The RUCKUS ICX switch must have Storm Control configured on all host-facing switch ports.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-273684	RCKS-L2S-000160	SV-273684r1110987_rule	CCI-000366	low
Description
A traffic storm occurs when packets flood a LAN, creating excessive traffic and degrading network performance. Traffic storm control prevents network disruption by suppressing ingress traffic when the number of packets reaches configured threshold levels. Traffic storm control monitors ingress traffic levels on a port and drops traffic when the number of packets reaches the configured threshold level during any one-second interval.
STIG			Date
RUCKUS ICX Layer 2 Switch Security Technical Implementation Guide			2025-06-03

Related Frameworks

4 paths across 3 frameworks

NIST 800-531 mapping

CM-6

1.00

DISA · V1R1 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent

NIST 800-1712 mappings

3.4.1

1.00

DISA · V1R1 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent
NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent

3.4.2

1.00

DISA · V1R1 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent
NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent

CCI1 mapping

CCI-000366

1.00

DISA · V1R1 · disa_xccdf · related

Details

Check Text (C-273684r1110987_chk)

Review the configuration for the desired storm control settings on host-facing ports. ! interface ethernet 1/1/5 broadcast limit 8787 multicast limit 777 unknown-unicast limit 888 ! If host facing ports are not configured for storm control protection, this is a finding.

Fix Text (F-77680r1110074_fix)

Configure storm control on each host-facing switch ports. 1. Enter global configuration mode: device#configure terminal 2. Configure storm control: device (config-if-e2500-1/1/5)#broadcast limit 8787 device (config-if-e2500-1/1/5)#multicast limit 777 device (config-if-e2500-1/1/5)#unknown-unicast limit 888