Final answer:
To restrict TFTP traffic, ensure that the ACL contains the correct deny statement for UDP port 69 and is correctly applied to the appropriate interface in the right direction. Applying the ACL to outbound rather than inbound traffic might resolve the issue if the initial ACL configuration does not achieve the desired restrictions.
Step-by-step explanation:
If you have applied an Access Control List (ACL) on your router to restrict TFTP traffic between networks, but all hosts are still able to access the TFTP service, there are a couple of things you might need to check and potentially fix to resolve this issue.
Firstly, ensure that your ACL is correctly written to deny TFTP traffic for unauthorized hosts. TFTP uses the UDP protocol and typically operates on port 69. A correct deny statement in your ACL should specify this protocol and port number. If allowing only specific hosts to use TFTP, verify that the ACL has permit statements for those hosts and deny statements for all other traffic.
If the ACL is properly configured and the issue persists, you need to ensure that the ACL is applied to the correct interface and in the correct direction. If you have it applied to inbound traffic, it will affect traffic coming into the router interface from the network on which hosts reside. If it is intended to control which hosts can initiate TFTP connections, you may need to apply the ACL to outbound traffic on the interface that connects to your network.
Modifying the UDP port number for the TFTP service (option 4) and removing the deny statement from the ACL (option 2) are not correct actions to fix this issue and would not be recommended.