STIGQter STIGQter: STIG Summary: Cisco IOS XR Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Cisco multicast Designated Router (DR) must be configured to set the shortest-path tree (SPT) threshold to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed.

DISA Rule

SV-216817r531087_rule

Vulnerability Number

V-216817

Group Title

SRG-NET-000362-RTR-000123

Rule Version

CISC-RT-000890

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the DR to increase the SPT threshold or set it to infinity to minimalize (S, G) state within the multicast topology where ASM is deployed.

RP/0/0/CPU0:R2(config)#router pim
RP/0/0/CPU0:R2(config-pim)#address-family ipv4
RP/0/0/CPU0:R2(config-pim-default-ipv4)#spt-threshold infinity
RP/0/0/CPU0:R2(config-pim-default-ipv4)#end

Check Contents

Review the DR configuration to verify that the SPT switchover threshold is increased (default is "0") or set to infinity (never switch over).

router pim
address-family ipv4



spt-threshold infinity

If the DR is not configured to increase the SPT threshold or set to infinity to minimalize (S, G) state, this is a finding.

Vulnerability Number

V-216817

Documentable

False

Rule Version

CISC-RT-000890

Severity Override Guidance

Review the DR configuration to verify that the SPT switchover threshold is increased (default is "0") or set to infinity (never switch over).

router pim
address-family ipv4



spt-threshold infinity

If the DR is not configured to increase the SPT threshold or set to infinity to minimalize (S, G) state, this is a finding.

Check Content Reference

M

Target Key

4029

Comments