STIGQter STIGQter: STIG Summary: Cisco IOS-XE Switch RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Cisco multicast Designated switch (DR) must be configured to set the shortest-path tree (SPT) threshold to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed.

DISA Rule

SV-221063r622190_rule

Vulnerability Number

V-221063

Group Title

SRG-NET-000362-RTR-000123

Rule Version

CISC-RT-000890

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the DR to increase the SPT threshold or set it to infinity to minimalize (S, G) state within the multicast topology where ASM is deployed.

SW2(config)#ip pim spt-threshold infinity

Check Contents

Review the DR configuration to verify that the SPT switchover threshold is increased (default is "0") or set to infinity (never switch over).

ip pim rp-address 10.2.2.2
ip pim spt-threshold infinity

If the DR is not configured to increase the SPT threshold or set to infinity to minimalize (S, G) state, this is a finding.

Vulnerability Number

V-221063

Documentable

False

Rule Version

CISC-RT-000890

Severity Override Guidance

Review the DR configuration to verify that the SPT switchover threshold is increased (default is "0") or set to infinity (never switch over).

ip pim rp-address 10.2.2.2
ip pim spt-threshold infinity

If the DR is not configured to increase the SPT threshold or set to infinity to minimalize (S, G) state, this is a finding.

Check Content Reference

M

Target Key

4074

Comments