STIGQter: STIG Summary: Cisco NX-OS Switch RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Cisco MPLS switch must be configured to synchronize Interior Gateway Protocol (IGP) and LDP to minimize packet loss when an IGP adjacency is established prior to LDP peers completing label exchange.

DISA Rule

SV-221114r622190_rule

Vulnerability Number

V-221114

Group Title

SRG-NET-000512-RTR-000003

Rule Version

CISC-RT-000600

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the MPLS switch to synchronize IGP and LDP, minimizing packet loss when an IGP adjacency is established prior to LDP peers completing label exchange.

OSPF Example

SW1(config)# router ospf 1
SW1(config-switch)# mpls ldp sync

IS-IS Example

SW1(config)# router isis
SW1(config-switch)# mpls ldp sync

Check Contents

Review the switch OSPF or IS-IS configuration and verify that LDP will synchronize with the link-state routing protocol as shown in the example below:

OSPF Example

router ospf 1
mpls ldp sync

IS-IS Example

router isis
mpls ldp sync

If the switch is not configured to synchronize IGP and LDP, this is a finding.

Vulnerability Number

V-221114

Documentable

False

Rule Version

CISC-RT-000600

Severity Override Guidance

Review the switch OSPF or IS-IS configuration and verify that LDP will synchronize with the link-state routing protocol as shown in the example below:

OSPF Example

router ospf 1
mpls ldp sync

IS-IS Example

router isis
mpls ldp sync

If the switch is not configured to synchronize IGP and LDP, this is a finding.

Check Content Reference

M

Target Key

4075

Comments