By default Cisco routers will come with scp file transfers disabled. Though they are easy enough to enable so that you can download / upload configurations to them using ssh / scp. Which is useful for doing backup's of router config files. In particular a lot of routers automatically.

The first part of the problem requires that you enable enough privileges to be able to access scp from a particular user. Normally there is a configuration line that looks like 'aaa authentication login default local' or like 'aaa authentication login default group radius local' if you are using radius authentication. You will need to add the exec permission to the same group.

This can be done with the following commands

aaa authorization exec default  local

Or if using radius

aaa authorization exec default group radius local

Then you need to also enable the scp service which you can do with the following

ip scp server enable

At this stage you should now be able to scp the config file. From Linux I would use the following 'scp :startup-config mybackupfile

Last Modified: 23 February 2017

Releated Posts

2012-07-07 - Cisco - Howto enable scp file transfer
2011-06-21 - Cisco - Gateway load balancing