STIGQter STIGQter: STIG Summary: Cisco NX-OS Switch RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Cisco MPLS switch must be configured to have TTL Propagation disabled.

DISA Rule

SV-221116r622190_rule

Vulnerability Number

V-221116

Group Title

SRG-NET-000512-RTR-000004

Rule Version

CISC-RT-000620

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the MPLS switch to disable TTL propagation as shown in the example below:

SW1(config)# no mpls ip propagate-ttl

Check Contents

Review the switch configuration to verify that TTL propagation is disabled as shown in the example below:

no mpls ip propagate-ttl

If the MPLS switch is not configured to disable TTL propagation, this is a finding.

Vulnerability Number

V-221116

Documentable

False

Rule Version

CISC-RT-000620

Severity Override Guidance

Review the switch configuration to verify that TTL propagation is disabled as shown in the example below:

no mpls ip propagate-ttl

If the MPLS switch is not configured to disable TTL propagation, this is a finding.

Check Content Reference

M

Target Key

4075

Comments