STIGQter STIGQter: STIG Summary: Cisco IOS-XE Switch RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Cisco multicast switch must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing.

DISA Rule

SV-221053r622190_rule

Vulnerability Number

V-221053

Group Title

SRG-NET-000019-RTR-000003

Rule Version

CISC-RT-000790

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Document all enabled interfaces for PIM in the network's multicast topology diagram. Disable support for PIM on interfaces that are not required to support it.

SW1(config)#int g1/1
SW1(config-if)#no ip pim sparse-mode

Check Contents

Step 1: Review the network's multicast topology diagram.

Step 2: Review the switch configuration to verify that only the PIM interfaces as shown in the multicast topology diagram are enabled for PIM as shown in the example below:

interface GigabitEthernet1/1
no switchport
ip address 10.1.3.3 255.255.255.0
ip pim sparse-mode

If an interface is not required to support multicast routing and it is enabled, this is a finding.

Vulnerability Number

V-221053

Documentable

False

Rule Version

CISC-RT-000790

Severity Override Guidance

Step 1: Review the network's multicast topology diagram.

Step 2: Review the switch configuration to verify that only the PIM interfaces as shown in the multicast topology diagram are enabled for PIM as shown in the example below:

interface GigabitEthernet1/1
no switchport
ip address 10.1.3.3 255.255.255.0
ip pim sparse-mode

If an interface is not required to support multicast routing and it is enabled, this is a finding.

Check Content Reference

M

Target Key

4074

Comments