STIGQter: STIG Summary: Cisco IOS Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Cisco MPLS router must be configured to synchronize IGP and LDP to minimize packet loss when an IGP adjacency is established prior to LDP peers completing label exchange.

DISA Rule

SV-216608r531085_rule

Vulnerability Number

V-216608

Group Title

SRG-NET-000512-RTR-000003

Rule Version

CISC-RT-000600

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the MPLS router to synchronize IGP and LDP, minimizing packet loss when an IGP adjacency is established prior to LDP peers completing label exchange.

OSPF Example

R2(config)#router ospf 1
R2(config-router)#mpls ldp sync

IS-IS Example

R5(config)#router isis
R5(config-router)#mpls ldp sync

Check Contents

Review the router OSPF or IS-IS configuration and verify that LDP will synchronize with the link-state routing protocol as shown in the example below.

OSPF Example

router ospf 1
mpls ldp sync

IS-IS Example

router isis
mpls ldp sync
net 49.0001.1234.1600.5531.00

If the router is not configured to synchronize IGP and LDP, this is a finding.

Vulnerability Number

V-216608

Documentable

False

Rule Version

CISC-RT-000600

Severity Override Guidance

Review the router OSPF or IS-IS configuration and verify that LDP will synchronize with the link-state routing protocol as shown in the example below.

OSPF Example

router ospf 1
mpls ldp sync

IS-IS Example

router isis
mpls ldp sync
net 49.0001.1234.1600.5531.00

If the router is not configured to synchronize IGP and LDP, this is a finding.

Check Content Reference

M

Target Key

4027

Comments