OS10-L2S-000190 - The Dell OS10 Switch must enable Far-End Failure Detection (FEFD) to protect against one-way connections.

Information

In topologies where fiber-optic interconnections are used, physical misconnections can occur that allow a link to appear to be up when there is a mismatched set of transmit/receive pairs. When such a physical misconfiguration occurs, protocols such as STP can cause network instability. UDLD is a Layer 2 protocol that can detect these physical misconfigurations by verifying that traffic is flowing bidirectionally between neighbors. Ports with UDLD enabled periodically transmit packets to neighbor devices. If the packets are not echoed back within a specific time frame, the link is flagged as unidirectional and the interface is shut down.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Configure the OS10 switch to enable FEFD on appropriate interfaces connected to other OS10 peers.

OS10(config)# interface ethernet 1/1/6
OS10(conf-if-eth1/1/6)# fefd mode normal

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Dell_OS10_Switch_Y24M12_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-269965r1052281_rule, STIG-ID|OS10-L2S-000190, Vuln-ID|V-269965

Plugin: Dell_OS10

Control ID: 7afb172b45163ac785e7bba237db5249012682b9a89b479ac221269b3c45fbbf