It’s the year 2022 so can we collectively agree to stop using insecure protocols like FTP and TFTP to transfer files to and from your network devices? One of the many advantages of Arista switches is that you can use Secure Copy Protocol (SCP) which is an encrypted protocol to move files to and from them and also use the switch itself as an SCP source or destination. Years ago if you were remote and performed a firmware update to a network device you’d have to set up an FTP or TFTP server and then deal with the headaches when doing active vs. passive FTP if going through a firewall etc. With SCP it runs over port 22 (same as SSH) so in theory if you can SSH to the device you should also be able to SCP to it.
So let’s review some of the configuration & commands in some examples of utilizing SCP on Arista EOS.
Getting Started
To configure the switch to become an SCP server and we will assume RADIUS or TACACS server is not being used the Arista switch (if RADIUS or TACACS are in use, your config will vary), these global configuration commands are required:
aaa authentication login console local
aaa authorization exec default local
Moving Files Around
Here’s a sample of how I push a file from my Macbook’s current directory to a switch:
kevins-macbook% scp EOS-4.25.5.1M.swi eos admin@192.168.30.30:/mnt/flash/
Some notes on the variables in the command:
Here’s a sample of how to move a file from the switch to a local directory on my Macbook:
arista-switch# scp eos-admin@192.168.30.30:/mnt/flash/ARP_Output.txt ARP_Output.txt
Some notes on the variables in the command:
Here’s how one can transfer an EOS software image from switch to switch:
Arista-720XP-CS1# bash
Arista Networks EOS shell
[eos-admin@Arista-720XP-CS1 ~]$ cd /mnt/flash/
[eos-admin@Arista-720XP-CS1 flash]$
[eos-admin@Arista-720XP-CS1 flash]$ scp EOS-4.25.5.1M.swi eos-admin@192.168.30.70:/mnt/flash/
Some notes on the variables in the command:
Use Cases
Why should one care about being able to move files to and from the switch with SCP? Here are a few use cases that I’ve found meaningful:
Wrapping Up
So as you can see, there is a lot of utility with SCP on Arista switches. Not everyone knows it’s there so I thought I would create this write up. If you have more questions concerning using SCP on Arista switches, please feel free to contact us!
Arista Tips & Tricks: Connecting to Arista Switches with SSH Key Based Authentication
Three Features in Arista EOS That You Need to Know About
Dual Datacenter DMZ With VXLAN, VARP, VRF & OSPF with Arista Networks
8 Lessons Learned - Arista Datacenter Interconnect (DCI) with VXLAN and vARP