Solved: acl

danielbj66 · ‎04-03-2014

Shouldnt this acl permit tftp from host 10.0.0.68, but deny any other tftp request? and also permit any other request other then tftp?

access-list 100 permit udp host 10.0.0.68 eq tftp host 10.0.0.82 eq tftp

access-list 100 deny udp any eq tftp any eq tftp

access-list 100 permit ip any any

Marvin Rhoads · ‎04-03-2014

Not really. There are a couple of flaws in your premises - Please refer to this thread for a better ACL setup.

Generally speakng tftp only uses udp/69 for the initial destination protocol and port. The initial source port is randomly chosen and that exchange also sets up the Transaction ID (TID) which influences the subsequent udp ports used for the actual transfer. See also this book excerpt for a more in-depth explanation:

View solution in original post

Marvin Rhoads · ‎04-03-2014

Not really. There are a couple of flaws in your premises - Please refer to this thread for a better ACL setup.

Generally speakng tftp only uses udp/69 for the initial destination protocol and port. The initial source port is randomly chosen and that exchange also sets up the Transaction ID (TID) which influences the subsequent udp ports used for the actual transfer. See also this book excerpt for a more in-depth explanation:

acl

Shouldnt this acl permit tftp from host 10.0.0.68, but deny any other tftp request? and also permit any other request other then tftp?access-list 100 permit udp host 10.0.0.68 eq tftp host 10.0.0.82 eq tftpaccess-list 100 deny udp any eq tftp any eq tftpaccess-list 100 permit ip any any

Shouldnt this acl permit tftp from host 10.0.0.68, but deny any other tftp request? and also permit any other request other then tftp?

access-list 100 permit udp host 10.0.0.68 eq tftp host 10.0.0.82 eq tftp

access-list 100 deny udp any eq tftp any eq tftp

access-list 100 permit ip any any