STIGQter: STIG Summary: Cisco IOS-XE Switch RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Cisco MPLS switch must be configured to synchronize Interior Gateway Protocol (IGP) and LDP to minimize packet loss when an IGP adjacency is established prior to LDP peers completing label exchange.

DISA Rule

SV-221034r622190_rule

Vulnerability Number

V-221034

Group Title

SRG-NET-000512-RTR-000003

Rule Version

CISC-RT-000600

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the MPLS switch to synchronize IGP and LDP, minimizing packet loss when an IGP adjacency is established prior to LDP peers completing label exchange.

OSPF Example:

SW2(config)#router ospf 1
SW2(config-switch)#mpls ldp sync

IS-IS Example:

SW1(config)#router isis
SW1(config-switch)#mpls ldp sync

Check Contents

Review the switch OSPF or IS-IS configuration and verify that LDP will synchronize with the link-state routing protocol as shown in the example below:

OSPF Example:

router ospf 1
mpls ldp sync

IS-IS Example:

router isis
mpls ldp sync
net 49.0001.1234.1600.5531.00

If the switch is not configured to synchronize IGP and LDP, this is a finding.

Vulnerability Number

V-221034

Documentable

False

Rule Version

CISC-RT-000600

Severity Override Guidance

Review the switch OSPF or IS-IS configuration and verify that LDP will synchronize with the link-state routing protocol as shown in the example below:

OSPF Example:

router ospf 1
mpls ldp sync

IS-IS Example:

router isis
mpls ldp sync
net 49.0001.1234.1600.5531.00

If the switch is not configured to synchronize IGP and LDP, this is a finding.

Check Content Reference

M

Target Key

4074

Comments