Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Arista perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-256059 | ARST-RT-000800 | SV-256059r882519_rule | Medium |
| Description |
|---|
| Many of the known attacks in stateless autoconfiguration are defined in RFC 3756 were present in IPv4 ARP attacks. To mitigate these vulnerabilities, links that have no hosts connected such as the interface connecting to external gateways must be configured to suppress router advertisements. |
| STIG | Date |
|---|---|
| Arista MLS EOS 4.2x Router Security Technical Implementation Guide | 2023-01-17 |
Details
| Check Text ( C-59735r882517_chk ) |
|---|
| This requirement is not applicable for the DODIN backbone. Review the Arista router configuration to verify Router Advertisements are suppressed on all external IPv6-enabled interfaces. interface vlan 200 ipv6 nd ra disabled all If the Arista router is not configured to suppress Router Advertisements on all external IPv6-enabled interfaces, this is a finding. |
| Fix Text (F-59678r882518_fix) |
|---|
| This requirement is not applicable for the DODIN backbone. Configure the Arista router to suppress Router Advertisements on all external IPv6-enabled interfaces. Configure the Arista router to suppress RAs on all IPv6 enabled interface as in the following example for VLAN 200: router(config)#interface vlan 200 router(config-vl200)#ipv6 nd ra disabled all router(config-vl200)# |