Have you been studying for an AWS certification and have yet to actually
test? Now might be the time. AWS is currently offering free retakes of
their cer...
1 month ago
My Blog List
-
-
The debates around IP multicast stopped about five to ten years ago AFAICT. No one wants to deal with it anymore. In theory, IP multicast was a good idea b...9 months ago
-
https://cloud.google.com/load-balancing/docs/tcp/internal-proxy Traffic flow: client -> Load-balancer Forwarding rule TCP IP:port -> Target proxy -> backen...1 year ago
-
At its core, DNS is what makes the internet work. Without it, everyone would need to remember the IP address…1 year ago
-
Defining service availability using the famous X nines (and all the hacks like “planned downtime doesn’t count”) is pretty useless in a highly distribute...4 years ago
-
Please join us in congratulating the following iPexpert students who have passed their CCIE lab! This Week’s CCIE Success Stories Lucas Handybiantoro, CCIE...8 years ago
-
It’s official, the CCIE DC has been announced. Here’s the meat of the announcement: “Cisco announced today that a new expert-level certification for data c...12 years ago
About Me
- Packets Analyzed
- A dynamic, innovative, and skilled individual that is passionate about technology providing technical leadership and architectural oversight. I have in depth knowledge in a variety of technologies which provides a holistic overview of the environment and allows for superior solutions. I take business challenges and create IT solutions that are highly available, scalable, and secure. I have the ability to translate business objectives into IT initiatives. I have a continued thirst for knowledge and share that knowledge with colleagues, business partners, and vendors. I make contributions to the IT community participating in seminars, online forums, and actively blogging.
CCIE, CCNP, CCDP, CCIP, CCNA Voice, CCNA Security, CCNA R&S, CCDA, Network, GCFW, GSEC, CEH, VCP4, VCP3, CNE6, MCITP - WK8 Server Admin, MCTS - WK8 MS Certified Technology Specialist, MCTS - WK8 Network Infrastructure Config, MCTS - WK8 AD Config, MCTS - WK8 Application Infrastructure Config, MCSA-MS Certified Solutions Associate, MCSE 2K, MCSE 2K8, MCSA 2K, MCSE 2K3, A+, ITILv3, CSA, CQS-FDS, FCNSA, FCNSP, BCNP, CDCSN-DS, BCLE, ACE, CNSS, CNSE, BCLP, CS-CRSFS, HP AIS
Popular Posts
-
When building networks leveraging a variety of products you need to consider interoperability and configuration consistency. When leveraging... -
The topology depicted in the diagrams is used to help demonstrate data flow during failure and to provide discussion around best practices a... -
JunOS separates the control plane and the forwarding (data) plane. The control plane contains the processes that control routing and switchi... -
The flow starts with the initial "Packet Processing" ----> "Security Pre-Policy" ----> "Application" --... -
VLR - (Visitor Location Register) A database of the subscribers who have roamed into the domain of another MNO (Mobile Network Operator/MS...
-
Confirming that local authentication on the switch and ACS is working after you finished your configuration perform the following: Run t... -
If you struggle with what is what in regards to Inside/Outside Local/Global then the following may help. View it from the following perspe... -
Well it is time to buckle down and make it happen in 2014. The goal is to become a dual CCIE by the end of 2014. I have previously passed th...
-
Nexus 7000/5000 SPAN Sessions SPAN Session Limit - 18 Nexus 1000V SPAN Session Limit (SPAN and ERSPAN) - 64 Nexus 5000 SPAN Sessions Can S...
-
Master Selection - High Availability with Fortinet Master (also known as the Primary) is chosen based on the following monitored port ...
4 comments:
By default, any device running the Cisco IOS will attempt to load service configuration files from TFTP servers during the boot process.
You'll see messages similar to the following:
%Error opening tftp://255.255.255.255/network-confg (Socket error)
To prevent this from occurring you can use the global configuration command "no service config".
Router(config)#no service config
My "beef" with this process is the extra time it can take for a device to boot up. I've experienced waits of up to 30 seconds while the device queries different TFTP servers and different configuration files...
Just think of the security implications caused by such a thing.
Good point about the security. Is there a "best practice" for this feature? Cisco obviously enables it by default but if you don't use TFTP booting should you disable it or just leave it enabled? Would you consider adding "service config" or "no service config" to a standard config template?
Also, if you were to use this feature can you specify a TFTP server instead of the broadcast?
I am not sure if there is a best practice around service config. I do believe best practice is to disable all services that you are not running. This further mitigates your risk of being compromised when running unneeded services.
If service config is enabled and none of the boot options are present it will default to 255.255.255.255. If boot option is configured then the router will follow the configuration and point to the host specified.
"boot network tftp://1.1.1.1/r1.cfg"
"boot host tftp:/11.1.1.1/r1.cfg"
Post a Comment