STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021: STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:SV-243086r719501_rule
V-243086
SRG-APP-000516
VCTR-67-000018
CAT II
10
From the vSphere Client, go to Networking >> select a distributed switch >> select a distributed port group >> Configure >> Settings >> Policies.
Click "Edit".
Under the VLAN section, change the VLAN ID to a non-native VLAN and click "OK".
or
From a PowerCLI command prompt while connected to the vCenter server, run the following command:
Get-VDPortgroup "portgroup name" | Set-VDVlanConfiguration -VlanId "New VLAN#"
From the vSphere Client, go to Networking >> select a distributed switch >> select a distributed port group >> Configure >> Settings >> Policies.
Review the port group VLAN tags and verify they are not set to the native VLAN ID of the attached physical switch.
or
From a PowerCLI command prompt while connected to the vCenter server, run the following command:
Get-VDPortgroup | select Name, VlanConfiguration
If any port group is configured with the native VLAN of the ESXi host's attached physical switch, this is a finding.
V-243086
False
VCTR-67-000018
From the vSphere Client, go to Networking >> select a distributed switch >> select a distributed port group >> Configure >> Settings >> Policies.
Review the port group VLAN tags and verify they are not set to the native VLAN ID of the attached physical switch.
or
From a PowerCLI command prompt while connected to the vCenter server, run the following command:
Get-VDPortgroup | select Name, VlanConfiguration
If any port group is configured with the native VLAN of the ESXi host's attached physical switch, this is a finding.
M
5399