Details
Port locking prevents ARP and IP spoofing by VM guests. Without it, one guest could impersonate another on the host. This setting lists the allowed IP addresses available for the VM using this virtual interface. If the network default-locking-mode is set to ‘locked’, a VM that tries to use an address that is not on its allowed list will not be able to send or receive network traffic.
Solution
Set the list of allowed addresses for a virtual interface by running the following commands:
xe vif-param-add uuid=
NOTE: This setting is only effective if the network default-locking-mode or vif locking-mode is set to ‘locked’.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.