Details
The IP Inspection administrative status. IP Inspection learns and secures bindings for stateless and stateful auto-configuration addresses in Layer 2 neighbor tables. The status can be:
– Disable
– Enable Both IPv4 and IPv6
The default is Enable Both IPv4 and IPv6.
Solution
Log into the Cisco APIC Web Console:
Navigate to ‘Tenants’
Repeat the following for all tenants:
– Double click the tenant
– Expand the tenant
– Expand ‘Policies’
– Expand ‘Protocol’
– Expand ‘First Hop Secuirty’
– Expand ‘Feature Policies’
– For each policy, in the ‘IP Inspection’ section, ensure ‘Admin Status’ is set to ‘Enable Both IPv4 and IPv6’
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Cisco_ACI.