TFTP Not Working W CBAC for some reason

From: Jason Madsen (madsen.jason@gmail.com)
Date: Sat Nov 08 2008 - 20:29:26 ARST

• Next message: Huan Pham: "Re: Relating Master Index to Configuration Guide"
• Previous message: CCielab@groupstudy.com: "Regain youth power"
• Next in thread: Huan Pham: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Huan Pham: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Bob Sinclair: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Bob Sinclair: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Bob Sinclair: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Bob Sinclair: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Dale Shaw: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Bob Sinclair: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello All,

...quick question. There are quite a lot of CBAC options available to use,
but overall it's a pretty straightforward technology...at least that's what
I've always thought and experienced until now. For whatever reason(s) CBAC
doesn't seem to be allowing me to tftp. Here's the basic config' I was
using:

*R1:*

tftp-server flash:test.txt

int f0/0
desc link to R0
ip add 1.1.1.2 255.255.255.252

*R0:*

int f0/0
desc link to R1
ip add 1.1.1.1 255.255.255.252
ip access-group 100 in
ip inspect TEST out

access-list 100 deny ip any any

ip inspect name TEST tcp router-traffic
ip inspect name TEST telnet
ip inspect name TEST tftp
ip inspect name TEST udp router-traffic
ip inspect name TEST icmp router-traffic

I am successfully able to telnet and ping to R1, but I can't get a file via
tftp. i'm able to get a file via tftp just fine when ACL 100 is removed,
but I can't seem to get CBAC make an opening for it. I do know that tftp
uses UDP (port 69) and i am using dynamips. do you think it's possible that
dynamips is too slow for CBAC to work with its default timers and such?
doesn't seem like it has anything to do with it to me...without ACL 100
applied, the file seems to transfer across very quickly.

debug ip inspect detail output when trying to tftp:

R0(config)#do copy tftp flash
Address or name of remote host [1.1.1.2]?
Source filename [test.txt]?
Destination filename [test.txt]?
Accessing tftp://1.1.1.2/test.txt...
*Mar 1 03:45:29.867: CBAC: Finding pregen session for src_tableid:0,
src_addr:1
.1.1.1, src_port:55559, dst_tableid:0, dst_addr:1.1.1.2, dst_port:69
%Error opening tftp://1.1.1.2/test.txt (Timed out)

Here's an attempt with ACL 100 removed to validate tftp functionality:

R0(config-if)#do copy tftp flash
Address or name of remote host [1.1.1.2]?
Source filename [test.txt]?
Destination filename [test.txt]?
Accessing tftp://1.1.1.2/test.txt...
Erase flash: before copying? [confirm]
Erasing the flash filesystem will remove all files! Continue? [confirm]
Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erasedee
Erase of flash: complete
Loading test.txt from 1.1.1.2 (via FastEthernet0/0): !
[OK - 1670 bytes]

Verifying checksum... OK (0x535)
1670 bytes copied in 1.356 secs (1232 bytes/sec)
R0(config-if)#

any ideas?

Thanks,
Jason

Blogs and organic groups at http://www.ccie.net

• Next message: Huan Pham: "Re: Relating Master Index to Configuration Guide"
• Previous message: CCielab@groupstudy.com: "Regain youth power"
• Next in thread: Huan Pham: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Huan Pham: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Bob Sinclair: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Bob Sinclair: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Bob Sinclair: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Bob Sinclair: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Dale Shaw: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Bob Sinclair: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Maybe reply: Jason Madsen: "Re: TFTP Not Working W CBAC for some reason"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:30 ARST