Skip to content

Cisco IOS XE Router RTR Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.

    <VulnDiscussion>VPWS is an L2VPN technology that provides a virtual circuit between two PE routers to forward Layer 2 frames between two cust...
    Rule High Severity
  • SRG-NET-000512-RTR-000009

    <GroupDescription></GroupDescription>
    Group
  • The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN.

    &lt;VulnDiscussion&gt;VPLS defines an architecture that delivers Ethernet multipoint services over an MPLS network. Customer Layer 2 frames are for...
    Rule High Severity
  • SRG-NET-000512-RTR-000010

    <GroupDescription></GroupDescription>
    Group
  • The Cisco perimeter router must be configured to block all packets with any IP options.

    &lt;VulnDiscussion&gt;Packets with IP options are not fast switched and henceforth must be punted to the router processor. Hackers who initiate den...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules