STIGQter: STIG Summary: Cisco IOS XR Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Cisco IOS XR Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-216770r531087_rule
V-216770
SRG-NET-000019-RTR-000011
CISC-RT-000420
CAT II
10
This requirement is not applicable for the DODIN Backbone.
Configure the router to have a separate IGP instance for the management network as shown in the example below.
RP/0/0/CPU0:R2(config)#router ospf 2 vrf MGMT
RP/0/0/CPU0:R2(config-ospf-vrf)#area 0
RP/0/0/CPU0:R2(config-ospf-vrf-ar)#interface GigabitEthernet0/0/0/0.2
RP/0/0/CPU0:R2(config-ospf-vrf-ar-if)#exit
RP/0/0/CPU0:R2(config-ospf-vrf-ar)#exit
RP/0/0/CPU0:R2(config-ospf-vrf)#exit
RP/0/0/CPU0:R2(config-ospf)#exit
RP/0/0/CPU0:R2(config)#router ospf 3 vrf PROD
RP/0/0/CPU0:R2(config-ospf-vrf)#area 0
RP/0/0/CPU0:R2(config-ospf-vrf-ar)#interface GigabitEthernet0/0/0/0.3
RP/0/0/CPU0:R2(config-ospf-vrf-ar-if)#end
This requirement is not applicable for the DODIN Backbone.
Verify that the OOBM interface is an adjacency in the IGP domain for the management network via separate VRF as shown in the example below.
router ospf 2
vrf MGMT
area 0
interface GigabitEthernet0/0/0/0.2
!
!
!
!
router ospf 3
vrf PROD
area 0
interface GigabitEthernet0/0/0/0.3
!
!
!
!
If the router is not configured to have separate IGP instances for the managed network and management network, this is a finding.
V-216770
False
CISC-RT-000420
This requirement is not applicable for the DODIN Backbone.
Verify that the OOBM interface is an adjacency in the IGP domain for the management network via separate VRF as shown in the example below.
router ospf 2
vrf MGMT
area 0
interface GigabitEthernet0/0/0/0.2
!
!
!
!
router ospf 3
vrf PROD
area 0
interface GigabitEthernet0/0/0/0.3
!
!
!
!
If the router is not configured to have separate IGP instances for the managed network and management network, this is a finding.
M
4029