The Dell OS10 Switch must have all disabled switch ports assigned to an unused VLAN.

An XCCDF Rule

Details
Profiles

Description

It is possible that a disabled port that is assigned to a user or management VLAN becomes enabled by accident or by an attacker and as a result gains access to that VLAN as a member.

ID: SV-269966r1052284_rule
Version: OS10-L2S-000210
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Assign all switch ports not in use to an inactive VLAN.

Assign a VLAN interface to be unused:

OS10(config)# interface vlan 999
OS10(conf-if-vl-999)# description "Unused VLAN"OS10(conf-if-vl-999)# shutdown
OS10(conf-if-vl-999)# exit

Assign unused switch ports to the unused VLAN:

OS10(config)# interface range eth1/1/50-1/1/58
OS10(conf-range-eth1/1/50-1/1/58)# switchport access vlan 999

The Dell OS10 Switch must have all disabled switch ports assigned to an unused VLAN.

Description

Remediation Templates

A Manual Procedure