STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated just now
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Router Security Requirements Guide

V-207128

CAT II (Medium)

The PE router providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces.

Rule ID

SV-207128r604135_rule

STIG

Router Security Requirements Guide

Version

V5R2

CCIs

CCI-001095

Discussion

A traffic storm occurs when packets flood a VPLS bridge, creating excessive traffic and degrading network performance. Traffic storm control prevents VPLS bridge disruption by suppressing traffic when the number of packets reaches configured threshold levels. Traffic storm control monitors incoming traffic levels on a port and drops traffic when the number of packets reaches the configured threshold level during any one-second interval.

Check Content

Review the router configuration to verify that storm control is enabled on CE-facing interfaces deploying VPLS.

If storm control is not enabled for broadcast traffic, this is a finding.

Note: The threshold level can be from 0 to 100 percent of the link's bandwidth, where "0" suppresses all traffic. Most FastEthernet switching modules do not support multicast and unicast traffic storm control.

Fix Text

Configure storm control for each VPLS bridge domain. Base the suppression threshold on expected traffic rates plus some additional capacity.