cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
343
Views
2
Helpful
3
Replies

9300: ping works, tftp does not, no ACLs blocking...

jmaxwellUSAF
Enthusiast
Enthusiast

Hello.
GIVEN: (obfuscated)
Most other devices can successfully tftp to the tftp server.

ISR4321-K9, 172.16.8.9/24 <==nexus9300==> tftp server 172.16.8.6/24
--

ISR4321-K9#copy run tftp
Address or name of remote host []? 172.16.8.6
Destination filename [ISR4321-K9-confg]? delete-this
.....
%Error opening tftp://172.16.8.6/delete-this (Timed out)

ISR4321-K9#ping 172.16.8.6
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

ISR4321-K9#traceroute 172.16.8.6
1 172.16.8.6 1 msec 1 msec 0 msec
==========

QUESTION: Why does the above tftp transaction not work?
---

Additional data below (obfuscated)...

nexus9300# sh ip int br
IP Interface Status for VRF "default"(1)
Vlan3 172.16.8.5

nexus9300# sh ip route 172.16.8.6
IP Route Table for VRF "default"
172.16.8.6/32, ubest/mbest: 1/0, attached
*via 172.16.8.6, Vlan3, [250/0], 7w0d, am
---

nexus9300# sh access-lists tac-list1
nexus9300#
---

nexus9300# sh access-lists IP_DENY_211
nexus9300#
---

interface port-channel2
switchport mode trunk
switchport trunk allowed vlan 2,3,20,30,35
ip port access-group tac-list1 in
speed 10000
vpc 112
---

interface Ethernet1/13
description Uplink to DMVPN Router
switchport access vlan 80
ip port access-group IP_DENY_211 in
spanning-tree port type edge
---

interface Ethernet1/14
description Uplink to DMVPN Router
switchport access vlan 80
ip port access-group IP_DENY_211 in
spanning-tree port type edge

# sh run | inc access-gr
match access-group name ControlPlaneICMP
match access-group name copp-acl-bgp-CUSTOMIZED-COPP
match access-group name copp-acl-rip-CUSTOMIZED-COPP
match access-group name copp-acl-vpc-CUSTOMIZED-COPP
match access-group name copp-acl-bgp6-CUSTOMIZED-COPP
match access-group name copp-acl-ospf-CUSTOMIZED-COPP
match access-group name copp-acl-rip6-CUSTOMIZED-COPP
match access-group name copp-acl-eigrp-CUSTOMIZED-COPP
match access-group name copp-acl-ospf6-CUSTOMIZED-COPP
match access-group name copp-acl-eigrp6-CUSTOMIZED-COPP
match access-group name copp-acl-auto-rp-CUSTOMIZED-COPP
match access-group name copp-acl-mac-l2pt-CUSTOMIZED-COPP
match access-group name copp-acl-glbp-CUSTOMIZED-COPP
match access-group name copp-acl-hsrp-CUSTOMIZED-COPP
match access-group name copp-acl-vrrp-CUSTOMIZED-COPP
match access-group name copp-acl-wccp-CUSTOMIZED-COPP
match access-group name copp-acl-hsrp6-CUSTOMIZED-COPP
match access-group name copp-acl-mac-lldp-CUSTOMIZED-COPP
match access-group name copp-acl-icmp6-msgs-CUSTOMIZED-COPP
match access-group name copp-acl-mac-flow-control-CUSTOMIZED-COPP
match access-group name copp-acl-mac-undesirable-CUSTOMIZED-COPP
match access-group name copp-acl-mac-stp-CUSTOMIZED-COPP
match access-group name copp-acl-mac-lacp-CUSTOMIZED-COPP
match access-group name copp-acl-mac-cfsoe-CUSTOMIZED-COPP
match access-group name copp-acl-mac-sdp-srp-CUSTOMIZED-COPP
match access-group name copp-acl-mac-l2-tunnel-CUSTOMIZED-COPP
match access-group name copp-acl-mac-cdp-udld-vtp-CUSTOMIZED-COPP
match access-group name copp-acl-ftp-CUSTOMIZED-COPP
match access-group name copp-acl-ntp-CUSTOMIZED-COPP
match access-group name copp-acl-ssh-CUSTOMIZED-COPP
match access-group name copp-acl-ntp6-CUSTOMIZED-COPP
match access-group name copp-acl-sftp-CUSTOMIZED-COPP
match access-group name copp-acl-snmp-CUSTOMIZED-COPP
match access-group name copp-acl-ssh6-CUSTOMIZED-COPP
match access-group name copp-acl-tftp-CUSTOMIZED-COPP
match access-group name copp-acl-tftp6-CUSTOMIZED-COPP
match access-group name copp-acl-radius-CUSTOMIZED-COPP
match access-group name copp-acl-tacacs-CUSTOMIZED-COPP
match access-group name copp-acl-telnet-CUSTOMIZED-COPP
match access-group name copp-acl-radius6-CUSTOMIZED-COPP
match access-group name copp-acl-tacacs6-CUSTOMIZED-COPP
match access-group name copp-acl-telnet6-CUSTOMIZED-COPP
match access-group name copp-acl-icmp-CUSTOMIZED-COPP
match access-group name copp-acl-icmp6-CUSTOMIZED-COPP
match access-group name copp-acl-traceroute-CUSTOMIZED-COPP
match access-group name copp-acl-pim-CUSTOMIZED-COPP
match access-group name copp-acl-msdp-CUSTOMIZED-COPP
match access-group name copp-acl-pim6-CUSTOMIZED-COPP
match access-group name copp-acl-pim-reg-CUSTOMIZED-COPP
match access-group name copp-acl-pim6-reg-CUSTOMIZED-COPP
match access-group name copp-acl-pim-mdt-join-CUSTOMIZED-COPP
match access-group name copp-acl-mac-dot1x-CUSTOMIZED-COPP
match access-group name copp-acl-dhcp-CUSTOMIZED-COPP
match access-group name copp-acl-dhcp6-CUSTOMIZED-COPP
match access-group name copp-acl-dhcp-relay-response-CUSTOMIZED-COPP
match access-group name copp-acl-dhcp6-relay-response-CUSTOMIZED-COPP
match access-group name copp-acl-igmp-CUSTOMIZED-COPP
match access-group name copp-acl-undesirable-CUSTOMIZED-COPP
ip port access-group tac-list1 in
ip port access-group IP_DENY_211 in
ip port access-group IP_DENY_211 in