DISA STIGS Viewer

The RUCKUS ICX router must implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.

Overview

Finding ID Version Rule ID IA Controls Severity
V-273670 RCKS-RTR-001070 SV-273670r1110956_rule   Medium
Description
Separating critical system components and functions from other noncritical system components and functions through separate subnetworks may be necessary to reduce susceptibility to a catastrophic or debilitating breach or compromise that results in system failure. For example, physically separating the command and control function from the in-flight entertainment function through separate subnetworks in a commercial aircraft provides an increased level of assurance in the trustworthiness of critical system functions.
STIG Date
RUCKUS ICX Router Security Technical Implementation Guide 2025-06-03

Details

Check Text (C-77761r1110030_chk)
Verify the router is configured to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.

If the router is not configured to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions, this is a finding.
Fix Text (F-77666r1110031_fix)
Configure the router to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.

Configure VLANs separate organization-defined traffic:

device# configure terminal
device(config)# vlan 235 name mgmt-vlan
device(config-vlan-235)# tag ethernet 1/x/x
device(config-vlan-235)# interface ve 235
device(config-vif-235)# ip addr x.x.x.x/x
device(config-vif-235)# vlan 200 name ops-vlan
device(config-vlan-200)# tag ethernet 1/x/x
device(config-vlan-200)# interface ve 200
device(config-vif-200)# ip addr x.x.x.x/x
device(config-vif-200)# vlan 210 name user-vlan
device(config-vlan-210)# tag ethernet 1/x/x
device(config-vlan-210)# interface ve 210
device(config-vif-210)# ip addr x.x.x.x/x
device(config-vif-210)#end
device# write memory