How to set up a TFTP Server for your Cisco routers

May 23, 2008 — fadils

In this article, I will show you how to set up a TFTP server so that your Cisco router can communicate with it.
The presence of a TFTP server is important. By using it, you can back up, restore or upgrade your router’s configuration and IOS. Let’s start.

1. Install a TFTP server

I almost got frustrated when my TFTP server from Fedora repository didn’t work even though I followed all the steps from here.

Everything was set. Firewall configuration was set. Everything that you can imagine regarding this was set. Ping from router to the tftp server was successful. But when I tried to back up my IOS, it never worked. The router gave me this message:

"error opening tftp://192.168.0.101/c2500-is-l.120-21.bin (undefined error)"

I checked with Wireshark/Ethereal. Basically, the router request was accepted by the TFTP server (which means that the TFTP server is running).

So, I changed the TFTP server. And this tutorial will be based on this TFTP server.I downloaded it from here:
http://sourceforge.net/project/showfiles.php?group_id=162512&package_id=183619&release_id=595399

Then, untar the package: tar -xzvf tftpservermt

My tips for you. Read the README file! It says you should go to tftpservermt and edit the “.ini” file. Under [home], you can set your home directory for your tftp-server. Also you have to set the read, write and overwrite permission.

This is what I did in my “.ini” file:

[HOME]
#You should specify home directory(s) here
#The home directory can be specified
#in two different ways, with alias or
#bare names without aliases. Using alias you
#can specify upto 8 directories like
#routers=c:/RouterImages/Images
#without alisas, only one directory can
#be specified, which will become root
#directory for tftp
#mixup of bare names and aliases not allowed
/home/fadil/tftpserver

….

#Next are the file operation permissions
#Clients can only read files if read is
#set to Y, default is Y
read=Y
#Clients can only create new files if write is
#set to Y, default is N
write=Y
#Clients can only overwrite existing files if
#overwrite is #set to Y, default is Y
overwrite=Y

IMPORTANT:
Make sure you only allow trusted clients to access your TFTP server (this is a good security practice). You don’t want everybody can connect to your TFTP server, right?! You can set the IPs of trusted clients under [ALLOWED-CLIENTS].

Then, move the “.ini” file to /etc.

2. Bring up the interface and assign an IP address to your router

You have to bring up the specific interface that you want your router to connect through, and assign IP address to that interface.

FirstRouter2507#config t
Enter configuration commands, one per line. End with CNTL/Z.
FirstRouter2507(config)#interface ethernet 0
FirstRouter2507(config-if)#ip address 192.168.0.100 255.255.255.0
FirstRouter2507(config-if)#no shutdown

3. Assign an IP address for your TFTP server. Make sure that your TFTP server’s IP and your router’s IP address are on the same subnet.

4. Connect your router and TFTP server with a cross-over cable (straight-through cable will do if your router supports smart MDI/MDI-X). For me, both cables work fine!

5. Ping the TFTP server from your router console. For example, my TFTP’s IP address is 192.168.0.101/24:


FirstRouter2507#ping 192.168.0.101

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

6. Execute the tftpserver. You go to tftpservermt directory. And execute (root privilege is needed) : ./tftpserver -v. You will see something similar like the following:

Starting TFTP...
alias / is mapped to /home/fadil/tftpserver/
listening on: 127.0.0.1:69
listening on: 192.168.0.101:69
permitted clients: all
server port range: any
max blksize: 65464
defult blksize: 512
default timeout: 3
file read allowed: Yes
file create allowed: Yes
file overwrite allowed: Yes
thread pool size: 1

Accepting requests..

Now we’re in business. Your tftp server is up and running. You can now back up, restore, or upgrade your router’s IOS or configuration.

From my router

FirstRouter2507#copy startup-config tftp:
Address or name of remote host []? 192.168.0.101
Destination filename [FirstRouter2507-confg]?
!!
1653 bytes copied in 0.236 secs (7004 bytes/sec)
FirstRouter2507#copy startup-config tftp:
Address or name of remote host []? 192.168.0.101
Destination filename [FirstRouter2507-confg]? jun3-2
!!
1653 bytes copied in 0.232 secs (7125 bytes/sec)
FirstRouter2507#copy tftp: ?
null: Copy to null: file system
nvram: Copy to nvram: file system
running-config Update (merge with) current system configuration
startup-config Copy to startup configuration
system: Copy to system: file system
FirstRouter2507#copy tftp: star
FirstRouter2507#copy tftp: startup-config
Address or name of remote host []? 192.168.0.101
Source filename []? FirstRouter2507-confg
Destination filename [startup-config]?
Accessing tftp://192.168.0.101/FirstRouter2507-confg...
Loading FirstRouter2507-confg from 192.168.0.101 (via Ethernet0): !
[OK - 1653 bytes]
[OK]
1653 bytes copied in 11.672 secs (142 bytes/sec)
FirstRouter2507#
00:17:39: %SYS-5-CONFIG_NV_I: Nonvolatile storage configured from tftp://192.168e
FirstRouter2507#

From the TFTP server

Starting TFTP...
alias / is mapped to /home/fadil/tftpserver/
listening on: 127.0.0.1:69
listening on: 192.168.0.101:69
permitted clients: all
server port range: any
max blksize: 65464
defult blksize: 512
default timeout: 3
file read allowed: Yes
file create allowed: Yes
file overwrite allowed: Yes
thread pool size: 1

Accepting requests..
Client 192.168.0.100:55470 /home/fadil/tftpserver/FirstRouter2507-confg, 4 Blocks Received
Client 192.168.0.100:58299 /home/fadil/tftpserver/jun3-2, 4 Blocks Received
Client 192.168.0.100:51063 /home/fadil/tftpserver/FirstRouter2507-confg, 4 Blocks Served
Client 192.168.0.100:57338 /home/fadil/tftpserver/FirstRouter2507-confg, Client 172.16.10.1:57338, Error Code 0 at Client, Session terminated
Client 192.168.0.100:54148 /home/fadil/tftpserver/FirstRouter2507-confg, 4 Blocks Served
Client 192.168.0.100:49507 /home/fadil/tftpserver/FirstRouter2507-confg, 4 Blocks Served

Possibly related posts: (automatically generated)

Posted in CCNA, Networking. Tags: , , . 5 Comments »

5 Responses to “How to set up a TFTP Server for your Cisco routers”

  1. Rick Says:
    July 24, 2008 at 12:47 am

    I keep getting this error could you help me out?

    root@ricardo-desktop:/home/ricardo/Desktop/tftpserversp# ./tftpserver -v
    TFTP Server SinglePort Version 1.55 Unix Built 1551

    127.0.0.1 Port 69, bind failed, Address already in use
    192.168.1.168 Port 69, bind failed, Address already in use
    10.45.9.212 Port 69, bind failed, Address already in use
    no listening Interfaces available, stopping…

  2. fadils Says:
    July 25, 2008 at 9:41 am

    Hi Rick,

    From the following:
    127.0.0.1 Port 69, bind failed, Address already in use
    192.168.1.168 Port 69, bind failed, Address already in use

    the first thing comes into my mind is that there is an application that is using port 69 Maybe another tftp application is already running in the background and you now are trying to run tftpserver.

    Also make sure that your firewall allows access to port 69, even though if this is the case there will be no “address already in use”.

    What are u using linux or windows? If you tell me maybe I can help more…

    Hope this helps.

    Fadil

  3. Pranav Says:
    December 16, 2008 at 11:53 pm

    TFTP Server on Fedora Core 9 : Don’t forget to disable FireWall on Fedora Core.

  4. fadils Says:
    February 5, 2009 at 6:16 am

    Mmhh.. not really. If you have another firewall besides the iptables, then turning your iptables off is OK. But if you turn your iptables off, and you don’t have another firewall, it ends up by being no firewall at all. You’re getting into a risky business here. So, if you don’t have a firewall but iptables, then configuring it to suit tftp application is better. Thanks for visiting my blog.

  5. muh sirojul munir Says:
    March 21, 2009 at 11:43 pm

    I have same problem
    root@ppin-msmunir2:/opt/tftpservermt # ./tftpserver -v
    TFTP Server MultiThreaded Version 1.58 Unix Built 1580

    202.46.3.71 Port 69, bind failed, Address already in use
    no listening interfaces available, stopping..

    root@ppin-msmunir2:/opt/tftpservermt #

    I tried to know the process related with tftp

    root@ppin-msmunir2:/opt/tftpservermt # ps -aux | grep tftp
    Warning: bad syntax, perhaps a bogus ‘-’? See /usr/share/doc/procps-3.2.7/FAQ
    root 26684 0.0 0.0 976196 1424 ? Ssl 06:04 0:00 ./tftpserver
    root 26785 0.0 0.0 4064 752 pts/4 S+ 06:04 0:00 grep tftp
    root@ppin-msmunir2:/opt/tftpservermt #

    After I known, I kill the PID :
    root@ppin-msmunir2:/opt/tftpservermt # kill 26684

    I run it again :
    root@ppin-msmunir2:/opt/tftpservermt # ./tftpserver -v
    TFTP Server MultiThreaded Version 1.58 Unix Built 1580

    starting TFTP…
    alias / is mapped to /home/msmunir/Download/
    permitted clients: 202.46.3.72-255.255.255.224
    server port range: 30000-30010
    max blksize: 65464
    default blksize: 512
    default timeout: 3
    file read allowed: Yes
    file create allowed: No
    file overwrite allowed: No
    thread pool size: 95
    listening on: 202.46.3.71:69


Leave a Reply

«

»