STIGQter: STIG Summary: Cisco IOS XE Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Cisco IOS XE Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:SV-216692r531086_rule
V-216692
SRG-NET-000018-RTR-000006
CISC-RT-000540
CAT III
10
Configure the router to deny updates received from eBGP peers that do not list their AS number as the first AS in the AS_PATH attribute.
R1(config)#router bgp xx
R1(config-router)#bgp enforce-first-as
Review the router configuration to verify the router is configured to deny updates received from eBGP peers that do not list their AS number as the first AS in the AS_PATH attribute.
By default, Cisco IOS enforces the first AS in the AS_PATH attribute for all route advertisements. Review the router configuration to verify that the command no bgp enforce-first-as is not configured.
router bgp xx
no synchronization
no bgp enforce-first-as
If the router is not configured to reject updates from peers that do not list their AS number as the first AS in the AS_PATH attribute, this is a finding.
V-216692
False
CISC-RT-000540
Review the router configuration to verify the router is configured to deny updates received from eBGP peers that do not list their AS number as the first AS in the AS_PATH attribute.
By default, Cisco IOS enforces the first AS in the AS_PATH attribute for all route advertisements. Review the router configuration to verify that the command no bgp enforce-first-as is not configured.
router bgp xx
no synchronization
no bgp enforce-first-as
If the router is not configured to reject updates from peers that do not list their AS number as the first AS in the AS_PATH attribute, this is a finding.
M
4028