Arista MLS EOS 4.2x Router Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-NET-000512-RTR-000003
Group -
SRG-NET-000512-RTR-000004
Group -
The MPLS router must be configured to have TTL propagation disabled.
The head end of the label-routered path (LSP), the label edge router (LER) will decrement the IP packet's time-to-live (TTL) value by one and then copy the value to the MPLS TTL field. At each labe...Rule Medium Severity -
SRG-NET-000512-RTR-000005
Group -
SRG-NET-000512-RTR-000006
Group -
The PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).
The primary security model for an MPLS L3VPN as well as a VRF-lite infrastructure is traffic separation. Each interface can only be associated to one VRF, which is the fundamental framework for tra...Rule High Severity -
SRG-NET-000512-RTR-000008
Group -
The PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.
VPWS is an L2VPN technology that provides a virtual circuit between two PE routers to forward Layer 2 frames between two customer-edge routers or routers through an MPLS-enabled IP core. The ingres...Rule High Severity -
SRG-NET-000512-RTR-000011
Group -
The Arista Multicast Source Discovery Protocol (MSDP) router must be configured to use its loopback address as the source address when originating MSDP traffic.
Using a loopback address as the source address offers a multitude of uses for security, access, management, and scalability of MSDP routers. It is easier to construct appropriate ingress filters fo...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.