Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
15909
Views
0
Helpful
9
Replies

Uploading of IOS to cisco 3850 via winscp

donnie
Level 1
Level 1

‎12-29-2017 06:02 PM - edited ‎03-08-2019 01:15 PM

Hi all,

 

I have tried accessing my cisco 3850 switch via winscp but was not able to list the directory. My authentication works fine but it just doesn't show the directory listing on my winscp. Objective is to upload IOS to my cisco 3850. Pls advise. TIA!

Labels:
0 Helpful
9 Replies 9

donnie
Level 1
Level 1

‎12-29-2017 06:05 PM

To add on, my environment works on a tight security policy and uploading of IOS over network has to be secured and hence we are exploring uploading via winscp as an option. Using TFTP for upload is not an option.

0 Helpful

johnd2310
Level 8
Level 8
In response to donnie

‎12-29-2017 06:40 PM

Hi, I don't think you can use Winscp because i think browsing the file system is not allowed. However, you should be able to copy using the command line. e.g. from your linux terminal you should be able to do the following: scp Downloads/cat3k_caa-universalk9.SPA.03.06.06.E.152-2.E6.bin user@192.0.2.1:/cat3k_caa-universalk9.SPA.03.06.06.E.152-2.E6.bin You should be able to do the same if using pscp from putty Thanks John
**Please rate posts you find helpful**
0 Helpful

RonF
Level 1
Level 1

‎02-19-2025 09:48 AM

I ended up using pscp.  I tried using scp but I found that it would not accept my keyboard input when I tried to enter in my password.

In using pscp be sure to specify the correct protocol.  Initially I got bombed - it would take my PW but then immediately drop.  I re-ran it using "-v" to see the messages and found that pscp uses SFTP by default.  This worked:

pscp -scp C:\<fully qualified path and filename on my PC> <my_router_login_ID>@<router_DNS_name>:<filename>

0 Helpful

GemmaGage
Level 1
Level 1

‎02-19-2025 09:58 AM

It may not work with cisco 3850 due to shell compatibility issues. Better to use SCP via the command line:

scp [source-file-path] [username]@[switch-ip]:[destination-file-path]

 

0 Helpful

liviu.gheorghe
VIP
VIP

‎02-19-2025 11:38 AM

In order to be able to copy something via scp to your switch, you should enable the scp server first from global configuration mode:

ip scp server enable

HTH

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful

RonF
Level 1
Level 1
In response to liviu.gheorghe

‎03-05-2025 12:13 PM - edited ‎03-05-2025 12:14 PM

I actually DO have that statement in my config.  But using scp from my PC's command line still failed.  It connected to the server, but for some reason would not accept keyboard input.  It's a C8300 running IOS-XE 17.12.01a.  Whereas using pscp (from PuTTY) did accept keyboard input (i.e., my password).

0 Helpful

liviu.gheorghe
VIP
VIP
In response to RonF

‎03-05-2025 01:04 PM

You need to consider a few things when copying files to the router using scp:

1. make sure the username defined on the router has enough privileges; mine is defined like username liviu privilege 15 secret <pwd>

2. enable transport input ssh on your vty lines

3. enable login local on your vty lines; if using aaa new-model, you will have to define proper authorization commands

I configured a Cisco 8000v in the lab like detailed above and it works:

liviu@ftpsrv01:~$ scp evotech.pem liviu@172.25.25.158:evotech.pem
Password:
evotech.pem 100% 1679 524.5KB/s 00:00

And the output from the router where I enabled debug ip scp 

*Mar 5 20:54:17.790: %SSH-5-SSH2_SESSION: SSH2 Session request from 172.25.25.206 (tty = 0) using crypto cipher 'aes256-ctr', hmac 'hmac-sha2-256-etm@openssh.com' Succeeded
*Mar 5 20:54:24.053: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: liviu] [Source: 172.25.25.206] [localport: 22] at 20:54:24 UTC Wed Mar 5 2025
*Mar 5 20:54:24.053: %SSH-5-SSH2_USERAUTH: User 'liviu' authentication for SSH2 Session from 172.25.25.206 (tty = 0) using crypto cipher 'aes256-ctr', hmac 'hmac-sha2-256-etm@openssh.com' Succeeded
*Mar 5 20:54:24.056: SCP: Path received evotech.pem
*Mar 5 20:54:24.056: SCP: Sanitized Path evotech.pem
*Mar 5 20:54:24.057: SCP: [22 -> 172.25.25.206:45432] send <OK>
*Mar 5 20:54:24.058: SCP: [22 <- 172.25.25.206:45432] recv C0400 1679 evotech.pem
*Mar 5 20:54:24.058: SCP: [22 -> 172.25.25.206:45432] send <OK>
*Mar 5 20:54:24.058: SCP: receive file size - 1679 chunk - 65536
*Mar 5 20:54:24.061: SCP: [22 <- 172.25.25.206:45432] recv 1679 bytes
*Mar 5 20:54:24.061: SCP: [22 <- 172.25.25.206:45432] recv <OK>
*Mar 5 20:54:24.061: SCP: [22 -> 172.25.25.206:45432] send <OK>
*Mar 5 20:54:24.062: SCP: [22 <- 172.25.25.206:45432] recv <EOF>
*Mar 5 20:54:24.068: %SSH-5-SSH2_CLOSE: SSH2 Session from 172.25.25.206 (tty = 0) for user '' using crypto cipher 'aes256-ctr', hmac 'hmac-sha2-256-etm@openssh.com' closed
c8000v#dir | i evotech
81 -rw- 1679 Mar 5 2025 20:54:24 +00:00 evotech.pem
c8000v#

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful

RonF
Level 1
Level 1
In response to liviu.gheorghe

‎03-05-2025 03:18 PM

I'm good on steps 1 and 2 - step 3 is what's missing from the config.  But then why does it work using pscp and not scp?

0 Helpful

liviu.gheorghe
VIP
VIP
In response to RonF

‎03-05-2025 03:46 PM - edited ‎03-05-2025 11:32 PM

Are you using public key authentication with PSCP?

SCP needs to "ssh" into the router first and you need steps 1-3 mentioned above in order to enable the user to do this.

I'm not sure how PSCP works, never used it.

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful
Customers Also Viewed These Support Documents
li.common.scroll-to.top