Using SNMP/TFTP for configuration Mangement

Unanswered Question
Sep 20th, 2007
User Badges:

I need to control the Ip address that is used as the source IP address when a router responds to a snmp configuration request to tftp it running config to a server. Is there a way to control this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
yjdabear Thu, 09/20/2007 - 10:32
User Badges:
  • Gold, 750 points or more

The only approach I can think of is restricting outbound tftp traffic with ACL on the device. On the Solaris OS, ports below 1023 are privileged, so one must be the root user to have a tftp server listening. That's another safeguard against rogue tftp server.

David Stanford Thu, 09/20/2007 - 16:35
User Badges:
  • Cisco Employee,

Configure an ACL and then apply it to your snmp rw comm string. Without snmp RW access the NMS will not be able to perform an snmpset to initiate a tftp transfer


access-list 1 permit 1.1.1.1


snmp-server community private rw 1


You could also add snmp views to limit MIB access to the device as well

Jeff Law Thu, 09/20/2007 - 17:53
User Badges:

I could have the wrong end of the stick here compared with the other responses...


We use:


ip tftp source-interface interface-name


to make sure that the device uses the correct source IP address.

Actions

This Discussion