Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1339
Views
0
Helpful
4
Replies

Access-list

g-lacoursiere
Level 1
Level 1

‎09-17-2009 05:05 PM - edited ‎03-06-2019 07:46 AM

Hi, I have been configuring access-list on a 2811 router to deny all traffic except TFTP. Right now, only the router who's IP adresse are in the ACL, can copy their running-config to the TFTP server. However, the router that is directly connected to the TFTP server, and on which interface the ACL is placed out, is enable to copy it's own running-config, even thow the ACL is not allowing his IP address (only those from the other routers in the network). Look like the routers is not passing it's own traffic in the ACL ?? Is thi possible ??.

Labels:
0 Helpful
4 Replies 4

Leo Laohoo
Hall of Fame
Hall of Fame

‎09-17-2009 05:47 PM

Can you post a network diagram and the config please?

0 Helpful

g-lacoursiere
Level 1
Level 1
In response to Leo Laohoo

‎09-17-2009 06:46 PM

Here is the topology and the runing-config of router named R2.

Its the R2 router that is able to copy to the TFTP server even though the access-list does not permit him to copy.

I hope this is not too confusing !!

Thanks for your answer.

Preview file
43 KB
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to g-lacoursiere

‎09-20-2009 08:29 PM

Just a test, but remove permit ip any any.

Have you tried using ip access-group TFTP in?

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎01-11-2010 03:44 AM

Hi,

Configure ip access-group TFTP in  in your interface and then check  and share your results !!

Regards

Ganesh.H

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card