Title

The SEL-2740S must be configured with backup flows for all host and switch flows to ensure proper failover scheme is in place for the network. (Cat II impact)

Discussion

The SEL-2740S must be capable of multiple fast failover, backup and in cases isolation of the traffic from a detected threat in the system.

Check Content

Review the SEL-2740S flow rules to ensure each flow has a Fast Failover Group configured. If the switch is not configured to provide backup flows, this is a finding.

Fix Text

To configure a Fast Failover Group for a given flow, do the following: 1. Log on to OTSDN Controller using Permission Level 3. 2. Under Group Entry General settings, select "Group ID" and "Group Type" as "Fast Failover". 3. Select appropriate number of Action Buckets dependent upon use case. 4. Determine valid watch port or group, and select supported actions. 5. Click "Submit".

Additional Identifiers

Rule ID: SV-102369r1_rule

Vulnerability ID: V-92281

Group Title: SRG-NET-000512-L2S-000030

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.