STIGQter: STIG Summary: Cisco IOS XE Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Cisco MPLS router must be configured to synchronize Interior Gateway Protocol (IGP) and LDP to minimize packet loss when an IGP adjacency is established prior to LDP peers completing label exchange.

DISA Rule

SV-216698r531086_rule

Vulnerability Number

V-216698

Group Title

SRG-NET-000512-RTR-000003

Rule Version

CISC-RT-000600

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the MPLS router to synchronize IGP and LDP, minimizing packet loss when an IGP adjacency is established prior to LDP peers completing label exchange.

OSPF Example:

R2(config)#router ospf 1
R2(config-router)#mpls ldp sync

IS-IS Example:

R5(config)#router isis
R5(config-router)#mpls ldp sync

Check Contents

Review the router OSPF or IS-IS configuration and verify that LDP will synchronize with the link-state routing protocol as shown in the example below:

OSPF Example:

router ospf 1
mpls ldp sync

IS-IS Example:

router isis
mpls ldp sync
net 49.0001.1234.1600.5531.00

If the router is not configured to synchronize IGP and LDP, this is a finding.

Vulnerability Number

V-216698

Documentable

False

Rule Version

CISC-RT-000600

Severity Override Guidance

Review the router OSPF or IS-IS configuration and verify that LDP will synchronize with the link-state routing protocol as shown in the example below:

OSPF Example:

router ospf 1
mpls ldp sync

IS-IS Example:

router isis
mpls ldp sync
net 49.0001.1234.1600.5531.00

If the router is not configured to synchronize IGP and LDP, this is a finding.

Check Content Reference

M

Target Key

4028

Comments