The RUCKUS ICX BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS).
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-273571 | SRG-NET-000018-RTR-000003 | RCKS-RTR-000030 | SV-273571r1110907_rule | 2025-06-03 | 1 |
Description
Accepting route advertisements belonging to the local AS can result in traffic looping or being black holed, or at a minimum using a nonoptimized path.
ℹ️ Check
Review BGP neighbor configuration using "show running-config | begin router bgp".
If any BGP neighbor is configured for the "neighbor x.x.x. allowas-in" command, this is a finding.
✔️ Fix
Remove the command "neighbor x.x.x.x allowas-in" where found in the BGP neighbor configuration.