NET-MCAST-002 - PIM neighbor filter is not configured - 'ip access-list standard IP_PIM_NEIGHBORS_ACL'

Information

The administrator must ensure that a PIM neighbor filter is bound to all interfaces that have PIM enabled.

Protocol Independent Multicast (PIM) is a routing protocol used to build multicast distribution tress for forwarding multicast traffic across the network infrastructure. PIM traffic must be limited to only known PIM neighbors by configuring and binding a PIM neighbor filter to those interfaces that have PIM enabled.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

If IPv4 or IPv6 multicast routing is enabled, ensure that all interfaces enabled for PIM has a neighbor filter to only accept PIM control plane traffic from the documented routers according to the multicast topology diagram.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Network_Perimeter_Router_L3_Switch_V8R32_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-40314r1_rule, STIG-ID|NET-MCAST-002, Vuln-ID|V-30578

Plugin: Cisco

Control ID: 952681ec42433b7f9e8971d898bc725aaab7f5c51342e6f7dbaa7c28f03f0af2