TFTP vs SFTP and SCP

The TFTP client and server should be disabled as they do not require any authentication, and (as with Telnet) transfer data in the clear. Secure File Transfer Protocol (SFTP) and Secure Copy Protocol (SCP), part of the SSH protocol suite, should be used instead as they provide an encrypted session using public/private keys between client and server just like SSH. In this case, the switch acts as the server, with the management station acting as the client. You will need a secure terminal client program running on your PC. To enable SFTP and SCP and disable TFTP, follow these steps:

switch(config)# crypto key generate ssh 
switch(config)# ip ssh filetransfer 
TFTP and auto-TFTP are now disabled because they cannot be secured with SSH. TFTP can be re-enabled with the 'tftp' command.

When executing ip ssh filetransfer, the TFTP client and server will be disabled automatically. To disable the TFTP client and server manually (if, for instance, you are disabling all file transfer protocols), execute the following commands:

switch(config)# no tftp server 
switch(config)# no tftp client

For more information, refer to "Using SCP and SFTP" in the chapter "File Transfers" in the ArubaOS-Switch Management and Configuration Guide.