STIGQter STIGQter: STIG Summary: Cisco NX-OS Switch RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to use a loopback address as the source address when originating MSDP traffic.

DISA Rule

SV-221147r622190_rule

Vulnerability Number

V-221147

Group Title

SRG-NET-000512-RTR-000011

Rule Version

CISC-RT-000950

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the switch to use its loopback address is used as the source address when sending MSDP packets.

SW1(config)# ip msdp peer x.44.2.34 connect-source lo12 remote-as nn

Check Contents

Step 1: Review the switch configuration to verify that a loopback address has been configured.

interface Loopback12
ip address x.12.2.2/32

Step 2: Verify that the loopback interface is used as the source address for all MSDP packets generated by the switch.

ip msdp peer x.44.2.34 connect-source Loopback12 remote-as nn

If the switch does not use its loopback address as the source address when originating MSDP traffic, this is a finding.

Vulnerability Number

V-221147

Documentable

False

Rule Version

CISC-RT-000950

Severity Override Guidance

Step 1: Review the switch configuration to verify that a loopback address has been configured.

interface Loopback12
ip address x.12.2.2/32

Step 2: Verify that the loopback interface is used as the source address for all MSDP packets generated by the switch.

ip msdp peer x.44.2.34 connect-source Loopback12 remote-as nn

If the switch does not use its loopback address as the source address when originating MSDP traffic, this is a finding.

Check Content Reference

M

Target Key

4075

Comments