Using SNMP/TFTP for configuration Mangement

Unanswered Question
Sep 20th, 2007

I need to control the Ip address that is used as the source IP address when a router responds to a snmp configuration request to tftp it running config to a server. Is there a way to control this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
yjdabear Thu, 09/20/2007 - 10:32

The only approach I can think of is restricting outbound tftp traffic with ACL on the device. On the Solaris OS, ports below 1023 are privileged, so one must be the root user to have a tftp server listening. That's another safeguard against rogue tftp server.

David Stanford Thu, 09/20/2007 - 16:35

Configure an ACL and then apply it to your snmp rw comm string. Without snmp RW access the NMS will not be able to perform an snmpset to initiate a tftp transfer

access-list 1 permit 1.1.1.1

snmp-server community private rw 1

You could also add snmp views to limit MIB access to the device as well

Jeff Law Thu, 09/20/2007 - 17:53

I could have the wrong end of the stick here compared with the other responses...

We use:

ip tftp source-interface interface-name

to make sure that the device uses the correct source IP address.

Actions

This Discussion