backup cisco 2800 router using TFTP

I am trying to backup this router's configuration and thusfar, used TFTPD32/64 and solarwinds tftp in all cases I get a timeout error as follows:

%Error opening tftp://192.168.1.21/config1.txt (Timed out)

I also, tried different machines aside from my workstation.  
Can someone help me please!
Lou PereiraAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Don JohnstonInstructorCommented:
Please post the output of the session.  Meaning, what you're typing in and what the router displays.

It's likely there's a typo in the input.
Lou PereiraAuthor Commented:
Hello Don,
Thank you for your help, here's what I type:

Router1#en
Router1#copy system:running-config tftp://192.168.1.21/verizonr1.txt
Address or name of remote host [192.168.1.21]?
Destination filename [verizonr1.txt]?
.....
%Error opening tftp://192.168.1.21/verizonr1.txt (Timed out)
Router1#
Don JohnstonInstructorCommented:
That looks good.

What usually causes that type of response is:

Host at 192.168.1.21 is not running tftp service.
directory being used by tftp service does not have read/write privileges.
firewall service on the host is not allowing tftp access.
ACL on router is blocking tftp traffic.
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

asavenerCommented:
If the goal is to just back up the configuration, and you don't really care about the technology, then you can also:

Set terminal length to 0 (term len 0) and then just do a show run.  That will allow you to scrape and paste from the terminal window.  You can save the scrape and paste by logging your terminal session to a text file.

Another method is to save the config file onto the local flash, and then use SCP to copy the file.  I prefer SCP over TFTP because it's encrypted, and if you're SSH'd into the router you know you don't have any firewall issues to contend with.


Enabling SCP on Cisco routers
Lou PereiraAuthor Commented:
yes I am connected using putty. Thank you for your comments.  Another item I saw through reading is the router may not be configured for TFTP?

Using the SCP method, can I use a windows client, such as WinSCP to copy the file to the new router?
asavenerCommented:
I know PSCP works (Putty SCP).  (Just make sure you use the -scp switch.)

pscp -scp <source file> <username>@<routerip>:<filename>

Can't recall if WinSCP works.
Lou PereiraAuthor Commented:
I have a different question along this issue and can open new thread if needed?
I configured the new router interface G0/0 for IP 10.50.50.86/24.  This is connected to the production switch configured for vlan 50.  For some reason I cannot putty into the router?
The cable is a regular ethernet cable not crossover.
Here's the output of the switch where the router is connected, followed by router output:
USSW71#show interface Gi4/0/38        
GigabitEthernet4/0/38 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 001b.2aaa.1e26 (bia 001b.2aaa.1e26)
  Description: DATA SERVICES
  MTU 9000 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:28, output 00:00:13, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  30 second input rate 0 bits/sec, 0 packets/sec
  30 second output rate 0 bits/sec, 0 packets/sec
     33726 packets input, 3840361 bytes, 0 no buffer
     Received 5338 broadcasts (5308 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 5308 multicast, 0 pause input
     0 input packets with dribble condition detected
     698269 packets output, 89406342 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

Router output:
router2#show interface g0/0
GigabitEthernet0/0 is up, line protocol is up
  Hardware is CN Gigabit Ethernet, address is 74a2.e6e5.2030 (bia 74a2.e6e5.2030)
  Description: $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
  Internet address is 10.50.50.86/24
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full Duplex, 1Gbps, media type is RJ45
  output flow-control is unsupported, input flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:05, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     61886 packets input, 6825031 bytes, 0 no buffer
     Received 58572 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 4392 multicast, 0 pause input
     31720 packets output, 3550270 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     23 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     1 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out
Router2#ping 10.50.50.86
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.50.50.86, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

AS you can see I can ping when consoled to router?
asavenerCommented:
Check the interface config to make sure an access list isn't applied, or that the applied access list allows SSH.

Next, check the config for the VTY lines and see if there's an access list applied there.
asavenerCommented:
It is generally best to open new questions, though, in order not to pollute the question/answer stream with conflicting information.
Lou PereiraAuthor Commented:
Thanks I appreciate the comments.  But by default I should be able to telnet to the router.  Why can't I get to the router from my desk.
I am on vlan1 which can access vlan 50, therefore should be able to access ip 10.505.50.86, correct?
I am attaching the config below if you could suggest specific commands to fix it so I can get to the router from my desk that would be greatly appreciated.
see config below:
Current configuration : 5089 bytes
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router2
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
!
!
!
!
!
!        
!
!
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
 import all
 network 10.10.10.0 255.255.255.248
 default-router 10.10.10.1
 lease 0 2
!
!
!
no ip domain lookup
ip domain name yourdomain.com
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
cts logging verbose
!        
crypto pki trustpoint TP-self-signed-1069183643
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1069183643
 revocation-check none
 rsakeypair TP-self-signed-1069183643
!
!
crypto pki certificate chain TP-self-signed-1069183643
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31303639 31383336 3433301E 170D3135 30313330 30383031
  35355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30363931
  38333634 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100E7F9 05DF4087 B4633845 52C17796 C5159B22 2F96E09C B1FAA43C 2A3E2DBF
  17DE7181 2888515A 610ED11A BA6A3365 5C610EBF B21128D7 3B80CB2C 26A86155
  B96435FD E4E30DE7 1D24A7D2 42D34248 3E19E539 444C99BC 02B40037 71BFB5C4
  5A7C4A37 60375D35 F731F59E 0100C4E8 DDA02C21 5F224467 397EB7AD 59D095E1
  550F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 149D7190 C5ED2909 3B862EEA EAB189EE AB40CD3D 5C301D06
  03551D0E 04160414 9D7190C5 ED29093B 862EEAEA B189EEAB 40CD3D5C 300D0609
  2A864886 F70D0101 05050003 81810082 B79D1075 B830B2F5 BC673C84 48ACCC19
  D0274AE9 F80BD9D8 250898A2 9FFE53DC EC827A0A 510F9C1C 553CC6DC 9A68EBFC
  A6027D74 A59535C9 7E8C0F90 207C0B41 EFBF51DE 2963DC5E BD1C6C4A F20794F2
  F01A408B 4C27F7DD 98AF9F2C 5F9A82E8 4894EA4E A6DC2C63 81946166 1CE30737
  A40A5677 E95E740D 7D0BDE18 61321E
        quit
license udi pid CISCO2911/K9 sn FJC1905A2UZ
!
!
username cisco privilege 15 password 0 cisco
!
redundancy
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
 ip address 10.50.50.86 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
!
access-list 23 permit 10.10.10.0 0.0.0.7
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
 
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
         
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to
use.
 
-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
 
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE  PUBLICLY-KNOWN
CREDENTIALS

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.  

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
 
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp 
-----------------------------------------------------------------------
^C
!
line con 0
 login local
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
asavenerCommented:
access-list 23 permit 10.10.10.0 0.0.0.7
!
line vty 0 4
 access-class 23 in
line vty 5 15
 access-class 23 in


Either modify access list 23, or remove the "access-class 23 in"  command from the virtual terminal configuration.
Lou PereiraAuthor Commented:
Thank you for your help.  I did make the changes you suggested and did not work.
See attached new config file.
Why can't I ping the interface IP (10.50.50.86) from my desk 192.168.1.140?


Building configuration...

Current configuration : 5233 bytes
!
! Last configuration change at 16:45:07 UTC Tue Jun 30 2015 by haladmin
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname Router2
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
!
!
!        
!
!
!
!
!
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
 import all
 network 10.10.10.0 255.255.255.248
 default-router 10.10.10.1
 lease 0 2
!
!
!
no ip domain lookup
ip domain name yourdomain.com
ip cef
no ipv6 cef
multilink bundle-name authenticated
!        
!
cts logging verbose
!
crypto pki trustpoint TP-self-signed-1069183643
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1069183643
 revocation-check none
 rsakeypair TP-self-signed-1069183643
!
!
crypto pki certificate chain TP-self-signed-1069183643
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31303639 31383336 3433301E 170D3135 30313330 30383031
  35355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30363931
  38333634 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100E7F9 05DF4087 B4633845 52C17796 C5159B22 2F96E09C B1FAA43C 2A3E2DBF
  17DE7181 2888515A 610ED11A BA6A3365 5C610EBF B21128D7 3B80CB2C 26A86155
  B96435FD E4E30DE7 1D24A7D2 42D34248 3E19E539 444C99BC 02B40037 71BFB5C4
  5A7C4A37 60375D35 F731F59E 0100C4E8 DDA02C21 5F224467 397EB7AD 59D095E1
  550F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 149D7190 C5ED2909 3B862EEA EAB189EE AB40CD3D 5C301D06
  03551D0E 04160414 9D7190C5 ED29093B 862EEAEA B189EEAB 40CD3D5C 300D0609
  2A864886 F70D0101 05050003 81810082 B79D1075 B830B2F5 BC673C84 48ACCC19
  D0274AE9 F80BD9D8 250898A2 9FFE53DC EC827A0A 510F9C1C 553CC6DC 9A68EBFC
  A6027D74 A59535C9 7E8C0F90 207C0B41 EFBF51DE 2963DC5E BD1C6C4A F20794F2
  F01A408B 4C27F7DD 98AF9F2C 5F9A82E8 4894EA4E A6DC2C63 81946166 1CE30737
  A40A5677 E95E740D 7D0BDE18 61321E
        quit
license udi pid CISCO2911/K9 sn FJC1905A2UZ
!
!
username cisco privilege 15 password 0 cisco
!
redundancy
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
 ip address 10.50.50.86 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
!
access-list 10 permit any
access-list 23 permit any
access-list 23 permit 10.50.50.0 0.0.0.255
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
 
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to
use.
 
-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
 
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE  PUBLICLY-KNOWN
CREDENTIALS

Here are the Cisco IOS commands.
         
username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
 
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp 
-----------------------------------------------------------------------
^C
!
line con 0
 login local
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
asavenerCommented:
You don't have any routes configured.  The router knows how to talk to it's directly-attached interface(s), but it doesn't know anything beyond that.
Lou PereiraAuthor Commented:
Well turns out that I need to turn on ip route and all should work.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lou PereiraAuthor Commented:
Thank you for all your help
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.