STIGQter STIGQter: STIG Summary: Cisco IOS XR Router RTR Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020: The Cisco BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.

DISA Rule

SV-105917r1_rule

Vulnerability Number

V-96779

Group Title

SRG-NET-000512-RTR-000001

Rule Version

CISC-RT-000580

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the router to use its loopback address as the source address for all iBGP peering.

RP/0/0/CPU0:R2(config)#router bgp 2
RP/0/0/CPU0:R2(config-bgp)#neighbor 10.1.24.4
RP/0/0/CPU0:R2(config-bgp-nbr)#update-source lo0
RP/0/0/CPU0:R2(config-bgp-nbr)#end

Check Contents

Step 1: Review the router configuration to verify that a loopback address has been configured.

interface Loopback0
ip address 10.1.1.1 255.255.255.255

Step 2: Verify that the loopback interface is used as the source address for all iBGP sessions.

router bgp xx
address-family ipv4 unicast
!
neighbor 10.1.23.3
remote-as xx
update-source Loopback0

If the router does not use its loopback address as the source address for all iBGP sessions, this is a finding.

Vulnerability Number

V-96779

Documentable

False

Rule Version

CISC-RT-000580

Severity Override Guidance

Step 1: Review the router configuration to verify that a loopback address has been configured.

interface Loopback0
ip address 10.1.1.1 255.255.255.255

Step 2: Verify that the loopback interface is used as the source address for all iBGP sessions.

router bgp xx
address-family ipv4 unicast
!
neighbor 10.1.23.3
remote-as xx
update-source Loopback0

If the router does not use its loopback address as the source address for all iBGP sessions, this is a finding.

Check Content Reference

M

Target Key

3481

Comments