STIGQter: STIG Summary: VMware vSphere 6.7 ESXi Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021: STIGQter: STIG Summary: VMware vSphere 6.7 ESXi Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:SV-239317r674880_rule
V-239317
SRG-OS-000480-VMM-002000
ESXI-67-000063
CAT II
10
From the vSphere Client, select the ESXi host and go to Configure >> Networking >> Virtual switches.
Highlight the port group where VLAN ID is set to native VLAN ID and click Edit settings (dots).
Change the VLAN ID to a non-native VLAN and click "OK".
or
From a PowerCLI command prompt while connected to the ESXi host, run the following command:
Get-VirtualPortGroup -Name "portgroup name" | Set-VirtualPortGroup -VLanId "New VLAN#"
From the vSphere Client, select the ESXi host and go to Configure >> Networking >> Virtual switches.
For each virtual switch, review the port group VLAN tags and verify they are not set to the native VLAN ID of the attached physical switch.
or
From a PowerCLI command prompt while connected to the ESXi host, run the following command:
Get-VirtualPortGroup | Select Name, VLanId
If any port group is configured with the native VLAN of the attached physical switch, this is a finding.
V-239317
False
ESXI-67-000063
From the vSphere Client, select the ESXi host and go to Configure >> Networking >> Virtual switches.
For each virtual switch, review the port group VLAN tags and verify they are not set to the native VLAN ID of the attached physical switch.
or
From a PowerCLI command prompt while connected to the ESXi host, run the following command:
Get-VirtualPortGroup | Select Name, VLanId
If any port group is configured with the native VLAN of the attached physical switch, this is a finding.
M
5326