TFTP in Linux


TFTP can be used with great versatility as a network management tool and not just for saving files. TFTP servers can be used to upload new configurations to replacement devices after serious hardware failures.

They also can be used for uploading new versions of software to be run as network devices. Finally, they can be used to upload even partial configurations such as files containing updated access control lists (ACLs) that restrict access to networks and even the regular application of new passwords.

Installing The TFTP Server Software

Most Linux software products are available in a precompiled package format.When searching for the Fedora / Redhat file, remember that the TFTP server RPM’s filename usually starts with the word “tftp-server” followed by a version number like this: tftp-server-0.33-3.i386.rpm.

Configuring The TFTP Server

By default, the TFTP application expects files to be located in the /tftpboot directory.You can change this setting in the /etc/xinetd.d/tftp file via the server_args option.It is usually best to place the TFTP files in a partition other than the root partition. TFTP files of increasing size could eventually fill the partition affecting your ability to install new software or even the overall performance of your system. Creating a symbolic link for /tftpboot to another directory will not work with all versions of Fedora.

This example creates a new tftpboot directory in the /var partition, and then configures TFTP to be enabled while using the new directory.

[root@alex]# mv /tftpboot /var

[root@alex]# vi /etc/xinetd.d/tftp

# File /etc/xinetd.d/tftp

service tftp

{

      server_args             = -s /var/tftpboot

       disable                     = no

}

You must then restart xinetd for the new configuration to take effect.

[root@alex]# chkconfig tftp on

Note: With both Redhat and Debian distributions, you can test whether the TFTP process is running with the netstat command which is used to check the TCP/UDP ports on which your server is listening.If it isn’t running then there will be no response.

[root@alex]# netstat -a | grep tftp

udp        0      0 *:tftp                  *:*

Preparing TFTP Server Files

The TFTP server will not create files in its transfer directory if they don’t already exist. Each device must have a pre-existing configuration file in the tftpboot directory. The files also need to have their permissions adjusted to allow them to be updated by the TFTP daemon.

[root@alex]# touch /tftpboot/pixfw-config

[root@alex]# chmod 666 /tftpboot/pixfw-config

Saving Cisco Configurations To The TFTP Server

You’ll now have to configure your Cisco router/firewall to use the TFTP server. The following examples assume that the TFTP server’s IP address is 192.168.1.100.

Cisco PIX firewall

Follow theses steps on a PIX firewall:

1) Log onto the device, get into enable mode and then enter the TFTP commands to initially configure TFTP.

pixfw> enable

Password: ********

pixfw# configure terminal

pixfw(config)# tftp-server inside 192.168.1.100 /pixfw-config

pixfw(config)# exit

2) Save the configuration to non volatile memory

pixfw# write memory

Building configuration…

Cryptochecksum: 3af43873 d35d6f06 51f8c999 180c2342

[OK]

pixfw#

3) Save the configuration to the TFTP server

pixfw# write network

Building configuration…

TFTP write ‘/pixfw-config’ at 192.168.1.100 on interface 1

[OK]

pixfw#

 Your firewall configuration has now been successfully saved for later use in the event of unrecoverable human error or hardware failure.

Cisco Switch Running CATOS

To save the configuration of a Catalyst-series switch running CATOS, you need to log onto the device, get into Enable mode and then enter the write net TFTP command as show below.

ciscoswitch> (enable) wr net

This command shows non-default configurations only.

Use ‘write network all’ to show both default and non-default configurations.

IP address or name of remote host? [192.168.1.100]

Name of configuration file?[ciscoswitch-config]

Upload configuration to ciscoswitch-config on 192.168.1.100 (y/n) [n]? y

………

Finished network upload. (30907 bytes)

ciscoswitch> (enable)

Cisco Router

To save the configuration of a router, log onto the device, get into enable mode, then configure mode and then enter the TFTP commands as seen below:

ciscorouter> enable

ciscorouter# write net

Remote host [192.168.1.100]? 192.168.1.100

Name of configuration file to write [ciscorouter-config]? ciscorouter-config

Write file ciscorouter-config on host 192.168.1.100? [confirm] y

ciscorouter# exit

 Cisco CSS 11000 “Arrowpoints”

To save the configuration of a Cisco CSS-series load balancer, log onto the device, and then enter the TFTP commands as seen below:

Log onto the device and then enter the TFTP commands as seen below:

ciscocss# copy running-config tftp 192.168.1.100 ciscocss-config

Working..(\) 100%

Connecting (/)

Completed successfully.

ciscocss# exit

Cisco Local Director

To save the configuration of a Cisco Local Director load balancer, log onto the device, get into enable mode, then configure mode and then enter the TFTP commands

ciscold> ena

Password:

ciscold# write net 192.168.1.100 ciscold-config

Building configuration…

writing configuration to //ciscold-config on 192.168.1.100:69 …

[OK]

ciscold# exit

Uploading Cisco Configurations From The TFTP Server

From time to time you may have to upload configurations from your TFTP server to your network equipment. In this example, a small file containing a new encrypted password and access control list is uploaded from the TFTP server and inserted into a router configuration.

Sample Upload Configuration File

For this example, the configuration file is named config.file and looks like this.

! Set the console password

!

line con 0

 password 7 $1$qDwqJEjunK$tuff0HE/g31/b7G/IZ

!

! Delete and recreate access list #10

no access-list 10

access-list 10 permit 192.168.1.0  0.0.0.255

access-list 10 permit 192.168.10.0 0.0.0.255

end

 Procedure To Upload A Configuration File

Uploading the file can be done using either the copy tftp: running-config or the older configure network commands. In both cases you are prompted for the IP address of the TFTP server and the name of the file with the configuration commands.

The filename provided is always relative to the tftpboot directory. So if the file was located in the tftpboot directory it would be referred to as config.file, but if it were in the tftpboot/configs directory, it would be referred to as configs/config.file.

Consider this sample <code>configure network command

ciscorouter>ena

Password:

ciscorouter#configure network

Host or network configuration file [host]?

This command has been replaced by the command:

‘copy system:/running-config’

Address or name of remote host []? 192.168.1.100

Source filename []? config.file

Configure using tftp://192.168.1.100/config.file? [confirm]

Loading config.file from 192.168.1.100 (via FastEthernet0/0): !!!!!!

[OK – 26521/52224 bytes]

 ciscorouter#

Here’s a sample copy tftp: running-config command.

ciscorouter#copy tftp: running-config

Address or name of remote host []? 192.168.1.100

Source filename []? config.file

Destination filename [running-config]?

Accessing tftp://192.168.1.100/config.file…

Loading config.file from 192.168.1.100 (via FastEthernet0/0): !!!!!!

[OK – 26521/52224 bytes]

 26521 bytes copied in 1.912 secs (26521 bytes/sec)

ciscorouter#

Always remember to permanently save your configurations to nonvolatile RAM (NVRAM) afterwards with the write memory or copy running-config startup-config.

Using TFTP To Restore Your Router Configuration

In disastrous cases, where you have to replace a router completely, you can use TFTP to completely restore the configuration to the replacement device. If the replacement unit is identical, then you need to do very little editing of the saved configuration file, but expect to edit it if the interface names and software versions are different.

The procedure for restoring your configuration is simple:

Connect your router to the local network of the TFTP server

Give your router the bare minimum configuration that allows it to ping your TFTP server. (No access controls or routing protocols)

Use the copy command to copy the backup configuration from the TFTP server to your startup configuration in NVRAM.

Disconnect the router from the network

Reload the router without saving the live running configuration to overwrite the startup configuration. On rebooting, the router will copy the startup configuration stored in NVRAM into a clean running configuration environment

Log into the router via the console and verify the configuration is OK

Verify that all the required interfaces are enabled and save the configuration. You can eliminate this step by editing the saved configuration file and adding the appropriate commands prior to the TFTP upload.

Reconnect the router to the networks on which it was originally connected

The commands you need are:

ciscorouter> enable

Password: ********

ciscorouter# write erase

! Enter the commands to provide a bare minimum of connectivity to your TFTP server here. This includes IP addresses, a default route and the TFTP setup commands.

ciscorouter# copy tftp:file-name startup-config

ciscorouter# reload

Please be aware that the write erase command erases your NVRAM startup configuration and should always be used with great care.

About Alex Hunt

Hi All I am Manish Kumar Jha aka Alex Hunt. I am currently working in VMware Software India Pvt Ltd as Operations System Engineer (vCloud Air Operations). I have around 5 Years of IT experience and have exposure on VMware vSphere, vCloud Director, RHEL and modern data center technologies like Cisco UCS and Cisco Nexus 1000v and NSX. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.
This entry was posted in Linux/CentOS. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s