Undocumented VLANs are configured on ESX Server in VST mode.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15822 | ESX0310 | SV-16761r1_rule | Medium |
| Description |
|---|
| When defining a physical switch port for trunk mode, care must be taken to ensure only specified VLANs are configured. It is considered best practice to restrict only those VLANs required on the VLAN trunk link. |
| STIG | Date |
|---|---|
| VMware ESX 3 Server | 2016-05-13 |
Details
| Check Text ( C-16132r1_chk ) |
|---|
| 1. Request from the IAO/SA the documentation that details the VLANs configured on the physical switch port to the ESX Server. 2. Request a copy of the external switch port configurations to verify the documented VLANs match the configured VLANs. If there are undocumented VLANs configured on the external switch ports, this is a finding. |
| Fix Text (F-15774r1_fix) |
|---|
| Document all trunk VLANs between ESX Server and external switches. |