STIGQter STIGQter: STIG Summary: Cisco IOS Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Cisco perimeter router must be configured to have Cisco Discovery Protocol (CDP) disabled on all external interfaces.

DISA Rule

SV-216585r531085_rule

Vulnerability Number

V-216585

Group Title

SRG-NET-000364-RTR-000111

Rule Version

CISC-RT-000370

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

This requirement is not applicable for the DODIN Backbone.

Disable CDP on all external interfaces via no cdp enable command or disable CDP globally via no cdp run command.

Check Contents

This requirement is not applicable for the DODIN Backbone.

Step 1: Verify CDP is not enabled globally via the command no cdp run

By default CDP is enabled globally; hence, the command cdp run will not be shown in the configuration. If CDP is enabled, proceed to step 2.

Step 2: Verify CDP is not enabled on any external interface as shown in the example below.

interface GigabitEthernet0/1
ip address x.1.23.2 255.255.255.252
no cdp enable

Note: By default CDP is enabled on all interfaces if CDP is enabled globally.

If CDP is enabled on any external interface, this is a finding.

Vulnerability Number

V-216585

Documentable

False

Rule Version

CISC-RT-000370

Severity Override Guidance

This requirement is not applicable for the DODIN Backbone.

Step 1: Verify CDP is not enabled globally via the command no cdp run

By default CDP is enabled globally; hence, the command cdp run will not be shown in the configuration. If CDP is enabled, proceed to step 2.

Step 2: Verify CDP is not enabled on any external interface as shown in the example below.

interface GigabitEthernet0/1
ip address x.1.23.2 255.255.255.252
no cdp enable

Note: By default CDP is enabled on all interfaces if CDP is enabled globally.

If CDP is enabled on any external interface, this is a finding.

Check Content Reference

M

Target Key

4027

Comments