The RUCKUS ICX switch must have Bridge Protocol Data Unit (BPDU) Guard enabled on all user-facing or untrusted access switch ports.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-273678 | RCKS-L2S-000100 | SV-273678r1110981_rule | CCI-002385 | medium |
| Description | ||||
| An example is a firewall that blocks all traffic rather than allowing all traffic when a firewall component fails (e.g., fail closed and do not forward traffic). This prevents an attacker from forcing a failure of the system to obtain access. Abort refers to stopping a program or function before it has finished naturally. The term abort refers to both requested and unexpected terminations. | ||||
| STIG | Date | |||
| RUCKUS ICX Layer 2 Switch Security Technical Implementation Guide | 2025-06-03 | |||
Details
Check Text (C-273678r1110981_chk)
Review switch port configuration on all untrusted access ports.
!
interface ethernet x/x/x
spanning-tree root-protect
stp-bpdu-guard
!
If untrusted access switch ports are not configured for BPDU Guard, this is a finding.
Fix Text (F-77674r1110056_fix)
Configure switch BPDU Guard enabled:
1. Global Config mode:
Router# configure terminal
2. Interface level mode:
Router(config)# interface ethernet 1/1/1
3. Implement stp-bpdu-guard:
Router(config-if-e1000-1/1/1)# stp-bpdu-guard
4. Save:
Router#write memory