Trivial File Transfer Protocol

TFTP is a protocol that allows data files to be transferred from one device to another using the connectionless protocol, UDP. TFTP uses UDP port number 69.

TFTP is typically used in environments where bandwidth is not a major concern and IP packets that are lost can be re-sent by the higher layers (typically the application layer). TFTP has little security. In fact, the only way to provide security to TFTP transfer is by defining (on the TFRTP server) the directory on the host TFTP device and the filenames that will be transferred. The following numbered list outlines the main components of TFTP:

1. TFTP has no method to authenticate a username or password; the TFTP packet has no field enabling the exchange of a username or password between two TCP/IP hosts. TFTP communication or data transfer is actually transferred between two UDP port values, a source and destination UDP port number.

2. TFTP directory security (configurable on UNIX and Windows platforms) on the TFTP server is accomplished by allowing a predefined file on the server access to the file to be copied across. This allows the remote hosts to TFTP the file from the remote TFTP client. For example, to copy a configuration file from a Cisco router to a UNIX or Windows host, the file must be predefined on the TFTP server with the appropriate access rights defined. Security is reliant on the application and not the operating system. For example, the TFTP server daemon does not ship on Windows-based platforms and hence you need a third-party application.

Upgrading Cisco IOS images is a great example of a situation in which TFTP is useful; Cisco IOS images can be downloaded from a TFTP server to the Cisco router's system flash.

Cisco no longer offers a free TFTP application protocol, but the following URL provides some alternatives: products_tech_note09186a00801f7735.shtml#locate

The Cisco TFTP Client Software no longer is available to the public. It was used to transfer software image files from a PC to your device, such as a router or switch. The favorite TFTP software of this author can be downloaded for free from 3Com's website:

Now, configure the Cisco application software, Cisco TFTP, to enable a Cisco router to download a version of Cisco IOS code.

Figure 2-1 displays the available options when configuring the TFTP application software.

Trivial File Transfer Protocol 115

Figure 2-1 Cisco TFTP Application Software Options

Figure 2-1 Cisco TFTP Application Software Options

The TFTP directory in Figure 2-1 is defined as c:\tftpboot. On the host TFTP server (in this case, a Windows 2000 PC), the Cisco IOS images reside in the tftpboot directory at c:\tftpboot. This download directory option is a configurable option, and you can select any valid directory on the host TFTP server.

The file is located in the tftpboot directory. In this example, the Cisco IOS image is named c2600-js-mz.121-5.T10.bin.

To copy a Cisco IOS image from a TFTP server, the Cisco IOS command is copy tftp flash. Example 2-6 displays a TFTP request for the file c2600-js-mz.121-5.T10.bin from a TFTP server with an IP address of

Example 2-6 TFTP File Transfer R1#copy tftp flash

Address or name of remote host []? Source filename []?c2600-js-mz.121-5.T10.bin

Destination filename [c2600-js-mz.121-5.T10.bin]? c2600-js-mz.121-5.T10.bin Erase flash: before copying? [confirm]Y

Erasing the flash filesystem will remove all files! Continue? [confirm]Y Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee eeeeee ...erased Erase of flash: complete

Loading c2600-js-mz.121-5.T10.bin from (via Ethernet0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Example 2-6 TFTP File Transfer (Continued)

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 11432808/22864896 bytes] Verifying checksum... OK (0xBC59)

11432808 bytes copied in 106.126 secs (107856 bytes/sec) R1#

The file (c2600-js-mz.121-5.T10.bin) is successfully copied and placed on the flash system on Router R1. The only two mechanisms for security permitted with TFTP are predefining the filename and directory on the TFTP server. TFTP has no mechanism for checking the username and password. On a UNIX server that has the TFTP server daemon installed, the file to be copied must have the appropriate access rights. In UNIX, the touch command is used to allow a TFTP request by setting access rights appropriately. For a Windows-based platform, the software must be configured to permit file creation on the Windows-based file system.

For Windows TFTP applications such as Cisco TFTP (retired) and the 3Com TFTP server, the software does not have this option of access rights and hence can be less secure because any files can be loaded and downloaded.

FTP, on the other hand, is a connection-based protocol, where username and password combinations (in clear text) are used to authorize file transfers.

0 0

Post a comment