Free DISA STIG and SRG Library | Vaulted

V-30617

The administrator must ensure that the maximum hop limit is at least 32.

Finding ID
NET-IPV6-059
Rule ID
SV-40390r1_rule
Severity
Cat III
CCE
(None)
Group Title
Maximum hop limit is less than 32
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

The Neighbor Discovery protocol allows a hop limit value to be advertised by routers in a Router Advertisement message to be used by hosts instead of the standardized default value. If a very small value was configured and advertised to hosts on the LAN segment, communications would fail due to hop limit reaching zero before the packets sent by a host reached its destination.

Fix Text

Configure maximum hop limit to at least 32.

Check Content

Review the router or multi-layer switch configuration to determine if the default maximum hop limit has been configured. If it has been configured, then it must be set to at least 32. protocols { … … router-advertisement { interface [fe-1/1/1 fe-1/1/2] { current-hop-limit 128; } … } } Note: The JUNOS default is 64. Hence, if the hop limit is not configured, the router will be in compliance with the requirement.

Responsibility

Information Assurance Officer