The RUCKUS ICX router must be configured to log all packets that have been dropped.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-273594 | RCKS-RTR-000260 | SV-273594r1110893_rule | CCI-000134 | low |
| Description | ||||
| Auditing and logging are key components of any security architecture. It is essential for security personnel to know what is being done or attempted to be done, and by whom, to compile an accurate risk assessment. Auditing the actions on network devices provides a means to recreate an attack or identify a configuration mistake on the device. | ||||
| STIG | Date | |||
| RUCKUS ICX Router Security Technical Implementation Guide | 2025-06-03 | |||
Details
Check Text (C-273594r1110893_chk)
Check ACL deny statements for log keywords and that logging is enabled on applicable bindings:
ICX# show ip access Block_host_v4
Extended IP access list Block_host_v4: 3 entries
10: permit ipv6 any any
20: deny ip host 192.168.10.253 any log
30: permit ip any any
ICX# show running-config vlan 10
...
ip access-group Block_host_v4 in ethernet 1/3/1 logging enable
If ACL deny statements lack the log keyword or logging is not enabled in the "ip access-group..." command, this is a finding.
Fix Text (F-77590r1109803_fix)
Configure ACL deny statements to include "log" and verify logging is enabled where the ACL is applied:
ip access-list extended Block_host_v4
sequence 10 permit ipv6 any any
sequence 20 deny ip host 192.168.10.253 any log
sequence 30 permit ip any any
!
vlan 10 by port
tagged ethernet x/x/x
untagged ethernet y/y/y
ip access-group Block_host_v4 in ethernet 1/3/1 logging enable