Wireless Access

Reply

Easy way to copy files from MM/MC to your local computer

Hi all,

 

I have ran into many cases where I needed to copy files from a MM or MC to my local computer when connected by a VPN. In most cases a copy from the MM or MC to my computer is not possible due to firewall rules on the VPN access.

 

I found this way to also work quite easy:

 

  1. SSH to the MD or MD
  2. Conf t
  3. Service SCP
  4. write mem
  5. From your local computer CLI :  scp admin@192.168.88.100:/airmatch_db_dump.tgz airmatch_db_dump.tgz
  6. enter your admin password when prompted
  7. file transfer : airmatch_db_dump.tgz              100%  377KB   1.4MB/s   00:00 
  8. turn off SCP by issueing : no service scp    (just to be secure)

 

Thanks to @cgeffert for this tip.

 

 

 

Cheers, Frank
AirHeads MVP |AMFX#22| ACCX#613| ACMX#733| ACDX#744

If you like my posts, kudo's are welcome. If it solves your problem, please click 'Accept as Solution'
Highlighted
Moderator

Re: Easy way to copy files from MM/MC to your local computer

note too in 8.6 and higher you can download arbitrary files over the web interface. Diagnostics -> Tech Support -> Copy Files and choose destination "copy to local drive". The content type appears to be set incorrectly so open-with may not work (will raise a bug on it) but as long as you save it first it should be OK.

Highlighted
Frequent Contributor II

Re: Easy way to copy files from MM/MC to your local computer

Wow this is awesome. Soooo much faster copying files too.

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX#509 | ACCP | ACSA | CCNP | CCDP | CCNA Wireless
Highlighted

Re: Easy way to copy files from MM/MC to your local computer

This is a great tip, however I’d like to expand on it a little. Mrtwentytwo explains how to do this in an environment where there is a single MC. However, the process is similar, but a little different if the environment is managed by a Mobility Master (MM). When managed by an MM, all of the configuration changes are made from the MM. Config changes can typically be made at a Device Node (an MC), or at a Group Node and the configuration will be inherited by all of the devices below that group node. The “Service SCP” command however, cannot be made at a group node, and can only be made at the device node itself. Let us look at examples of this. 

—————————————————————

The first step that I did was to login to my MM. The following is a node hierarchy output from my MM showing the System, Group, and Device nodes on my lab network

 

(MM1) [mynode] #show configuration node-hierarchy

 

Default-node is not configured. Autopark is disabled.

 

Configuration node hierarchy

----------------------------

Config Node                                                                   Type        Name

-----------                                                                           ----           ----

/                                                                                       System

/md                                                                                  System

/md/BEST                                                                        Group

/md/BEST/Medical                                                           Group

/md/BEST/Medical/MBoston                                            Group

/md/BEST/Medical/MBoston/00:0b:86:b8:62:8a              Device  7005-6B

/md/BEST/Medical/MBoston/00:0b:86:be:7a:4a              Device  7005-6C

/md/BEST/Medical/MBoston/00:0b:86:be:86:aa              Device  7005-6A

/md/BEST/Medical/MBoston/20:4c:03:0a:b8:9a              Device  7008-6D

/md/BEST/Medical/MBostonDMZ                                    Group

/md/BEST/Medical/MBostonGarage                                Group

/md/BEST/Medical/MBostonGarage/00:0b:86:be:55:6a  Device  7005-9

/mm                                                                                  System

/mm/mynode                                                                    System

 

This hierarchy has six devices that I may want or need to copy files from. There are five MCs. The first four are all in the group node /md/BEST/Medical/MBoston, and happen to be part of a cluster (which is irrelevant for the task that we are doing), and the last MC is in a separate group node /md/BEST/Medical/MBostonGarage.

     7005-6A

     7005-6B

     7005-6C

     7005-6D

     7005-9

We may also want to copy files from the MM itself, which is the sixth device.

—————————————————————

Usually, if I wanted a setting to apply to all MCs, typically I would issue the command at the /md/best group node and the setting would be inherited by all nodes below that group. As you can see in the following CLI output (the error message), the “Service SCP” command can only be set at the device nodes or /mm/mynode.

 

(MM1) [mynode] #cd /md/best

(MM1) [BEST] #configure t

Enter Configuration commands, one per line. End with CNTL/Z

(MM1) [BEST] (config) #service scp

ERROR: Command can be executed only on device nodes and /mm/mynode.

 

Since the command cannot be issued at a group node, I needed to go directly to the MC, enable configuration “conf t”, issue the command, and of course save it “write mem” which will push the configuration change from the MM to the MC, enabling SCP on the MC. The following commands show these tasks.

 

(MM1) [BEST]  #cd 7005-6a

 

(MM1) [00:0b:86:be:86:aa] #configure t

Enter Configuration commands, one per line. End with CNTL/Z

 

(MM1) [00:0b:86:be:86:aa] (config) #service scp

(MM1) ^[00:0b:86:be:86:aa] (config) #write mem

 

At this point, the MC (7005-6a) is configured to support SCP. From the CLI of your local computer, you can now copy a file, such as using the following command 

 

scp admin@10.1.60.101:/licenses6.txt licenses6.txt

 

(scp=command, admin=user, 10.1.60.101=MC IP address, /licenses6.txt=source file on the MC, licenses6.txt=destination file to be created on your local machine)

 

The actual syntax and output is shown in the following example.

 

MBP15:~ david$ scp admin@10.1.60.101:/licenses6.txt licenses6.txt

The authenticity of host '10.1.60.101 (10.1.60.101)' can't be established.

RSA key fingerprint is SHA256:/0ezrZFk6fCJhEeUoMgygp24s3RAm/jMOj/D30E.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '10.1.60.101' (RSA) to the list of known hosts.

 

You will be prompted to enter the admin password, and then the file will be copied

 

admin@10.1.60.101's password:<enter password>

licenses6.txt                                                                        100% 2123    22.2KB/s   00:00

 

As previously mentioned, SCP is enabled individually on each device, so if it is needed on other MCs, it must be set on an MC by MC basis.

—————————————————————

When you are done copying files, you should consider disabling SCP to maintain a higher level of security on your network. This is done by going to the device node and disabling it (reversing what you did), as shown in the following CLI output.

 

(MM1) [mynode] #cd 7005-6a

(MM1) [00:0b:86:be:86:aa] #configure t

Enter Configuration commands, one per line. End with CNTL/Z

 

(MM1) [00:0b:86:be:86:aa] (config) #no service scp

(MM1) ^[00:0b:86:be:86:aa] (config) #write mem

—————————————————————

Finally, if you want to configure SCP on the MM itself, the process is the same as previously specified, however you will need to login to the MM and perform the command at /mm/mynode as shown in the following CLI output. When you are done, you will need to disable it too (also shown).

 

(MM1) [mm] #cd /mynode

(MM1) [mynode] #configure t

Enter Configuration commands, one per line. End with CNTL/Z

 

(MM1) [mynode] (config) #service scp

(MM1) ^[mynode] (config) #write mem

 

 

(MM1) [mynode] (config) #no service scp

(MM1) ^[mynode] (config) #write mem

—————————————————————

I hope this helps (nice job mrtwentytwo),

David
Sr. Trainer and Author of "Understanding ArubaOS: Version 8.x" book

--Give Kudos if you found something helpful, important, or cool.
--Problem Solved? Click "Accepted Solution" in a post.
Highlighted

Re: Easy way to copy files from MM/MC to your local computer

Hi David,

 

Thank you.

 

Cheers

Cheers, Frank
AirHeads MVP |AMFX#22| ACCX#613| ACMX#733| ACDX#744

If you like my posts, kudo's are welcome. If it solves your problem, please click 'Accept as Solution'
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: