STIGQter: STIG Summary: Cisco IOS Switch L2S Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Cisco switch must not use the default VLAN for management traffic.

DISA Rule

SV-220644r539671_rule

Vulnerability Number

V-220644

Group Title

SRG-NET-000512-L2S-000010

Rule Version

CISC-L2-000240

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the switch for management access to use a VLAN other than the default VLAN:

SW1(config)#int vlan 22
SW1(config-if)#ip add 10.1.22.3 255.255.255.0
SW1(config-if)#no shut

Check Contents

Review the switch configuration and verify that the default VLAN is not used to access the switch for management:

interface Vlan22
description Management VLAN
ip address 10.1.22.3 255.255.255.0

If the default VLAN is being used for management access to the switch, this is a finding.

Vulnerability Number

V-220644

Documentable

False

Rule Version

CISC-L2-000240

Severity Override Guidance

Review the switch configuration and verify that the default VLAN is not used to access the switch for management:

interface Vlan22
description Management VLAN
ip address 10.1.22.3 255.255.255.0

If the default VLAN is being used for management access to the switch, this is a finding.

Check Content Reference

M

Target Key

4070

Comments