STIGQter STIGQter: STIG Summary: VMware ESX 3 Server Version: 1 Release: 2 Benchmark Date: 22 Jul 2016: The non-negotiate option is not configured for trunk links between external physical switches and virtual switches in VST mode.

DISA Rule

SV-16760r1_rule

Vulnerability Number

V-15821

Group Title

Non-negotiate not set for virtual switches in VST.

Rule Version

ESX0300

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the non-negotiate option for trunks connected to external physical switches.

Check Contents

Request of copy of the external switch configuration that the ESX Server has trunk links configured. Work with the network reviewer and system administrator to verify the non-negotiate option is set.

Cisco CATOS switch:

CATOS Console> (enable) set trunk <port number> nonnegotiate dot1q

Cisco IOS switch:

IOS Console# switchport trunk nonnegotiate

If the non-negotiate option is not set, this is a finding.

Vulnerability Number

V-15821

Documentable

False

Rule Version

ESX0300

Severity Override Guidance

Request of copy of the external switch configuration that the ESX Server has trunk links configured. Work with the network reviewer and system administrator to verify the non-negotiate option is set.

Cisco CATOS switch:

CATOS Console> (enable) set trunk <port number> nonnegotiate dot1q

Cisco IOS switch:

IOS Console# switchport trunk nonnegotiate

If the non-negotiate option is not set, this is a finding.

Check Content Reference

M

Responsibility

[Virtual Server Administrator]

Target Key

1386

Comments