Why ' Erase Flash ' Prompt When TFTPing File?

[starsky]

When I update Access Control Lists, I upload the ACL in an ASCII file to the router via TFTP. For some reason when I upload the file it prompts me if I'd like to erase the flash before continuing and defaults to [confirm]. That sounds crazy to me! Why would it assume I want to delete all the files on the flash device just because I'm uploading a small file?

Here is Example Output:

1. First I upload the ACL file:

router#copy tftp://10.10.10.10/some-file.acl flash:some-file.acl
Destination filename [some-file.acl]?
Accessing tftp://10.10.10.10/some-file.acl...
Erase flash: before copying? [confirm]n <==== **** WHY THE CONFIRM TO ERASE? ****
Loading some-file.acl from 10.10.10.10 (via FastEthernet0/1): !!
[OK - 8139 bytes]

2. Then I write the ACL config changes to the running config:

router#copy flash:/some-file.acl system:/running-config


Notice the line &quot;Erase flash: before copying?&quot;

My questions:
1. Why is this happening?
2. How can I prevent it? Or at least default to &quot;No&quot;
3. If there is a better way to upload ACL's I'm all ears. I was under the impression this was a more secure way of updating ACLs - minimizing the window of opportunity for a hacker.

Router Specs: 3640
(C3640-IO3-M), Version 12.2(13a), RELEASE SOFTWARE (fc2)

Thanks in advance!

Hutch

 

[IPKONFIG]

The IOS defaults to that for all files loaded to the flash. It's a pain, but it doesn't matter what type of file you load to the flash it will always prompt for a flash erase.

&quot;I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it.&quot;
- Jack Handey, Deep Thoughts

 

[InDenial]

Just wondering... isn't it possible to just copy the acl directly to the running config?

snmpset <writecommstring> <router-ip-address> <someOID>.<ip tftpserver> some-file.acl

I do not have the OID wich I always use to make configuration changes (with no or no expected impact) on my Cat3524 switches. If the above is possible I will post it...

InD.

CCNA

 

[IPKONFIG]

What Hutch is wanting to do is minimize the security risk to his router while applying his new ACLs. I believe he was doing it without using SNMP. Which is fine. SNMP works great too. It all depends on what you want to do really.

&quot;I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it.&quot;
- Jack Handey, Deep Thoughts

 

[starsky]

IPKONFIG and InDenial-

Actually I used to tftp it right to the config - basically I had the drop and create statements in the file itself, but then if I made a typo in the statements I had already dropped the ACL from the interface so I was wide open until I reuploaded (that and the fact that even if the config was correct, I probably should be applying a different number ACL and swapping back and forth - if that makes sense.)

I use SNMP all the time for monitoring, but I have not used SNMP for writing configs - I would be interested in seeing that.

If you all have a better method for updating ACLs definitely let me know. Thanks for both of your input-

Hutch