Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Arista MLS EOS 4.2x L2S Security Technical Implementation Guide
SRG-NET-000362-L2S-000021
The Arista MLS switch must have Root Guard enabled on all switch ports connecting to access layer switches and hosts.
The Arista MLS switch must have Root Guard enabled on all switch ports connecting to access layer switches and hosts.
An XCCDF Rule
Details
Profiles
Prose
The Arista MLS switch must have Root Guard enabled on all switch ports connecting to access layer switches and hosts.
Low Severity
<VulnDiscussion>Spanning Tree Protocol (STP) does not provide any means for the network administrator to securely enforce the topology of the switched network. Any switch can be the root bridge in a network. However, a more optimal forwarding topology places the root bridge at a specific predetermined location. With the standard STP, any bridge in the network with a lower bridge ID takes the role of the root bridge. The administrator cannot enforce the position of the root bridge but can set the root bridge priority to 0 in an effort to secure the root bridge position.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>