Cisco NX OS Switch L2S Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-NET-000362-L2S-000026
<GroupDescription></GroupDescription>Group -
The Cisco switch must have IP Source Guard enabled on all user-facing or untrusted access switch ports.
<VulnDiscussion>IP Source Guard provides source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legit...Rule Medium Severity -
SRG-NET-000362-L2S-000027
<GroupDescription></GroupDescription>Group -
The Cisco switch must have Dynamic Address Resolution Protocol (ARP) Inspection (DAI) enabled on all user VLANs.
<VulnDiscussion>DAI intercepts Address Resolution Protocol (ARP) requests and verifies that each of these packets has a valid IP-to-MAC addre...Rule Medium Severity -
SRG-NET-000512-L2S-000001
<GroupDescription></GroupDescription>Group -
The Cisco switch must have Storm Control configured on all host-facing switchports.
<VulnDiscussion>A traffic storm occurs when packets flood a LAN, creating excessive traffic and degrading network performance. Traffic storm ...Rule Low Severity -
SRG-NET-000512-L2S-000002
<GroupDescription></GroupDescription>Group -
The Cisco switch must have IGMP or MLD Snooping configured on all VLANs.
<VulnDiscussion>IGMP and MLD snooping provides a way to constrain multicast traffic at Layer 2. By monitoring the IGMP or MLD membership repo...Rule Low Severity -
SRG-NET-000512-L2S-000004
<GroupDescription></GroupDescription>Group -
The Cisco switch must enable Unidirectional Link Detection (UDLD) to protect against one-way connections.
<VulnDiscussion>In topologies where fiber optic interconnections are used, physical misconnections can occur that allow a link to appear to b...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.