STIGQter STIGQter: STIG Summary: HP FlexFabric Switch L2S Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The HP FlexFabric Switch must have all user-facing or untrusted ports configured as access switch ports.

DISA Rule

SV-80583r1_rule

Vulnerability Number

V-66093

Group Title

SRG-NET-000512-L2S-000011

Rule Version

HFFS-L2-000028

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure all user-facing or untrusted ports as access ports.

[HP-GigabitEthernet1/0/13]port link-type access

Check Contents

Review the HP FlexFabric Switch configuration and ensure all user-facing or untrusted ports are configured as access port.

If any of the user-facing switch ports are configured as a trunk, this is a finding

[HP]display current-configuration interface gigabitEthernet 1/0/1

Brief information on interface(s) under bridge mode:

Link: ADM - administratively down; Stby - standby
Speed or Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface Link Speed Duplex Type PVID Description
XGE1/0/1 UP 1G(a) F(a) A 100
XGE1/0/2 UP 1G(a) F(a) A 100
XGE1/0/3 UP 1G(a) F(a) A 100
XGE1/0/4 UP 1G(a) F(a) A 100

Vulnerability Number

V-66093

Documentable

False

Rule Version

HFFS-L2-000028

Severity Override Guidance

Review the HP FlexFabric Switch configuration and ensure all user-facing or untrusted ports are configured as access port.

If any of the user-facing switch ports are configured as a trunk, this is a finding

[HP]display current-configuration interface gigabitEthernet 1/0/1

Brief information on interface(s) under bridge mode:

Link: ADM - administratively down; Stby - standby
Speed or Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface Link Speed Duplex Type PVID Description
XGE1/0/1 UP 1G(a) F(a) A 100
XGE1/0/2 UP 1G(a) F(a) A 100
XGE1/0/3 UP 1G(a) F(a) A 100
XGE1/0/4 UP 1G(a) F(a) A 100

Check Content Reference

M

Target Key

2977

Comments