09-20-2007 09:44 AM
I need to control the Ip address that is used as the source IP address when a router responds to a snmp configuration request to tftp it running config to a server. Is there a way to control this?
09-20-2007 10:32 AM
The only approach I can think of is restricting outbound tftp traffic with ACL on the device. On the Solaris OS, ports below 1023 are privileged, so one must be the root user to have a tftp server listening. That's another safeguard against rogue tftp server.
09-20-2007 04:35 PM
Configure an ACL and then apply it to your snmp rw comm string. Without snmp RW access the NMS will not be able to perform an snmpset to initiate a tftp transfer
access-list 1 permit 1.1.1.1
snmp-server community private rw 1
You could also add snmp views to limit MIB access to the device as well
09-20-2007 05:53 PM
I could have the wrong end of the stick here compared with the other responses...
We use:
ip tftp source-interface interface-name
to make sure that the device uses the correct source IP address.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide