STIGQter: STIG Summary: Cisco IOS XE Switch L2S Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Cisco switch must not use the default VLAN for management traffic.

DISA Rule

SV-220670r539671_rule

Vulnerability Number

V-220670

Group Title

SRG-NET-000512-L2S-000010

Rule Version

CISC-L2-000240

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the switch for management access to use a VLAN other than the default VLAN.

SW1(config)#int vlan 22
SW1(config-if)#ip add 10.1.22.3 255.255.255.0
SW1(config-if)#no shut

Check Contents

Review the switch configuration and verify that the default VLAN is not used to access the switch for management.

interface Vlan22
description Management VLAN
ip address 10.1.22.3 255.255.255.0

If the default VLAN is being used for management access to the switch, this is a finding.

Vulnerability Number

V-220670

Documentable

False

Rule Version

CISC-L2-000240

Severity Override Guidance

Review the switch configuration and verify that the default VLAN is not used to access the switch for management.

interface Vlan22
description Management VLAN
ip address 10.1.22.3 255.255.255.0

If the default VLAN is being used for management access to the switch, this is a finding.

Check Content Reference

M

Target Key

4071

Comments