STIGQter: STIG Summary: Voice/Video over Internet Protocol (VVoIP) STIG Version: 3 Release: 14 Benchmark Date: 26 Apr 2019: STIGQter: STIG Summary: Voice/Video over Internet Protocol (VVoIP) STIG Version: 3 Release: 14 Benchmark Date: 26 Apr 2019:SV-21791r2_rule
V-19650
Deficient LAN switch port config: 802.1Q VLAN Assn
VVoIP 5555
CAT II
10
In the event a LAN access switchport supports a VVoIP or VTC endpoint containing a PC port configure the switchport to assign a “default” “data” VLAN to handle untagged PC port traffic and assign a secondary VVoIP or VTC VLAN to handle the tagged VVoIP or VTC traffic.
NOTE: 802.1Q format is typically used for VLAN tagging in this application. While this is the standard method, this requirement is not intended to preclude other methods to affect the required behavior.
NOTE: Do not use the default VLAN for the switch which is generally VLAN 1. This is used for LAN control traffic. No traffic or interface is permitted to be assigned to the switches’ default VLAN.
Inspect LAN access switchport configuration settings to confirm compliance with the following requirement:
In the event a LAN access switchport supports a VVoIP or VTC endpoint containing a PC port assign the switchport to a default “data” VLAN to handle untagged PC port traffic and assign a secondary VVoIP or VTC VLAN to handle the tagged VVoIP or VTC traffic.
NOTE: 802.1Q format is typically used for VLAN tagging in this application. While this is the standard method, this requirement is not intended to preclude other methods to affect the required behavior.
This is a finding in the event a LAN access switchport that supports a VVoIP or VTC endpoint containing a PC port is not configured with two VLANs, one that is a default “data” VLAN to handle untagged PC port traffic and a secondary VVoIP or VTC VLAN to handle the tagged VVoIP or VTC traffic.
NOTE: Do not use the default VLAN for the switch which is generally VLAN 1. This is used for LAN control traffic. No traffic or interface is permitted to be assigned to the switches’ default VLAN.
V-19650
False
VVoIP 5555
Inspect LAN access switchport configuration settings to confirm compliance with the following requirement:
In the event a LAN access switchport supports a VVoIP or VTC endpoint containing a PC port assign the switchport to a default “data” VLAN to handle untagged PC port traffic and assign a secondary VVoIP or VTC VLAN to handle the tagged VVoIP or VTC traffic.
NOTE: 802.1Q format is typically used for VLAN tagging in this application. While this is the standard method, this requirement is not intended to preclude other methods to affect the required behavior.
This is a finding in the event a LAN access switchport that supports a VVoIP or VTC endpoint containing a PC port is not configured with two VLANs, one that is a default “data” VLAN to handle untagged PC port traffic and a secondary VVoIP or VTC VLAN to handle the tagged VVoIP or VTC traffic.
NOTE: Do not use the default VLAN for the switch which is generally VLAN 1. This is used for LAN control traffic. No traffic or interface is permitted to be assigned to the switches’ default VLAN.
M
3407