STIGQter STIGQter: STIG Summary: Cisco NX-OS Switch RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Cisco PE switch must be configured to limit the number of MAC addresses it can learn for each Virtual Private LAN Services (VPLS) bridge domain.

DISA Rule

SV-221125r622190_rule

Vulnerability Number

V-221125

Group Title

SRG-NET-000192-RTR-000002

Rule Version

CISC-RT-000720

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure a MAC address learning limit for each VPLS bridge domain.

SW1(config)# bridge-domain 100
SW1(config-bdomain)# mac limit maximum addresses nnnn
SW1(config-bdomain)# end

Check Contents

Review the PE switch configuration to determine if a MAC address limit has been set for each VPLS bridge domain.

bridge-domain 100
mac limit maximum addresses nnnnn

If a limit has not been configured, this is a finding.

Vulnerability Number

V-221125

Documentable

False

Rule Version

CISC-RT-000720

Severity Override Guidance

Review the PE switch configuration to determine if a MAC address limit has been set for each VPLS bridge domain.

bridge-domain 100
mac limit maximum addresses nnnnn

If a limit has not been configured, this is a finding.

Check Content Reference

M

Target Key

4075

Comments