How to set up a TFTP Server for your Cisco routers

In this article, I will show you how to set up a TFTP server so that your Cisco router can communicate with it.
The presence of a TFTP server is important. By using it, you can back up, restore or upgrade your router’s configuration and IOS. Let’s start.

1. Install a TFTP server

I almost got frustrated when my TFTP server from Fedora repository didn’t work even though I followed all the steps from here.

Everything was set. Firewall configuration was set. Everything that you can imagine regarding this was set. Ping from router to the tftp server was successful. But when I tried to back up my IOS, it never worked. The router gave me this message:

"error opening tftp://192.168.0.101/c2500-is-l.120-21.bin (undefined error)"

I checked with Wireshark/Ethereal. Basically, the router request was accepted by the TFTP server (which means that the TFTP server is running).

So, I changed the TFTP server. And this tutorial will be based on this TFTP server.I downloaded it from here:
http://sourceforge.net/project/showfiles.php?group_id=162512&package_id=183619&release_id=595399

Then, untar the package: tar -xzvf tftpservermt

My tips for you. Read the README file! It says you should go to tftpservermt and edit the “.ini” file. Under [home], you can set your home directory for your tftp-server. Also you have to set the read, write and overwrite permission.

This is what I did in my “.ini” file:

[HOME]
#You should specify home directory(s) here
#The home directory can be specified
#in two different ways, with alias or
#bare names without aliases. Using alias you
#can specify upto 8 directories like
#routers=c:/RouterImages/Images
#without alisas, only one directory can
#be specified, which will become root
#directory for tftp
#mixup of bare names and aliases not allowed
/home/fadil/tftpserver

….

#Next are the file operation permissions
#Clients can only read files if read is
#set to Y, default is Y
read=Y
#Clients can only create new files if write is
#set to Y, default is N
write=Y
#Clients can only overwrite existing files if
#overwrite is #set to Y, default is Y
overwrite=Y

IMPORTANT:
Make sure you only allow trusted clients to access your TFTP server (this is a good security practice). You don’t want everybody can connect to your TFTP server, right?! You can set the IPs of trusted clients under [ALLOWED-CLIENTS].

Then, move the “.ini” file to /etc.

2. Bring up the interface and assign an IP address to your router

You have to bring up the specific interface that you want your router to connect through, and assign IP address to that interface.

FirstRouter2507#config t
Enter configuration commands, one per line. End with CNTL/Z.
FirstRouter2507(config)#interface ethernet 0
FirstRouter2507(config-if)#ip address 192.168.0.100 255.255.255.0
FirstRouter2507(config-if)#no shutdown

3. Assign an IP address for your TFTP server. Make sure that your TFTP server’s IP and your router’s IP address are on the same subnet.

4. Connect your router and TFTP server with a cross-over cable (straight-through cable will do if your router supports smart MDI/MDI-X). For me, both cables work fine!

5. Ping the TFTP server from your router console. For example, my TFTP’s IP address is 192.168.0.101/24:


FirstRouter2507#ping 192.168.0.101

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

6. Execute the tftpserver. You go to tftpservermt directory. And execute (root privilege is needed) : ./tftpserver -v. You will see something similar like the following:

Starting TFTP...
alias / is mapped to /home/fadil/tftpserver/
listening on: 127.0.0.1:69
listening on: 192.168.0.101:69
permitted clients: all
server port range: any
max blksize: 65464
defult blksize: 512
default timeout: 3
file read allowed: Yes
file create allowed: Yes
file overwrite allowed: Yes
thread pool size: 1

Accepting requests..

Now we’re in business. Your tftp server is up and running. You can now back up, restore, or upgrade your router’s IOS or configuration.

From my router

FirstRouter2507#copy startup-config tftp:
Address or name of remote host []? 192.168.0.101
Destination filename [FirstRouter2507-confg]?
!!
1653 bytes copied in 0.236 secs (7004 bytes/sec)
FirstRouter2507#copy startup-config tftp:
Address or name of remote host []? 192.168.0.101
Destination filename [FirstRouter2507-confg]? jun3-2
!!
1653 bytes copied in 0.232 secs (7125 bytes/sec)

FirstRouter2507#copy tftp: ?
null: Copy to null: file system
nvram: Copy to nvram: file system
running-config Update (merge with) current system configuration
startup-config Copy to startup configuration
system: Copy to system: file system

FirstRouter2507#copy tftp: star
FirstRouter2507#copy tftp: startup-config
Address or name of remote host []? 192.168.0.101
Source filename []? FirstRouter2507-confg
Destination filename [startup-config]?
Accessing tftp://192.168.0.101/FirstRouter2507-confg...
Loading FirstRouter2507-confg from 192.168.0.101 (via Ethernet0): !
[OK - 1653 bytes]
[OK]
1653 bytes copied in 11.672 secs (142 bytes/sec)
FirstRouter2507#
00:17:39: %SYS-5-CONFIG_NV_I: Nonvolatile storage configured from tftp://192.168e
FirstRouter2507#

From the TFTP server

Starting TFTP...
alias / is mapped to /home/fadil/tftpserver/
listening on: 127.0.0.1:69
listening on: 192.168.0.101:69
permitted clients: all
server port range: any
max blksize: 65464
defult blksize: 512
default timeout: 3
file read allowed: Yes
file create allowed: Yes
file overwrite allowed: Yes
thread pool size: 1

Accepting requests..
Client 192.168.0.100:55470 /home/fadil/tftpserver/FirstRouter2507-confg, 4 Blocks Received
Client 192.168.0.100:58299 /home/fadil/tftpserver/jun3-2, 4 Blocks Received
Client 192.168.0.100:51063 /home/fadil/tftpserver/FirstRouter2507-confg, 4 Blocks Served
Client 192.168.0.100:57338 /home/fadil/tftpserver/FirstRouter2507-confg, Client 172.16.10.1:57338, Error Code 0 at Client, Session terminated
Client 192.168.0.100:54148 /home/fadil/tftpserver/FirstRouter2507-confg, 4 Blocks Served
Client 192.168.0.100:49507 /home/fadil/tftpserver/FirstRouter2507-confg, 4 Blocks Served

About these ads

7 Responses to “How to set up a TFTP Server for your Cisco routers”

  1. Rick Says:

    I keep getting this error could you help me out?

    root@ricardo-desktop:/home/ricardo/Desktop/tftpserversp# ./tftpserver -v
    TFTP Server SinglePort Version 1.55 Unix Built 1551

    127.0.0.1 Port 69, bind failed, Address already in use
    192.168.1.168 Port 69, bind failed, Address already in use
    10.45.9.212 Port 69, bind failed, Address already in use
    no listening Interfaces available, stopping…

  2. fadils Says:

    Hi Rick,

    From the following:
    127.0.0.1 Port 69, bind failed, Address already in use
    192.168.1.168 Port 69, bind failed, Address already in use

    the first thing comes into my mind is that there is an application that is using port 69 Maybe another tftp application is already running in the background and you now are trying to run tftpserver.

    Also make sure that your firewall allows access to port 69, even though if this is the case there will be no “address already in use”.

    What are u using linux or windows? If you tell me maybe I can help more…

    Hope this helps.

    Fadil

  3. Pranav Says:

    TFTP Server on Fedora Core 9 : Don’t forget to disable FireWall on Fedora Core.

    • fadils Says:

      Mmhh.. not really. If you have another firewall besides the iptables, then turning your iptables off is OK. But if you turn your iptables off, and you don’t have another firewall, it ends up by being no firewall at all. You’re getting into a risky business here. So, if you don’t have a firewall but iptables, then configuring it to suit tftp application is better. Thanks for visiting my blog.

  4. muh sirojul munir Says:

    I have same problem
    root@ppin-msmunir2:/opt/tftpservermt # ./tftpserver -v
    TFTP Server MultiThreaded Version 1.58 Unix Built 1580

    202.46.3.71 Port 69, bind failed, Address already in use
    no listening interfaces available, stopping..

    root@ppin-msmunir2:/opt/tftpservermt #

    I tried to know the process related with tftp

    root@ppin-msmunir2:/opt/tftpservermt # ps -aux | grep tftp
    Warning: bad syntax, perhaps a bogus ‘-’? See /usr/share/doc/procps-3.2.7/FAQ
    root 26684 0.0 0.0 976196 1424 ? Ssl 06:04 0:00 ./tftpserver
    root 26785 0.0 0.0 4064 752 pts/4 S+ 06:04 0:00 grep tftp
    root@ppin-msmunir2:/opt/tftpservermt #

    After I known, I kill the PID :
    root@ppin-msmunir2:/opt/tftpservermt # kill 26684

    I run it again :
    root@ppin-msmunir2:/opt/tftpservermt # ./tftpserver -v
    TFTP Server MultiThreaded Version 1.58 Unix Built 1580

    starting TFTP…
    alias / is mapped to /home/msmunir/Download/
    permitted clients: 202.46.3.72-255.255.255.224
    server port range: 30000-30010
    max blksize: 65464
    default blksize: 512
    default timeout: 3
    file read allowed: Yes
    file create allowed: No
    file overwrite allowed: No
    thread pool size: 95
    listening on: 202.46.3.71:69

  5. lvlo Says:

    TFTP Server SinglePort Version 1.58 Unix Built 1580

    starting TFTP…
    alias / is mapped to /tftpboot/
    permitted clients: 10.0.10.10-10.0.10.100
    max blksize: 512
    default blksize: 512
    default timeout: 1
    file read allowed: Yes
    file create allowed: Yes
    file overwrite allowed: Yes
    listening on: 10.0.10.10:69

    Accepting requests..
    Client 10.0.10.10.50:58059 /tftpboot/c2950-i6k2l2q4-mz.121-22.EA13.bin, Error 3 at Client, Buffer overflow
    Client 10.0.10.10.50:55661 /tftpboot/c2950-i6k2l2q4-mz.121-22.EA13.bin, Error 0 at Client, Session terminated
    Client 10.0.10.10.50:54294 /tftpboot/c2950-i6k2l2q4-mz.121-22.EA13.bin, Error 3 at Client, Buffer overflow

    I’ve changed the block size, and the timeout value to smaller value; however, I don’t know what the problem is. Any thoughts?

    Thanks in advance!

  6. Gururaj Says:

    I get the similar error message on running the tftp server:
    Can somebody help me in this?

    Error:
    ====================
    [root@PMTU-Client tftpserversp]# ./tftpserver -v
    TFTP Server SinglePort Version 1.62 Unix Built 1621

    0.0.0.0 Port 69, bind failed, Address already in use
    no listening interfaces available, stopping..
    ====================
    my tftpserver.ini
    ====================
    #It should be edited and moved to /etc directory
    #unless overridden by -i flag
    #Anything starting with punctuation would be comment
    #comment ‘ should be removed in front of sample values if used/changed

    #IMPORTANT WARNING Never Edit this file using Windows Editor

    [LISTEN-ON]
    #if you have more than one NIC card on your server
    #can specify which cards/ports will listen TFTP requests
    #Specify the Interface you would like server to listen
    #default listening port is 69, but can be overridden here
    #listening on ports less than 1024 needs root account
    #upto 8 interfaces can be specified
    #Default is All Interfaces
    ’7.7.7.1:69

    [HOME]
    #You should specify home directory(s) here
    #The home directory can be specified
    #in two different ways, with alias or
    #bare names without aliases. Using alias you
    #can specify upto 8 directories like
    #routers=c:/RouterImages/Images
    #without aliases, only one directory can
    #be specified, which will become root
    #directory for tftp.
    #mixup of bare names and aliases not allowed
    #default will be home directory of user
    ‘/root/Tools

    [LOGGING]
    #Logging is done to SYSLOG,
    #Logging will be done only if run as Service (without -v flag)
    #default is None
    #Logging “All” is resources intensive, should not be normally used.
    ‘None

    [ALLOWED-CLIENTS]
    #These are permitted clients for TFTP Access.
    #Hosts having IP address within these ip ranges
    #only will be responded to DNS requests.
    #32 hosts or 32 ranges can be specified.
    #If none is specified, then all are allowed

    [TFTP-OPTIONS]
    #First option is username (login), this is the user, who
    #will be owner of process, the process can be started as
    #privileged user and after opening privileged ports,
    #would run as this user. This user would be owner
    #of new files put to server. When overwriting files,
    #this user should have write access and for reading
    #files, this user should have read access to the files.
    username=root

    #next is default timeout per interval
    #if not overridden by client
    #min is 1, max can be 255, default is 3
    ‘timeout=3

    #Next is max block size, allowed
    #on client request. Max is 65464
    #if not overridden by client
    #it is always 512
    ‘blksize=65464

    #Next are the file operation permissions
    #Clients can only read files if read is
    #set to Y, default is Y
    ‘Read=Y
    #Clients can only create new files if write is
    #set to Y, default is N
    ‘Write=Y
    #Clients can only overwrite existing files if
    #overwrite is set to Y, default is N
    ‘Overwrite=Y

    (END)
    =============================
    I tried changing the port number from “7.7.7.1,69″ to “7.7.7.1,70″ but it does not help. I did not find any tftp processes when I did ps -aux | grep tftp.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: