STIGQter: STIG Summary: HP FlexFabric Switch L2S Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The HP FlexFabric Switch must have IP Source Guard enabled on all user-facing or untrusted access switch ports.

DISA Rule

SV-80563r1_rule

Vulnerability Number

V-66073

Group Title

SRG-NET-000362-L2S-000026

Rule Version

HFFS-L2-000015

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Configure the HP FlexFabric Switch to have IP Source Guard enabled on all user-facing or untrusted access switch ports.

[HP-Ten-GigabitEthernet1/0/10]
[HP-Ten-GigabitEthernet1/0/10]ip verify source ip-address [ mac-address ]
[HP-Ten-GigabitEthernet1/0/10]ip source binding ip-address ip-address [ mac-address mac-address ] [ vlan vlan-id ]

Check Contents

Review the HP FlexFabric Switch configuration to verify that IP Source Guard is enabled on all untrusted access switch ports.

If the HP FlexFabric Switch does not have IP Source Guard enabled on all user-facing or untrusted access switch ports, this is a finding.

[HP]dis ip source binding static
Total entries found: 0
IP Address MAC Address Interface VLAN Type

Vulnerability Number

V-66073

Documentable

False

Rule Version

HFFS-L2-000015

Severity Override Guidance

Review the HP FlexFabric Switch configuration to verify that IP Source Guard is enabled on all untrusted access switch ports.

If the HP FlexFabric Switch does not have IP Source Guard enabled on all user-facing or untrusted access switch ports, this is a finding.

[HP]dis ip source binding static
Total entries found: 0
IP Address MAC Address Interface VLAN Type

Check Content Reference

M

Target Key

2977

Comments