There are many
obvious reason to use FTP to upload an image, but the one I'm going to
cover is transferring an IOS image across the internet using HTTP. This
tutorial will work for FTP as well.
Referring to the
image above, we want to upgrade the IOS on RTR-A. We will be accessing
the IOS image that is on the web server with the address of
69.aaa.bbb.ccc. The command we use is
copy http://69.aaa.bbb.ccc/c3825-advsecurityk9-mz.124-25a.bin flash:
Now is where the
fun starts! The first thing you may need to do is disable passive FTP
on RTR-A. The default is to use passive FTP.
no ip ftp passive
Next run the copy command from above.
RTR-A#copy http://69.aaa.bbb.ccc/c3825-advsecurityk9-mz.124-25a.bin flash:
Destination filename [c3825-advsecurityk9-mz.124-25a.bin]?
Destination filename [c3825-advsecurityk9-mz.124-25a.bin]?
%Error opening http://69.aaa.bbb.ccc/c3825-advsecurityk9-mz.124-25a.bin (I/O error)
Well that's not good. What's going on? Checking the ACL applied to the public interface, we find some denied traffic.
057557: Jul 1 12:43:37 CST: %SEC-6-IPACCESSLOGP: list 102 denied tcp 69.aaa.bbb.ccc(80) -> 75.ggg.hhh.iii(20651), 1 packet
We need to
create an ACE to allow the traffic. But take a look at the destination
address. In this case it's 75.ggg.hhh.iii which is the PAT address for
internal clients, not the interface IP of 75.xxx.yyy.zzz! Add the ACE to
the ACL.
permit tcp host 69.aaa.bbb.ccc host 75.ggg.hhh.iii eq 80
Try the copy again.
RTR-A#copy http://69.aaa.bbb.ccc/c3825-advsecurityk9-mz.124-25a.bin flash:
Destination filename [c3825-advsecurityk9-mz.124-25a.bin]?
Destination filename [c3825-advsecurityk9-mz.124-25a.bin]?
Loading http://69.aaa.bbb.ccc/c3825-advsecurityk9-mz.124-25a.bin !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
23372352 bytes copied in 344.504 secs (67843 bytes/sec)
23372352 bytes copied in 344.504 secs (67843 bytes/sec)
So, it worked this time.