Routing, Cisco 2821, problems with copy tftp

Answered Question
Apr 3rd, 2009
User Badges:

I attached the sanatized config for a cisco-2821 router. This router is connected to a Juniper firewall for Internet on its gig0/0 port and to a metronet for voicemail on its gig0/1 port. The network uses OSPF routing. Gig port 0/0/0 is connected to a 3750 switch that is in IP routing mode. That switch then connects to 2960 switches to inside network: 10.13.0.0/16.


Here is the problem:


I cannot tftp copy files to sweeden-2821-02 from either the LAN side or the Internet side of the router.


For example, I have a tftp server on 10.13.60.10. If I issue the following command from sweeden-2821-02, the connection times out:


Copy tftp://10.13.60.10/sweeden.txt sweeden.txt


If I try to ping 10.13.60.10 from the 2821, the pings time out. If I traceroute 10.13.60.10, the router tries to go out the metronet interface.


I can ping sweeden-2821-02 from 10.13.60.10.


As well, from the corporate office to the site, I have an IPSEC tunnel (between our firewall and the site's firewall) and rules that allow my workstation to connect to sweeden-2821-02.


I can ping and telnet to sweeden-2821-02 from our corporate office. However, I get the same behavior if I issue the following from the 2821:


Copy tftp://10.1.150.8/sweeden.txt sweeden.txt


In addition, my tftp server logs an attempt to read the sweeden.txt file, but it appears to be trying to send the file back through 192.168.102.1, the metronet router's IP that faces the metronet interface of the 2821.


Here is the route table of the 2821:


sweeden-2821-02#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route


Gateway of last resort is 192.168.102.2 to network 0.0.0.0


192.168.102.0/30 is subnetted, 1 subnets

C 192.168.102.0 is directly connected, GigabitEthernet0/1

S* 0.0.0.0/0 [1/0] via 192.168.102.2

sweeden-2821-02#


Here are the interfaces:


sweeden-2821-02#sh ip int brief

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0 192.168.102.5 YES NVRAM up up

GigabitEthernet0/1 192.168.102.1 YES NVRAM up up

GigabitEthernet0/0/0 192.168.102.10 YES NVRAM up up

Tunnel1 192.168.200.77 YES NVRAM up up

sweeden-2821-02#


How come the interface giga0/0 is not showing up in the routing table?


If I do a traceroute from 10.13.60.10 to 4.2.2.2, the traceroute goes out interface 0/0, the business internet interface, which is what is expected.


Very, very confusing.


What do I have to do to be able to use copy tftp from the router? The reason that I am trying to do this is that I have config changes that are service disrupting. I want to tftp those changes to the 2821 and then issue the command; copy sweeden.txt runing-config. As well, I cannot do this locally on site since the device is 1000 kms away from our corporate office.






Correct Answer by Laurent Aubert about 8 years 2 months ago

Hi,


It's normal because your router can reach your tftp server only via a VRF.


So the copy command will use the GRT by default to find out the outgoing interface.


TFTP is vrf aware since 12.3(6) and 12.3(7)T. To change the default behavior, just add the following command:


ip tftp source-interface GigabitEthernet0/0/0


Let me know if it works.


Laurent.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Laurent Aubert Fri, 04/03/2009 - 18:59
User Badges:
  • Cisco Employee,

Hi,


It's normal because your router can reach your tftp server only via a VRF.


So the copy command will use the GRT by default to find out the outgoing interface.


TFTP is vrf aware since 12.3(6) and 12.3(7)T. To change the default behavior, just add the following command:


ip tftp source-interface GigabitEthernet0/0/0


Let me know if it works.


Laurent.



murray-davis Sat, 04/04/2009 - 09:06
User Badges:

Thank you, Laurent.


That was the solution. Your explanation also helped remove the mystery of why it was trying to go out the MetroNet tunnel. I will now be able to copy tftp to all my remote routers.


Regards and thanks again,

murray-davis Sat, 04/04/2009 - 09:17
User Badges:

Hi, one other thing:


Does GRT stand for: global routing table?


Thank you,

Actions

This Discussion