This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

How to disable TFTP on VDX6720

How to disable TFTP on VDX6720

Go to solution
Adam_Schappell
New Contributor

‎10-25-2018 02:15 PM

Hello, we have a requirement to have TFTP disabled on our switch... Is this possible? If so what commands can I run?
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Truyen_Phan
Extreme Employee

‎01-16-2019 06:54 AM

Hi Adam,

TFTP is executed under the inetd process. TFTPd is disabled by default on higher releases (6.x+) which the 6720 does not support. IPfilter is not needed to block this.

Please do the following to disable tftpd. A reload will be needed to take effect.

The below will do the following:

  1. take back up of inetd.conf
  2. comment out tftpd in inetd.conf and put in new file via sed
  3. overwrite inetd.conf with update file
  4. copy inetd.conf to 2nd partition in case of partition swap in the future
  5. reload switch
code:
sw0# unhide foscmd
Password: ******** (fibranne)
sw0# fos bash | no
sw0:root> netstat -anp | grep :69
udp    0   0 0.0.0.0:69       0.0.0.0:*              1295/inetd

sw0:root> cat /etc/inetd.conf | grep tftpd
tftp dgram  udp   wait  nobody /usr/sbin/in.tftpd  in.tftpd /tftpboot

bash-2.04# cp /etc/inetd.conf /etc/inetd.conf.bak
bash-2.04# cp /mnt/etc/inetd.conf /mnt/etc/inetd.conf.bak
bash-2.04# sed -e 's/^tftp/#tftp/' /etc/inetd.conf > /etc/inetd.conf.new
bash-2.04# cp /etc/inetd.conf.new /etc/inetd.conf
bash-2.04# grep tftp /etc/inetd.conf
#tftp dgram  udp   wait  nobody /usr/sbin/in.tftpd  in.tftpd /tftpboot

bash-2.04# cp /etc/inetd.conf /mnt/etc/inetd.conf
bash-2.04# exit
exit
sw0# reload system


### After switch boots up ###

code:
sw0# unhide foscmd
Password: ******** (fibranne)
sw0# fos bash | no
bash-2.04# netstat -anp | grep :69
bash-2.04#

View solution in original post

0 Kudos
25 REPLIES 25

Go to solution
Adam_Schappell
New Contributor

‎01-16-2019 02:17 PM

This is perfect!! Thank you so much!!!!!
0 Kudos

Go to solution
Truyen_Phan
Extreme Employee

‎01-16-2019 06:54 AM

Hi Adam,

TFTP is executed under the inetd process. TFTPd is disabled by default on higher releases (6.x+) which the 6720 does not support. IPfilter is not needed to block this.

Please do the following to disable tftpd. A reload will be needed to take effect.

The below will do the following:

  1. take back up of inetd.conf
  2. comment out tftpd in inetd.conf and put in new file via sed
  3. overwrite inetd.conf with update file
  4. copy inetd.conf to 2nd partition in case of partition swap in the future
  5. reload switch
code:
sw0# unhide foscmd
Password: ******** (fibranne)
sw0# fos bash | no
sw0:root> netstat -anp | grep :69
udp    0   0 0.0.0.0:69       0.0.0.0:*              1295/inetd

sw0:root> cat /etc/inetd.conf | grep tftpd
tftp dgram  udp   wait  nobody /usr/sbin/in.tftpd  in.tftpd /tftpboot

bash-2.04# cp /etc/inetd.conf /etc/inetd.conf.bak
bash-2.04# cp /mnt/etc/inetd.conf /mnt/etc/inetd.conf.bak
bash-2.04# sed -e 's/^tftp/#tftp/' /etc/inetd.conf > /etc/inetd.conf.new
bash-2.04# cp /etc/inetd.conf.new /etc/inetd.conf
bash-2.04# grep tftp /etc/inetd.conf
#tftp dgram  udp   wait  nobody /usr/sbin/in.tftpd  in.tftpd /tftpboot

bash-2.04# cp /etc/inetd.conf /mnt/etc/inetd.conf
bash-2.04# exit
exit
sw0# reload system


### After switch boots up ###

code:
sw0# unhide foscmd
Password: ******** (fibranne)
sw0# fos bash | no
bash-2.04# netstat -anp | grep :69
bash-2.04#
0 Kudos

Go to solution
Adam_Schappell
New Contributor

‎01-15-2019 02:28 PM

How can I get the ipfilter comands on 4.1.3?
0 Kudos

Go to solution
Adam_Schappell
New Contributor

‎01-15-2019 02:18 PM

So I do not see a tftp process running when i do a # sh proc cpu
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN