TFTP security lockdown

Unanswered Question
Apr 30th, 2008

We have multiple 3845 running CCME. We have been hit by our audit committee that TFTP is open on these devices. I know that tftp has to be open for the Cisco phones to function, but is there a way to lock the router down globally where no network can get to it except for the voice segment?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Wed, 04/30/2008 - 14:19

You could put an ACL on the other interfaces denying TFTP.

access-list 100 deny udp any any eq 69

access-list 100 permit ip any any

Hope that helps.


This Discussion