STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Cisco IOS XE Switch RTR Security Technical Implementation Guide

V-221068

CAT III (Low)

The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to limit the amount of source-active messages it accepts on a per-peer basis.

Rule ID

SV-221068r1137903_rule

STIG

Cisco IOS XE Switch RTR Security Technical Implementation Guide

Version

V3R4

CCIs

CCI-001368

Discussion

To reduce any risk of a denial-of-service (DoS) attack from a rogue or misconfigured MSDP switch, the switch must be configured to limit the number of source-active messages it accepts from each peer.

Check Content

Review the switch configuration to determine if it is configured to limit the amount of source-active messages it accepts on a per-peer basis.

ip msdp peer x.1.28.2 remote-as nn
ip msdp sa-filter in 10.1.28.2 list MSDP_SA_FILTER
ip msdp sa-limit X.1.28.2 nnn

If the switch is not configured to limit the source-active messages it accepts, this is a finding.

Fix Text

Configure the switch to limit the amount of source-active messages it accepts from each peer.

SW1(config)#ip msdp sa-limit x.1.28.2 nnn