STIGQter STIGQter: STIG Summary: Arista MLS DCS-7000 Series RTR Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The Arista Multilayer Switch must configure the maximum hop limit value to at least 32.

DISA Rule

SV-75385r2_rule

Vulnerability Number

V-60927

Group Title

SRG-NET-000512-RTR-000012

Rule Version

AMLS-L3-000290

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the router maximum hop limit value to at least 32.

From the interface configuration mode, enter:

ipv6 nd ra hop-limit 32

Check Contents

Review the router configuration to determine if the maximum hop limit has been configured.

If it has been configured, then it must be set to at least 32.

If it has not been configured, the default value must be determined. The default value for the Arista MLS is 64.

Review the interface configuration via the "show running-config" command for the statement

ipv6 nd ra hop-limit 32

If the default value is below 32 and the maximum hop limit value has not been configured (set to at least 32), this is a finding.

In any case, maximum hop limit must be at least 32.

Vulnerability Number

V-60927

Documentable

False

Rule Version

AMLS-L3-000290

Severity Override Guidance

Review the router configuration to determine if the maximum hop limit has been configured.

If it has been configured, then it must be set to at least 32.

If it has not been configured, the default value must be determined. The default value for the Arista MLS is 64.

Review the interface configuration via the "show running-config" command for the statement

ipv6 nd ra hop-limit 32

If the default value is below 32 and the maximum hop limit value has not been configured (set to at least 32), this is a finding.

In any case, maximum hop limit must be at least 32.

Check Content Reference

M

Target Key

2823

Comments