STIGQter: STIG Summary: HP FlexFabric Switch L2S Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The HP FlexFabric Switch must have STP Loop Protection enabled all non-designated STP switch ports.

DISA Rule

SV-80557r1_rule

Vulnerability Number

V-66067

Group Title

SRG-NET-000362-L2S-000023

Rule Version

HFFS-L2-000012

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Configure the HP FlexFabric Switch to have STP Loop Protection enabled globally or at a minimum on all non-designated switch ports.

[HPinterface Ten-GigabitEthernet1/0/8]
stp loop-protection

Check Contents

Review the HP FlexFabric Switch configuration to verify that STP Loop Protection is enabled.

If STP Loop Protection is not configured globally or at a minimum on non-designated STP ports, this is a finding.

[HPinterface Ten-GigabitEthernet1/0/8]
port link-mode bridge
stp loop-protection

Vulnerability Number

V-66067

Documentable

False

Rule Version

HFFS-L2-000012

Severity Override Guidance

Review the HP FlexFabric Switch configuration to verify that STP Loop Protection is enabled.

If STP Loop Protection is not configured globally or at a minimum on non-designated STP ports, this is a finding.

[HPinterface Ten-GigabitEthernet1/0/8]
port link-mode bridge
stp loop-protection

Check Content Reference

M

Target Key

2977

Comments