Cisco has always support tftp, ftp and scp for images copying. By execution of the cli cmd
"copy ? " You can see the available options;
SOCPUP01#copy ?
/erase Erase destination file system.
/error Allow to copy error file.
/noverify Don't verify image signature before reload.
/verify Verify image signature before reload.
bs: Copy from bs: file system
cns: Copy from cns: file system
flash: Copy from flash: file system
ftp: Copy from ftp: file system
http: Copy from http: file system
https: Copy from https: file system
logging Copy logging messages
null: Copy from null: file system
nvram: Copy from nvram: file system
rcp: Copy from rcp: file system
running-config Copy from current system configuration
scp: Copy from scp: file system
startup-config Copy from startup configuration
system: Copy from system: file system
tar: Copy from tar: file system
tftp: Copy from tftp: file system
tmpsys: Copy from tmpsys: file system
vb: Copy from vb: file system
xmodem: Copy from xmodem: file system
ymodem: Copy from ymodem: file system
The http and https options has always been option for image and file transfers, but most individuals do not use http for image upgrades. To use the http or https server daemon, you will have to enable this feature and set the http path to that of the source image location , which is typically bootflash/flash/disk0 or slot0 depending on the platform that the server is location on.
In this case we will experiment using a cisco 2960, and with copying a lanbase image to another 2960.
1st let look at the topology.
The switch acting as the server ( SOCDCSW1 ) has been setup with the following configurations after validation of the image path and directory;
And here's the http configurations that our client will use for accessing the http-server ;
Take note this config uses http, with no security, and local authentication for the http-users
And now you need to ensure that a "user" has been created & with the privilege 15 access.
Finally we can monitor the http sessions via the cli cmds
show ip http server status and show ip http server connection;
A client that want to download the image from the cisco http-server, would issues a copy command similar to this and by specifying the usernamed with the priv 15 access, he/she can now download the image directly from the http-server.
e.g
copy http://<username:passwword>@ip_address/path target-path
So in our example we are copying the image file to flash;
copy http://blog:blog@192.168.2.2/c2960-lanbasek9-mz.122-50.SE5.bin flash:
Keep these thoughts in mind;
- https would be preferred over http
- This solution might be more suited where you have acl restrictions preventing the usage of tftp or ftp ( almost all networks allow http or https traffic to some degree )
- This method is great when you have an existing device that can act as a http-server
- Or if your accessing a device remotely and need a emergency http-server for a quick fix action
- Or if you don't happen to have a scp server daemon installed on your local machine or notebook
Ken Felix
Freelance Network / Security Engineer
kfelix ----a---t---socpuppets ---d---o---t---com
^ ^
=( * * )=
o
/ \
No comments:
Post a Comment