Configuring TFTP on Centos to backup Cisco ASA / IOS

Setting up TFTP on CentOS is actually very trivial (excuse the pun)! I find it useful for backing up config from network devices such as my Cisco ASA.

Install tftp:
yum install tftp-server
chkconfig tftp on
service xinetd restart


By default the tftp root is at /tftpboot/ . Unfortunately if you want to make this fully writeable you will have to 777 it. Also create a subdirectory to house your device config:

chmod 777 /tftpboot/
cd /tftpboot/
mkdir cisco
chmod 777 cisco

You will probably need to create the config file that the cisco device is going to upload, otherwise you will encounter a “No such file or directory” error when backing up:

cd cisco
touch running-config
chmod 666 running-config

You will need to add add a rule to allow the tftp traffic through (port 69 UDP). I would recommend restricting the TFTP access in the firewall only to devices that need it. Depending on your iptables config, it will be along the lines of:

iptables -A RH-Firewall-1-INPUT -s 192.168.1.1 -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
service iptables save
service iptables restart

Now, you can save your running config via the Cisco ASDM GUI using the ipaddress of the tftp server and the subdirectory/filename that you created. Or via IOS command line it would be along the lines of:


MY-ASA# enable
MY-ASA# copy running-config tftp:

Source filename [running-config]?
Address or name of remote host []? 192.168.1.150
Destination filename [running-config]? /cisco/running-config
Cryptochecksum: 65f9d675 72d0306a 183821ba 27b133ef
!!!
9448 bytes copied in 1.580 secs (9448 bytes/sec)

You can leave a response, or trackback from your own site.

Leave a Reply