07-31-2023 07:20 AM
Catalyst switches stated sending TFTP read reqests to 169.254.192.201, a non-routable address. No config changes. Anyone seen this before?
07-31-2023 07:33 AM
169.254.0.0 is a routable segment.
HTH
07-31-2023 08:12 AM
Link-local address - Wikipedia
Link-local addresses are not guaranteed to be unique beyond their network segment. Therefore, routers do not forward packets with link-local source or destination addresses.
IPv4 link-local addresses are assigned from address block 169.254.0.0/16 (169.254.0.0 through 169.254.255.255). In IPv6, they are assigned from the block fe80::/10.
07-31-2023 07:37 AM
Some examples of the traffic being sent:
test450511714445722709416908054425236669630635375239919.octet
test-67903439738703853141690805442523319874223469471273.octet.blksize.8192
07-31-2023 07:40 AM
Check if you run
Eem backup config
Knor backup config
Auto backup
07-31-2023 08:14 AM
Just running catalyst switches.
07-31-2023 07:54 AM
Hi @Steven Wiig
169.254.192.201 is APIPA address. Does you TFTP server is installed in a windows machine ?
07-31-2023 08:12 AM
The TFTP server that receives backup configs overnight is on a Windows server.
07-31-2023 08:21 AM
By any chance this server use DHCP and is not getting IP?
How do you call TFTP server from the switch?
08-01-2023 07:59 AM
Static IP. Our normal backup solution pulls the config from the switches, the switches don't push it independently, otherwise I use the CNA software to take occasional manual backups.
07-31-2023 08:26 AM
I mention before check the config of backup,
also check NTP config, it can that misconfig the SW make it send backup.
07-31-2023 08:45 AM
Neat, didn't know NTP could trigger backup events.
The NTP server is on a Windows server. It's not set to do anything other than tell time, that I know of.
Checking packet captures, here's an example of the network data: test450511714445722709416908054425236669630635375239919.octet
07-31-2023 08:47 AM
you mention that the backup overnight is send to TFTP ? am I correct
if Yes then
check NTP <<- inform the SW about time date
check Backup config <<- it can the backup is send in not config periodic time
08-02-2023 06:53 AM
The backup config runs hours before this event took place, there were no DHCP disruptions at the time. The switches randomly did an apparently TFTP read operation to a APIPA address.
08-04-2023 10:50 AM
So far I've been able to correlate this to when I take backups via the CNA software.
Extremely odd behavior for the switches to do TFTP read tests to an APIPA address.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide