STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN.

DISA Rule

SV-207180r604135_rule

Vulnerability Number

V-207180

Group Title

SRG-NET-000512

Rule Version

SRG-NET-000512-RTR-000009

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Assign globally unique VPN IDs for each customer VLAN using VPLS for carrier Ethernet services between multiple sites, and configure the attachment circuits to the appropriate VFI.

Check Contents

Review the implementation plan and the VPN IDs assigned to customer VLANs for the VPLS deployment.

Review the PE router configuration to verify that customer attachment circuits (i.e., VLANs) are associated to the appropriate VFI.

If the attachment circuits have not been bound to VFI configured with the assigned VPN ID for each VLAN, this is a finding.

Vulnerability Number

V-207180

Documentable

False

Rule Version

SRG-NET-000512-RTR-000009

Severity Override Guidance

Review the implementation plan and the VPN IDs assigned to customer VLANs for the VPLS deployment.

Review the PE router configuration to verify that customer attachment circuits (i.e., VLANs) are associated to the appropriate VFI.

If the attachment circuits have not been bound to VFI configured with the assigned VPN ID for each VLAN, this is a finding.

Check Content Reference

M

Target Key

2917

Comments