SV-216716r531086_rule
V-216716
SRG-NET-000193-RTR-000112
CISC-RT-000780
CAT II
10
Step 1: Configure a class map for the SCAVENGER class.
R5(config)#class-map match-all SCAVENGER
R5(config-cmap)#match ip dscp cs1
Step 2: Add the SCAVENGER class to the policy map as shown in the example below:
R5(config)#policy-map QOS_POLICY
R5(config-pmap-c)#no class class-default
R5(config-pmap)#class SCAVENGER
R5(config-pmap-c)#bandwidth percent 5
R5(config-pmap-c)#class class-default
R5(config-pmap-c)#bandwidth percent 10
R5(config-pmap-c)#end
Review the router configuration to determine if it is configured to enforce a QoS policy to limit the effects of packet flooding DoS attacks.
Step 1: Verify that a class map has been configured for the Scavenger class as shown in the example below.
class-map match-all SCAVENGER
match ip dscp cs1
Step 2: Verify that the policy map includes the SCAVENGER class with low priority as shown in the following example below.
policy-map QOS_POLICY
class CONTROL_PLANE
priority percent 10
class C2_VOICE
priority percent 10
class VOICE
priority percent 15
class VIDEO
bandwidth percent 25
class PREFERRED_DATA
bandwidth percent 25
class SCAVENGER
bandwidth percent 5
class class-default
bandwidth percent 10
Note: Traffic out of profile must be marked at the customer access layer or CE egress edge.
If the router is not configured to enforce a QoS policy to limit the effects of packet flooding DoS attacks, this is a finding.
V-216716
False
CISC-RT-000780
Review the router configuration to determine if it is configured to enforce a QoS policy to limit the effects of packet flooding DoS attacks.
Step 1: Verify that a class map has been configured for the Scavenger class as shown in the example below.
class-map match-all SCAVENGER
match ip dscp cs1
Step 2: Verify that the policy map includes the SCAVENGER class with low priority as shown in the following example below.
policy-map QOS_POLICY
class CONTROL_PLANE
priority percent 10
class C2_VOICE
priority percent 10
class VOICE
priority percent 15
class VIDEO
bandwidth percent 25
class PREFERRED_DATA
bandwidth percent 25
class SCAVENGER
bandwidth percent 5
class class-default
bandwidth percent 10
Note: Traffic out of profile must be marked at the customer access layer or CE egress edge.
If the router is not configured to enforce a QoS policy to limit the effects of packet flooding DoS attacks, this is a finding.
M
4028