Control Plane protection for S-Series

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
How can I verify control plane protection for compliance with STIG NET0966?
Photo of Susan Shepard

Susan Shepard

  • 140 Points 100 badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Daniel Coughlin

Daniel Coughlin, Employee

  • 2,732 Points 2k badge 2x thumb
The best way would be to run a compliance tool against it.  If there are concerns based on the results give us a call.
Photo of Susan Shepard

Susan Shepard

  • 140 Points 100 badge 2x thumb

We have a C4 team here doing STIG checks. They are used to Cisco and having trouble with the Extreme/Enterasys devices. They are concerned about STIG NET0966: Control plane protection is not enabled. There's no way to confirm this?

Photo of Daniel Coughlin

Daniel Coughlin, Employee

  • 2,732 Points 2k badge 2x thumb
Without know what the test is I cannot answer.  We harden the systems they best we can and when issues arise we get them address ASAP.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,180 Points 10k badge 2x thumb
Hi Susan,

control plane protection on Cisco differs from similar functionality on the S-Series, especially regarding configuration (it differs between Cisco devices as well, e.g. CoPP vs. CPPr). Thus it does not help to compare an S-Series configuration file to a Cisco template.

You might want to (have the C4 team) look into the Host DoS and Host ACL features of the S-Series as a starting point.

Thanks,
Erik