Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Kiwi CatTools > Kiwi CatTools 3.11 Administrator Guide > Menus > Options > TFTP Server > Security Options

Security Options

Table of contents
No headers

To set security options, choose Options >??Setup > TFTP Server > Security Options.

The following options are available:

Global Read

If this is unchecked then nothing can be read from the TFTP server.

??

Global Write

If this is unchecked then nothing can be written to the TFTP server.

??

Use Access Lists

If this is checked then access list will be used to ascertain the read and write permissions for the IP address in question.

Note: that access lists are subordinate to Global Read and Global Write.

??

Access List Usage

There are five columns in the access list table:

??

Inc|Ex IP Range ??? This determines whether the IP range specified is to have the Read and Write options applied to it (Include), or is to be exempt (excluded) from the Read and Write options which will then be applied to all addresses outside of the range.

??

Exclude is useful for allowing only a limited range of IP's to be read or written to because everything outside of the excluded range will have the read/write settings applied to them.

??

Start IP / End IP ??? Define the IP address range to be used.

??

Read/Write ??? When ticked Reading/Writing is allowed, unchecked Reading/Writing is not allowed.

??

The rows of the access list are examined from the top down until a match is found.

??

Access List Examples

Using the access list below, we will look at some examples.

Incl|Ex IP Range Start IP End IP Read Write
Exclude 192.168.1.1 192.168.1.100 ?? ??
Include 192.168.1.60 192.168.1.60 ?? ??

??

The first line in the access list is an exclude so all addresses outside of the range 192.168.1.1 ??? 192.168.1.100 will have the read and write properties applied to them. So in this case anything outside of the excluded range will not be able to read or write to or from the TFTP server.

??

So attempts to read or write from address 192.168.1.105 would fail.

Attempts to read or write from address 192.168.1.98 would succeed.

The second line in the access list is an include, so the read and write settings will be applied to addresses included in this range, which in this case is a single IP address.

??

So attempts to read or write from 192.168.1.60 would fail.

Let us look at the steps that would be traversed if we tried to write to the TFTP server from address 192.168.1.60:

1. First 'Global Write' is examined, if it is checked then the process continues.

??

2. 'Use access lists' is examined,if it is checked then the access list will be checked.

??

3. The first row in the access list is examined. 192.168.1.60 is within the excluded range and consequently the read or write settings do not apply to it so the process continues to the second row of the access lists.

??

4. The address 192.168.1.60 is included in the range specified in this row so the write settings are applied, which in this case is to not allow writing to the TFTP server.

??

Last modified
10:56, 2 Sep 2016

Tags

This page has no custom tags.

Classifications

Public