Details
The Source Guard administrative status. The Source Guard validates the source of IPv4 and IPv6 traffic sing the source information secured by IP Inspect feature. The status can be:
– Disable
– Enable Both IPv4 and IPv6
The default is Enable Both IPv4 and IPv6.
Solution
Log into the Cisco APIC Web Console:
Navigate to ‘Tenants’
Repeat the following for all tenants:
– Double click the tenant
– Expand the tenant
– Expand ‘Policies’
– Expand ‘Protocol’
– Expand ‘First Hop Secuirty’
– Expand ‘Feature Policies’
– For each policy, in the ‘Source Guard’ section, ensure ‘Admin Status’ is set to ‘Enable Both IPv4 and IPv6’
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Cisco_ACI.