Hello Fellows,
I'm trying to find if there is any Cisco authored or reputable sources for recommended practice when it comes to scanning interfaces on Cisco routers.
Our vulnerability management teams insist on them being able to scan all interfaces, but we want to limit the scanning to the loopback interface. Rationale is that we don't want business mission critical segments to be scanned, one for potential of unintended issues like network overload, and the other is because our vulnerability reports can show duplicate issues for which is a skewed view of the actual number of findings.
Any pointers at documentation for or against this would be greatly appreciated.