STIGQter: STIG Summary: Voice/Video over Internet Protocol (VVoIP) STIG Version: 3 Release: 14 Benchmark Date: 26 Apr 2019: STIGQter: STIG Summary: Voice/Video over Internet Protocol (VVoIP) STIG Version: 3 Release: 14 Benchmark Date: 26 Apr 2019:SV-21775r2_rule
V-19634
Deficient imp'n: VVoIP VLAN pruning within the LAN
VVoIP 5530
CAT II
10
Ensure VLANs established for the VVoIP system are pruned from trunks and/or interfaces that are not required to carry the traffic as follows:
> VVoIP core equipment VLANs will not extend past the core routing devices that support the core equipment. These VLANs should not appear on distribution or access layer NEs in the LAN.
> VVoIP endpoint VLANs established on access layer switches shall only appear on a primary uplink and a backup in addition to the access ports that are assigned to the local VVoIP VLAN.
> VVoIP endpoint VLANs established on distribution layer switches shall only appear on a primary uplink and a backup that leads toward a routing device. If the distribution layer switch is a routing device, there may be other endpoint VLANs present and available for routing or a local VLAN may traverse a horizontal link if available to another distribution layer NE for routing. Typically however this routing should occur on the core routing devices rather than traversing horizontal links to be routed.
Inspect the configurations of the LAN devices supporting the VVoIP system on which the required VLANs are configured to determine compliance with the following requirement:
Ensure VLANs established for the VVoIP system are pruned from trunks and/or interfaces that are not required to carry the traffic as follows:
> VVoIP core equipment VLANs will not extend past the core routing devices that support the core equipment. These VLANs should not appear on distribution or access layer NEs in the LAN.
> VVoIP endpoint VLANs established on access layer switches shall only appear on a primary uplink and a backup in addition to the access ports that are assigned to the local VVoIP VLAN.
> VVoIP endpoint VLANs established on distribution layer switches shall only appear on a primary uplink and a backup that leads toward a routing device. If the distribution layer switch is a routing device, there may be other endpoint VLANs present and available for routing or a local VLAN may traverse a horizontal link if available to another distribution layer NE for routing. Typically however this routing should occur on the core routing devices rather than traversing horizontal links to be routed.
V-19634
False
VVoIP 5530
Inspect the configurations of the LAN devices supporting the VVoIP system on which the required VLANs are configured to determine compliance with the following requirement:
Ensure VLANs established for the VVoIP system are pruned from trunks and/or interfaces that are not required to carry the traffic as follows:
> VVoIP core equipment VLANs will not extend past the core routing devices that support the core equipment. These VLANs should not appear on distribution or access layer NEs in the LAN.
> VVoIP endpoint VLANs established on access layer switches shall only appear on a primary uplink and a backup in addition to the access ports that are assigned to the local VVoIP VLAN.
> VVoIP endpoint VLANs established on distribution layer switches shall only appear on a primary uplink and a backup that leads toward a routing device. If the distribution layer switch is a routing device, there may be other endpoint VLANs present and available for routing or a local VLAN may traverse a horizontal link if available to another distribution layer NE for routing. Typically however this routing should occur on the core routing devices rather than traversing horizontal links to be routed.
M
3407