Saturday, 12 April 2008

Cisco FTP deployment

Load doing a startup-config file from FTP is more secure than TFTP and RCP as these do not protect the configuration file by having a username and password to read the file so anyone can read the file and this poses a security risk.

So here is how to over come that using FTP. First you will need to setup the username and password for the device to use ie john-smith and password of Pass-word! Remember this is just an example I use far more complex usernames and passwords in my environments.

Central#config t
Enter configuration commands,one per line.End with CNTL/Z.
Central(config)#ip ftp usernamen john-smith
Central(config)#ip ftp password Pass-word!
Central(config)#exit

The next bit I'd just like to clarify you can use ether the copy or the erase that's why I have both there but really you can only use one at a time.

Central#copy/erase ftp:startup-config
Address or name of remote host[]? 14.2.9.1
Source filename[]? /cisco/central/startup-config
Destination filename[startup-config]?
Accessing ftp: //14.2.9.1/cisco/central/startup-config...
Erasing the nvram file system will remove all files! Continue?[confirm]
[OK]
Erase of nvram:complete
Loading/cisco/central/startup-config !
central-startup-config !
[OK-5516/1024bytes]
[OK]
5516 bytes copied in 4.364 secs
Central#

You can now issue the show startup-config to see if the configure you expect to see is there.

The FTP site you use to deploy the config file is best not just to have username and password but also to supplement this with IP security as well so only connection only from IP address of network devices you hold config files for are accepted.

No comments: