STIGQter: STIG Summary: Cisco IOS XE Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.

DISA Rule

SV-216705r531086_rule

Vulnerability Number

V-216705

Group Title

SRG-NET-000512-RTR-000008

Rule Version

CISC-RT-000670

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Assign globally unique VC IDs for each virtual circuit and configure the attachment circuits with the appropriate VC ID.

R5(config)#int g0/1
R5(config-if)#xconnect x.2.2.12 55 encapsulation mpls

Check Contents

Verify that the correct and unique VCID has been configured for the appropriate attachment circuit. In the example below, GigabitEthernet0/1 is the CE-facing interface that is configured for VPWS with the VCID of 55.

interface GigabitEthernet0/1
xconnect x.2.2.12 55 encapsulation mpls

If the correct VC ID has not been configured on both routers, this is a finding.

Vulnerability Number

V-216705

Documentable

False

Rule Version

CISC-RT-000670

Severity Override Guidance

Verify that the correct and unique VCID has been configured for the appropriate attachment circuit. In the example below, GigabitEthernet0/1 is the CE-facing interface that is configured for VPWS with the VCID of 55.

interface GigabitEthernet0/1
xconnect x.2.2.12 55 encapsulation mpls

If the correct VC ID has not been configured on both routers, this is a finding.

Check Content Reference

M

Target Key

4028

Comments