STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to RUCKUS ICX Router Security Technical Implementation Guide

V-273571

CAT II (Medium)

The RUCKUS ICX BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS).

Rule ID

SV-273571r1110907_rule

STIG

RUCKUS ICX Router Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001368

Discussion

Accepting route advertisements belonging to the local AS can result in traffic looping or being black holed, or at a minimum using a nonoptimized path.

Check Content

Review BGP neighbor configuration using "show running-config | begin router bgp".  

If any BGP neighbor is configured for the "neighbor x.x.x. allowas-in" command, this is a finding.

Fix Text

Remove the command "neighbor x.x.x.x allowas-in" where found in the BGP neighbor configuration.