Live Problem and Solution

Yesterday one of my old students now working in Bangalore called me for a help. The problem is this. He needs to backup the configuration of a voice gateway router situated in UK to the PC in Bangalore. He started TFTP server in his PC accessed the router via telnet. While issuing the “copy running-config tftp” he got the error message says router 'can’t access the tftp server.'

See the mailed result

2851BR5A_01#copy running-config tftp:Address or name of remote host []? 25.91.170.125Destination filename [2851br5a_01-confg]?Writing 2851br5a_01-confg%Error writing tftp://10.91.170.157/2851br5a_01-confg

Here the problem is in his path to TFTP server there may some firewalls blocking his TFTP traffic. Most of firewalls will block TFTP traffic (port 69) but allow FTP traffic. To confirm the problem we can traceroute to the TFTP port for that issue the command from privilege mode.

2851BR5A_01#traceroute 25.91.170.125 port 69

Traceroute result of TFTP

2851BR5A_01#traceroute 25.91.170.125 port 69
Type escape sequence to abort.Tracing the route to 25.91.170.125
1 25.255.120.19 0 msec 0 msec 0 msec 2 25.255.127.75 0 msec 0 msec 0 msec 3 25.216.58.89 4 msec 0 msec 0 msec 4 25.212.37.93 204 msec 204 msec 200 msec
*
*

Traceroute result of ftp

2851BR5A_01#traceroute 25.91.170.125 port 20
Type escape sequence to abort.Tracing the route to 25.91.170.125
1 25.255.120.19 0 msec 0 msec 0 msec 2 25.255.127.75 0 msec 0 msec 0 msec 3 25.216.58.89 4 msec 0 msec 0 msec 4 25.212.37.93 204 msec 204 msec 200 msec 5 25.212.37.94 244 msec 296 msec 204 msec 6 25.91.160.5 296 msec 232 msec 296 msec 7 25.91.170.125 264 msec 348 msec 312 msec

(NOTE here tftp traffic is being dropped while ftp traffic is permitted by firewalls)


If we got message form the same ip like “25.91.170.125 264 msec 348 msec 312 msec” there is no filtration. But in this case the problem is with firewall.

The solution

There may be many solutions to this problem. Some solutions came into my mind I told him.

call his top level administrator and tell him to allow his TFPT traffic. (its not a good solutions since TFTP is not a secure protocol unlike FTP)
Use a FTP server instead of TFTP server
Use a TFTP server in the same LAN of the voice gateway or before the firewall.
Back up the Startup configuration file from NVRAM to Flash memory of the same router.

Solution 1 &3 doesn’t need much explanation

Explanation of solution 2

Down load and install a ftp server in local LAN in Chennai. Create one user in ftp application for example username is cisco with password cisco

In router create the same ftp user using the command

ip ftp username ciscoip ftp password 0 cisco

then issue the command “copy running-config ftp”
OR “copy running-config ftp://cisco:cisco@10.91.170.157/”

Explanation solution 4
If we have enough flash size we can backup configuration in flash itself. In copy command if we didn’t specify destination location the default location is in flash.
We can use command “copy run configbackup” for this solution.
He used the second solution and now he using ftp instead of TFTP. Remember even if TFTP is faster than FTP its not secure.


Reneesh A
CICSO Faculty
IPSR Kochi

Why study CCNA@IPSR

• Best CCNA Training in Kerala.
• Produced 350 CCNAs
• One of the best labs in Kerala for CCNA
• ISR with advanced security IOS & SDM
• Best faculties with industry experience
• Personal monitoring and interaction with instructor
• High Quality Training, which guarantees certification
• Personal individual support and guidance
• Expert interaction from highly qualified and experienced faculty.
• Highest level quality education at an affordable and reasonable price
• Focus on high quality training rather than on cosmetic appearance
• Real time environment
• Real VPN, Leased line & PSTN
• Exposure with public servers
• Fully illustrated LAB WORKBOOK
• Exclusive Practice Question Paper sets
• Mock interview and Mock exam
• Router simulations for your homework
• Free unlimited post-course tech support
• Fast Track Batches
• Placement Assistance
• Installment facility
• Free training on network tools for those who successfully completing the course
• Site to site VPN
• Syslog Server
• Cisco Secure Access Control Server (ACS)
• Cisco Remote VPN Client
• Cisco SSL VPN Client
• Radius server

FDP for CISCO Team@ipsr

The Faculty Development Programme for the CISCO Team will be held at IPSR Kottayam today. The day-long session will be engaged by Winny Thomas, our Routerdome Consultant who is a reputed Security Expert.

3rd and 4th RHCSS@ipsr

IPSR has now created two more RHCSS making it a total of 4 RHCSS from IPSR, the world's best linux training provider. The two new RHCSS are Vijayanand K V and Sarath Sasendran. Sarath Sasendran is also part of Team Linux, our 18-member Certified Faculty Team.

31st and 32nd CCNA Bootcamp@ipsr

The 31st and 32nd CCNA Bootcamp starts simultaneously on March 16th at IPSR Kochi and IPSR Calicut at an unbelievable offer of Rs. 5000/-. The training duration is 15 days. The 30th CCNA Bootcamp is going on at IPSR Kottayam.
CCNA at IPSR

• We have a CCNA Bootcamp almost every 2 weeks.
• We have conducted 3 CCNP Bootcamps.
• We are starting our 3rd CCIE Batch.
• We have produced 750 CCNAs.
• Real Environment Labs

For more details talk to our Course Director at +91 94472 94635.

3rd CCIE Batch@ipsr

IPSR Calicut will start 3rd CCIE Batch on March 30th. For more details about the course talk to our Course Director at +91 94472 94635.

30th CCNA Bootcamp@IPSR

CCNA Bootcamps at ipsr Kochi, Calicut and Kottayam starts on March 11, 15, 30 at an unbelievable offer of Rs. 5000/-. The training duration is 15 days.
The CCNA batch which starts tommorrow at Kottayam will be the 30th CCNA Bootcamp. The 31st and 32nd Bootcamps will start on March 15th in Kochi and Calicut respectively.
For more details talk to our Course Director at +91 94472 94635.

RHCE Boot Camps starts on 16 March 2009

Starting Date: 16th March 2009 & 20th April
Location : Kochi
Pre requisites
Students who have one or more years of experience in any operating system preferably Linux Students who are confident and committed enough to complete within a week.
If you have any doubts talk to to our Course Director at +91 94472 94635.

For Foreign Nationals
One Week: (10 hours per day for 6 Days) - 1000 $
This will includes Hotel Accommodation / Homestay (Minimum Three Star) with Complementary Breakfast, RHCE training with Redhat Courseware, Pick Up and Drop from nearest Airport and 4 hours Boating in Kerala Back waters.

For Students in India
Fees: Rs. 8000/-
Duration: 6 days(Full Time)
Exam fees : Rs.12,500/-

Winny Thomas, Ace Security Researcher is Routerdome Consultant

Winny Thomas has been a consultant for ipsr Penguin Planet(Redhat Division) and Router Dome (Cisco Division) right from its inception. Winny is Cisco Certified CCIE Security, CCIE #23720 making him join an elite rank of security specialists. There are approximately only about 2000 people in the world who have this prestigious certification. Winny has also worked for CISCO in their Offshore Development Centre.
Primarily a security researcher, he has worked for Nevis Labs and HCL and is now handling independent assignments as a Security Consultant. He has been credited with independently discovering a number of vulnerabilities in various applications including a vulnerability in the windows operating system. The Real Labs at ipsr Routerdome are his brainchild. We hope that his guidance will help us achieve never-before heights!

Eldho becomes 2nd RHCSS

ipsr Kochi student Eldho became the 2nd RHCSS from ipsr after Reji Cyriac. This makes him one out of 50 in South Asia. no mean Achievement indeeed. Our 19 other students who have cleared independent RHCSS modules will soon follow. Justin is the latest in the list. All the best!