[toc:faq]
Introduction
The SCP feature works on routers however it doesn't work on interfaces which have VRF enabled on it. Since the management interface on the ASR is pre-configured with the VRF and this cannot be removed, it is very important that VRF-AWARE SCP work on ASRs. This document explains how to get it set up.
Solution
For using SCP on a VRF enable interface you will need to do the following:
1) Configure SSH
2) SSH source-interface must be configured (i.e ip ssh source-interface Ethernet1/0). It is required as SCP uses SSH for connection.
Configuration Example
R200#sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCe9UNszC4SXqY41ur9IIx5BIGVZcBYcFq8ongfir0C
9NVeJ4hB9/+Xu5eJIN6RCDdZOH1CK5iVrMw4yG4waLgLVSChf+42HoLNs+FQnjgVnKUIsODB2MbaQs9G
CARGkh7ZyB6cVxjLDqDKw6yea0O9JL+P50yMl3qXwx4z4ZiYrw==
R200#sh vrf
Name Default RD Protocols Interfaces
vpn1 <not set> ipv4 Et1/0
R200#sh run | i source
ip ssh source-interface Ethernet1/0
R200#copy unix:check_run scp://cisco@10.10.10.201://unix:
Address or name of remote host [10.10.10.201]?
Destination username [cisco]?
Destination filename [unix:]? unix:check-12
Writing unix:check-12
Password:
!
11 bytes copied in 12.068 secs (1 bytes/sec)
R200#
R200#copy scp://cisco@10.10.10.201://unix:check_run unix:
Destination filename [unix:check_run]? unix:chck-11
Password:
!
11 bytes copied in 12.473 secs (1 bytes/sec)