cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1127
Views
0
Helpful
2
Replies

Access List....TFTP

jstickland
Level 1
Level 1

When a server starts sending the file, i see a random port being used. Now how are we supposed to write a proper ACL for this...accept everything from the host? Modify the tftp server source code?

Please help.

2 Replies 2

lgijssel
Level 9
Level 9

Session initiation will use the well-known ports (69 for tftp). You should check for that in your acl and only permit the hosts you want. When you can deny the request you also have control over the session, even when all other udp ports are permitted on the last line of your acl.

Regards,

Leo

James

When a client initiates TFTP to a server it will use the well known port UDP 69 as the destination port and will choose some high number port as the source port. So to write a proper access list you can examine for the TFTP server address and can examine for port 69 (it will be source port or destination port depending on where the access list is applied and its direction). I would suggest not attempting to examine the other port since it is not predictable.

HTH

Rick

HTH

Rick
Review Cisco Networking for a $25 gift card