3.9 Ensure only one loopback address is set

Information

Configure only one Loopback address per Routing Instance

Rationale:

Multiple Loopback addresses create potential for abuse, mis-configuration and confusion. A maximum of one address per address family should be set on the system's loopback address in each Routing Instance.

Alternative Loopback addresses should be configured with caution and, where they must be used, should be clearly documented.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

To remove an additional loopback addresses enter the following command from the [edit interfaces] hierarchy for each address to be removed:

[edit interfaces]
user@host#delete lo0 unit <unit number> family <address family> address <address to be removed>

Default Value:

No Loopback Address is configured by default.

See Also

https://workbench.cisecurity.org/files/3069

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv7|11

Plugin: Juniper

Control ID: 0683b96514e60ee2f633fd782b2db29149b775ef1682fd17707db247dbd055a0