2.4.1 Create a single 'interface loopback' - 'Only one loopback interface is defined'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Configure a single loopback interface.

Rationale:

Software-only loopback interface that emulates an interface that is always up. It is a virtual interface supported on all platforms.

Alternate loopback addresses create a potential for abuse, mis-configuration, and inconsistencies. Additional loopback interfaces must be documented and approved prior to use by local security personnel.

Solution

Define and configure one loopback interface.


hostname(config)#interface loopback <number>
hostname(config-if)#ip address <loopback_ip_address> <loopback_subnet_mask>

Impact:

Organizations should plan and establish 'loopback interfaces' for the enterprise network. Loopback interfaces enable critical network information such as OSPF Router IDs and provide termination points for routing protocol sessions.

Default Value:

There are no loopback interfaces defined by default.

References:

http://www.cisco.com/en/US/docs/ios-xml/ios/interface/command/ir-i1.html#GUID-0D6BDFCD-3FBB-4D26-A274-C1221F8592DF

See Also

https://workbench.cisecurity.org/files/2585

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv6|9.1

Plugin: Cisco

Control ID: f4e4bdab794388e32842dbe232e30d66ed0c710fb8ce660f7c189b42effd4063