The RUCKUS ICX router must be configured to log all packets that have been dropped.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
low	V-273594	SRG-NET-000078-RTR-000001	RCKS-RTR-000260	SV-273594r1110893_rule	2025-06-03	1

Description
Auditing and logging are key components of any security architecture. It is essential for security personnel to know what is being done or attempted to be done, and by whom, to compile an accurate risk assessment. Auditing the actions on network devices provides a means to recreate an attack or identify a configuration mistake on the device.

ℹ️ Check
Check ACL deny statements for log keywords and that logging is enabled on applicable bindings: ICX# show ip access Block_host_v4 Extended IP access list Block_host_v4: 3 entries 10: permit ipv6 any any 20: deny ip host 192.168.10.253 any log 30: permit ip any any ICX# show running-config vlan 10 ... ip access-group Block_host_v4 in ethernet 1/3/1 logging enable If ACL deny statements lack the log keyword or logging is not enabled in the "ip access-group..." command, this is a finding.

ℹ️ Check

Check ACL deny statements for log keywords and that logging is enabled on applicable bindings: ICX# show ip access Block_host_v4 Extended IP access list Block_host_v4: 3 entries 10: permit ipv6 any any 20: deny ip host 192.168.10.253 any log 30: permit ip any any ICX# show running-config vlan 10 ... ip access-group Block_host_v4 in ethernet 1/3/1 logging enable If ACL deny statements lack the log keyword or logging is not enabled in the "ip access-group..." command, this is a finding.

✔️ Fix
Configure ACL deny statements to include "log" and verify logging is enabled where the ACL is applied: ip access-list extended Block_host_v4 sequence 10 permit ipv6 any any sequence 20 deny ip host 192.168.10.253 any log sequence 30 permit ip any any ! vlan 10 by port tagged ethernet x/x/x untagged ethernet y/y/y ip access-group Block_host_v4 in ethernet 1/3/1 logging enable