Detections
Analytics
OS10-L2S-000020 - The Dell OS10 Switch must uniquely identify all network-connected endpoint devices before establishing any connection.
Information
Controlling LAN access via 802.1x authentication can assist in preventing a malicious user from connecting an unauthorized PC to a switch port to inject or receive data from the network without detection.Satisfies: SRG-NET-000148-L2S-000015, SRG-NET-000343-L2S-000016
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Configure 802.1 x authentications on all host-facing access switch ports.Configure RADIUS for 802.1x authentication:
OS10(config)# radius-server host 10.10.1.200 key my-shared-secret
OS10(config)# radius-server retransmit 10
OS10(config)# radius-server timeout 10
Enable 802.1X globally in CONFIGURATION mode:
OS10(config)# dot1x system-auth-control
Enable 802.1x on the host-facing access interfaces:
OS10(config)# interface range ethernet 1/1/2-1/1/48
OS10(conf-rangeeth1/1/2-1/1/48)# dot1x port-control auto
OS10(conf-rangeeth1/1/2-1/1/48)# dot1x re-authentication
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Dell_OS10_Switch_Y24M12_STIG.zip
Item Details
Audit Name: DISA Dell OS10 Switch Layer 2 Switch STIG v1r1
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-3, CAT|I, CCI|CCI-000778, CCI|CCI-001958, Rule-ID|SV-269953r1052245_rule, STIG-ID|OS10-L2S-000020, Vuln-ID|V-269953
Plugin: Dell_OS10
Control ID: ae6a24f41f01d2cb400e98b729d81c44198034b1cc1a674449143b8c2f0e4b2e