STIGQter: STIG Summary: HP FlexFabric Switch RTR Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020: STIGQter: STIG Summary: HP FlexFabric Switch RTR Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020:SV-80613r2_rule
V-66123
SRG-NET-000362-RTR-000110
HFFS-RT-000018
CAT II
10
Implement a mechanism for traffic prioritization and bandwidth reservation. This mechanism must enforce the traffic priorities specified by the Combatant Commanders/Services/Agencies.
traffic classifier VOICE operator or
if-match dscp 49
#
traffic behavior VOICE-2M-SERIAL
traffic-policy NEST_EF
gts cir 441 cbs 2757 ebs 0 queue-length 50
queue ef bandwidth pct 25 cbs-ratio 25
#
traffic classifier VIDEO operator or
if-matdscp 39
#
traffic behavior VIDEO-2M-SERIAL
traffic-policy NEST_AF
gts cir 301 cbs 1882 ebs 0 queue-length 50
queue af bandwidth pct 15
#
traffic classifier DATA operator or
if-match dscp 11
#
traffic behavior DATA-2M-SERIAL
traffic-policy NEST_AF
gts cir 778 cbs 4863 ebs 0 queue-length 50
queue af bandwidth pct 40
#
qos policy JITC-2M-SERIAL
classifier default-class behavior be-bal
classifier VOICE behavior VOICE-2M-SERIAL
classifier VIDEO behavior VIDEO-2M-SERIAL
classifier DATA behavior DATA-2M-SERIAL
#
interface Serial10/0
description IUT 2M-SERIAL
virtualbaudrate 2048000
qos reserved-bandwidth pct 100
qos flow-interval 1
qos apply policy JITC-2M-SERIAL outbound
undo ipv6 nd ra halt
Interview the system administrator to determine the requirements for bandwidth and traffic prioritization. Display the HP FlexFabric Switch configuration to ensure that the HP FlexFabric Switch is configured with these requirements.
If excess bandwidth is not managed to limit the effects of packet flooding types of denial of service (DoS) attacks, this is a finding
[HP] display current interface serial10/0
#
interface Serial10/0
description IUT 2M-SERIAL
virtualbaudrate 2048000
qos reserved-bandwidth pct 100
qos flow-interval 1
qos apply policy JITC-2M-SERIAL outbound
undo ipv6 nd ra halt
#
V-66123
False
HFFS-RT-000018
Interview the system administrator to determine the requirements for bandwidth and traffic prioritization. Display the HP FlexFabric Switch configuration to ensure that the HP FlexFabric Switch is configured with these requirements.
If excess bandwidth is not managed to limit the effects of packet flooding types of denial of service (DoS) attacks, this is a finding
[HP] display current interface serial10/0
#
interface Serial10/0
description IUT 2M-SERIAL
virtualbaudrate 2048000
qos reserved-bandwidth pct 100
qos flow-interval 1
qos apply policy JITC-2M-SERIAL outbound
undo ipv6 nd ra halt
#
M
2979