STIGQter: STIG Summary: HP FlexFabric Switch L2S Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The HP FlexFabric Switch must enable Device Link Detection Protocol (DLDP) to protect against one-way connections.

DISA Rule

SV-80569r1_rule

Vulnerability Number

V-66079

Group Title

SRG-NET-000512-L2S-000004

Rule Version

HFFS-L2-000021

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Configure the HP FlexFabric Switch to enable Device Link Detection Protocol (DLDP) to protect against one-way connections.

[HP]dldp global enable

[HP-Ten-GigabitEthernet1/0/47]dldp enable

Check Contents

If any of the switch ports have fiber optic interconnections with neighbors, review the HP FlexFabric Switch configuration to verify that DLDP is enabled globally or on a per interface basis.

If the HP FlexFabric Switch has fiber optic interconnections with neighbors and DLDP is not enabled, this is a finding.

<HP> display dldp
DLDP global status : disable
DLDP interval : 5s
DLDP work-mode : enhance
DLDP authentication-mode : none
DLDP unidirectional-shutdown : auto
DLDP delaydown-timer : 1s
The number of enabled ports is 2.
[HP-Interface Ethernet1/1]
DLDP port state : advertisement
DLDP link state : up
The neighbor number of the port is 0.
[HP-Interface Ethernet1/2]
DLDP port state : advertisement
DLDP link state : up
The neighbor number of the port is 0.

The HP FlexFabric Switch must enable Device Link Detection Protocol (DLDP) to protect against one-way connections.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments