STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Arista MLS EOS 4.X Router Security Technical Implementation Guide

V-255995

CAT III (Low)

The Arista MSDP router must be configured to limit the amount of source-active messages it accepts on per-peer basis.

Rule ID

SV-255995r882327_rule

STIG

Arista MLS EOS 4.X Router Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-001368

Discussion

To reduce any risk of a denial-of-service (DoS) attack from a rogue or misconfigured MSDP router, the router must be configured to limit the number of source-active messages it accepts from each peer.

Check Content

To verify the MSDP peer and the sa-limit filter is configured, execute the command "show run | sec router msdp".

router msdp 
 peer 10.1.12.2
   sa-limit 500
 peer 10.1.55.78
   sa-limit 900

If the Arista router is not configured with a peer limit, this is a finding.

Fix Text

Configure the Arista MSDP router to limit the amount of source-active messages it accepts from each peer.

!
router (config) #router msdp
router (config-router-msdp) #peer 10.1.1.5
router (config-router-msdp-peer 10.1.1.5) # sa-limit 500
router (config-router-msdp) #peer 10.1.55.78
router (config-router-msdp-peer 10.1.55.78) # sa-limit 900
router (config-router-msdp-peer 10.1.55.78) # exit