The Cisco perimeter switch must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.
An XCCDF Rule
Description
<VulnDiscussion>Information flow control regulates authorized information to travel within a network and between interconnected networks. Controlling the flow of network traffic is critical so it does not introduce any unacceptable risk to the network infrastructure or data. An example of a flow control restriction is blocking outside traffic claiming to be from within the organization. For most switches, internal information flow control is a product of system design.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-221088r999697_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Step 1: Configure an ACL to allow or deny traffic as shown in the example below:
SW2(config)# ip access-list EXTERNAL_ACL
SW2(config-acl)# permit tcp any any established
SW2(config-acl)# permit tcp x.11.1.1/32 eq bgp x.11.1.2/32
SW2(config-acl)# permit tcp x.11.1.1/32 x.11.1.2/32 eq bgp