ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-410 All Questions

View all questions & answers for the 300-410 exam
Go to Exam

Exam 300-410 topic 1 question 262 discussion

Actual exam question from Cisco's 300-410
Question #: 262
Topic #: 1
[All 300-410 Questions]

An administrator attempts to download the .pack NBAR2 file using TFTP from the CPE router to another device over the Gi0/0 interface. The CPE is configured as below: hostname CPE
!
ip access-list extended WAN
<`¦>
remark => All UDP rules below for WAN ID: S421T18E58F90
permit udp any eq domain any
permit udp any any eq tftp
deny udp any any
!
interface GigabitEthernet0/0
<`¦>
ip access-group WAN in
<`¦>
!
tftp-server flash:pp-adv-csr1000v-1612.1a-37-53.0.0.pack
The transfer fails. Which action resolves this issue?

  • A. Make the permit udp any eq tftp any entry the last entry in the WAN ACL
  • B. Shorten the file name to the 8+3 naming convention
  • C. Change the WAN ACL to permit the entire UDP destination port range
  • D. Change the WAN ACL to permit the UDP port 69 to allow TFTP
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Huntkey at Oct. 23, 2022, 7:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Huntkey
Highly Voted 2 years, 6 months ago
Selected Answer: C
This is actually to my surprise... The TFTP apparently is using the random port for the transfer: TFTP uses UDP as its transport protocol. A transfer request is always initiated targeting port 69, but the data transfer ports are chosen independently by the sender and receiver during the transfer initialization. The ports are chosen at random according to the parameters of the networking stack, typically from the range of ephemeral ports.[4] https://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol
upvoted 14 times
...
[Removed]
Most Recent 9 months, 3 weeks ago
Selected Answer: C
C is corerct
upvoted 1 times
...
[Removed]
1 year, 9 months ago
This is interesting. Huntkey provided a nice resource of information, the RFC for TFTP provides explanation as to why this rule actually affects the connection between client and server. Based on the RFC, TFTP utilizes an ephemeral port named (TID, Transfer Identifier) that is used for the duration of the session. This TID is a random port between 0 to 65535. When a client sends a Write or Read request (WRQ and RRQ respectively), the Client chooses a TID at random, and sends the request to the server with destination port 69, this is allowed by the ACE #2 in the ACL. When the server receives the Request, it also chooses a TID at random, and uses that to send the ACK for a WRQ or a the first data packet for RRQ, but this communication is now continued between TIDs as the source/destination UDP ports. this is where the ACE#3 in the ACL is breaking the connection. 1.- CLIENT (src.port.TID) ---(WRQ/RRQ)----> (dst.port.69) TFTP 2.- CLIENT (dst.port.TID) <---(ACK/DATA)--- (src.port.TID) TFTP
upvoted 4 times
...
inteldarvid
1 year, 10 months ago
Selected Answer: D
D correct: https://thwack.solarwinds.com/free-tools-trials/f/tftp-server/4613/tftp-communicating-on-high-ports
upvoted 1 times
...
mrnipsnips
2 years, 5 months ago
This doesn't make sense the ACL is applied 'in' what does it have to do with outbound traffic ?
upvoted 1 times
XBfoundX
8 months, 3 weeks ago
Yes it is, because in this case the CPE router is the fftp server. The last command is used for sharing a file from the flash of that router. The other router will download the file from the CPE, so this will be consider inbound traffic. The tftp-server flash command allows the router to act as a TFTP server that serves files from its flash filesystem. The flash-partition-number is the number of the specified partition number within the flash filesystem. If no partition is specified, the first partition is used. The filename is the name of the file that the TFTP service uses in answering read requests. The alias keyword allows you to provide an alternate name for the file.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago