STIGQter STIGQter: STIG Summary: Arista MLS DCS-7000 Series L2S Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 22 Apr 2016:

The Arista Multilayer Switch must re-authenticate all endpoint devices every 60 minutes or less.

DISA Rule

SV-75283r1_rule

Vulnerability Number

V-60827

Group Title

SRG-NET-000151

Rule Version

AMLS-L2-000140

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure 802.1X on the switch, including the following mandatory parameters in the interface configuration mode:

config
interface Ethernet[X]
dot1x reauthentication
dot1x timeout reauth-period 3600

Check Contents

This requirement only applies to devices required to employ 802.1X authentication.

Verify that the network device uniquely identifies network-connected endpoint devices and re-authenticates devices every 60 minutes or less. This can be viewed via the "show dot1x all" command. Under the interface configuration for the .1X connected port, the following statements must be present:

ReauthPeriod : 3600 seconds

If the device does not require re-authentication, or if the re-authentication period is longer than 60 minutes, this is a finding.

Vulnerability Number

V-60827

Documentable

False

Rule Version

AMLS-L2-000140

Severity Override Guidance

This requirement only applies to devices required to employ 802.1X authentication.

Verify that the network device uniquely identifies network-connected endpoint devices and re-authenticates devices every 60 minutes or less. This can be viewed via the "show dot1x all" command. Under the interface configuration for the .1X connected port, the following statements must be present:

ReauthPeriod : 3600 seconds

If the device does not require re-authentication, or if the re-authentication period is longer than 60 minutes, this is a finding.

Check Content Reference

M

Target Key

2821

Comments