10-22-2008 07:19 AM
Hello,
We are having a problem with our newly upgraded CiscoWorks server. The problem is that when we try to push a new IOS image to one of our many routers or switches a tftp timeout occurs. But the timeout is server side and not device side. Telnet establishes with no problem to a switch, but when CiscoWorks tries to back up vlat.dat to the C:/PROGRA~1/CSCOpx/tftpboot/ directory we get %Error opening tftp://10.1.14.5/C:/PROGRA~1/CSCOpx/tftpboot/rep_sw_775180948730410997 (Timed out)
Details:
Job Results
Trying to backup flash:vlan.dat from the device using TFTP
Copying flash:vlan.dat to C:/PROGRA~1/CSCOpx/tftpboot/rep_sw_775180948730410997 using TFTP.
Copying vlan.dat from flash to tftp://10.1.14.5/C:/PROGRA~1/CSCOpx/tftpboot/rep_sw_775180948730410997
Failed to import the image vlan.dat from device.
See C:\PROGRA~1\CSCOpx\files\rme\jobs\swim\2215\C2950-Amarillo-183_telnet.log for the output from the device on which the image transfer failed.
Image Copy Operation Failed
Output of C2950-Amarillo-183_telnet.log
C2950-Amarillo-183#
C2950-Amarillo-183#dir /all flash:
Directory of flash:/
2 -rwx 1048 Jun 20 2007 16:19:48 +00:00 multiple-fs
4 -rwx 836 Mar 01 1993 00:00:18 +00:00 vlan.dat
5 -rwx 3117954 Nov 08 2006 16:00:18 +00:00 c2950-i6q4l2-mz.121-22.EA8a.bin
6 -rwx 77 Jun 20 2007 16:19:48 +00:00 private-config.text
7 -rwx 279 Nov 08 2006 18:44:45 +00:00 env_vars
8 -rwx 4681 Jun 20 2007 16:19:48 +00:00 config.text
7741440 bytes total (4613632 bytes free)
C2950-Amarillo-183#
C2950-Amarillo-183#copy flash:vlan.dat tftp://10.1.14.5/C:/PROGRA~1/CSCOpx/tftpboot/rep_sw_775180948730410997
Address or name of remote host [10.1.14.5]? 10.1.14.5
Destination filename [C:/PROGRA~1/CSCOpx/tftpboot/rep_sw_775180948730410997]? C:/PROGRA~1/CSCOpx/tftpboot/rep_sw_775180948730410997
.....
%Error opening tftp://10.1.14.5/C:/PROGRA~1/CSCOpx/tftpboot/rep_sw_775180948730410997 (Timed out)
C2950-Amarillo-183#
C2950-Amarillo-183#
C2950-Amarillo-183#
C2950-Amarillo-183#
Tftp service is running server side and image imports work normally. Any ideas on where we should be looking to resolve this issue?
Thanks in advance,
Mark B.
Solved! Go to Solution.
10-22-2008 09:13 AM
This typically indicates a firewall or access-list blocking udp/69 from device to server. The way TFTP works in this model is that the switch will send a TFTP write request to udp/69 on the server, sourced from a high UDP port. The server will ACK, and the copy will occur over two high UDP ports (one being the original source port from the switch). So, you need to make sure there are no firewalls or ACLs that could be blocking that traffic. A sniffer trace on the server will tell you what packets are making it to the server, and which are being dropped.
10-22-2008 09:13 AM
This typically indicates a firewall or access-list blocking udp/69 from device to server. The way TFTP works in this model is that the switch will send a TFTP write request to udp/69 on the server, sourced from a high UDP port. The server will ACK, and the copy will occur over two high UDP ports (one being the original source port from the switch). So, you need to make sure there are no firewalls or ACLs that could be blocking that traffic. A sniffer trace on the server will tell you what packets are making it to the server, and which are being dropped.
10-22-2008 09:40 AM
Yes sir, you were exactly right. The problem was with the Windows firewall. Thanks so much.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide