STIGQter: STIG Summary: HP FlexFabric Switch L2S Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The HP FlexFabric Switch must have unknown storm-constrain enabled.

DISA Rule

SV-80559r1_rule

Vulnerability Number

V-66069

Group Title

SRG-NET-000362-L2S-000024

Rule Version

HFFS-L2-000013

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Configure the HP FlexFabric Switch to have unknown storm-constrain enabled.

[HP-GigabitEthernet1/0/1]storm-constrain unicast pps 1 1

[HP-GigabitEthernet1/0/1]storm-constrain control shutdown

Check Contents

Review the HP FlexFabric Switch configuration to verify that unknown storm-constrain is enabled on all access switch ports.

If any access switch ports do not have storm-constrain enabled, this is a finding.

[HP] display storm-constrain
Abbreviation: BC - broadcast; MC - multicast; UC - unicast
FW - forwarding
Flow Statistic Interval: 10 (in seconds)
Port Type Lower Upper Unit CtrlMode Status Trap Log SwitchNum
--------------------------------------------------------------------------------
XGE1/0/10 UC 1 1 pps shutdown FW on on 0

Vulnerability Number

V-66069

Documentable

False

Rule Version

HFFS-L2-000013

Severity Override Guidance

Review the HP FlexFabric Switch configuration to verify that unknown storm-constrain is enabled on all access switch ports.

If any access switch ports do not have storm-constrain enabled, this is a finding.

[HP] display storm-constrain
Abbreviation: BC - broadcast; MC - multicast; UC - unicast
FW - forwarding
Flow Statistic Interval: 10 (in seconds)
Port Type Lower Upper Unit CtrlMode Status Trap Log SwitchNum
--------------------------------------------------------------------------------
XGE1/0/10 UC 1 1 pps shutdown FW on on 0

Check Content Reference

M

Target Key

2977

Comments