Free DISA STIG and SRG Library | Vaulted
  1. Security Guide Library
  2. HP FlexFabric Switch RTR Security Technical Implementation Guide
  3. V-66125

V-66125

The HP FlexFabric Switch must configure the maximum hop limit value to at least 32.

Finding ID
HFFS-RT-000019
Rule ID
SV-80615r2_rule80615r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-NET-000512000205-RTR-000012000108
CCI
CCI-001097
Target Key
(None)
Documentable
No
Discussion

The Neighbor Discovery protocol allows a hop limit value to be advertised by routers in a Router Advertisement message to be used by hosts instead of the standardized default value. If a very small value was configured and advertised to hosts on the LAN segment, communications would fail due to the hop limit reaching zero before the packets sent by a host reached their destination.

Fix Text

If the max hop set is not configured then use the following command to configure it: [HP] ipv6 hop-limit 255

Check Content

Review the HP FlexFabric Switch configuration to determine if the maximum hop limit has been configured. If the maximum hop limit is not configured, this is a finding. If it has been configured, then it must be set to at least 32; otherwise this is a finding. [5900CP]display current-configuration | i hop-limit ipv6 hop-limit 255 Note: The default value for the maximum hop limit is 64.

Vaulted is more than a library.

SIGN UP FOR FREE