3.3.1.5 Set 'af-interface default'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Defines user defaults to apply to EIGRP interfaces that belong to an address-family.

Rationale:

Part of the EIGRP address-family setup

Solution

Configure the EIGRP address family.


hostname(config)#router eigrp <virtual-instance-name>
hostname(config-router)#address-family ipv4 autonomous-system {eigrp_as-number}
hostname(config-router-af)#af-interface default

Impact:

Organizations should plan and implement enterprise security policies that require rigorous authentication methods for routing protocols. Using 'af-interface default' for EIGRP interfaces enforces these policies by restricting the exchanges between predefined network devices.

Default Value:

Not set







References:

http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_eigrp/command/ire-i1.html#GUID-67388D6C-AE9C-47CA-8C35-2A2CF9FA668E

http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_eigrp/command/ire-a1.html#GUID-C03CFC8A-3CE3-4CF9-9D65-52990DBD3377

http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_eigrp/command/ire-a1.html#GUID-DC0EF1D3-DFD4-45DF-A553-FA432A3E7233

See Also

https://workbench.cisecurity.org/files/2585

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-3, CSCv6|11

Plugin: Cisco

Control ID: 1b7fb9931c5699d36b23b5d327e4e30e6e279f1681d2e70f0aaa49d84d898ebd