SV-216994r538970_rule
V-216994
SRG-NET-000230-RTR-000001
CISC-RT-000020
CAT II
10
Configure authentication to be enabled for every protocol that affects the routing or forwarding tables.
The example configuration commands below enables BGP, EIGRP, IS-IS, and OSPF authentication.
BGP Example
R1(config)#router bgp nn
R1(config-router)#neighbor x.x.x.x password xxxxxx
EIGRP Example
R5(config)#key chain EIGRP_KEY
R5(config-keychain)#key 1
R5(config-keychain-key)#key-string xxxxx
R5(config-keychain-key)#exit
R5(config-keychain)#exit
R5(config)#int g0/0
R5(config-if)#ip authentication mode eigrp 1 md5
R5(config-if)#ip authentication key-chain eigrp 1 EIGRP_KEY
R5(config-if)#end
IS-IS Example
R5(config)#int g0/0
R5(config-if)#isis password xxxxxx
OSPF Example
R5(config)#int g0/0
R5(config-if)#ip ospf authentication-key xxxxx
R5(config-if)#end
Review the router configuration. Verify that neighbor router authentication is enabled for all routing protocols. The configuration examples below depicts OSPF, EIGRP, IS-IS and BGP authentication.
BGP Example:
router bgp nn
no synchronization
bgp log-neighbor-changes
neighbor x.x.x.x remote-as nn
neighbor x.x.x.x password xxxxxxx
EIGRP Example:
key chain EIGRP_KEY
key 1
key-string xxxxxxx
…
…
…
interface GigabitEthernet0/0
ip address x.x.x.x 255.255.255.0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP_KEY
IS-IS Example:
interface GigabitEthernet0/0
ip address x.x.x.x 255.255.255.0
ip router isis
isis password xxxxxxx
OSPF Example:
interface GigabitEthernet0/0
ip address x.x.x.x 255.255.255.0
ip ospf authentication-key xxxxx
If authentication is not enabled on all routing protocols, this is a finding.
V-216994
False
CISC-RT-000020
Review the router configuration. Verify that neighbor router authentication is enabled for all routing protocols. The configuration examples below depicts OSPF, EIGRP, IS-IS and BGP authentication.
BGP Example:
router bgp nn
no synchronization
bgp log-neighbor-changes
neighbor x.x.x.x remote-as nn
neighbor x.x.x.x password xxxxxxx
EIGRP Example:
key chain EIGRP_KEY
key 1
key-string xxxxxxx
…
…
…
interface GigabitEthernet0/0
ip address x.x.x.x 255.255.255.0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP_KEY
IS-IS Example:
interface GigabitEthernet0/0
ip address x.x.x.x 255.255.255.0
ip router isis
isis password xxxxxxx
OSPF Example:
interface GigabitEthernet0/0
ip address x.x.x.x 255.255.255.0
ip ospf authentication-key xxxxx
If authentication is not enabled on all routing protocols, this is a finding.
M
4028