I often forget about the ability to TFTP file between routers by configuring one as a TFTP server.  This comes in pretty handy when you have remote routers and you need to copy code from one to another.  The config is simple, but totally worth talking about.

Router A (The Source)
Take a look at flash to get the file name you want to send to the other router.  In this case, we’ll be sending some of IOS code. 

Router_A# show flash
-#- –length– —–date/time—— path
1         1408 Mar 13 2009 00:00:00 +00:00 backup-config
2     22824684 Mar 13 2009 00:00:00 +00:00 RouterCodePickMe.bin
3     22824684 Mar 13 2009 00:00:00 +00:00 RouterCodePickMe2.bin

71180288 bytes available (56999936 bytes used)

Enter config mode and use the ‘tftp-server’ command to specify which files you want to host on the local TFTP Server.

2800-1# config t
Enter configuration commands, one per line.  End with CNTL/Z.
2800-1(config)# tftp-server flash:RouterCodePickMe.bin
2800-1(config)# tftp-server flash:RouterCodePickMe2.bin
2800-1(config)# do show run | i tftp
tftp-server flash:c2800nm-spservicesk9-mz.124-13b.bin
tftp-server flash:c2800nm-advsecurityk9-mz.124-13b.bin

As you can see, it stores the tftp-server statements in the running config. 

Router B (The Destination)

Now jump onto the second router and use your standard ‘copy tftp flash’ statement to copy the code into local flash.

Router_B# copy tftp flash
Address or name of remote host []? <Accessible IP on the other router>
Source filename []? RouterCodePickMe.bin
Destination filename [RouterCodePickMe.bin]?
Accessing tftp://192.168.127.1/RouterCodePickMe.bin…
Loading RouterCodePickMe.bin from 192.168.127.1 (via Multilink1): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 22824684 bytes]

Same for the second file….

Router_B# copy tftp flash
Address or name of remote host []? <Accessible IP on the other router>
Source filename []? RouterCodePickMe2.bin
Destination filename [RouterCodePickMe2.bin]?
Accessing tftp://192.168.127.1/RouterCodePickMe2.bin…
Loading RouterCodePickMe2.bin from 192.168.127.1 (via Multilink1): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 22824684 bytes]

That’s it!  As a best practice you should go and ‘no’ the ‘tftp-server’ statements out of the other router so that no one else can TFTP your code off.

I have recently been purchasing some new routers for my lab and I find myself having to do the password recovery procedure to gain access.  In all truthfulness, its more of a “get access and wipe the router” sort of procedure however I usually copy off the config off before wiping just out of pure curiosity.  So here’s what I do….

1 – Connect to the router with your console cable

2 – Power up the router and start pressing the ‘Break’ key on your keyboard

3 – If the router detects you pushing the ‘Break’ key it should put the router into ROMMON

4 – When the router enters ROMMON mode you should be presented with a ‘rommon’ numbered prompt.  Enter the following commands…

monitor: command "boot" aborted due to user interrupt
rommon 1 > confreg 0×2142

You must reset or power cycle for new config to take effect

rommon 2 > reset

Essentially this tells the router to ignore its startup-config when booting.  The reset command reboots the router.

5 – When the router finishes loading you should receive the standard ‘first boot’ prompts asking you about entering the initial configuration dialog.  Say no to any prompts.

6 – At this point, I usually plug a ethernet interface on the router into my network and configure an IP address on the router so that I can copy the current config off.  Its important to note here that all we did was tell the router to ignore it’s startup config.  Its still fully intact at this point.

Router> enable
Router# config t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# int faste0/0
Router(config-if)# ip address 10.20.30.23 255.255.255.0
Router(config-if)# no shut
Router(config-if)# exit
Router(config)# exit
Router# copy startup-config tftp
Address or name of remote host []? 10.20.30.51                                             
Destination filename [8772106002209363-confg]? 1841-Original-Config                                                              
.!!  
2666 bytes copied in 3.104 secs (859 bytes/sec)

7 – Now that we have a good copy of the original config I reset the config register, wipe nvram, and reload the router.  When it comes back online it will be like a brand new router.

Router# config t
Router(config)# config-register 0×2102                                              
Router(config)# exit                            
Router(config)# write erase
*May 12 23:00:00.891: %SYS-5-CONFIG_I: Configured from console by console
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]    
[OK]   
Erase of nvram: complete                                       
*May 12 23:00:10.531: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvr   
Router# reload                      

System configuration has been modified. Save? [yes/no]: n                                                        
Proceed with reload? [confirm]    

Summary                        
Im sure there are tons of documents out there that tell you how to do this, it just helps me remember when I write it all down.  It should be noted that this is usually used as a password recovery procedure.  In that case the startup-config is copied in the running-config after you enter enable mode.  Once the startup-config is loaded you can enter config mode and reset the enable and line passwords since you were in enable mode prior to loading the original config.