I have just discovered the joys of SCP. When doing IOS upgrades across the internet this is the only way to go. Who wants to mess around getting FTP working? TFTP is next to useless across any unstable medium and even HTTP can be hassle to setup (unles you are using the awesome HFS portable app!).
SCP simply allows you to transfer files to any device you can SSH to.
It requires SSH and AAA to be setup on the device. The first step as always is to generate an RSA key.
Router(config)#hostname R1
R1(config)#crypto key generate rsa general-keys modulus 512
The name for the keys will be: R1.mydomain
% The key modulus size is 512 bits
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]
You must then turn on aaa and setup authentication and authorization (very important) to look for local usernames and passwords.
R1(config)#aaa new-model
R1(config)#aaa authentication login default local
R1(config)#aaa authorization exec default local
You will need to create a user account with admin privileges in order to use SCP.
R1(config)#username admin privilege 15 secret 0 topsecret
Finally the SCP server should be turned on...
R1(config)#ip scp server enable
Now you will need an SCP client. The best on IMO is Putty which comes with PSCP (CLI tool). Its free and lightweight.
C:\>pscp.exe
PuTTY Secure Copy client
Release 0.59
Usage: pscp [options] [user@]host:source target
pscp [options] source [/source] [user@]host:target
pscp [options] -ls [user@]host:filespec
In order to download the startup-config and put it in a directory:
C:\>pscp.exe admin@192.168.0.42:nvram:startup-config C:\MyConfigs\R1.cfg
admin@192.168.0.42's password:
To upload a new IOS to the router you would simply type...
C:\>pscp.exe C:\c870-adventerprise.k9.124.12.bin admin@192.168.0.42:flash:c870-adventerprise.k9.124.12.bin
Enjoy!
SCP simply allows you to transfer files to any device you can SSH to.
It requires SSH and AAA to be setup on the device. The first step as always is to generate an RSA key.
Router(config)#hostname R1
R1(config)#crypto key generate rsa general-keys modulus 512
The name for the keys will be: R1.mydomain
% The key modulus size is 512 bits
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]
You must then turn on aaa and setup authentication and authorization (very important) to look for local usernames and passwords.
R1(config)#aaa new-model
R1(config)#aaa authentication login default local
R1(config)#aaa authorization exec default local
You will need to create a user account with admin privileges in order to use SCP.
R1(config)#username admin privilege 15 secret 0 topsecret
Finally the SCP server should be turned on...
R1(config)#ip scp server enable
Now you will need an SCP client. The best on IMO is Putty which comes with PSCP (CLI tool). Its free and lightweight.
C:\>pscp.exe
PuTTY Secure Copy client
Release 0.59
Usage: pscp [options] [user@]host:source target
pscp [options] source [/source] [user@]host:target
pscp [options] -ls [user@]host:filespec
In order to download the startup-config and put it in a directory:
C:\>pscp.exe admin@192.168.0.42:nvram:startup-config C:\MyConfigs\R1.cfg
admin@192.168.0.42's password:
To upload a new IOS to the router you would simply type...
C:\>pscp.exe C:\c870-adventerprise.k9.124.12.bin admin@192.168.0.42:flash:c870-adventerprise.k9.124.12.bin
Enjoy!
Comments
Post a Comment