CISC-L2-000190 - The Cisco switch must enable Unidirectional Link Detection (UDLD) to protect against one-way connections.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

In topologies where fiber optic interconnections are used, physical misconnections can occur that allow a link to appear to be up when there is a mismatched set of transmit/receive pairs. When such a physical misconfiguration occurs, protocols such as STP can cause network instability. UDLD is a layer 2 protocol that can detect these physical misconfigurations by verifying that traffic is flowing bidirectional between neighbors. Ports with UDLD enabled periodically transmit packets to neighbor devices. If the packets are not echoed back within a specific time frame, the link is flagged as unidirectional and the interface is shut down.

Solution

Configure the switch to enable Unidirectional Link Detection (UDLD) to protect against one-way connections.

SW2(config)#udld enable

or

SW2(config)#int g0/1
SW2(config-if)#udld port

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Cisco_IOS-XE_Switch_Y24M04_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000366, Rule-ID|SV-220665r539671_rule, STIG-ID|CISC-L2-000190, STIG-Legacy|SV-110305, STIG-Legacy|V-101201, Vuln-ID|V-220665

Plugin: Cisco

Control ID: 1d0ef6fa4e0ce7ff9cec901e46e7f4831ae3015fb7f4bd2885794c3ef270ac04