TFTP and IOS file permissions

Unanswered Question
Dec 12th, 2007

Hello All,

I am trying to put/get files from TFTP server to cisco switches.

Example setup

PC(TFTP Server)---Switch

I was able to get files from the switch by configuring access list for the required file.

access-list 50 permit any

tftp-server flash:<file> 50

However, I am not able to put/restore the file back from the PC to switch. I am receiving permission denied error.


Is there any additional configuration required on cisco devices?

Thanks in advance your time and help


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.7 (3 ratings)
padramas Wed, 12/12/2007 - 21:38

Hello Brad,

I am not in the switch. I am trying TFTP commands from the PC to the switch.

ccbootcamp Wed, 12/12/2007 - 22:20

I don't think you can do that. If you are going to transfer files TO the switch via TFTP, you have to do the "copy" command on the switch.


(please rate the post if this helps!)

padramas Thu, 12/13/2007 - 09:39

Thanks for your response.

1.What is the exact mechanism that prevents uploading a file on to the switch flash memory ?

2.Is there any other mechanism ( like FTP,rcp) by which we can transfer files if tftp is blocked for security concerns ?

Richard Burts Thu, 12/13/2007 - 10:14


Cisco IOS supports multiple protocols to transfer files (ftp, rcp, scp, tftp). The issue is not so much what protocol you are using but is where the transfer is initiated. You can do the file copy when you initiate the copy from the router using any of these protocols. But IOS is not willing to accept a file transfer which it did not initiate.

[edit] after posting my response I read the thread again and I believe that I misunderstood what we were talking about. You had originally configured the switch to function as a TFTP server (tftp-server flash: 50 makes the switch function as a server) and then from the PC you were able to perform a GET to transfer the file from the switch to the PC. And now you are trying to reverse the process and do a PUT. But the implementation of TFTP server in the IOS is not a full implementation. The TFTP implementation in IOS will send a file when remotely initiated but will not receive a file when remotely initiated. If you have a session on the switch you can use TFTP (or FTP, RCP, or SCP) and transfer from the PC to the switch. But you can not remotely initiate a copy TO the switch.



padramas Thu, 12/13/2007 - 10:37


Thanks for the detailed explanation.

I was to trying to backup/restore config of cisco devices from a single workstation(Without logging into each device).However, with the IOS restrictions in place, is there any other alternative to achieve this requirement?(like any third party utility)



Richard Burts Thu, 12/13/2007 - 10:50


Yes there are alternatives. There are utilities such as CiscoWorks that should be able to initiate config backup and restore. I have read of people who create perl scripts to accomplish tasks like this. The common aspect of these is that they all access the remote switch and actually initiate the transfer from the switch.




This Discussion