STIGQter: STIG Summary: Cisco IOS XE Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Cisco IOS XE Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:SV-216718r531086_rule
V-216718
SRG-NET-000019-RTR-000004
CISC-RT-000800
CAT II
10
This requirement is not applicable for the DODIN Backbone.
Configure neighbor ACLs to only accept PIM control plane traffic from documented PIM neighbors. Bind neighbor ACLs to all PIM enabled interfaces.
Step 1: Configure ACL for PIM neighbors.
R2(config)#ip access-list standard PIM_NEIGHBORS
R2(config-std-nacl)#permit 10.1.2.6
R2(config-std-nacl)#exit
Step 2: Apply the ACL to all interfaces enabled for PIM.
R2(config)#int g1/1
R2(config-if)#ip pim neighbor-filter PIM_NEIGHBORS
This requirement is not applicable for the DODIN Backbone.
Step 1: Verify all interfaces enabled for PIM have a neighbor ACL bound to the interface as shown in the example below:
interface GigabitEthernet1/1
ip address 10.1.2.2 255.255.255.0
ip pim neighbor-filter PIM_NEIGHBORS
ip pim sparse-mode
Step 2: Review the configured ACL for filtering PIM neighbors as shown in the example below:
ip access-list standard PIM_NEIGHBORS
permit 10.1.2.6
If PIM neighbor ACLs are not bound to all interfaces that have PIM enabled, this is a finding.
V-216718
False
CISC-RT-000800
This requirement is not applicable for the DODIN Backbone.
Step 1: Verify all interfaces enabled for PIM have a neighbor ACL bound to the interface as shown in the example below:
interface GigabitEthernet1/1
ip address 10.1.2.2 255.255.255.0
ip pim neighbor-filter PIM_NEIGHBORS
ip pim sparse-mode
Step 2: Review the configured ACL for filtering PIM neighbors as shown in the example below:
ip access-list standard PIM_NEIGHBORS
permit 10.1.2.6
If PIM neighbor ACLs are not bound to all interfaces that have PIM enabled, this is a finding.
M
4028