Register
You have decided to use ACLs on your router to restrict TFTP traffic between networks. Specifically, you want to allow only the server with an IP address of [IP address] to access a TFTP server on a different
188k views
4 votes
You have decided to use ACLs on your router to restrict TFTP traffic between networks. Specifically, you want to allow only the server with an IP address of [IP address] to access a TFTP server on a different network with an IP address of [IP address]. The TFTP protocol runs on UDP port 69. To accomplish this, you create the following ACL on the router connecting the two networks:

Router(config)#access-list 100
Router(config)#access-list 100 permit udp host [IP address] eq 69
Router(config)#access-list 100 deny udp any any eq 69
Router(config)#access-list 100 permit IP any any

After applying the ACL to inbound traffic on the interface connected to the [network name] network, you find that all hosts on the [network name] network can still access the TFTP service on [IP address] over port 69.

Which of the following options can be used to fix this issue? (Select two.)
1) Add a deny statement for the specific IP address of the TFTP server
2) Change the deny statement to deny UDP traffic on port 69 for all hosts
3) Change the permit statement to permit UDP traffic on port 69 for all hosts
4) Remove the deny statement for UDP traffic on port 69
5) Apply the ACL to outbound traffic on the interface connected to the [network name] network

User Zak
by
8.5k points

1 Answer

6 votes

Final answer:

To restrict TFTP traffic effectively using ACLs, modify the deny statement to block all hosts except the specific client from accessing the TFTP server on UDP port 69 and apply the ACL to outbound traffic instead of inbound.

Step-by-step explanation:

The issue with the Access Control List (ACL) configuration is that it is allowing all TFTP traffic from the specific client, but it is not properly restricting other hosts from accessing the TFTP server. To fix this issue, we should first replace the placeholder '[IP address]' with the actual IP address of the server and client in the ACL configuration. Then, we utilize the following options:

Implementing these changes should ensure that only the server with the specified IP address can access the TFTP server over port 69, thereby restricting other hosts on the network from accessing the TFTP service. Ensure that the deny statement is updated correctly; for example:

Router(config)#access-list 100 deny udp any host [TFTP Server IP address] eq 69

And then the ACL can be applied to the outbound interface connected to the network with the TFTP server:

Router(config-if)#ip access-group 100 out

User Vicbyte
by
8.0k points
← Prev Question Next Question →

Related questions

User OverLex
asked Aug 6, 2021 68.0k views
Access control lists (ACLs) are used to permit and deny traffic in an IP router. A. True B. False
OverLex asked Aug 6, 2021
by OverLex
7.5k points
1 answer
2 votes
68.0k views
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

9.4m questions

12.2m answers

Other Questions

“What does it mean when we “rework” copyrighted material?”
describe an advance in technology that makes life more enjoyable. what discoveries contribute to this technology?
Disadvantages of using animation in advertising? advantages and disadvantages of using animation for education? advantages and disadvantages of using animation in entertainment?
Explain why binary codes are used to represent characters, numbers and symbols :)
What is an example of a dedicated computer system?
Link Copied!