The RUCKUS ICX BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-273571	RCKS-RTR-000030	SV-273571r1110907_rule		Medium

Description

Accepting route advertisements belonging to the local AS can result in traffic looping or being black holed, or at a minimum using a nonoptimized path.

STIG	Date
RUCKUS ICX Router Security Technical Implementation Guide	2025-06-03

Details

Check Text (C-77662r1109733_chk)

Review BGP neighbor configuration using "show running-config | begin router bgp".

If any BGP neighbor is configured for the "neighbor x.x.x. allowas-in" command, this is a finding.

Fix Text (F-77567r1109734_fix)

Remove the command "neighbor x.x.x.x allowas-in" where found in the BGP neighbor configuration.