Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The HP FlexFabric Switch must have all trunk links enabled statically.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-66081 | HFFS-L2-000022 | SV-80571r1_rule | Medium |
| Description |
|---|
| When trunk negotiation is enabled via Dynamic Trunk Protocol (DTP), considerable time can be spent negotiating trunk settings (802.1q or ISL) when a node or interface is restored. While this negotiation is happening, traffic is dropped because the link is up from a layer 2 perspective. Packet loss can be eliminated by setting the interface statically to trunk mode, thereby avoiding dynamic trunk protocol negotiation and significantly reducing any outage when restoring a failed link or switch. |
| STIG | Date |
|---|---|
| HP FlexFabric Switch L2S Security Technical Implementation Guide | 2018-12-21 |
Details
| Check Text ( C-66725r1_chk ) |
|---|
| Review the HP FlexFabric Switch configuration to verify that trunk negotiation is disabled by statically configuring all trunk links. Configuring a command to manually disable negotiation may also be required for some switch platforms. If trunk negotiation is enabled on any interface, this is a finding. Sample output: interface GigabitEthernet1/0/1 port link-type trunk port trunk permit vlan X |
| Fix Text (F-72157r1_fix) |
|---|
| Configure the HP FlexFabric Switch to enable trunk links statically. [HP-GigabitEthernet1/0/1]port link-type trunk |