Recently we’ve been comparing using Telnet with Secure Shell protocol to allow remote access to a device such as a router or switch. Now, we’re going to compare File Transfer Protocol (FTP) and Trivial File Transfer protocol (TFTP) for a Cisco router or switch. These protocols can be used for managing the files that exist for back up purposes.
To begin, the Cisco Internet Operating System (IOS) has many options for saving files. When you look at the options with the copy command, you can see many different locations that your files can be saved. As shown in example 1, you can see all the copying options that are available to use.
Note: This display shows some of the most common options. These options may vary and are derived from the IOS version running on the device. You can see that it’s possible to copy to and from the device using TFTP and FTP.
You also may have learned that these protocols are different based on how they deliver files to their destinations. FTP uses Transport control protocol, which provides reliability and flow control that can guarantee that the file will reach its destination while the connection is established. TFTP uses User Datagram protocol which doesn’t establish a connection and therefore cannot guarantee that files to get to their destinations. When you compare these protocol on that basic difference, you may conclude that FTP will always be the better option due to its reliability. However, TFTP is a simpler protocol and the server uses less memory when supporting clients and can be a scalable solution for applications such as IP Telephony.
So with the basic differences established, let’s make a comparison between TFTP and FTP with our copy options. I will be using freeware applications that will serve the function of an FTP server and a TFTP server. Example 2 displays the main log page of SolarWinds TFTP server.
Example 3 displays FileZilla FTP server. If you don’t already know, FTP requires usernames with passwords for access to the device. We will see how this is important later.
These applications are necessary for the routers to act as a client device for the session. Additionally you will see in the next example, a test bed for comparison.
To copy the running configuration file to the TFTP server in the example you have to type the enable command, copy run tftp. This command is interactive, prompting you to enter the IP address of the TFTP server and the file name you want it to be when it arrives at the destination. If the command copy tftp run was entered, then a file can be merged with the running-config. There you will be prompted with specifying the IP address of the TFTP server, the file name on that server, and the file name you want it to be on this device (if copying to flash). Example 5 displays the file being sent to the TFTP server and how it can be viewed when it’s received from the router.
Here you can see that the file (RTR1.TXT) was successfully received on this device. Using this is important for backing up or upgrading files such as the startup-config, vlan.dat, SDM files, and even the IOS. Additionally, you may find that it is necessary to have a router act as a TFTP server for back up purposes. This is accomplished with the global configuration command tftp server <file system> <file name>. The following examples display how file can be used for delivery for TFTP.
This is useful in scenarios when redundant routers need to back up every option or function. By having routers backup one another’s IOS’s, or having a dedicated TFTP server, multiple layers of redundancy can be achieved.
Copying files using FTP is similar but requires more setup. Example 7 displays the configuration commands necessary for FTP.
As mentioned before, File Transfer Protocol uses usernames and passwords for setup. Therefore, routers or switches are required to have a username and password setup for FTP. This is done with the global configuration commands ip ftp username <username> and ip ftp password <password>.
If there is a requirement for the router to act in passive mode (meansingthe FTP server will provide the client a dynamic port that it will use for its data connection, as opposed to active mode where the client will provide the server the dynamic port to be used for the data connection), it can be enabled with the global configuration command, ip ftp passive.
Lastly for security purposes on the ftp server, it may have an IP filter or access list that specifies which IP address are allowed to connect. The command ip ftp source-interface <interface name> is used to specify which IP address can be used on the router, otherwise the router will select the IP address of the interface that connects in the direction of the server. Examples 8 and 9 illustrate how to configure the commands and how to verify its’ configuration.
With all of the set up in place, now you can copy a file to and from the FTP server as illustrated below.
As you can see, it does appear that it takes much longer to send this file than it took the file earlier when it was sent via TFTP. But if you were sending an extremely large file across a WAN or to a distant end location, you will find that FTP is more useful because of its window sizing and the sequence numbers that are used for reassembly and reliability.
Concluding, you can see the difference with using FTP and TFTP. Backup and upgrading files on IOS based devices can be achieved when these commands are used. Using these protocols are a neccesary skill that should be practiced by any technician or network engineer.
Author: Jason Wyatte