STIGQter: STIG Summary: Cisco IOS-XE Switch RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Cisco IOS-XE Switch RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-221035r622190_rule
V-221035
SRG-NET-000193-RTR-000001
CISC-RT-000610
CAT III
10
Configure the switch to rate limit RSVP messages per interface as shown in the example.
SW2(config)#ip rsvp signalling rate-limit burst 9 maxsize 2100 period 30 limit 50
Review the switch configuration to determine RSVP messages are rate limited.
Step 1: Determine if MPLS TE is enabled globally and at least one interface as shown in the example below:
mpls traffic-eng tunnels
…
…
…
interface GigabitEthernet0/2
no switchport
ip address x.x.x.x 255.255.255.0
mpls traffic-eng tunnels
mpls ip
Step 2: If MPLS TE is enabled, verify that message pacing is enabled.
ip rsvp signalling rate-limit period 30 burst 9 maxsize 2100 limit 50
Note: The command "ip rsvp msg-pacing" has been deprecated by the command "ip rsvp signalling rate-limit".
If the switch with RSVP-TE enabled does not rate limit RSVP messages based on the link speed and input queue size of adjacent core switches, this is a finding.
V-221035
False
CISC-RT-000610
Review the switch configuration to determine RSVP messages are rate limited.
Step 1: Determine if MPLS TE is enabled globally and at least one interface as shown in the example below:
mpls traffic-eng tunnels
…
…
…
interface GigabitEthernet0/2
no switchport
ip address x.x.x.x 255.255.255.0
mpls traffic-eng tunnels
mpls ip
Step 2: If MPLS TE is enabled, verify that message pacing is enabled.
ip rsvp signalling rate-limit period 30 burst 9 maxsize 2100 limit 50
Note: The command "ip rsvp msg-pacing" has been deprecated by the command "ip rsvp signalling rate-limit".
If the switch with RSVP-TE enabled does not rate limit RSVP messages based on the link speed and input queue size of adjacent core switches, this is a finding.
M
4074