Skip to content

The Cisco switch must be configured to restrict traffic destined to itself.

An XCCDF Rule

Description

<VulnDiscussion>The route processor handles traffic destined to the switch—the key component used to build forwarding paths and is instrumental with all network management functions. Hence, any disruption or DoS attack to the route processor can result in mission critical network outages.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-221080r622190_rule
Severity
High
References
Updated



Remediation - Manual Procedure

Step 1: Configure the ACL for any external interfaces as shown in the example below:

SW1(config)# ip access-list EXTERNAL_ACL
SW1(config-acl)# permit tcp host x.11.1.1 eq bgp host x.11.1.2 
SW1(config-acl)# permit tcp host x.11.1.1 host x.11.1.2 eq bgp
SW1(config-acl)# permit icmp host x.11.1.1 host x.11.1.2 echo