ExtremeSwitching (EOS)

Expand all | Collapse all

Control Plane protection for S-Series

  • 1.  Control Plane protection for S-Series

    Posted 05-19-2017 18:31
    How can I verify control plane protection for compliance with STIG NET0966?


  • 2.  RE: Control Plane protection for S-Series

    Posted 05-20-2017 00:43
    The best way would be to run a compliance tool against it. If there are concerns based on the results give us a call.


  • 3.  RE: Control Plane protection for S-Series

    Posted 05-22-2017 10:39
    We have a C4 team here doing STIG checks. They are used to Cisco and having trouble with the Extreme/Enterasys devices. They are concerned about STIG NET0966: Control plane protection is not enabled. There's no way to confirm this?



  • 4.  RE: Control Plane protection for S-Series

    Posted 06-15-2017 11:42
    Without know what the test is I cannot answer. We harden the systems they best we can and when issues arise we get them address ASAP.



  • 5.  RE: Control Plane protection for S-Series

    Posted 06-15-2017 15:01
    Hi Susan,

    control plane protection on Cisco differs from similar functionality on the S-Series, especially regarding configuration (it differs between Cisco devices as well, e.g. CoPP vs. CPPr). Thus it does not help to compare an S-Series configuration file to a Cisco template.

    You might want to (have the C4 team) look into the Host DoS and Host ACL features of the S-Series as a starting point.

    Thanks,
    Erik