Monday, December 23, 2013

Easy transfer of files to/from Cisco Router

As a consultant, I'm constantly working remotely with people but still need an easy way of transferring files with a router (captures, OS files, etc).  This tip is 101 stuff but since I needed to help someone today with this I thought I would pass it along.

My little scenario here is an example using IOS routers but I've also tested it on XE.

When I need to upload or download files to/from a router, I like to use SCP to transfer the files.  I like this better then trying to stand up an FTP or TFTP server.  This is especially handy when working with devices outside the firewall.  SCP uses Secure Shell (SSH) to securely copy files.  With SCP you connect directly to the device and transfer files back and forth.  This is useful for transferring captures or OS files.

On the router, you'll need to enable SSH, AAA, and SCP.

ip domain-name company.com

hostname routername

crypto key generate rsa general-keys modulus 2048

ip ssh version 2

username someuser privilege 15 secret somepassword

aaa new-model

aaa authentication login default local

aaa authorization exec default local

Enable SCP on the router.

ip scp server enable

Starting in 6.0(2)N1(1), NX-OS also supports SCP.
Enable with:

feature scp-server

On Mac or Linux, to push or pull the files, you can use the built in command line.

You don't have to but I suggest going to the directory on your computer where the file you want to upload is or where you want to download the file to.  Open terminal on your Mac or Linux to run the commands below.

Download file:
In this example I'm downloading the file callfail to the current local directory.  In case you don't catch it, the dot at the end means the current local directory.
scp username@5.5.5.5:flash:callfail .

In this example I'm downloading the file callfail to my Documents folder.
scp username@5.5.5.5:flash:callfail Documents/


Upload file:
In this example I'm uploading the IOS from the local directory to the router.
scp c2900-universalk9-mz.SPA.151-4.M7.bin username@5.5.5.5:flash:c2900-universalk9-mz.SPA.151-4.M7.bin

If you happen to be on Windows, WinSCP and PSCP (from the makers of putty) are pretty popular.  WinSCP is a GUI based option, PSCP is CLI like above.

Cisco Reference Doc:
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_secure_copy_ps6922_TSD_Products_Configuration_Guide_Chapter.html

I recommend disabling the SCP server when not needed.

Update: I received a response on Twitter from John Spade (@DaSpadeR) that he once had an IOS router that would reboot when accessed this way.

So, as with everything in our field your mileage may vary.

1 comment:

Gerardo Marciales said...

Hi,

Thanks, I had tried, and was unsuccessful. I didn't know about the IP scp server command. Now, it works.

Thanks.