STIGQter: STIG Summary: Cisco NX-OS Switch RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Cisco NX-OS Switch RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-221115r622190_rule
V-221115
SRG-NET-000193-RTR-000001
CISC-RT-000610
CAT III
10
Configure the switch to rate limit RSVP messages per interface as shown in the example below. Configure the MPLS switch to synchronize IGP and LDP, minimizing packet loss when an IGP adjacency is established prior to LDP peers completing label exchange.
OSPF Example
SW1(config)# router ospf 1
SW1(config-switch)# mpls ldp sync
IS-IS Example
SW1(config)# router isis
SW1(config-switch)# mpls ldp sync.
SW1(config)# ip rsvp
SW1(config-ip-rsvp)# signaling refresh reduction
SW1(config-ip-rsvp)# end
Review the switch configuration to determine if refresh reduction is enabled.
Step 1: Determine if MPLS TE is enabled on any interface as shown in the example below:
interface Ethernet4/47
mpls traffic-eng tunnels
mpls ip
Step 2: If MPLS TE is enabled, verify that message pacing is enabled.
ip rsvp
signaling refresh reduction bundle-max-size
If the switch with RSVP-TE configured does not have refresh reduction features enabled, this is a finding.
V-221115
False
CISC-RT-000610
Review the switch configuration to determine if refresh reduction is enabled.
Step 1: Determine if MPLS TE is enabled on any interface as shown in the example below:
interface Ethernet4/47
mpls traffic-eng tunnels
mpls ip
Step 2: If MPLS TE is enabled, verify that message pacing is enabled.
ip rsvp
signaling refresh reduction bundle-max-size
If the switch with RSVP-TE configured does not have refresh reduction features enabled, this is a finding.
M
4075