Home
Security Hardening
DISA STIG Cisco Infrastructure L3 Switch V8R29

DISA STIG Cisco Infrastructure L3 Switch V8R29

NET-IPV6-025 – IPv6 Site Local Unicast ADDR must not be defined
Details The network element must be configured to ensure IPv6 Site Local Unicast addresses are not defined in the enclave,...
NET-IPV6-033 – IPv6 routers are not configured with CEF enabled
Details The administrator will enable CEF to improve router stability during a SYN flood attack in an IPv6 enclave. The...
NET-IPV6-034 – IPv6 Egress Outbound Spoofing Filter – ‘deny ipv6 any any log’
Details The network element must be configured from accepting any outbound IP packet that contains an illegitimate address in the...
NET-IPV6-034 – IPv6 Egress Outbound Spoofing Filter – ‘ipv6 verify unicast source reachable-via rx OUTBOUND_TO_BACKBONE’
Details The network element must be configured from accepting any outbound IP packet that contains an illegitimate address in the...
NET-IPV6-059 – Maximum hop limit is less than 32
Details The administrator must ensure that the maximum hop limit is at least 32. The Neighbor Discovery protocol allows a...
NET-IPV6-065 – The 6-to-4 router is not filtering protocol 41 – ‘ip access-group IPV4_EGRESS_FILTER’
Details The administrator must ensure the 6-to-4 router is configured to drop any IPv4 packets with protocol 41 received from...
NET-IPV6-065 – The 6-to-4 router is not filtering protocol 41 – ‘ip access-list IPV4_EGRESS_FILTER’
Details The administrator must ensure the 6-to-4 router is configured to drop any IPv4 packets with protocol 41 received from...
NET-IPV6-065 – The 6-to-4 router is not filtering protocol 41 – ‘tunnel mode ipv6ip 6to4’
Details The administrator must ensure the 6-to-4 router is configured to drop any IPv4 packets with protocol 41 received from...
NET-IPV6-066 – 6-to-4 router not filtering invalid source address – ‘ipv6 traffic-filter IPV6_EGRESS_ACL in’
Details The administrator must ensure the 6-to-4 router is configured to drop any outbound IPv6 packets from the internal network...
NET-IPV6-066 – 6-to-4 router not filtering invalid source address – ‘permit ipv6 2002:V4ADDR::/48’
Details The administrator must ensure the 6-to-4 router is configured to drop any outbound IPv6 packets from the internal network...

DISA STIG Cisco Infrastructure L3 Switch V8R29

NET-IPV6-025 – IPv6 Site Local Unicast ADDR must not be defined

NET-IPV6-033 – IPv6 routers are not configured with CEF enabled

NET-IPV6-034 – IPv6 Egress Outbound Spoofing Filter – ‘deny ipv6 any any log’

NET-IPV6-034 – IPv6 Egress Outbound Spoofing Filter – ‘ipv6 verify unicast source reachable-via rx OUTBOUND_TO_BACKBONE’

NET-IPV6-059 – Maximum hop limit is less than 32

NET-IPV6-065 – The 6-to-4 router is not filtering protocol 41 – ‘ip access-group IPV4_EGRESS_FILTER’

NET-IPV6-065 – The 6-to-4 router is not filtering protocol 41 – ‘ip access-list IPV4_EGRESS_FILTER’

NET-IPV6-065 – The 6-to-4 router is not filtering protocol 41 – ‘tunnel mode ipv6ip 6to4’

NET-IPV6-066 – 6-to-4 router not filtering invalid source address – ‘ipv6 traffic-filter IPV6_EGRESS_ACL in’

NET-IPV6-066 – 6-to-4 router not filtering invalid source address – ‘permit ipv6 2002:V4ADDR::/48’