STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Arista MLS EOS 4.2x Router Security Technical Implementation Guide

V-256059

CAT II (Medium)

The Arista perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces.

Rule ID

SV-256059r882519_rule

STIG

Arista MLS EOS 4.2x Router Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000366

Discussion

Many of the known attacks in stateless autoconfiguration are defined in RFC 3756 were present in IPv4 ARP attacks. To mitigate these vulnerabilities, links that have no hosts connected such as the interface connecting to external gateways must be configured to suppress router advertisements.

Check Content

This requirement is not applicable for the DODIN backbone. 

Review the Arista router configuration to verify Router Advertisements are suppressed on all external IPv6-enabled interfaces.

<Example configuration for VLAN 200>
interface vlan 200
 ipv6 nd ra disabled all

If the Arista router is not configured to suppress Router Advertisements on all external IPv6-enabled interfaces, this is a finding.

Fix Text

This requirement is not applicable for the DODIN backbone. 

Configure the Arista router to suppress Router Advertisements on all external IPv6-enabled interfaces.

Configure the Arista router to suppress RAs on all IPv6 enabled interface as in the following example for VLAN 200:

router(config)#interface vlan 200
router(config-vl200)#ipv6 nd ra disabled all
router(config-vl200)#