CISC-L2-000200 - The Cisco switch must have all trunk links enabled statically.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


When trunk negotiation is enabled via Dynamic Trunk Protocol (DTP), considerable time can be spent negotiating trunk settings (802.1q or ISL) when a node or interface is restored. While this negotiation is happening, traffic is dropped because the link is up from a Layer 2 perspective.

Packet loss can be eliminated by setting the interface statically to trunk mode, thereby avoiding dynamic trunk protocol negotiation and significantly reducing any outage when restoring a failed link or switch.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.


Configure the switch to enable trunk links statically as shown in the configuration below:

SW2(config-if)#switchport trunk encapsulation dot1q
SW2(config-if)#switchport mode trunk
SW2(config-if)#switchport nonegotiate

See Also

Item Details

References: CAT|II, CCI|CCI-000366, Rule-ID|SV-220640r539671_rule, STIG-ID|CISC-L2-000200, STIG-Legacy|SV-110251, STIG-Legacy|V-101147, Vuln-ID|V-220640

Plugin: Cisco

Control ID: 8e706ccb3a86fc52e1f301d6e0dc4f9522dc2f2a49b00e20d9e815c281fede77