The Cisco switch must be configured to restrict traffic destined to itself.
An XCCDF Rule
Description
<VulnDiscussion>The route processor handles traffic destined to the switch—the key component used to build forwarding paths and is instrumental with all network management functions. Hence, any disruption or DoS attack to the route processor can result in mission critical network outages.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-221080r999689_rule
- Severity
- High
- References
- Updated
Remediation - Manual Procedure
Step 1: Configure the ACL for any external interfaces as shown in the example below:
SW1(config)# ip access-list EXTERNAL_ACL
SW1(config-acl)# permit tcp host x.11.1.1 eq bgp host x.11.1.2
SW1(config-acl)# permit tcp host x.11.1.1 host x.11.1.2 eq bgp
SW1(config-acl)# permit icmp host x.11.1.1 host x.11.1.2 echo