Switches, Hubs, and Modems
1748069 Members
5645 Online
108758 Solutions
New Discussion юеВ

PCM+ TFTP Service

 
Fatih Celebi
Occasional Advisor

PCM+ TFTP Service

Hi,

Does anybody know or have any answer to an question regarding the TFTP service in the PCM+ ? TFTP protocol by itself is unsecure and is often associated with viruses and trojans etc...so how is it secured (I assume it is ? ) or whatever to prevent the box with pcm+ being attacked/hacked ?

Thanks!

5 REPLIES 5
Ron Kinner
Honored Contributor

Re: PCM+ TFTP Service

What does the PCM+ run on? If XP you can set ipfilter to block its TFTP port. It might even be smart enough to open the port for a particular management IP. Don't have one to paly with right now and can't find any help file on it.

You can always use ZoneAlarm (www.zonelabs.com) to block it. You may have to manually allow its TFTP server to act as a server if you want upgrade the software or something with it.

Ron
Simon Templar
Occasional Advisor

Re: PCM+ TFTP Service

PCM+ uses TFTP to update switch firmware. If you'd prefer not to enable TFTP on the PCM+ server, disable the service via Windows, and enable it on demand - when you're about to upgrade firmware.
Ardon
Trusted Contributor

Re: PCM+ TFTP Service

I just got word from the Lab that you can Disable the PCM TFTP Server so you COULD disable it when not needed.
Mind you that if no TFTP server is available for use by PCM+, then switch software updates will not be possible (firmware update), and configuration scanning for configuration management will not function either.

This is how to disable it:

1. Open the file server\config\nmtftp.scp (it is just a text file, so you can edit it with Wordpad or Notepad)
2. Change the STATIC_LOAD property so that it reads STATIC_LOAD=false
3. Save the modified file.
4. Restart the PCM service (or reboot the system)
ProCurve Networking Engineer
SCOOTER
Esteemed Contributor

Re: PCM+ TFTP Service

Ardon,

Good info, do you know if it is possible to get PCM+ to use another (external) TFTP program like tftpd32 for the firmware upgrades. Then you would only start the tftp server when needed (mostly short times then).

Regards,

SCOOTER
Mohamed Hamedi
Respected Contributor

Re: PCM+ TFTP Service

What you can do is open up this file \server\config\fwuSchedule.prp and add the tftp_server line with your ip address, no spaces anywhere.
FWU {
TFTP_SERVER=x.x.x.x
NEXT_DEVICE_NUMBER=10
Schedule {
}
}

Note: your tftp server root MUST be pointing to \server\data\download

i think that will do the trick,hope that helps