The RUCKUS ICX BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS).
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-273571 | SRG-NET-000018-RTR-000003 | RCKS-RTR-000030 | SV-273571r1110907_rule | 2025-06-03 | 1 |
| Description |
|---|
| Accepting route advertisements belonging to the local AS can result in traffic looping or being black holed, or at a minimum using a nonoptimized path. |
| ℹ️ Check |
|---|
| Review BGP neighbor configuration using "show running-config | begin router bgp". If any BGP neighbor is configured for the "neighbor x.x.x. allowas-in" command, this is a finding. |
| ✔️ Fix |
|---|
| Remove the command "neighbor x.x.x.x allowas-in" where found in the BGP neighbor configuration. |