Information
Information flow control regulates authorized information to travel within a network and between interconnected networks. Controlling the flow of network traffic is critical so it does not introduce any unacceptable risk to the network infrastructure or data. An example of a flow control restriction is blocking outside traffic claiming to be from within the organization. For most switches, internal information flow control is a product of system design.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Step 1: Configure an ACL to allow or deny traffic as shown in the example below:
SW2(config)# ip access-list EXTERNAL_ACL
SW2(config-acl)# permit tcp any any established
SW2(config-acl)# permit tcp x.11.1.1/32 eq bgp x.11.1.2/32
SW2(config-acl)# permit tcp x.11.1.1/32 x.11.1.2/32 eq bgp
SW2(config-acl)# permit icmp x.11.1.1/32 x.11.1.2/32 echo
SW2(config-acl)# permit icmp x.11.1.1/32 x.11.1.2/32 echo-reply
SW2(config-acl)# permit tcp any x.11.2.3/32 eq www
SW2(config-acl)# deny ip any any log
SW2(config-acl)# exit
Step 2: Apply the ACL inbound on all applicable interfaces.
SW1(config)#int e2/2
SW1(config-if)# ip access-group EXTERNAL_ACL in