Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access List....TFTP

When a server starts sending the file, i see a random port being used. Now how are we supposed to write a proper ACL for this...accept everything from the host? Modify the tftp server source code?

Please help.

2 REPLIES

Re: Access List....TFTP

Session initiation will use the well-known ports (69 for tftp). You should check for that in your acl and only permit the hosts you want. When you can deny the request you also have control over the session, even when all other udp ports are permitted on the last line of your acl.

Regards,

Leo

Hall of Fame Super Silver

Re: Access List....TFTP

James

When a client initiates TFTP to a server it will use the well known port UDP 69 as the destination port and will choose some high number port as the source port. So to write a proper access list you can examine for the TFTP server address and can examine for port 69 (it will be source port or destination port depending on where the access list is applied and its direction). I would suggest not attempting to examine the other port since it is not predictable.

HTH

Rick

576
Views
0
Helpful
2
Replies