From: Joseph Saad (joseph.samir.saad@gmail.com)
Date: Mon Jan 07 2008 - 09:01:53 ARST
or replace your ACL with MQC-based security and NBAR to match TFTP.
You can match (or not match) TFTP by
class-map match-any DISALLOWED_TRAFFIC
match not protocol tftp
match other "disallowed" traffic
policy-map POLICY
class DISALLOWED_TRAFFIC
drop
int Wx/y
service-policy out POLICY
On Jan 7, 2008 1:54 PM, Geert Nijs <Geert.Nijs@simac.be> wrote:
> Hi group,
>
> Does TFTP uses other ports like UDP 69 ?
> ie maybe also dynamically assigned data transfer ports like FTP ?
>
> In between a switch and a Ciscoworks/TFTP server i am seeing hits on
> random UDP ports, and i suspect this has something to do
> with the automatic config download towards the Ciscoworks server:
>
>
> Dec 20 14:28:07.101 CET: %SEC-6-IPACCESSLOGP: list 100 denied udp
> 193.74.xxx.4(38052) -> 10.63.xxx.2(49872), 5 packets
>
> Dec 20 14:28:07.101 CET: %SEC-6-IPACCESSLOGP: list 100 denied udp
> 193.74.xxx.4(37992) -> 10.63.xxx.2(49872), 9 packets
>
> Dec 20 14:28:07.101 CET: %SEC-6-IPACCESSLOGP: list 100 denied udp
> 193.74.xxx.4(37990) -> 10.63.xxx.2(49516), 9 packets
>
> Dec 20 14:28:07.101 CET: %SEC-6-IPACCESSLOGP: list 100 denied udp
> 193.74.xxx.4(38028) -> 10.63.xxx.2(49872), 5 packets
>
> Dec 20 14:28:07.101 CET: %SEC-6-IPACCESSLOGP: list 100 denied udp
> 193.74.xxx.4(38058) -> 10.63.xxx.2(49516), 9 packets
>
>
>
>
>
> Is this true ?
>
> Is so, is there a command to disable this behaviour and to force TFTP to
> always use port UDP 69 only ?
>
>
>
>
>
> regards,
>
> Geert
>
> ________________________________
> disclaimer : http://webservices.simac.be/disclaimer.htm
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST