STIGQter STIGQter: STIG Summary: Cisco IOS XR Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Cisco perimeter router must be configured to have Cisco Discovery Protocol (CDP) disabled on all external interfaces.

DISA Rule

SV-216765r531087_rule

Vulnerability Number

V-216765

Group Title

SRG-NET-000364-RTR-000111

Rule Version

CISC-RT-000370

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

This requirement is not applicable for the DODIN Backbone.

Disable CDP on all external interfaces via no cdp command or disable CDP globally via no cdp command.

Check Contents

This requirement is not applicable for the DODIN Backbone.

Step 1: Verify if CDP is enabled globally via the cdp command as shown below.

hostname R3
cdp

By default CDP is disabled globally; hence, the command cdp run will not be shown in the configuration. If CDP is enabled, proceed to step 2.

Step 2: Verify CDP is not enabled on any external interface as shown in the example below.

interface GigabitEthernet0/0/0/1
cdp
ipv4 address x.1.34.3 255.255.255.252

If CDP is enabled on any external interface, this is a finding.

Vulnerability Number

V-216765

Documentable

False

Rule Version

CISC-RT-000370

Severity Override Guidance

This requirement is not applicable for the DODIN Backbone.

Step 1: Verify if CDP is enabled globally via the cdp command as shown below.

hostname R3
cdp

By default CDP is disabled globally; hence, the command cdp run will not be shown in the configuration. If CDP is enabled, proceed to step 2.

Step 2: Verify CDP is not enabled on any external interface as shown in the example below.

interface GigabitEthernet0/0/0/1
cdp
ipv4 address x.1.34.3 255.255.255.252

If CDP is enabled on any external interface, this is a finding.

Check Content Reference

M

Target Key

4029

Comments