09-20-2007 09:44 AM
I need to control the Ip address that is used as the source IP address when a router responds to a snmp configuration request to tftp it running config to a server. Is there a way to control this?
09-20-2007 10:32 AM
The only approach I can think of is restricting outbound tftp traffic with ACL on the device. On the Solaris OS, ports below 1023 are privileged, so one must be the root user to have a tftp server listening. That's another safeguard against rogue tftp server.
09-20-2007 04:35 PM
Configure an ACL and then apply it to your snmp rw comm string. Without snmp RW access the NMS will not be able to perform an snmpset to initiate a tftp transfer
access-list 1 permit 1.1.1.1
snmp-server community private rw 1
You could also add snmp views to limit MIB access to the device as well
09-20-2007 05:53 PM
I could have the wrong end of the stick here compared with the other responses...
We use:
ip tftp source-interface interface-name
to make sure that the device uses the correct source IP address.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: