STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 12 Feb 2021:

The Juniper PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the routing instance with the globally unique VPLS ID assigned for each customer VLAN.

DISA Rule

SV-217072r639663_rule

Vulnerability Number

V-217072

Group Title

SRG-NET-000512-RTR-000009

Rule Version

JUNI-RT-000660

Severity

CAT I

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Assign globally unique VPLS ID to each VPLS routing instance as shown in the example.

[edit routing-instances VPLS_CUST2 protocols vpls]
set vpls-id 102 neighbor 8.8.8.8

Check Contents

Review the implementation plan and the VPLS IDs assigned to customer VLANs for the VPLS deployment.

Review the PE router configuration to verify that customer attachment circuits are associated to the appropriate routing instance configured for the customers VPLS ID.

interfaces {
ge-0/1/0.0 {
encapsulation ethernet-vpls;
unit 0 {
}
}
…
…
…
routing-instances {
VPLS_CUST2 {
instance-type vpls;
interface ge-0/1/0.0;
route-distinguisher 22:22;
vrf-target target:22:22;
protocols {
vpls {
site-range 9;
no-tunnel-services;
site R8 {
site-identifier 8;
interface ge-0/1/0.0;
}
vpls-id 102;
neighbor 8.8.8.8;
}
}
}
}

If the attachment circuits have not been bound to appropriate routing instance configured with the assigned VPLS ID for each customer VLAN, this is a finding.

The Juniper PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the routing instance with the globally unique VPLS ID assigned for each customer VLAN.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments