From Arista MLS DCS-7000 Series RTR Security Technical Implementation Guide
Part of SRG-NET-000019-RTR-000014
Associated with: CCI-001414
The out-of-band management access switch will connect to the management interface of the managed network elements. The management interface can be a true out-of-band management interface or a standard interface functioning as the management interface. In either case, the management interface of the managed network element will directly connect to the out-of-band management network.
Review the configuration to verify the management interface is configured as passive for the Interior Gateway Protocol instance for the managed network. The configuration of the routing protocol viewable via the "show running-config" command must include the following statement: passive-interface [management] [#] or passive-interface [default] Note that not all protocols support the concept of a passive interface, such as the use of BGP for an IGP. As the function of these protocols is different, if this statement is missing from a protocol that does not support this function, this is not a finding. If the management interface is not configured as passive for the Interior Gateway Protocol instance for the managed network, this is a finding.
Configure the management interface as passive for the Interior Gateway Protocol instance configured for the managed network. From the router configuration interface: passive-interface management [#]
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer