STIGQter: STIG Summary: Cisco IOS Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Cisco multicast Designated Router (DR) must be configured to set the shortest-path tree (SPT) threshold to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed.

DISA Rule

SV-216632r531085_rule

Vulnerability Number

V-216632

Group Title

SRG-NET-000362-RTR-000123

Rule Version

CISC-RT-000890

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Configure the DR to increase the SPT threshold or set it to infinity to minimalize (S, G) state within the multicast topology where ASM is deployed.

R3(config)#ip pim spt-threshold infinity

Check Contents

Review the DR configuration to verify that the SPT switchover threshold is increased (default is "0") or set to infinity (never switch over).

ip pim rp-address 10.2.2.2
ip pim spt-threshold infinity

If the DR is not configured to increase the SPT threshold or set to infinity to minimalize (S, G) state, this is a finding.

Vulnerability Number

V-216632

Documentable

False

Rule Version

CISC-RT-000890

Severity Override Guidance

Review the DR configuration to verify that the SPT switchover threshold is increased (default is "0") or set to infinity (never switch over).

ip pim rp-address 10.2.2.2
ip pim spt-threshold infinity

If the DR is not configured to increase the SPT threshold or set to infinity to minimalize (S, G) state, this is a finding.

Check Content Reference

M

Target Key

4027

Comments