Document ID: 17844
Updated: Jan 09, 2006
Contents
Introduction
Trivial File Transfer Protocol (TFTP) is used to transfer files to and from network devices.
Prerequisites
Requirements
Readers of this document should be experienced UNIX users who have access to the UNIX root account and System Management Interface Tool (SMIT) or System Administration Manager (SAM).
Components Used
The information in this document is based on these software and hardware versions:
-
IBM AIX 4.2 or IBM AIX 4.3
-
HP-UX 10.20 or HP-UX 11.0
-
Sun Solaris 2.6 or Solaris 2.8
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
Procedure for AIX
/etc/inetd.conf - smit
To access TFTP services from the SMIT access menu, follow this path:
From this point, you can manipulate various inetd
services. For further information on SMIT, refer to
IBM Technical
Documentation: AIX 4.3
.
When you issue the loadrev command or the getfwrev command, the WAN switch software expects the single alphabetic switch designation on the filename to be in uppercase and to reside in /usr/users/svplus/images/ipxbpx. To use the secure mode of TFTP, read the manual entry for TFTP daemon (tftpd) and note that /etc/tftpaccess.ctl needs to be maintained.
Verify Local TFTP
Use this method to verify the TFTP configuration by a TFTP to localhost:
cwm001% cd /tmp cwm001% tftp localhost tftp> bin tftp> get /usr/users/svplus/images/ipxbpx/9231G.img Received 784 bytes in 0.3 seconds tftp> quit cwm001% cwm001% ls -al 9231G.img -rw-r--r-- 1 svplus svplus 784 Feb 5 10:50 9231G.img cwm001% diff /usr/users/svplus/images/ipxbpx/9231G.img 9231G.img cwm001%
If the method above fails, a diagnostic message is provided to identify and solve the problem.
Verify File Permissions/Case
TFTP runs as the UNIX user nobody. Files must be readable by anyone, and all directories in the path must be searchable and readable.
cwm001% ls -al | more total 4144 drwxr-xr-x 2 svplus svplus 1902 Feb 6 15:44 . drwxrwxrwt 10 svplus svplus 2718 Feb 6 15:44 .. -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.000 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.001 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.002 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.003 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.004 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.005 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.006 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.007 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.008 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.009 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.010 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.011 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.012 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.013 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.014 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.015 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.016 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.017 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.018 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.019 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.020 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.021 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.022 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.023 -rw-r--r-- 1 svplus svplus 15148 Nov 29 1999 9230B.024 -rw-r--r-- 1 svplus svplus 784 Nov 29 1999 9230B.img -rw-r--r-- 1 svplus svplus 502944 Mar 29 2000 rel-9230.pdf cwm001%
Procedure for HP-UX
/etc/inetd.conf - SAM
From SAM, access Network Services from the Networking and Communications area:
The default settings for TFTP daemon (tftpd) are shown above. When you enable TFTP services, password entries are created for the TFTP user. See the HP-UX online manual entries (using the man xxxx command) for tftp(1) and tftpd(1M) for details.
When you issue the loadrev command or the getfwrev command, the WAN switch software expects the single alphabetic switch designation on the filename to be in uppercase and to reside in /usr/users/svplus/images/ipxbpx. To use the secure mode of TFTP, you must have the path name /tftpboot/usr/users/svplus/images/ipxbpx, and it cannot be a symbolic link. To achieve this, create the file hierarchy and place all switch software and firmware under /tftpboot. A symbolic link can exist pointing from /usr/users/svplus/images/ipxbpx /tftpboot/usr/users/svplus/images/ipxbpx.
Switch software can erroneously claim that it cannot communicate with the Cisco WAN Manager (CWM) workstation if the file name has a lower case character for the switch designation or if the file does not exist on the CWM workstation.
After /etc/inetd.conf has been modified, secure mode tftp resembles this:
# Before uncommenting the "tftp" entry below, please make sure # that you have a "tftp" user in /etc/passwd. If you don't # have one, please consult the tftpd(1M) manual entry for # information about setting up this service. tftp dgram udp wait root /usr/lbin/tftpd tftpd /tftpboot
The inetd process needs to be sent a HUP signal to force it to reread /etc/inetd.conf. For further details, refer to the HP-UX online manual entries for tftp(1) and tftpd(1M).
Verify Local TFTP
Use this method to verify the TFTP configuration by a TFTP to localhost:
cwm001% cd /tmp cwm001% tftp localhost tftp> bin tftp> get /usr/users/svplus/images/ipxbpx/9231G.img Received 784 bytes in 0.3 seconds tftp> quit cwm001% cwm001% ls -al 9231G.img -rw-r--r-- 1 svplus svplus 784 Feb 5 10:50 9231G.img cwm001% diff /usr/users/svplus/images/ipxbpx/9231G.img 9231G.img cwm001%
If the method above fails, a diagnostic message is provided to identify and solve the problem.
Verify File Permissions/Case
TFTP runs as the UNIX user nobody. Files must be readable by anyone, and all directories in the path must be searchable and readable.
cwm001% ls -al | more total 4144 drwxr-xr-x 2 svplus svplus 1902 Feb 6 15:44 . drwxrwxrwt 10 svplus svplus 2718 Feb 6 15:44 .. -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.000 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.001 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.002 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.003 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.004 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.005 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.006 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.007 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.008 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.009 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.010 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.011 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.012 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.013 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.014 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.015 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.016 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.017 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.018 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.019 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.020 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.021 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.022 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.023 -rw-r--r-- 1 svplus svplus 15148 Nov 29 1999 9230B.024 -rw-r--r-- 1 svplus svplus 784 Nov 29 1999 9230B.img -rw-r--r-- 1 svplus svplus 502944 Mar 29 2000 rel-9230.pdf cwm001%
Procedure for Solaris
/etc/inetd.conf
The default settings for TFTP daemon (tftpd) from /etc/inetd.conf looks like this:
# # Tftp service is provided primarily for booting. Most sites run this # only on machines acting as "boot servers." # tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd #
When you issue the loadrev command or the getfwrev command, the WAN switch software expects the single alphabetic switch designation on the filename to be in uppercase and to reside in /usr/users/svplus/images/ipxbpx. To use the secure mode of TFTP, you must have the path name /tftpboot/usr/users/svplus/images/ipxbpx, and it cannot be a symbolic link. To achieve this, create the file hierarchy and place all switch software and firmware under /tftpboot. A symbolic link can exist pointing from /usr/users/svplus/images/ipxbpx /tftpboot/usr/users/svplus/images/ipxbpx.
Switch software can erroneously claim that it cannot communicate with the CWM workstation if the file name has a lower case character for the switch designation or if the file does not exist on the CWM workstation.
After /etc/inetd.conf has been modified, secure mode tftp looks like below.
# # Tftp service is provided primarily for booting. Most sites run this # only on machines acting as "boot servers." # tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot #
The inetd process needs to be sent a HUP signal to force it to reread /etc/inetd.conf.
Verify Local TFTP
Use this method to verify the TFTP configuration by a TFTP to localhost:
cwm001% cd /tmp cwm001% tftp localhost tftp> bin tftp> get /usr/users/svplus/images/ipxbpx/9231G.img Received 784 bytes in 0.3 seconds tftp> quit cwm001% cwm001% ls -al 9231G.img -rw-r--r-- 1 svplus svplus 784 Feb 5 10:50 9231G.img cwm001% diff /usr/users/svplus/images/ipxbpx/9231G.img 9231G.img cwm001%
If the method above fails, a diagnostic message is provided to identify and solve the problem.
Verify File Permissions/Case
TFTP runs as the UNIX user nobody. Files must be readable by anyone, and all directories in the path must be searchable and readable.
cwm001% ls -al | more total 4144 drwxr-xr-x 2 svplus svplus 1902 Feb 6 15:44 . drwxrwxrwt 10 svplus svplus 2718 Feb 6 15:44 .. -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.000 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.001 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.002 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.003 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.004 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.005 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.006 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.007 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.008 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.009 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.010 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.011 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.012 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.013 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.014 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.015 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.016 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.017 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.018 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.019 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.020 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.021 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.022 -rw-r--r-- 1 svplus svplus 65536 Nov 29 1999 9230B.023 -rw-r--r-- 1 svplus svplus 15148 Nov 29 1999 9230B.024 -rw-r--r-- 1 svplus svplus 784 Nov 29 1999 9230B.img -rw-r--r-- 1 svplus svplus 502944 Mar 29 2000 rel-9230.pdf cwm001%
truss
When a tftp daemon is invoked, it is done so from inetd. After identifying which file is being looked for, the root tftpd process invokes a child tftpd process, which runs as the UNIX user nobody. Running the truss command against these processes provides details about what is happening. In the following example, a root tftpd process is trussed, and shows that it is trying to open the the nonexistent file, /usr/users/svplus/images/ipxbpx/9235B.img.
truss -fae -o /tmp/tftpd.truss -p 10748
Note: In this example, the process id of the root tftpd process is 10748.
# cat /tmp/tftpd.truss
10748: psargs: in.tftpd
10748: poll(0xEFFFDD88, 1, 60000) (sleeping...)
10748: poll(0xEFFFDD88, 1, 60000) = 1
10748: recvfrom(0, "\001 / u s r / u s e r s".., 516, 0, 0x000245C4, 0x00023BF0) = 50
10748: alarm(0) = 0
10748: so_socket(2, 1, 0, "", 1) = 3
10748: bind(3, 0x0002362C, 16) = 0
10748: fork() = 10754
10754: fork() (returning as child ...) = 10748
10754: setegid(60001) = 0
10754: seteuid(60001) = 0
10754: stat("/usr/users/svplus/images/ipxbpx/9235B.img", 0xEFFFFC88) Err#2 ENOENT
10754: setegid(0) = 0
10754: seteuid(0) = 0
10754: time() = 982191999
10754: write(4, " :8B0F7F\0\0\001\0020403".., 24) = 24
10754: llseek(0, 0, SEEK_CUR) Err#29 ESPIPE
10754: _exit(0)
10748: close(3) = 0
10748: poll(0xEFFFDD88, 1, 60000) (sleeping...)
10748: poll(0xEFFFDD88, 1, 60000) = 0
10748: kill(10749, SIGKILL) = 0
10748: llseek(0, 0, SEEK_CUR) Err#29 ESPIPE
10748: _exit(0)
#
Related Information
Open a Support Case 
(Requires a Cisco Service Contract.)
Related Cisco Support Community Discussions
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.