The RUCKUS ICX router must implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.
Overview
Finding ID | Version | Rule ID | IA Controls | Severity |
V-273670 | RCKS-RTR-001070 | SV-273670r1110956_rule | Medium |
Description |
Separating critical system components and functions from other noncritical system components and functions through separate subnetworks may be necessary to reduce susceptibility to a catastrophic or debilitating breach or compromise that results in system failure. For example, physically separating the command and control function from the in-flight entertainment function through separate subnetworks in a commercial aircraft provides an increased level of assurance in the trustworthiness of critical system functions. |
STIG | Date |
RUCKUS ICX Router Security Technical Implementation Guide | 2025-06-03 |
Details
Check Text (C-77761r1110030_chk) |
Verify the router is configured to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions. If the router is not configured to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions, this is a finding. |
Fix Text (F-77666r1110031_fix) |
Configure the router to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions. Configure VLANs separate organization-defined traffic: device# configure terminal device(config)# vlan 235 name mgmt-vlan device(config-vlan-235)# tag ethernet 1/x/x device(config-vlan-235)# interface ve 235 device(config-vif-235)# ip addr x.x.x.x/x device(config-vif-235)# vlan 200 name ops-vlan device(config-vlan-200)# tag ethernet 1/x/x device(config-vlan-200)# interface ve 200 device(config-vif-200)# ip addr x.x.x.x/x device(config-vif-200)# vlan 210 name user-vlan device(config-vlan-210)# tag ethernet 1/x/x device(config-vlan-210)# interface ve 210 device(config-vif-210)# ip addr x.x.x.x/x device(config-vif-210)#end device# write memory |