Building Network Automation Solutions
6 week online course starting in September 2017

TFTP server protection with CBAC

I had an interesting debate with an engineer who wanted to use TFTP between a router and a server reachable through an outside interface. He realized that he needed to configure (application-level) TFTP packet inspection for router-generated traffic, but unfortunately Cisco IOS does not support this particular combination.

His query prompted me to read the TFTP RFC, which clearly documents that the data packets sent by the server are coming from a different UDP port number (thus the need for application-level inspection). The results of my tests are available in the TFTP server protection with Context-Based Access Control (CBAC) article.

Read the whole article in the CT3 wiki

This article is part of You've asked for it series.

0 comments:

Post a Comment

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.