STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Cisco NX OS Switch RTR Security Technical Implementation Guide

V-221146

CAT III (Low)

The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to limit the amount of source-active messages it accepts on a per-peer basis.

Rule ID

SV-221146r1137903_rule

STIG

Cisco NX OS Switch RTR Security Technical Implementation Guide

Version

V3R4

CCIs

CCI-001368

Discussion

To reduce any risk of a denial-of-service (DoS) attack from a rogue or misconfigured MSDP switch, the switch must be configured to limit the number of source-active messages it accepts from each peer.

Check Content

Review the switch configuration to determine if it is configured to limit the amount of source-active messages it accepts on a per-peer basis.

ip msdp peer x.1.28.2 connect-source Ethernet2/1 remote-as nn
…
…
…
ip msdp sa-limit x.1.28.2 nnn

If the switch is not configured to limit the source-active messages it accepts, this is a finding.

Fix Text

Configure the switch to limit the amount of source-active messages it accepts from each peer.

SW1(config)# ip msdp sa-limit x.1.28.2 nnn
SW1(config)# end