STIGQter: STIG Summary: Cisco IOS XR Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Cisco IOS XR Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-216762r531087_rule
V-216762
SRG-NET-000205-RTR-000005
CISC-RT-000340
CAT II
10
This requirement is not applicable for the DODIN Backbone.
Configure the router to use an inbound ACL on all internal interfaces as shown in the example below.
RP/0/0/CPU0:R3(config)#int g0/0/0/1
RP/0/0/CPU0:R3(config-if)#ipv4 access-group EGRESS_FILTER in
RP/0/0/CPU0:R3(config-if)#end
This requirement is not applicable for the DODIN Backbone.
Review the router configuration to verify that the egress ACL is bound to the internal interface in an inbound direction.
interface GigabitEthernet0/0/0/1
description downstream link to LAN
ipv4 address 10.1.34.3 255.255.255.0
ipv4 access-group EGRESS_FILTER ingress
If the router is not configured to filter traffic leaving the network at the internal interface in an inbound direction, this is a finding.
V-216762
False
CISC-RT-000340
This requirement is not applicable for the DODIN Backbone.
Review the router configuration to verify that the egress ACL is bound to the internal interface in an inbound direction.
interface GigabitEthernet0/0/0/1
description downstream link to LAN
ipv4 address 10.1.34.3 255.255.255.0
ipv4 access-group EGRESS_FILTER ingress
If the router is not configured to filter traffic leaving the network at the internal interface in an inbound direction, this is a finding.
M
4029