STIGQter: STIG Summary: Cisco IOS XE Switch L2S Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Cisco IOS XE Switch L2S Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-220662r648766_rule
V-220662
SRG-NET-000512-L2S-000001
CISC-L2-000160
CAT III
10
Configure storm control for each host-facing interface as shown in the example below:
SW1(config)#int range g0/2 - 8
SW1(config-if-range)#storm-control unicast bps 62000000
SW1(config-if-range)#storm-control broadcast level bps 20000000
Note: The acceptable range is 10000000 -1000000000 for a gigabit Ethernet interface, and 100000000-10000000000 for a ten gigabit interface. Storm control is not supported on most FastEthernet interfaces.
Review the switch configuration to verify that storm control is enabled on all host-facing interfaces as shown in the example below:
interface GigabitEthernet0/3
switchport access vlan 12
storm-control unicast level bps 62000000
storm-control broadcast level bps 20000000
Note: Bandwidth percentage thresholds (via level parameter) can be used in lieu of PPS rate.
If storm control is not enabled at a minimum for broadcast traffic, this is a finding.
V-220662
False
CISC-L2-000160
Review the switch configuration to verify that storm control is enabled on all host-facing interfaces as shown in the example below:
interface GigabitEthernet0/3
switchport access vlan 12
storm-control unicast level bps 62000000
storm-control broadcast level bps 20000000
Note: Bandwidth percentage thresholds (via level parameter) can be used in lieu of PPS rate.
If storm control is not enabled at a minimum for broadcast traffic, this is a finding.
M
4071