AMLS-L3-000160 - If Border Gateway Protocol (BGP) is enabled on The Arista Multilayer Switch, The Arista Multilayer Switch must not be a BGP peer with a router from an Autonomous System belonging to any Alternate Gateway.

Information

The perimeter router will not use a routing protocol to advertise NIPRNet addresses to Alternate Gateways. Most ISPs use Border Gateway Protocol (BGP) to share route information with other autonomous systems, that is, any network under a different administrative control and policy than a local site. If BGP is configured on the perimeter router, no BGP neighbors will be defined to peer routers from an AS belonging to any Alternate Gateway. The only allowable method is a static route to reach the Alternate Gateway.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Configure a static route on the perimeter router to reach the AS of a router connecting to an Alternate Gateway

Ip route [destination/mask] [forwarding interface]

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Arista_MLS_DCS-7000_Series_Y24M07_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-4, CAT|II, CCI|CCI-001414, Rule-ID|SV-217494r382735_rule, STIG-ID|AMLS-L3-000160, STIG-Legacy|SV-75357, STIG-Legacy|V-60899, Vuln-ID|V-217494

Plugin: Arista

Control ID: fdebc420b7b635373fd47bd7d426ec1d001bea6871395cda7cf6f598b32b7674