STIGQter STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 12 Feb 2021:

The Juniper MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.

DISA Rule

SV-217063r639663_rule

Vulnerability Number

V-217063

Group Title

SRG-NET-000512-RTR-000002

Rule Version

JUNI-RT-000570

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the router to use their loopback address as the source address for LDP peering sessions. As noted in the check content, the default behavior is to use its loopback address. However, if a router ID is configured, ensure it matches the address of the loopback address as shown in the example below.

[edit routing-options]
set router-id 2.2.2.2

Check Contents

Review the router configuration to determine if it is compliant with this requirement.

Verify that a loopback address has been configured as shown in the following example:

}
interfaces {



}
lo0 {
unit 0 {
family inet {
address 2.2.2.2/32;
}
}
}
}

By default, routers will use its loopback address for LDP peering. If an address has not be configured on the loopback interface, it will use its physical interface connecting to the LDP peer. If the router-id command is specified that overrides this default behavior, verify that it is the IP address of the designated loopback interface as shown in the example below.

}
routing-options {
router-id 2.2.2.2;
autonomous-system 5;
}

If the router is not configured do use its loopback address for LDP peering, this is a finding.

Vulnerability Number

V-217063

Documentable

False

Rule Version

JUNI-RT-000570

Severity Override Guidance

Review the router configuration to determine if it is compliant with this requirement.

Verify that a loopback address has been configured as shown in the following example:

}
interfaces {



}
lo0 {
unit 0 {
family inet {
address 2.2.2.2/32;
}
}
}
}

By default, routers will use its loopback address for LDP peering. If an address has not be configured on the loopback interface, it will use its physical interface connecting to the LDP peer. If the router-id command is specified that overrides this default behavior, verify that it is the IP address of the designated loopback interface as shown in the example below.

}
routing-options {
router-id 2.2.2.2;
autonomous-system 5;
}

If the router is not configured do use its loopback address for LDP peering, this is a finding.

Check Content Reference

M

Target Key

4032

Comments