UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Cisco switch must have Storm Control configured on all host-facing switchports.


Overview

Finding ID Version Rule ID IA Controls Severity
V-220687 CISC-L2-000160 SV-220687r539671_rule Low
Description
A traffic storm occurs when packets flood a LAN, creating excessive traffic and degrading network performance. Traffic storm control prevents network disruption by suppressing ingress traffic when the number of packets reaches a configured threshold levels. Traffic storm control monitors ingress traffic levels on a port and drops traffic when the number of packets reaches the configured threshold level during any one-second interval.
STIG Date
Cisco NX OS Switch L2S Security Technical Implementation Guide 2023-02-15

Details

Check Text ( C-22402r539112_chk )
Review the switch configuration to verify that storm control is enabled on all host-facing interfaces as shown in the example below:

interface GigabitEthernet0/3
switchport access vlan 12
storm-control unicast unicast level 50.00
storm-control broadcast broadcast level 40

If storm control is not enabled at a minimum for broadcast traffic, this is a finding.
Fix Text (F-22391r539113_fix)
Configure storm control for each host-facing interface as shown in the example below:

SW1(config)#int range e0/2 – 8
SW1(config-if-range)# storm-control unicast level 50
SW1(config-if-range)# storm-control broadcast level 40