STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Cisco IOS XE Router RTR Security Technical Implementation Guide

V-230045

CAT II (Medium)

The Cisco perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces.

Rule ID

SV-230045r647430_rule

STIG

Cisco IOS XE Router RTR Security Technical Implementation Guide

Version

V3R5

CCIs

CCI-000366

Discussion

Many of the known attacks in stateless autoconfiguration are defined in RFC 3756 were present in IPv4 ARP attacks. To mitigate these vulnerabilities, links that have no hosts connected such as the interface connecting to external gateways must be configured to suppress router advertisements.

Check Content

This requirement is not applicable for the DoDIN Backbone. 

Review the router configuration to verify that Router Advertisements are suppressed on all external IPv6-enabled interfaces as shown in the example below.

interface gigabitethernet1/0
 ipv6 address 2001::1:0:22/64
 ipv6 nd ra suppress

If the router is not configured to suppress Router Advertisements on all external IPv6-enabled interfaces, this is a finding.

Fix Text

Configure the router to suppress Router Advertisements on all external IPv6-enabled interfaces as shown in the example below.
R1(config)#int g1/0
R1(config-if)#ipv6 nd ra suppress
R1(config-if)#end