Working with the Trivial File Transfer Protocol

Previous page
Table of content
Next page

PIX firewalls can save, restore, and install new images from Trivial File Transfer Protocol (TFTP) servers. TFTP servers enable clients such as the PIX firewall to save and read files, similar to the way in which normal FTP functionality allows clients to download and upload files on the Internet. Several TFTP programs are available on the market, and Cisco provides a simple TFTP server for free with the PIX firewall. Alternatively, the TFTP server can be downloaded from the Cisco Web site.

graphics/note_icon.gif

Images are typically operating system upgrades or PDM images needing to be uploaded to the PIX.


graphics/tip_icon.gif

A general TFTP command can be used to help make the other commands a little shorter.

The command is tftp-server [if_name] ip_address path and it enables you to enter the default TFTP server parameters used on other commands.


Upgrading OS Images

There are two methods of upgrading a new OS image to the PIX firewall. The first method uses the copy command or booting to monitor> mode.

The copy Command

This command is available on IOS versions 5.1 and 5.3 and above, and it is used to download images from a TFTP server to the firewall. The TFTP option of the command is for the location and path of the image, whereas the flash option determines whether it's an image or PDM software. The copy command's syntax is as follows : 

 copy tftp[:[[//location] [/pathname]]] flash[:[image  pdm]]
Table 4.14. copy Command Options

Option

Function

tftp

This option allows for the location and path of the image you want to download.

flash

This option enables you to specify which type of image you are downloading: an image for a new IOS or a PDM for Cisco's graphical user interface.

graphics/tip_icon.gif

Most Cisco IOSes use the copy command in one form or another. One of the most common problems when remembering the copy command syntax is the order of the parameters. An easy way to remember the order is the phrase, copy from to , or just CFT, which is alphabetical. This means copy from some location to some destination.


The following is the step-by-step process you would use to copy an image from a TFTP server to a PIX firewall. Figure 4.3 displays the networking layout, and Listing 4.11 shows the necessary commands. Follow these steps:

  1. Start the TFTP program on your server; this example uses 192.168.1.11 as the server.

  2. Enter the copy tftp flash command.

  3. At the prompt, enter the TFTP server IP addressfor example, enter 192.168.1.11 .

  4. At the prompt, enter the source filenamefor example, enter pix622.bin .

  5. Enter yes to continue. This starts the download of the image to the PIX firewall.

  6. Reload the PIX and enjoy your new OS!

Figure 4.3. TFTP diagram.

graphics/04fig03.gif

Listing 4.11 Copying from a TFTP Server 
 Pixfirewall# copy tftp flash Address or name of remote host []? 192.168.1.11 Source file name []? pix622.bin copying tftp://192.168.1.11/pix622.bin to flash:image [yesnoagain]? yes !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Received 1658880 bytes Erasing current image Writing 1540152 bytes of image !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Image installed pixfirewall#

Using Monitor Mode to Upgrade Images

In the past, using monitor mode was the only way you could upgrade your OS images. However, this process has now been replaced by the copy command. Follow these step-by-step instructions on how to upload an image in monitor mode:

  1. Start the TFTP program on your server; this example uses 192.168.1.11 as the server

  2. Restart your PIX by cycling power or using the reload command.

  3. Press Break or ESC to interrupt the flash boot and enter into monitor mode.

  4. Enter the interface you want to usefor example, enter monitor> interface 11 .

  5. Enter the interface IP addressfor example, enter monitor> address 192.168.1.1 .

  6. Enter the default gateway, if requiredfor example, enter monitor> gateway IP address .

  7. Test communication with the TFTP server using the ping commandfor example, enter monitor> ping 192.168.1.11 .

  8. Enter the TFTP server IP addressfor example, enter monitor> server 192.168.1.11 .

  9. Enter the image's filenamefor example, enter monitor> file pix622.bin .

  10. Begin the TFTP process by entering the keyword tftp .

  11. When the upload is done, enter y to copy the image to flash.

  12. Reload the PIX.

Listing 4.12 displays the monitor mode and TFTP steps needed to upload an image to your PIX.

Listing 4.12 Monitor Mode's tftp Command 
 monitor> interface 1 monitor> address 192.168.1.1 address 192.168.1.1 monitor> ping 192.168.1.11 monitor> server 192.168.1.11 server 192.168.1.11 monitor> file pix622.bin file pix622.bin monitor> tftp ..................................................................... Received 1658880 bytes Cisco Secure PIX Firewall admin loader (3.0) #0: Fri Jun 7 17:35:02 PDT 2002 Flash=E28F640J3 @ 0x3000000 BIOS Flash=E28F640J3 @ 0xD8000 Flash version 6.2.2, Install version 6.2.2 Do you wish to copy the install image into flash? [n] y Installing to flash Serial Number: 807082785 (0x301b1b21) Activation Key: 2d284af1 d032aa26 38b7db1f 70cfa8ee Do you want to enter a new activation key? [n]n Writing 1540152 bytes image into flash...

Previous page
Table of content
Next page
CSPFA Exam Cram 2 (Exam 642-521)
CCSP CSPFA Exam Cram 2 (Exam Cram 642-521)
ISBN: 0789730235
EAN: 2147483647
Year: 2003
Pages: 218
Authors: Daniel P. Newman
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
CISSP Exam Cram 2
High-Speed Signal Propagation[c] Advanced Black Magic
The Complete Cisco VPN Configuration Guide
Special Edition Using Crystal Reports 10
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy