From Voice Video Services Policy STIG
Part of VVoIP 5320
A voice video endpoint that provides a PC port typically breaks 802.1x LAN access control mechanisms. The cause is the network access switch port is enabled or authorized (and configured) when the voice video endpoint authenticates to the network and is authorized to operate. This may permit whatever is connected to the PC port to have access to the LAN even if it is not authorized or uses 802.1x. Therefore, the practice of daisy chaining devices on a single LAN drop protected by 802.1x must be prohibited unless certain mitigating circumstances exist or are configured.
If the voice video endpoints do not contain a PC port, this is not applicable. Review site documentation to confirm that when 802.1x is implemented and the voice video endpoint PC ports are disabled, the network access switch port is configured to support a disabled PC port by configuring PC port traffic to the unused VLAN. If 802.1x is implemented, the voice video endpoint PC ports are disabled, and the network access switch port is not configured to support a disabled PC port by configuring PC port traffic to the unused VLAN, this is a finding. The voice video endpoint network access switch port normally is configured with a VVoIP VLAN for the VVoIP traffic. This is IAW and supports the NI STIG requirement NET1435.
Implement and document that when 802.1x is implemented and the voice video endpoint PC ports are disabled, the network access switch port is configured to support a disabled PC port by sending PC port traffic to the unused VLAN. Do not statically assign the switch port to the voice video VLAN.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer