rule Version

CISC-L2-000240

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the switch for management access to use a VLAN other than the default VLAN.

SW1(config)# interface vlan 44
SW1(config-if)# ip add 10.1.12.1/24
SW1(config-if)# end

Check Contents

Review the switch configuration and verify that the default VLAN is not used to access the switch for management.

interface Vlan1

interface Vlan44
description Management VLAN
ip address 10.1.12.1/24

If the default VLAN is being used for management access to the switch, this is a finding.

Vulnerability Number

V-101257

Documentable

False

Rule Version

CISC-L2-000240

Severity Override Guidance

Review the switch configuration and verify that the default VLAN is not used to access the switch for management.

interface Vlan1

interface Vlan44
description Management VLAN
ip address 10.1.12.1/24

If the default VLAN is being used for management access to the switch, this is a finding.

Check Content Reference

M

Target Key

3551

Comments