When upgrading Cisco devices to a new IOS version, installing a new device into your environment or recovering a device that no longer boots, it is necessary to have some way to get an IOS image loaded onto a Cisco router or switch. There are various methods which can be used, including:
- copying the image onto a router's Compact Flash on a PC with a USB card reader
- transferring the image to a router via USB storage
- copying the image over the Console port using XMODEM
- copying the image over the network using TFTP
This article will focus on the latter.
The content in this article is based on the Cisco 1841 Integrated Services Router, however the procedure can be applied to a variety of switch and router models. Any router or switch running an IOS image which supports the command tftp-server can be used to serve an IOS image to other devices. If your device or IOS version does not support this command you will not be able to follow this procedure.
Usually an IOS image would be copied from a network server running TFTP, however it is also possible on many router and switch models to configure a built-in TFTP server to provide their IOS image from flash to other devices. This can ease the process of getting matching IOS versions onto multiple devices, when one device is already running the desired version.
Source Device Configuration
Login to the router or switch and enter privileged EXEC with the command enable.
List the contents of the flash memory with the command dir flash: and establish which file is the IOS image you want to make available for other devices to download. This will usually have a .BIN extension - in this case c1841-advsecurityk9-mz.124-9.t.bin.
The router or switch providing TFTP services must have access to the IOS image that will be copied to the new device, usually stored within its own flash memory. This process will usually be used to copy that device's current running IOS image to another device and so it is necessary to ensure that both routers or switches are the of same model, or are each compatible with that IOS image and version.
Enter global configuration mode from privileged EXEC with the command configure terminal.
Enter the command tftp-server followed by the path to the file you want to make available. This will usually be the filename found in the dir flash: output, prefixed with flash:.
Exit out of global configuration mode back to privileged EXEC with the command end and save the updated configuration with the command write memory.
While saving the configuration change at this point isn't necessary, it prevents the need to repeat the changes should this router be rebooted. Changes made to the configuration take effect immediately regardless of whether the configuration has been saved to NVRAM.
You can verify which file(s) are configured to be served up via TFTP from privileged EXEC with the command show running-config | include tftp-server which will display all entries from the current running configuration that include the string "tftp-server".
The TFTP protocol does not include mechanisms for authentication and any files served up by TFTP will be available for download by any TFTP client with network access to the source device. While the IOS image will not contain sensitive data, other files on your router or switch may do, such as the startup configuration. Use caution when making files available via TFTP and remove this configuration when it is no longer needed. See below under Optional Parameters for additional configuration to limit which devices can download files via TFTP.
To remove the configuration after the needed files have been downloaded, enter into global configuration mode and repeat the previous tftp-server configuration command with the prefix no. Remember to issue the command write memory when you are back in privileged EXEC to save the change.
You can again run show running-config | include tftp-server to verify that there are no other files being made available via TFTP.
The steps to download the IOS image on the destination device will depend on whether that device is currently running a version of IOS or is booted into ROM Monitor. These will be the topic of a future article.
In global configuration mode, suffix the tftp-server command with ? to view the list of optional parameters supported by your IOS version.
Use an IP access list or IP expanded access list to restrict which network devices can download from this TFTP server. This will be the topic of a future article.
An alias can be used to represent a long and complex filename with a shorter, simpler alternative for convenience when downloading files. Use with the tftp-server command by entering tftp-server <file> alias <alias> at in global configuration mode.
The file can now be downloaded on another device by its alias ios.bin.
The filename of the IOS image on a router or switch in flash memory does not matter. It is best practice to retain the full filename to identify an IOS image by router model, feature set and version, however it is possible to determine this by issuing the command show version from a privileged EXEC once the device boots into IOS.