TFTP Server Setup Guide: Complete Tutorial for Network Engineers
What is TFTP?
Trivial File Transfer Protocol (TFTP) is a simple, lightweight file transfer protocol that operates over UDP port 69. Unlike FTP or SFTP, TFTP has no authentication, no encryption, and minimal protocol overhead—making it ideal for network device firmware updates and PXE booting.
Why Network Engineers Use TFTP
TFTP is embedded in the bootloader of virtually every network device (Cisco, HPE, Aruba, Juniper). When a switch or router needs a firmware upgrade, it uses TFTP to pull the image from your server. No drivers, no complex setup—just point and transfer.
TFTP vs. Other Protocols
| Feature | TFTP | FTP | SCP/SFTP |
|---|---|---|---|
| Port | UDP 69 | TCP 21 | TCP 22 |
| Authentication | None | Username/Password | SSH Keys |
| Encryption | None | None (unless FTPS) | Full |
| Directory Listing | No | Yes | Yes |
| Device Support | Universal (Bootloaders) | Common | Modern Only |
Setting Up a TFTP Server (Windows)
The most popular free TFTP server for Windows is Tftpd64 (or Tftpd32 for legacy systems). It's portable and requires no installation.
Step-by-Step Setup
- Download Tftpd64: Get the latest version from
https://bitbucket.org/phjounin/tftpd64/downloads/ - Extract and Run: Unzip the archive and run
tftpd64.exeas Administrator. - Set Base Directory: Click the "Settings" button. Under the "TFTP" tab, set the "Base Directory" to your firmware folder (e.g.,
C:\TFTP). - Select Network Interface: In the main window, use the "Server interfaces" dropdown to select your PC's IP address (e.g.,
192.168.1.10). Do not select "0.0.0.0" unless you understand the security implications. - Configure Firewall: Allow inbound UDP traffic on port 69. In Windows Defender Firewall, create a new inbound rule for UDP Port 69.
✅ Quick Verification
From your network device CLI (e.g., Cisco), run: copy tftp://192.168.1.10/test.txt flash:. If it transfers, your server is working.
Setting Up a TFTP Server (Linux)
On Ubuntu/Debian, use tftpd-hpa, the standard TFTP daemon.
Configuration File
Edit /etc/default/tftpd-hpa to customize settings:
The --create option allows clients to upload files (required for config backups).
Common Use Cases
🔧 Firmware Updates
Push firmware images to switches, routers, and access points. The device pulls the file from TFTP and writes it to flash memory.
💾 Configuration Backup
Copy running configurations from devices to a central TFTP server for archival or disaster recovery.
🖥️ PXE Network Booting
Boot diskless workstations or deploy OS images across the network. TFTP delivers the initial boot image to the client.
📞 IP Phone Provisioning
Cisco and Polycom IP phones download firmware and configuration files via TFTP during boot.
Troubleshooting Common Issues
-
"Error: Timed Out" or "No Response"
Cause: Firewall blocking UDP 69, or TFTP server not running on the expected interface.
Fix: Verify firewall rules. Ping the server from the device. Check the "Server interfaces" dropdown in Tftpd64.
-
"Error: File Not Found"
Cause: The filename on the device doesn't match the file in the TFTP root directory. TFTP is case-sensitive!
Fix: Ensure the filename (e.g.,
WC_16_11_0015.swi) is exactly correct, including case. -
"Error: Access Violation"
Cause: TFTP server is in read-only mode, or file permissions prevent writing.
Fix: In Tftpd64, enable "Allow Write" in Settings. On Linux, use the
--createoption and check directory permissions.
Security Considerations
⚠️ TFTP Has No Security
TFTP transmits all data in plaintext with no authentication. Anyone on the same network segment can intercept files or upload malicious firmware. Never expose a TFTP server to the internet or untrusted networks.
Best Practices
- Run TFTP only on an isolated management VLAN.
- Use ACLs on network devices to restrict TFTP access to specific server IPs.
- Disable the TFTP server when not actively in use.
- For production environments, consider SCP or SFTP if your hardware supports it.
Was this article helpful?