Control Plane protection for S-Series


How can I verify control plane protection for compliance with STIG NET0966?

4 replies

Userlevel 4
The best way would be to run a compliance tool against it. If there are concerns based on the results give us a call.
We have a C4 team here doing STIG checks. They are used to Cisco and having trouble with the Extreme/Enterasys devices. They are concerned about STIG NET0966: Control plane protection is not enabled. There's no way to confirm this?
Userlevel 4
Without know what the test is I cannot answer. We harden the systems they best we can and when issues arise we get them address ASAP.
Userlevel 7
Hi Susan,

control plane protection on Cisco differs from similar functionality on the S-Series, especially regarding configuration (it differs between Cisco devices as well, e.g. CoPP vs. CPPr). Thus it does not help to compare an S-Series configuration file to a Cisco template.

You might want to (have the C4 team) look into the Host DoS and Host ACL features of the S-Series as a starting point.

Thanks,
Erik

Reply