STIGQter: STIG Summary: Cisco IOS-XE Switch RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Cisco PE switch providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.

DISA Rule

SV-221041r622190_rule

Vulnerability Number

V-221041

Group Title

SRG-NET-000512-RTR-000008

Rule Version

CISC-RT-000670

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Assign globally unique VC IDs for each virtual circuit and configure the attachment circuits with the appropriate VC ID.

Check Contents

Verify that the correct and unique VCID has been configured for the appropriate attachment circuit. In the example below, GigabitEthernet0/1 is the CE-facing interface that is configured for VPWS with the VCID of 55.

interface GigabitEthernet0/1
xconnect x.2.2.12 55 encapsulation mpls

If the correct VC ID has not been configured on both switches, this is a finding.

Vulnerability Number

V-221041

Documentable

False

Rule Version

CISC-RT-000670

Severity Override Guidance

Verify that the correct and unique VCID has been configured for the appropriate attachment circuit. In the example below, GigabitEthernet0/1 is the CE-facing interface that is configured for VPWS with the VCID of 55.

interface GigabitEthernet0/1
xconnect x.2.2.12 55 encapsulation mpls

If the correct VC ID has not been configured on both switches, this is a finding.

Check Content Reference

M

Target Key

4074

Comments