In the Cisco Switching, Routing and Wireless Essentials class I teach, one topic I cover is how to configure a switch or a router from a TFTP server. 

In most cases, people are familiar with the Cisco iOS command: configure terminal. This command allows you to enter switch configuration commands one line at a time from the terminal.

There is another format of this command that allows you to download a configuration file with configuration commands from a TFTP server then execute the commands in the file.  This is useful if you need to backup a configuration file or keep a skeleton configuration file that you use on various switches with minor modifications (e.g. changes to the switch IP address used for management purposes).

The lab that I have the students complete for this activity has the following steps:

1. Install a TFTP server on a Windows or Linux System
2. Create a configuration file with a text editor and store it on the TFTP server
3. From the switch, execute the config tftp command to download the configuration file and execute the commands it contains.

Installing the TFTP server on a Windows system will not be covered here. (In fact, it’s a pretty trivial matter. You can download a TFTP server app from SolarWinds, install it and be done with the whole shebang). Linux, on the other hand, requires a bit more “magic”.

Installing the TFTP server on Linux

Here are the steps I used to install a tftp server on Linux.

Step 1:  Either install the tftp-hpa server from the Ubuntu software center or use the command line as follows

sudo apt-get install tftpd-hpa

TFTP_USERNAME="tftp" 
TFTP_DIRECTORY="/srv/tftproot" 
TFTP_ADDRESS="0.0.0.0:69" 
TFTP_OPTIONS="--secure"

You should make the following changes (using an editor such as vi or nano) to this file:

• Leave the TFTP_USERNAME as tftp. The software expects this and adds this user to the /etc/passwd file.
• You can change the value of TFTP_DIRECTORY. The home directory of the tftp user is /svr so this value actually points to the /svr/tftproot directory as the directory where files will be stored for pickup by the clients.  I went ahead and created this directory and chmod’ed it so that it was owned by the user tftp and in the group tftp.
• You can leave the TFTP_ADDRESS value as is. This value defines that the IP address of the TFTP server will be the same as the system that hosts it and that it will use port 69.
• You should change the TFTP_OPTIONS value to

FTP_OPTIONS="--secure --create"

This will allow the server to create any needed files that do not exist when files are uploaded to the FTP server.

Step 3: When you have completed any modifications to the configuration file, restart the server from the command line by entering: 

sudo service tftpd-hpa restart

If the server can not be started without errors, the errors will be listed along with some instructions about how to see the conditions that are causing the errors. Most of the errors that occur are because of problems with the configuration file (e.g. misspelled on non-existent directories).

Testing Your Installation

It appears that the default install can only act as a server meaning files can only be downloaded to a client using the GET option.

To test your new TFTP server, on your Linux system, create a file (2 or three lines will do) using a text editor. Save this file in the directory specified in TFTP_DIRECTORY configuration parameter.

Then retrieve the file using TFTP. I tested this set up from a Windows workstation.

TFTP is not installed (by default) in Windows 10 so I had to go to control panel, select “Programs and Features” then check the box next to TFTP client.

One TFTP client was installed, I executed the following from the Windows command line. 

c:> tftp 192.168.0.119 get tftp.txt

192.168.0.119 is the IP address of the Linux system with the TFTP server installed. GET specifies that you are retrieving (getting) the file from the server and tftp.txt is the name of the file that is being retrieved.

If all is well, you will see a Transfer Successful message with the number of bytes that were transferred.

Sources:

• https://irfantechinfo.blogspot.com/2013/09/installing-tftp-server-on-ubuntu-1004.html
• https://linuxhint.com/install_tftp_server_ubuntu/
• https://www.ittsystems.com/setup-configure-tftp-on-windows-10/

Notes:

If the Domain profile (windows firewall) is ON, all requests from the client are blocked. 

If Windows Defender Firewall is ON, you can create a rule to allow TFTP to pass through the firewall as follows:

1. Open Control Panel (display small icons) and select Windows Defender Firewall
2. From the left column, select “Allow an app or feature through Windows Defender Firewall”
3. Click “Change Settings”
4. Click the button “Allow Another App” then scroll down and select “c:/Windows/System32/TFTP.EXE” as the program to allow through the firewall. 
5. Click “Network Type” and select the type of network (Domain, Private, Public) where you will allow the use of TFTP.
6. Click ADD and the TFTP program will be added to the list of program that are permitted by the Firewall.
7. Click OK

With this change, GET requests will work. PUT requests still fail with the error message “Connection Refused” (I’ll keep working on this!)