STIGQter STIGQter: STIG Summary: Infrastructure Router Security Technical Implementation Guide Juniper Version: 8 Release: 29 Benchmark Date: 25 Jan 2019: The administrator must ensure that Protocol Independent Multicast (PIM) is disabled on all interfaces that are not required to support multicast routing.

DISA Rule

SV-40313r1_rule

Vulnerability Number

V-30577

Group Title

PIM enabled on wrong interfaces

Rule Version

NET-MCAST-001

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

If IPv4 or IPv6 multicast routing is enabled, ensure that all interfaces enabled for PIM is documented in the network’s multicast topology diagram. Enable PIM only on the applicable interfaces according to the multicast topology diagram.

Check Contents

If IPv4 or IPv6 multicast routing is enabled, ensure that all interfaces enabled for PIM is documented in the network’s multicast topology diagram. Review the router or multi-layer switch configuration to determine if multicast routing is enabled and what interfaces are enabled for PIM.

Review the interfaces that have been defined under the protocols PIM hierarchy and verify that they all need to support multicast routing. When using the explicit interface declarations, the configuration would look similar to the following:

protocols {
pim {
interface so-7/0/1.0 {
mode sparse;
version 2;
}
interfaces ge-0/3/0.0 {
mode sparse;
version 2;
}



}

If the interface all statement is used, verify that interfaces not supporting multicast routing have PIM disabled using the disable keyword. The configuration would look similar to the following:

protocols {
pim {
interface all {
mode sparse;
version 2;
}
interface fx0.0 {
disable;
}
interfaces fe-1/1/1 {
disable;
}
interfaces fe-1/1/2 {
disable;
}
}
}

Vulnerability Number

V-30577

Documentable

False

Rule Version

NET-MCAST-001

Severity Override Guidance

If IPv4 or IPv6 multicast routing is enabled, ensure that all interfaces enabled for PIM is documented in the network’s multicast topology diagram. Review the router or multi-layer switch configuration to determine if multicast routing is enabled and what interfaces are enabled for PIM.

Review the interfaces that have been defined under the protocols PIM hierarchy and verify that they all need to support multicast routing. When using the explicit interface declarations, the configuration would look similar to the following:

protocols {
pim {
interface so-7/0/1.0 {
mode sparse;
version 2;
}
interfaces ge-0/3/0.0 {
mode sparse;
version 2;
}



}

If the interface all statement is used, verify that interfaces not supporting multicast routing have PIM disabled using the disable keyword. The configuration would look similar to the following:

protocols {
pim {
interface all {
mode sparse;
version 2;
}
interface fx0.0 {
disable;
}
interfaces fe-1/1/1 {
disable;
}
interfaces fe-1/1/2 {
disable;
}
}
}

Check Content Reference

M

Responsibility

System Administrator

Target Key

510

Comments