STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).

DISA Rule

SV-207177r604135_rule

Vulnerability Number

V-207177

Group Title

SRG-NET-000512

Rule Version

SRG-NET-000512-RTR-000006

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure all J-PE routers to have the correct VRF defined with the appropriate RT.

Check Contents

Verify that the correct RT is configured for each VRF.

Review the design plan for MPLS/L3VPN and VRF-lite to determine what RTs have been assigned for each VRF.

Review the route-target import, route-target, or route-target export statements under each configured VRF and verify that the correct RTs have been defined for each VRF.

Note: Import and export route-maps are normally used when finer granularity is required.

If there are VRFs configured with the wrong RT, this is a finding.

Vulnerability Number

V-207177

Documentable

False

Rule Version

SRG-NET-000512-RTR-000006

Severity Override Guidance

Verify that the correct RT is configured for each VRF.

Review the design plan for MPLS/L3VPN and VRF-lite to determine what RTs have been assigned for each VRF.

Review the route-target import, route-target, or route-target export statements under each configured VRF and verify that the correct RTs have been defined for each VRF.

Note: Import and export route-maps are normally used when finer granularity is required.

If there are VRFs configured with the wrong RT, this is a finding.

Check Content Reference

M

Target Key

2917

Comments