Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
938
Views
1
Helpful
11
Replies

Cisco 4500X stopping tftp?

KGrev
Level 4
Level 4

‎06-09-2023 07:15 AM

Hi,

I have been troubleshooting a TFTP blockage for days now.

Initially i was testing from a pc, sending across a 4500X then a 9500 then to another pc and the file created at the distant pc would be limited to 1kb somehow. I did the same test to a solarwinds server tftp and 1kb was the cutoff again. I changed my source to a pc on a vpn and it would still stop at 1kb.

After much troubleshooting it appears to be the 4500X that is causing the issue. I can send from a vpn pc to a pc directly connected to the 4500X and the file will be 1Kb. Also if the 4500X tries to send a flash: file from itself to the solarwinds tftp server or the directly connected pc it will be a 1kb file.

Is there a way i can debug this traffic or see this behavior happening? Thanks for any help!

tftp.jpg

Labels:
0 Helpful
11 Replies 11

Flavio Miranda
VIP
VIP

‎06-09-2023 07:25 AM

Hi

   I would span the port for PC A and keep wireshark sniffing it for a while and than take a look on the logs. Not a guarantee but maybe the best way to actually see what can be happening. 

0 Helpful

KGrev
Level 4
Level 4
In response to Flavio Miranda

‎06-09-2023 07:30 AM

I have wireshark on PC A, should i still span or just capture from there?

0 Helpful

Flavio Miranda
VIP
VIP
In response to KGrev

‎06-09-2023 07:42 AM

If possible maybe both. As the span is the network perspective and sometimes not the same information from the PC perspective.

0 Helpful

KGrev
Level 4
Level 4
In response to Flavio Miranda

‎06-09-2023 11:28 AM

Sorry it has taken me a long time to respond. I am having the worst time trying to set up ERSPAN. Cant get it to connect.

As a side note, i did a wireshark on the pc that is trying to send the tftp file and it shows the same four packets as the image earlier.

0 Helpful

KGrev
Level 4
Level 4
In response to Flavio Miranda

‎06-09-2023 07:38 AM

If I wireshark directly from pc A, I get these 4 packets. Its the same at the solarwinds server also.

20230609_093629.jpg

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎06-09-2023 07:27 AM 

ip tftp block 8192

Is the above command present in any of the switches running IOS-XE?  

If it is, please change the block size to 1468 and try again.

0 Helpful

KGrev
Level 4
Level 4
In response to Leo Laohoo

‎06-09-2023 07:30 AM

@Leo LaohooThanks for your response. I just tried your previous command before your update for 8192, no change. Then i changed to 1468, same result.

 

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to KGrev

‎06-09-2023 08:43 AM

Did you check all IOS-XE switches?

0 Helpful

KGrev
Level 4
Level 4
In response to Leo Laohoo

‎06-09-2023 10:15 AM

@Leo LaohooThanks for your response. Currently my test is only using the 4500X so I only made adjustments on that device.

0 Helpful

MHM Cisco World
VIP
VIP

‎06-09-2023 11:45 AM

tftp.jpg
can you open the wiresharke SYN and SYN/ACK ? if Yes send me the photo of both packet 

0 Helpful

KGrev
Level 4
Level 4

‎06-14-2023 12:56 PM

In the end, faults in my own testing methodology were causing me issues and Mcafee was the culprit in the end.

Customers Also Viewed These Support Documents