So suppose you want to copy startup-config files from your Cisco to your laptop running a virtual machine of Kali Linux, (Debian). Let us suppose further that your Cisco router/switch cannot do SSH otherwise, we'll just use scp which is safer, and does not need any further special configuration for Linux devices.
Here's how to do it:
- Make sure you have the Virtual Machine in Bridged Adapter to your WIndows 7 machine's ethernet adapter. I'm using virtual box so in my case, I have to create a bridged adapter first. In Virtuabox (not in the Guest OS or Virtual Machine's Window) click File >> preferences >> Network. Then under tha tabe Bridged Adapters, create at least one adapter. Then , in your Guest / Virtual Machine, click Machine >> Settings >> Network >> choose bridged (not NAT). After which, you need to do an ifdown eth0 and ifup eth0 inside your Kali / Linux OS console. ** Bridging will not work when you hav eport-security configured in the switchport where the computer is plugged. This is the case in most enterprise networks. If you are doing this inside your office and you are not getting a DHCP IP address, you better ask your network engineer/corporate IT if port-security is enabled.
- Install (if not yet installed) tftpd: apt-get install tftpd. If you are not using Kali Linux, you are most likely not root, so add "sudo" before the apt-get command.
- Once installed, configure inetd. Open /etc/inetd.conf with your favorite text editor (i.e. vi /etc/inetd.conf, or leafpad /etc/inetd.conf)
- Inside inetd.conf, there is a line there pertaining to tftp, uncomment (remove the # sign before it). Mine looks like the picture below. Note the encircled portion of the picture, that is the path to where tftp will put/get the files to/from.
- TFTP is an authentication-less file transfer using UDP packets. Thus, permissions must be configured properly for this folder. Using the above picture as an example, do chmod -R 777 /srv/tftp. Again, if you are not the root user, you may have to add the command "sudo" in front.
- Restart inetd: <sudo> killall -1 inetd, then to start it again, just type, inetd.
- Check that the tftpd service is installed. do lsof -i and you should see something like this (notice the tftp services listening on particular ports):
- You are now ready to use tftp. login to your cisco device telnet <IP address>. Then from your Cisco device, type copy startup-config tftp: specify the correct answer to all the following questions, then you will be faced with this error!
- That's because Linux TFTP servers will not allow anyone to write a file to its default location unless the filename exists and has proper permissions. Thus, to resolve this, you need to create the file, and give it permission 666, as per hte below picture.
- After that tftp is successful.
In this example., /srv/tftp is the default folder. You can change this. |
Results of lsof -i |
Cisco4#copy startup-config tftp:
Address or name of remote host []? 10.48.2.61
Destination filename [Cisco4-confg]?
TFTP: error code 2 received - 16739
%Error opening tftp://10.48.2.61/maphl2sw04-confg (Permission denied)
Cisco4#copy startup-config tftp:
Address or name of remote host []? 10.48.2.61
Destination filename [Cisco4-config]?
!!20645 bytes copied in 0.109 secs (189404 bytes/sec)
Cisco4#
**Note: tftp is an unsecure way to download upload files. Always use scp or sftp is you are given a choice.
No comments:
Post a Comment