http, tftp

acidsatyr

Hi,

can you upload files on cisco switch/router acting as http or tftp server?
Or is it that you can only download from them?

xenodamus

TFTP is used to backup IOS/config files as well as upload new ones to devices.

I don't think think that's a CCIE level topic, though....

Onefive

acidsatyr wrote: »

Hi,

can you upload files on cisco switch/router acting as http or tftp server?
Or is it that you can only download from them?

I've seen some devices allow you to download files via http and ftp, but tftp is the most common. As for the router or switch acting as a tftp or ftp server, I don't think IOS implements these features, and would be a huge security issue if they did. It could be useful if you wanted to setup some kind of a PUSH model in updating ios images or configs, but SNMP already allows you to do this in a much safer way.

acidsatyr

xenodamus wrote: »

TFTP is used to backup IOS/config files as well as upload new ones to devices.

I don't think think that's a CCIE level topic, though....

Going down that road, what is a CCENT doing in here then?

I've seen some devices allow you to download files via http and ftp, but tftp is the most common. As for the router or switch acting as a tftp or ftp server, I don't think IOS implements these features, and would be a huge security issue if they did. It could be useful if you wanted to setup some kind of a PUSH model in updating ios images or configs, but SNMP already allows you to do this in a much safer way.

Yeah, ios allows you to use router as http, https, tftp and ftp (older ios only) server.
What i tried today was to copy local config to cisco router using tftp, but i guess you can't use it to upload stuff only download.
anyway, thx

Bl8ckr0uter

Onefive wrote: »

but SNMP already allows you to do this in a much safer way.

Really? Everything that I have read has lead me to believe that doing any type of changes using SNMP is bad (Security is Not MY Problem). Care to elaborate?

Forsaken_GA

acidsatyr wrote: »

Yeah, ios allows you to use router as http, https, tftp and ftp (older ios only) server.
What i tried today was to copy local config to cisco router using tftp, but i guess you can't use it to upload stuff only download.
anyway, thx

I may not understand what you're trying to do, and it's probably obvious, but yes, tftp can upload and download. For example, I've sent images and configurations to remote servers running both ftp and tftp, and I've pulled images and configurations from the same. I've never tried to upload something like an image and then see if the http server portion will actually serve it though, could you elaborate on what it is you're trying to do that's not working?

Onefive

knwminus wrote: »

Really? Everything that I have read has lead me to believe that doing any type of changes using SNMP is bad (Security is Not MY Problem). Care to elaborate?

SNMPv1/2 would be just as insecure as ftp ( unless you were using ftp with TLS ). SNMPv3 on the other hand provides authentication, encryption, and more granular access restrictions.

Turgon

knwminus wrote: »

Really? Everything that I have read has lead me to believe that doing any type of changes using SNMP is bad (Security is Not MY Problem). Care to elaborate?

Check SNMP v3

Turgon

Onefive wrote: »

I've seen some devices allow you to download files via http and ftp, but tftp is the most common. As for the router or switch acting as a tftp or ftp server, I don't think IOS implements these features, and would be a huge security issue if they did. It could be useful if you wanted to setup some kind of a PUSH model in updating ios images or configs, but SNMP already allows you to do this in a much safer way.

IOS has supported a tftp server for quite sometime.

Turgon

acidsatyr wrote: »

Hi,

can you upload files on cisco switch/router acting as http or tftp server?
Or is it that you can only download from them?

You can upload and download files using IOS TFTP. Just be sure you have enough flash memory for the files.

Onefive

Turgon wrote: »

IOS has supported a tftp server for quite sometime.

Which versions of IOS have a tftpd? I know Cisco has a discontinued windows TFTP daemon, but I wouldn't suggest using that due to security issues.

Bl8ckr0uter

Onefive wrote: »

SNMPv1/2 would be just as insecure as ftp ( unless you were using ftp with TLS ). SNMPv3 on the other hand provides authentication, encryption, and more granular access restrictions.

I knew about SNMP v3 but the Net Engineers I spoke with about this basically said that even still it is very insecure (compared to an SSH or SFTP). Thanks for the clarification.

Turgon

Onefive wrote: »

Which versions of IOS have a tftpd? I know Cisco has a discontinued windows TFTP daemon, but I wouldn't suggest using that due to security issues.

The capability for a router to run as a tftp server has been there for a very long time. Historically it has been used to enable the copy of one IOS from a router to another.

How To Copy a System Image from One Device to Another - Cisco Systems

Onefive

Awesome. I didn't know that feature existed. There have been many times where that would have come in handy for me, I've always resulted in finding a Unix box to throw up hpa-tftpd.

acidsatyr

Yeah, i never paid attention to this since i never had to use it, and now I'm not sure if its possible or not, or maybe i'm just overlooking something.
So, we sometimes use to archive local router config via tftp/ftp to dedicated server using something like:
copy running-config tftp://10.1.1.1/archive/backup.config
(we don't really use this manually, we use snmp and EEM to do saves for us).

Now, when i tried to do the same thing when tftp server is a router, if fails, and says "I/O Error".
In other words it doesn't allow me to PUSH my config to router, only download. I don't have problem with pulling down config, for example
copy tftp://10.1.1.1/archive/backup.config flash://archive
Same with http.

So yeah i know the question might be silly, but i don't see why wouldn't i be able to PUSH the config to tftp, http router?
So can it be done, and what am i missing?

Thanks.

edit: so, again, to be clear, i'm not talking about setting up proper servers, i talking about using routers as tftp/http servers and then PUSHIN config from LOCAL router to them, not pulling it down.

tiersten

Think about what would happen if you could use TFTP which doesn't use any authentication to push router configs :P

acidsatyr

Ok ok, you are right; i was thinking more of ftp and HTTP which does require auth.
Can i push with HTTP?

tiersten

acidsatyr wrote: »

Ok ok, you are right; i was thinking more of ftp and HTTP which does require auth.
Can i push with HTTP?

The FTP server could let you upload files but not configs. However, there were a bunch of vulnerabilities in it and Cisco just ripped the whole thing out and its not longer present in new versions of IOS.

The HTTP server doesn't let you upload files or configs.

You're pretty much stuck with TFTP if you want to get files onto an IOS device.