cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
775
Views
2
Helpful
3
Replies

9300: ping works, tftp does not, no ACLs blocking...

Hello.
GIVEN: (obfuscated)
Most other devices can successfully tftp to the tftp server.

ISR4321-K9, 172.16.8.9/24 <==nexus9300==> tftp server 172.16.8.6/24
--

ISR4321-K9#copy run tftp
Address or name of remote host []? 172.16.8.6
Destination filename [ISR4321-K9-confg]? delete-this
.....
%Error opening tftp://172.16.8.6/delete-this (Timed out)

ISR4321-K9#ping 172.16.8.6
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

ISR4321-K9#traceroute 172.16.8.6
1 172.16.8.6 1 msec 1 msec 0 msec
==========

QUESTION: Why does the above tftp transaction not work?
---

Additional data below (obfuscated)...

nexus9300# sh ip int br
IP Interface Status for VRF "default"(1)
Vlan3 172.16.8.5

nexus9300# sh ip route 172.16.8.6
IP Route Table for VRF "default"
172.16.8.6/32, ubest/mbest: 1/0, attached
*via 172.16.8.6, Vlan3, [250/0], 7w0d, am
---

nexus9300# sh access-lists tac-list1
nexus9300#
---

nexus9300# sh access-lists IP_DENY_211
nexus9300#
---

interface port-channel2
switchport mode trunk
switchport trunk allowed vlan 2,3,20,30,35
ip port access-group tac-list1 in
speed 10000
vpc 112
---

interface Ethernet1/13
description Uplink to DMVPN Router
switchport access vlan 80
ip port access-group IP_DENY_211 in
spanning-tree port type edge
---

interface Ethernet1/14
description Uplink to DMVPN Router
switchport access vlan 80
ip port access-group IP_DENY_211 in
spanning-tree port type edge

# sh run | inc access-gr
match access-group name ControlPlaneICMP
match access-group name copp-acl-bgp-CUSTOMIZED-COPP
match access-group name copp-acl-rip-CUSTOMIZED-COPP
match access-group name copp-acl-vpc-CUSTOMIZED-COPP
match access-group name copp-acl-bgp6-CUSTOMIZED-COPP
match access-group name copp-acl-ospf-CUSTOMIZED-COPP
match access-group name copp-acl-rip6-CUSTOMIZED-COPP
match access-group name copp-acl-eigrp-CUSTOMIZED-COPP
match access-group name copp-acl-ospf6-CUSTOMIZED-COPP
match access-group name copp-acl-eigrp6-CUSTOMIZED-COPP
match access-group name copp-acl-auto-rp-CUSTOMIZED-COPP
match access-group name copp-acl-mac-l2pt-CUSTOMIZED-COPP
match access-group name copp-acl-glbp-CUSTOMIZED-COPP
match access-group name copp-acl-hsrp-CUSTOMIZED-COPP
match access-group name copp-acl-vrrp-CUSTOMIZED-COPP
match access-group name copp-acl-wccp-CUSTOMIZED-COPP
match access-group name copp-acl-hsrp6-CUSTOMIZED-COPP
match access-group name copp-acl-mac-lldp-CUSTOMIZED-COPP
match access-group name copp-acl-icmp6-msgs-CUSTOMIZED-COPP
match access-group name copp-acl-mac-flow-control-CUSTOMIZED-COPP
match access-group name copp-acl-mac-undesirable-CUSTOMIZED-COPP
match access-group name copp-acl-mac-stp-CUSTOMIZED-COPP
match access-group name copp-acl-mac-lacp-CUSTOMIZED-COPP
match access-group name copp-acl-mac-cfsoe-CUSTOMIZED-COPP
match access-group name copp-acl-mac-sdp-srp-CUSTOMIZED-COPP
match access-group name copp-acl-mac-l2-tunnel-CUSTOMIZED-COPP
match access-group name copp-acl-mac-cdp-udld-vtp-CUSTOMIZED-COPP
match access-group name copp-acl-ftp-CUSTOMIZED-COPP
match access-group name copp-acl-ntp-CUSTOMIZED-COPP
match access-group name copp-acl-ssh-CUSTOMIZED-COPP
match access-group name copp-acl-ntp6-CUSTOMIZED-COPP
match access-group name copp-acl-sftp-CUSTOMIZED-COPP
match access-group name copp-acl-snmp-CUSTOMIZED-COPP
match access-group name copp-acl-ssh6-CUSTOMIZED-COPP
match access-group name copp-acl-tftp-CUSTOMIZED-COPP
match access-group name copp-acl-tftp6-CUSTOMIZED-COPP
match access-group name copp-acl-radius-CUSTOMIZED-COPP
match access-group name copp-acl-tacacs-CUSTOMIZED-COPP
match access-group name copp-acl-telnet-CUSTOMIZED-COPP
match access-group name copp-acl-radius6-CUSTOMIZED-COPP
match access-group name copp-acl-tacacs6-CUSTOMIZED-COPP
match access-group name copp-acl-telnet6-CUSTOMIZED-COPP
match access-group name copp-acl-icmp-CUSTOMIZED-COPP
match access-group name copp-acl-icmp6-CUSTOMIZED-COPP
match access-group name copp-acl-traceroute-CUSTOMIZED-COPP
match access-group name copp-acl-pim-CUSTOMIZED-COPP
match access-group name copp-acl-msdp-CUSTOMIZED-COPP
match access-group name copp-acl-pim6-CUSTOMIZED-COPP
match access-group name copp-acl-pim-reg-CUSTOMIZED-COPP
match access-group name copp-acl-pim6-reg-CUSTOMIZED-COPP
match access-group name copp-acl-pim-mdt-join-CUSTOMIZED-COPP
match access-group name copp-acl-mac-dot1x-CUSTOMIZED-COPP
match access-group name copp-acl-dhcp-CUSTOMIZED-COPP
match access-group name copp-acl-dhcp6-CUSTOMIZED-COPP
match access-group name copp-acl-dhcp-relay-response-CUSTOMIZED-COPP
match access-group name copp-acl-dhcp6-relay-response-CUSTOMIZED-COPP
match access-group name copp-acl-igmp-CUSTOMIZED-COPP
match access-group name copp-acl-undesirable-CUSTOMIZED-COPP
ip port access-group tac-list1 in
ip port access-group IP_DENY_211 in
ip port access-group IP_DENY_211 in

1 Accepted Solution

Accepted Solutions

Jan Rolny
Level 3
Level 3

Hi jmaxwellUSAF,

sometime routers does not like this simple tftp copy because they don't have defined source interface they should use for tftp transfer. Try this command ip tftp source-interface interface x/x/x

Best regards,

Jan

***please rate post if helpful***

View solution in original post

3 Replies 3

Jan Rolny
Level 3
Level 3

Hi jmaxwellUSAF,

sometime routers does not like this simple tftp copy because they don't have defined source interface they should use for tftp transfer. Try this command ip tftp source-interface interface x/x/x

Best regards,

Jan

***please rate post if helpful***

It would help if we had more information about the configuration of 4321. You seem to think that the issue is with 9300. What is the basis of this?

Can you attempt the tftp transfer again and then check the logs of the tftp server? Does it see the incoming request? Are there any other log entries about this?

HTH

Rick

This solved it...

ISR4321(config)#ip tftp source-interface interface g1/2/3

Thank you!!!

Review Cisco Networking for a $25 gift card