STIGQter: STIG Summary: Cisco IOS XR Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.

DISA Rule

SV-216787r531087_rule

Vulnerability Number

V-216787

Group Title

SRG-NET-000512-RTR-000002

Rule Version

CISC-RT-000590

Severity

CAT III

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Configure the router to use their loopback address as the source address for LDP peering sessions. As noted in the check content, the default behavior is to use its loopback address.

RP/0/0/CPU0:R3(config)#mpls ldp router-id 10.1.1.1

Check Contents

Review the router configuration to determine if it is compliant with this requirement.

Verify that a loopback address has been configured as shown in the following example:

interface Loopback0
ip address 10.1.1.1 255.255.255.255

By default, routers will use its loopback address for LDP peering. If an address has not be configured on the loopback interface, it will use its physical interface connecting to the LDP peer. If the router-id command is specified that overrides this default behavior, verify that it is the IP address of the designated loopback interface as shown in the example below.

mpls ldp
router-id 10.1.1.1

If the router is not configured do use its loopback address for LDP peering, this is a finding.

The Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments