STIGQter: STIG Summary: HP FlexFabric Switch L2S Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The HP FlexFabric Switch must have the native VLAN assigned to a VLAN ID other than the default VLAN ID for all 802.1q trunk links.

DISA Rule

SV-80585r1_rule

Vulnerability Number

V-66095

Group Title

SRG-NET-000512-L2S-000012

Rule Version

HFFS-L2-000029

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the ID of the native vlan on all trunk port(s).

[HP-GigabitEthernet1/0/13] undo port trunk permit vlan 1
[HP-GigabitEthernet1/0/13]port trunk pvid vlan 4017

Check Contents

Review the HP FlexFabric Switch configurations and examine all trunk links. Verify the native VLAN has been configured to a VLAN ID other than the default VLAN 1. Connect to switch via console or SSH.

<HP> display current interface Bridge-Aggregation
#
interface Bridge-Aggregation1
description To-DistroEast(10G)
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2100 to 2102 4017
port trunk pvid vlan 4017
link-aggregation mode dynamic

If any of the trunk links are assigned to VLAN 1, this is a finding.

Vulnerability Number

V-66095

Documentable

False

Rule Version

HFFS-L2-000029

Severity Override Guidance

Review the HP FlexFabric Switch configurations and examine all trunk links. Verify the native VLAN has been configured to a VLAN ID other than the default VLAN 1. Connect to switch via console or SSH.

<HP> display current interface Bridge-Aggregation
#
interface Bridge-Aggregation1
description To-DistroEast(10G)
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2100 to 2102 4017
port trunk pvid vlan 4017
link-aggregation mode dynamic

If any of the trunk links are assigned to VLAN 1, this is a finding.

Check Content Reference

M

Target Key

2977

Comments