STIGQter: STIG Summary: VMware ESX 3 Server Version: 1 Release: 2 Benchmark Date: 22 Jul 2016: The non-negotiate option is not configured for trunk links between external physical switches and virtual switches in VST mode.

DISA Rule

SV-16760r1_rule

Vulnerability Number

V-15821

Group Title

Non-negotiate not set for virtual switches in VST.

Rule Version

ESX0300

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Configure the non-negotiate option for trunks connected to external physical switches.

Check Contents

Request of copy of the external switch configuration that the ESX Server has trunk links configured. Work with the network reviewer and system administrator to verify the non-negotiate option is set.

Cisco CATOS switch:

CATOS Console> (enable) set trunk <port number> nonnegotiate dot1q

Cisco IOS switch:

IOS Console# switchport trunk nonnegotiate

If the non-negotiate option is not set, this is a finding.

Vulnerability Number

V-15821

Documentable

False

Rule Version

ESX0300

Severity Override Guidance

Check Content Reference

Responsibility

[Virtual Server Administrator]

Target Key

1386

STIGQter: STIG Summary: VMware ESX 3 Server Version: 1 Release: 2 Benchmark Date: 22 Jul 2016: The non-negotiate option is not configured for trunk links between external physical switches and virtual switches in VST mode.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments