Details
Router Advertisement Guard administrative status. The RA Guard allows the network administrator to block or reject unwanted or rogue router advertisement (RA) and Redirect messages that arrive at the network device platform. The status can be:
– Disable
– Enable
The default is Enable.
Solution
Log into the Cisco APIC Web Console:
Navigate to ‘Tenants’
Repeat the following for all tenants:
– Double click the tenant
– Expand the tenant
– Expand ‘Policies’
– Expand ‘Protocol’
– Expand ‘First Hop Secuirty’
– Expand ‘Feature Policies’
– For each policy, in the ‘RA Guard’ section, ensure ‘Admin Status’ is set to ‘Enable’
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Cisco_ACI.