STIGQter: STIG Summary: Arista MLS DCS-7000 Series RTR Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020: STIGQter: STIG Summary: Arista MLS DCS-7000 Series RTR Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:SV-75351r1_rule
V-60893
SRG-NET-000019-RTR-000005
AMLS-L3-000130
CAT II
10
Configure the appropriate boundaries to contain packets addressed within the administratively scoped zone. Defined multicast addresses are FFx4::/16, FFx5::/16, FFx8::/16, and 239.255.0.0/16.
To create a PIM Boundary, create an access list by entering:
ip access-list [name]
[ip access list permit/deny statement]
exit
Then apply the boundary filter based on the accesslist to the PIM-enabled interface:
int ethernet [X]
ip multicast boundary [name-of-ACL]
Review the multicast topology diagram to determine if there are any documented Admin-Local (FFx4::/16), Site-Local (FFx5::/16), or Organization-Local (FFx8::/16) multicast boundaries for IPv6 traffic or any Local-Scope (239.255.0.0/16) boundaries for IPv4 traffic.
Verify the appropriate boundaries are configured on the applicable multicast-enabled interfaces via an "ip multicast boundary" statement in the interface configuration.
If the appropriate boundaries are not configured on applicable multicast-enabled interfaces, this is a finding.
V-60893
False
AMLS-L3-000130
Review the multicast topology diagram to determine if there are any documented Admin-Local (FFx4::/16), Site-Local (FFx5::/16), or Organization-Local (FFx8::/16) multicast boundaries for IPv6 traffic or any Local-Scope (239.255.0.0/16) boundaries for IPv4 traffic.
Verify the appropriate boundaries are configured on the applicable multicast-enabled interfaces via an "ip multicast boundary" statement in the interface configuration.
If the appropriate boundaries are not configured on applicable multicast-enabled interfaces, this is a finding.
M
2823