STIGQter: STIG Summary: Cisco IOS-XE Switch RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Cisco IOS-XE Switch RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-221054r622190_rule
V-221054
SRG-NET-000019-RTR-000004
CISC-RT-000800
CAT II
10
Configure neighbor ACLs to only accept PIM control plane traffic from documented PIM neighbors. Bind neighbor ACLs to all PIM enabled interfaces.
Step 1: Configure ACL for PIM neighbors.
SW2(config)#ip access-list standard PIM_NEIGHBORS
SW2(config-std-nacl)#permit 10.1.2.6
SW2(config-std-nacl)#exit
Step 2: Apply the ACL to all interfaces enabled for PIM.
SW2(config)#int g1/1
SW2(config-if)#ip pim neighbor-filter PIM_NEIGHBORS
Step 1: Verify all interfaces enabled for PIM have a neighbor ACL bound to the interface as shown in the example below:
interface GigabitEthernet1/1
no switchport
ip address 10.1.2.2 255.255.255.0
ip pim neighbor-filter PIM_NEIGHBORS
ip pim sparse-mode
Step 2: Review the configured ACL for filtering PIM neighbors as shown in the example below:
ip access-list standard PIM_NEIGHBORS
permit 10.1.2.6
If PIM neighbor ACLs are not bound to all interfaces that have PIM enabled, this is a finding.
V-221054
False
CISC-RT-000800
Step 1: Verify all interfaces enabled for PIM have a neighbor ACL bound to the interface as shown in the example below:
interface GigabitEthernet1/1
no switchport
ip address 10.1.2.2 255.255.255.0
ip pim neighbor-filter PIM_NEIGHBORS
ip pim sparse-mode
Step 2: Review the configured ACL for filtering PIM neighbors as shown in the example below:
ip access-list standard PIM_NEIGHBORS
permit 10.1.2.6
If PIM neighbor ACLs are not bound to all interfaces that have PIM enabled, this is a finding.
M
4074