CISCO-CONFIG-COPY-MIB: Secure Copy Support

Table Of Contents

CISCO-CONFIG-COPY-MIB: Secure Copy Support

Contents

Information About CISCO-CONFIG-COPY-MIB Secure Copy Support

CISCO-CONFIG-COPY-MIB Secure Copy Implementation

Cisco IOS Software Secure Copy Support

How to Use Secure Copy Support

Using Secure Copy Support

Configuration Examples for Secure Copy Support

Secure Copy Support Configuration and File Copy Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

CISCO-CONFIG-COPY-MIB: Secure Copy Support

---

The CISCO-CONFIG-COPY-MIB: Secure Copy Support feature enhances the CISCO-CONFIG-COPY-MIB by adding support for the copy Cisco IOS EXEC command, and implementing file transfers between a router and server using the secure copy protocol (scp).

Feature Specifications for CISCO-CONFIG-COPY-MIB: Secure Copy Support

Feature History
Release	Modification
12.3(2)T	This feature was introduced.
Supported Platforms
Cisco 1710, Cisco 3600 series, Cisco 3725, Cisco 3745, Cisco 6400-NRP series, Cisco 7200, Cisco 7400, Cisco 7500, Cisco AS5300, Cisco AS5350, Cisco AS5400, Cisco AS5850, Cisco CVA 120, Cisco ICS 7750, Cisco ONS 15104, Cisco uBR 7200, Cisco uBR 925

Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Contents

•Information About CISCO-CONFIG-COPY-MIB Secure Copy Support

•How to Use Secure Copy Support

•Configuration Examples for Secure Copy Support

•Additional References

•Command Reference

Information About CISCO-CONFIG-COPY-MIB Secure Copy Support

To use the CISCO-CONFIG-COPY-MIB: Secure Copy Support features, you need to understand the following concepts:

•CISCO-CONFIG-COPY-MIB Secure Copy Implementation

•Cisco IOS Software Secure Copy Support

CISCO-CONFIG-COPY-MIB Secure Copy Implementation

The CISCO-CONFIG-COPY-MIB has been enhanced to support the scp copy utility.

CISCO-CONFIG-COPY-MIB is platform-independent and provides objects to allow the copy functionality. For example, there are objects that provide the status of a copy operation and the reason for failure, if any.

This feature provides network management software with the ability to copy running and startup configuration files from a Cisco router that supports scp.

Use the SNMP Object Navigator tool in the Cisco MIB Locator at this web location, http://tools.cisco.com/ITDIT/MIBS/servlet/index, to view the CISCO-CONFIG-COPY-MIB.

Cisco IOS Software Secure Copy Support

The Cisco IOS software has had the ability to copy files such as the startup configuration and router images to and from routers using copy protocols such as rcp from the Berkeley r-tools suite. Recently, the Cisco IOS software began supporting Secure Shell (SSH), a more secure replacement for the Berkeley r-tool suite; however, scp functionality was not included. Cisco customers are becoming increasingly aware of security issues and have routers that they need to manage securely. In addition to the file copy enhancements added to the CISCO-CONFIG-COPY-MIB in the Cisco IOS Release 12.3(2)T, the scp: function has been added to the Cisco IOS copy EXEC command, to allow the secure and authenticated copying of router configurations and router images.

How to Use Secure Copy Support

This section contains the following task:

•Using Secure Copy Support (required for secure file transfers)

Using Secure Copy Support

Using the secure copy support available in Cisco IOS Release 12.3(2) requires that the following configurations be done first:

•Configure a Cisco router for SCP server-side functionality. Refer to the Secure Copy feature module for the configuration tasks.

•If required, configure SSH terminal-line access. Refer to the SSH Terminal-Line Access feature module for the configuration tasks.

This task transfers files between a router and server using scp:

SUMMARY STEPS

1. enable

2. copy flash:destination-filename scp://username@{location | /directory | /filename}

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	copy flash:destination-filename scp://username@{location | /directory | /filename} Example: Router# copy flash:c4500-ik2s-mz.scp scp://user1@host1/	Copies a system image from Flash memory to a server that supports SSH.

Configuration Examples for Secure Copy Support

This section contains the following example:

•Secure Copy Support Configuration and File Copy Example

Secure Copy Support Configuration and File Copy Example

The following example shows a typical configuration that allows the router to securely copy files from a remote workstation. Because SCP relies on authentication, authorization, and accounting (AAA) authentication and authorization to function properly, AAA must be configured.

aaa new-model

aaa authentication login default tac-group tacacs+

aaa authorization exec default local

username user1 privilege 15 password 0 lab

ip scp server enable

The following example shows how to use scp to copy a system image from Flash memory to a server that supports SSH:

Router# copy flash:c4500-ik2s-mz.scp scp://user1@host1/

Address or name of remote host [host1]?

Destination username [user1]?

Destination filename [c4500-ik2s-mz.scp]?

Writing c4500-ik2s-mz.scp

Password:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

---

Note When using scp, you cannot enter the password into the copy EXEC command; enter the password when prompted.

---

Additional References

For additional information related to the CISCO-CONFIG-COPY-MIB: Secure Copy Support feature, see the following sections:

•Related Documents

•Standards

•MIBs

•RFCs

•Technical Assistance

Related Documents

Related Topic	Document Title
Secure Copy Protocol	Secure Copy feature module
Configuring SSH on a Cisco router	SSH Terminal-Line Access feature module
Cisco IOS file copy procedures	"Loading and Maintaining System Images" chapter in the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide.

Standards

Standards	Title
None	—

MIBs

MIBs	MIBs Link
•CISCO-CONFIG-COPY-MIB	To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs

RFCs

RFCs	Title
Secure Shell	Network Working Group Internet-Draft "SSH Connection Protocol," which can be obtained from the following URL: ftp://ftp.ietf.org/internet-drafts/draft-ietf-secsh-connect-16.txt

Technical Assistance

Description	Link
Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.	http://www.cisco.com/public/support/tac/home.shtml

Command Reference

The following commands are introduced or modified in the feature or features

•copy

•ip scp server enable

For information about these commands, see the Cisco IOS Security Command Reference at

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_book.html.

For information about all Cisco IOS commands, see the Command Lookup Tool at

http://tools.cisco.com/Support/CLILookup or the Master Command List.

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2007 Cisco Systems, Inc. All rights reserved.