UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must block IPv6 multicast addresses used as a source address.


Overview

Finding ID Version Rule ID IA Controls Severity
V-14697 NET-IPV6-029 SV-15407r3_rule Medium
Description
IPv6 multicast addresses should never be a source address. They should only be destination addresses.
STIG Date
Perimeter L3 Switch Security Technical Implementation Guide - Cisco 2017-03-09

Details

Check Text ( C-12874r2_chk )
Review the perimeter router configuration to ensure filters are in place to restrict the IP addresses. Verify that ingress and egress ACLs for IPv6 have been defined to deny the multicast source addresses and log all violations.
Fix Text (F-14162r2_fix)
Configure the perimeter router access control lists to deny any IPv6 multicast address used as a source address.