How to use a Cisco router as a tftp server
How to use a Cisco router as a tftp server
In some cases you can use a router to perform the functions of a tftp server, but it is necessary to take into account the functions performed by the computer and only use these tools or facilities where necessary.One case where you can use this function when you need to update multiple routers via a slow link WAN or Internet as in a branch or remote site
Use a Cisco router as a tftp server
In situations like this, it is possible to upgrade from a remote computers and then set it as TFTP server to upgrade the rest, so it is optimizing the use of slow network links. The necessary commands are:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#tftp-server flash:c2600-ik9o3s-mz.122-12a.bin Router1(config)#end Router1#
It is important to know that this router a tftp server is not 100% functional, ie only works for file downloads, you can not use it to upload files. However, it is possible to use the tftp server to load than the IOS files and download files to non-cisco. It is also important to be aware that enable a new service like tftp involves security issues that could be exploited by an attacker.
Some authors recommend not to use tftp in routers, especially on computers that are connected to public networks, however you can use an access control list to prevent problems that jeopardize the security of the network.
Access control list used for the previous figure.
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#access-list 50 permit 172.25.1.0 0.0.0.255 Router1(config)#access-list 50 deny any Router1(config)#tftp-server flash:c2600-ik9o3s-mz.122-12a.bin 50 Router1(config)#end Router1#
This simple access control list allows all devices are on the 172.25.1.0/24 network to access the tftp server. As you can see, it is necessary to indicate the number of the access control list at the end of the tftp-server command. If you want to share more than one file from the server, you need to add more lines to the command tftp-server
As a special recommendation, it is suggested to activate this service for necessary, ie to complete the process of renovation is recommended to disable the service.
0 Comments:
Post a Comment