Cisco IOS Software Releases 12.1 Mainline

December 14, 2000

Products Affected

Problem Description

This problem is two-fold.

• Firstly, current Cisco IOS? images do not support more than 16MB in size for Trivial File Transfer Protocol (TFTP).

• The second issue is that most UNIX TFTP servers have this classic bug but no one has noticed this before now. Solaris UNIX TFTP servers, which are those most widely used, do not support TFTP file sizes of more than 16MB. Linux and FreeBSD support file sizes at 32MB.

Cisco has created a fix for this, which is identified by Cisco Bug ID DDTS CSCds46280.

Background

Cisco IOS Software TFTP support can upload or download a file of16MB or smaller in size. In the past, this has not been an issue, due to Cisco IOS image sizes being smaller than 16MB.

Problem Symptoms

Shown below is a standard practice used to TFTP Cisco IOS images from a TFTP server to a Cisco device. The symptom occurs during the download. The Cisco IOS image has not 100% downloaded and the system displays the following error message:

.. [timed out] %Error reading

If you miss the download screen, you can verify if 100% of the file has been downloaded using the show flash command. If the file has not been downloaded 100%, the output displays an ED and type as follows:

.D unknown

Let's look at this in more detail:

R2-81-7500A# copy tftp slot0: 
Address or name of remote host [tftpserver]?      
Source filename[mynam/rsp-a3jsv56i-mz]?      
mynam/rsp-a3jsv56i-mz Destination filename [rsp-a3jsv56i-mz]? 
Accessing tftp://tftpserver/mynam/rsp-a3jsv56i-mz... Loading      
mynam/rsp-a3jsv56i-mz from 1.1.1.1 (via Ethernet3/0/0):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!      
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!      
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!... [timed out] 
%Error reading      
tftp://dirt/mynam/rsp-a3jsv56i-mz (Timed out) 

R2-81-7500A# show flash 
-#- ED --type-- --crc--- -seek-- nlen -length-      
-----date/time------name 
1 .D unknown D73846BC 1020080 15 16777216 Oct 17 2000 
16:07:08 rsp-a3jsv56i-mz 3800960 bytes available (16777344 bytes used) 
R2-81-7500A#

Workaround/Solution

Workaround

This problem occurs with both TFTP clients on the IOS routers and the TFTP server on Solaris UNIX. The interim solution is to use remote copy protocol (rcp) and File Transfer Protocol (FTP) copy commands on IOS routers and copy the image file into the flash memory of the IOS routers. See below for details on rcp and FTP image download instructions. We also look at how to verify an image in a Cisco router.

Copying an Image from an rcp Server to a Flash Memory File System

You can copy a system image from an rcp network server to a Flash memory file system.

If you copy the configuration file to a personal computer which is being used as a file server, this computer must support remote shell protocol (rsh).

Understanding the rcp Username

The rcp protocol requires a client to send a remote username on each rcp request to a server. When you copy an image from the router to a server using rcp, the Cisco IOS software sends the first valid username from those listed below:

1. The remote username specified in the copy command, if one is specified.

2. The username set by the ip rcmd remote-username command, if the command is configured.

3. The remote username associated with the current TTY (terminal) process. For example, if the user is connected to the router through Telnet and has been authenticated through the username command, the router software sends the Telnet username as the remote username.

4. The router host name.

For the rcp copy command to execute successfully, you must define an account on the network server for the remote username. If the server has a directory structure, the system writes or copies the configuration file or image relative to the directory associated with the remote username on the server. The path for all files and images to be copied begins at the remote user's home directory. For example, if the system image resides in the home directory of a user on the server, specify that user's name as the remote username.

Copying from an rcp Server to Flash Memory Tasks

To copy an image from an rcp server to Flash memory, first make a backup copy of the current system or bootstrap software image, then use the following commands while in privileged EXEC mode:

Example: Copying From an rcp Server to Flash

In the following example, we are copying a system image named mysysim1 from the netadmin1 directory on the remote server named SERVER1.CISCO.COM, with an IP address of 172.16.101.101, to Flash memory.

To ensure that enough Flash memory is available to accommodate the system image you are copying, the Cisco IOS software allows you to erase the contents of Flash memory first.

Router1# configure terminal
Router1(config)# ip rcmd remote-username netadmin1
Router1(config)# end
Router# copy rcp: flash:

System flash directory:
File name/status
   1 mysysim1
[2076072 bytes used, 21080 bytes available] 
Address or name of remote host[UNKNOWN]? 172.16.101.101
Name of file to copy? mysysim1
Copy mysysim1 from SERVER1.CISCO.COM?[confirm]
Checking for file `mysysim1' on SERVER1.CISCO.COM...[OK]

Erase Flash device before writing?[confirm]
Are you sure?[confirm]
Erasing device...ezeeze...erased.
 
Connected to 172.16.101.101
Loading 2076007 byte file mysysim1:!!!!...
[OK]
 
Verifying checksum... (0x87FD)...[OK]

Example: Copying From an rcp Server to Partitioned Slot0

In the following example, we are copying the file /tftpboot/gate/c3600-i-mz on the rcp server at 172.23.1.129 to partition 3 in slot 0. Since no username is specified, the router uses the default rcp remote username.

Router# show slot0: partition 3

PCMCIA Slot0 flash directory, partition 3:
File  Length   Name/status
  1   426      running-config  
[492 bytes used, 4193812 available, 4194304 total]
 
Router# copy rcp://172.23.1.129/tftpboot/gate/c3600-i-mz slot0:3:/tftpboot/gate/c3600-i-mz

Accessing file '/tftpboot/gate/c3600-i-mz' on 172.23.1.129...
Connected to 172.23.1.129
Loading 1711088 byte file c3600-i-mz: ! [OK]
 
Erase flash device before writing? [confirm]
Flash contains files. Are you sure you want to erase? [confirm]
Copy '/tftpboot/gate/c3600-i-mz' from server
as '/tftpboot/gate/c3600-i-mz' into Flash WITH erase? [yes/no] yes

Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased
Connected to 172.23.1.129
Loading 1711088 byte file c3600-i-mz: 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK]
 
Verifying checksum...  OK (0xF89A)
Flash device copy took 00:00:16 [hh:mm:ss]

Copying an Image from an FTP Server to a Flash Memory File System

Let's look at how to copy a system image from an FTP server to a Flash memory file system.

Understanding the FTP Username and Password

The FTP protocol requires a client to send a remote username and password on each FTP request to a server. When you copy a configuration file from the router to a server using FTP, the Cisco IOS software sends the first valid username from those listed below:

1. The username specified in the copy command, if a username is specified.

2. The username set by the ip ftp username command, if the command is configured.

3. Anonymous.

The router sends the first valid password from those listed below:

1. The password specified in the copy command, if a password is specified.

2. The password set by the ip ftp password command, if the command is configured.

3. The router forms a password username@routername.domain. The variable username is the username associated with the current session, routername is the configured host name, and domain is the domain of the router.

The username and password must be associated with an account on the FTP server. If you are writing to the server, you must make sure that the FTP server is properly configured to accept the FTP write request from the user on the router.

If the server has a directory structure, the configuration file or image is written to or copied from the directory associated with the username on the server. For example, if the system image resides in the home directory of a user on the server, specify that user's name as the remote username.

Please refer to the documentation for your FTP server for more details.

Use the ip ftp username and ip ftp password commands to specify a username and password for all copies. Include the username in the copy command if you want to specify a username for that copy operation only.

Copying from an FTP Server to Flash Memory Tasks

To copy a system image from an FTP server to a Flash memory file system, first make a backup copy of the current software image or bootstrap image, then use the following commands while in EXEC mode:

Example: Copy from FTP Server to Flash Memory

In the following example, we are copying the file c7200-js-mz from the FTP server with a username of myuser and a password of mypass:

Router# copy ftp://myuser:mypass@theserver//tftpboot/ken/c7200-js-mz slot1:c7200-js-mz

Accessing ftp://theserver//tftpboot/ken/c7200-js-mz...Translating "theserver"...domain 
server (192.168.2.132) [OK]
 
Loading c7200-js-mz from 192.168.2.132 (via Ethernet3/0): 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 4823492/9646080 bytes]
 
4823492 bytes copied in 264.312 secs (18270 bytes/sec)

Verifying the Image in Flash Memory

Before booting from Flash memory, verify that the checksum of the image in Flash memory matches the checksum listed in the README file that was distributed with the system software image. You can do this by using the verify command.

The checksum of the image in Flash memory is displayed at the bottom of the screen when you issue the copy command to copy an image. The README file was copied to the network server automatically when you installed the system software image on the server.

Caution: If the checksum value does not match the value in the README file, do not reboot the router. Instead, issue the copy command and compare the checksums again. If the checksum is repeatedly wrong, copy the original system software image back into Flash memory before you reboot the router from Flash memory. If you have a corrupted image in Flash memory and try to boot from Flash, the router will start the system image contained in ROM (assuming that booting from a network server is not configured). If ROM does not contain a fully functional system image, the router will not function and must be reconfigured through a direct console port connection.

The Flash memory content listing does not include the checksum of individual files. To recompute and verify the image checksum after an image is copied into Flash memory or a Flash memory device, use the following EXEC mode command:

If you do not provide the filename in the command, the router prompts you. By default, it prompts for the most recent file in Flash. Press Return to recompute the default file checksum, or enter the filename of a different file at the prompt.

Note: The checksum for microcode images is always 0x0000.

The following example verifies the image c7200-js-mz in slot0:

Router# verify slot0:c7200-js-mz
Verified slot0:c7200-js-mz

Solution

The long-term solution is as follows:

• Fix the IOS code with DDTS CSCds46280 and request that other UNIX vendors fix their TFTP servers. See Table 2 for a listing of Cisco IOS Software with the CSCds46280 fix integrated.

The SunOS TFTP 16MB limitation bug is fixed in SunOS 5.7 and above. It can be tracked via Sun Microsystems' Bug ID 1110881. See Table 1 for a listing of SunOs TFTP patch ID Numbers.

Note: Sun Microsystems, Inc. has not fixed this bug for Sun OS 5.6.

Note: For IOS routers to be able to boot with TFTP images greater than 16MB at the boot prompt, all affected platforms should upgrade their BootROM or Bootimage versions with the latest images of the code containing the fix DDTS CSCds46280.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

• CSCds46280 (registered customers only)

Cisco IOS Versions Affected

The following Cisco IOS images have a file size greater than 15MB. Later releases will also increase the file sizes and other images may become greater than 15MB.

File Size - Image 
16800352 - c2500-a3js-l.121-5.T 
16444772 - c2500-jos56i-l.121-5.T 
15157472 - c2500-js-l.121-5.T 
16063396 - c2500-js56i-l.121-5.T 
16120060 - rsp-dsv-mz.121-5.T 
15471308 - rsp-isv-mz.121-5.T 
17436032 - rsp-jsv-mz.121-5.T 
18198028 - rsp-a3jsv-mz.121-5.T1 
19011012 - rsp-a3jsv56i-mz.121-5.T1 
16342708 - rsp-do3sv-mz.121-5.T1 
17202032 - rsp-do3sv56i-mz.121-5.T1 
16119760 - rsp-dsv-mz.121-5.T1 
16979648 - rsp-dsv56i-mz.121-5.T1 
15693312 - rsp-io3sv-mz.121-5.T1 
16553252 - rsp-io3sv56i-mz.121-5.T1 
15470324 - rsp-isv-mz.121-5.T1 
16329860 - rsp-isv56i-mz.121-5.T1 
17604484 - rsp-jo3sv-mz.121-5.T1 
18418840 - rsp-jo3sv56i-mz.121-5.T1 
17436664 - rsp-jsv-mz.121-5.T1 
18248868 - rsp-jsv56i-mz.121-5.T1

File Size - Image 
15988612 - c2500-a3js-l.121-3.T 
15646864 - c2500-jos56i-l.121-3.T 
15249240 - c2500-js56i-l.121-3.T 
16228712 - rsp-a3jsv-mz.121-3.T 
16998292 - rsp-a3jsv56i-mz.121-3.T 
15242164 - rsp-do3sv56i-mz.121-3.T 
15019556 - rsp-dsv56i-mz.121-3.T 
15650712 - rsp-jo3sv-mz.121-3.T 
16414732 - rsp-jo3sv56i-mz.121-3.T 
15480240 - rsp-jsv-mz.121-3.T 
16243212 - rsp-jsv56i-mz.121-3.T

File Size - Image 
15400200 - c2500-js56i-l.121-2.T 
15449776 - rsp-jo3sv56i-mz.121-2.T 
15131268 - rsp-jsv56i-mz.121-2.T

File Size - Image 
16067272 - c2500-a3js-l.121-5 
16092412 - c2500-jos56i-l.121-5 
14427456 - c2500-js-l.121-5 
15237160 - c2500-js56i-l.121-5

File Size - Image 
15908296 - c2500-a3js-l.121-4 
15932004 - c2500-jos56i-l.121-4 
14273908 - c2500-js-l.121-4 
15077752 - c2500-js56i-l.121-4

File Size - Image 
15813304 - c2500-a3js-l.121-3 
16609912 - c2500-a3js56i-l.121-3

File Size - Image 
15678500 - c2500-a3js-l.121-2 
16467428 - c2500-a3js56i-l.121-2

File Size - Image 
15545432 - c2500-a3js-l.121-1 
16324736 - c2500-a3js56i-l.121-1

How To Upgrade Software

To obtain the next maintenance releases, click on the following link: Software Downloading from CCO via World Wide Web (registered customers only) . You can also consult the Software Downloading Process and follow the instructions given there.

TFTP Server Defect on Solaris

Sun's TFTP server and client programs (/usr/ucb/tftp and /usr/sbin/in.tftpd) both have a 16MB file size limitation. SunOs TFTP and in.tfptd programs (unlike Linux, FreeBSD, and others) seem to use a signed short value instead of unsigned short value for the tftp block numbers. This means that they support up to 32768 block numbers, whereas the maximum upper limit for TFTP block numbers is 2 x 32768 = 65536 blocks (each block is 512 bytes long). This effectively reduces the maximum file size of Sun's Solaris 2.5.1/2.6 to 16MB instead of 32MB.

• Solaris 2.6 patch for TFTP "#107565-02" does not have this bug fixed at the time this Field Notice was written.

  • http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?type=0&doc=fpatches/107565

• Solaris 2.7 patch for TFTP "#108301-02" has fixed the 16MB limitation.

  • http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?type=0&doc=fpatches/108301

• Solaris 7 patch for TFTP "#108301-02" has fixed the 16MB limitation.

  • http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?type=0&doc=fpatches/108301

• Solaris 8 patch for TFTP "#108964-04" has fixed the 16MB limitation.

  • Only Customers with a SUN contract can access the following patch report:

    http://sunsolve.sun.com/pdownload.do?target=108964-04&method=h

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

• Open a service request on Cisco.com
• By email
• By telephone

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.