STIGQter: STIG Summary: Cisco NX-OS Switch L2S Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 08 May 2020:

The Cisco switch must not have any switchports assigned to the native VLAN.

DISA Rule

SV-110367r1_rule

Vulnerability Number

V-101263

Group Title

SRG-NET-000512-L2S-000013

Rule Version

CISC-L2-000270

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure all access switch ports to a VLAN other than the native VLAN.

Check Contents

Review the switch configurations and examine all access switch ports. Verify that they do not belong to the native VLAN as shown in the example below:

interface Ethernet0/1
switchport
switchport mode trunk
switchport trunk native vlan 44

interface Ethernet0/2
switchport
switchport access vlan 11

interface Ethernet0/3
switchport
switchport access vlan 12

If any access switch ports have been assigned to the same VLAN ID as the native VLAN, this is a finding.

Vulnerability Number

V-101263

Documentable

False

Rule Version

CISC-L2-000270

Severity Override Guidance

Review the switch configurations and examine all access switch ports. Verify that they do not belong to the native VLAN as shown in the example below:

interface Ethernet0/1
switchport
switchport mode trunk
switchport trunk native vlan 44

interface Ethernet0/2
switchport
switchport access vlan 11

interface Ethernet0/3
switchport
switchport access vlan 12

If any access switch ports have been assigned to the same VLAN ID as the native VLAN, this is a finding.

Check Content Reference

M

Target Key

3551

Comments