Cisco IOS XE Switch L2S STIG

Cisco IOS XE Switch L2S Security Technical Implementation Guide

ID Vuln ID Title Cat Status
CISC-L2-000130 V-220659 The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources. Cat II
CISC-L2-000230 V-220669 The Cisco switch must have the default VLAN pruned from all trunk ports that do not require it. Cat II
CISC-L2-000210 V-220667 The Cisco switch must have all disabled switch ports assigned to an unused VLAN. Cat II
CISC-L2-000040 V-220651 The Cisco switch must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks. Cat II
CISC-L2-000190 V-220665 The Cisco switch must enable Unidirectional Link Detection (UDLD) to protect against one-way connections. Cat II
CISC-L2-000260 V-220672 The Cisco switch must have the native VLAN assigned to an ID other than the default VLAN for all 802.1q trunk links. Cat II
CISC-L2-000220 V-220668 The Cisco switch must not have the default VLAN assigned to any host-facing switch ports. Cat II
CISC-L2-000270 V-220673 The Cisco switch must not have any switchports assigned to the native VLAN. Cat III
CISC-L2-000080 V-220654 The Cisco switch must authenticate all endpoint devices before establishing any connection. Cat II
CISC-L2-000100 V-220656 The Cisco switch must have BPDU Guard enabled on all user-facing or untrusted access switch ports. Cat II
CISC-L2-000250 V-220671 The Cisco switch must have all user-facing or untrusted ports configured as access switch ports. Cat II
CISC-L2-000060 V-220652 The Cisco switch must be configured for authorized users to select a user session to capture. Cat II
CISC-L2-000200 V-220666 The Cisco switch must have all trunk links enabled statically. Cat II
CISC-L2-000180 V-220664 The Cisco switch must implement Rapid STP where VLANs span multiple switches with redundant links. Cat II
CISC-L2-000020 V-220649 The Cisco switch must uniquely identify all network-connected endpoint devices before establishing any connection. Cat I

Print

Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Print

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.
Changes