STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to RUCKUS ICX Layer 2 Switch Security Technical Implementation Guide

V-273678

CAT II (Medium)

The RUCKUS ICX switch must have Bridge Protocol Data Unit (BPDU) Guard enabled on all user-facing or untrusted access switch ports.

Rule ID

SV-273678r1110981_rule

STIG

RUCKUS ICX Layer 2 Switch Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-002385

Discussion

An example is a firewall that blocks all traffic rather than allowing all traffic when a firewall component fails (e.g., fail closed and do not forward traffic). This prevents an attacker from forcing a failure of the system to obtain access. Abort refers to stopping a program or function before it has finished naturally. The term abort refers to both requested and unexpected terminations.

Check Content

Review switch port configuration on all untrusted access ports.

!
interface ethernet x/x/x
 spanning-tree root-protect                                       
 stp-bpdu-guard
!

If untrusted access switch ports are not configured for BPDU Guard, this is a finding.

Fix Text

Configure switch BPDU Guard enabled:

1. Global Config mode:
Router# configure terminal

2. Interface level mode:
Router(config)# interface ethernet 1/1/1

3. Implement stp-bpdu-guard:
Router(config-if-e1000-1/1/1)# stp-bpdu-guard

4. Save:
Router#write memory