Using SNMP to send commands to Cisco routers

Send Cisco commands via SNMP

An article by Fabio Semperboni Tutorial inShare136 Tweet

In the article "How to save configurations using SNMP", I has explained how to get the Cisco configuration using SNMP.  Now, I explain how to send commands via SNMP using the "Ciscoconfigcopymib" MIB; With this MIB, you can replace Running/startup configuration, send commands, save The "show" Output or reload the device.

OK, let ' s start:)

First of all, check if your pc/server have the SNMP suite; If not, install the net-snmp Software (http://net-snmp.sourceforge.net/).

Then open a terminal the your PC and use these commands:

snmpset -c [snmp-community-string] -v 2c [ip-device] 1.3.6.1.4.1.9.9.96.1.1.1.1.2.[Random number] i 1
snmpset -c [snmp-community-string] -v 2c [ip-device] 1.3.6.1.4.1.9.9.96.1.1.1.1.3.[Random number] i 1
snmpset -c [snmp-community-string] -v 2c [ip-device] 1.3.6.1.4.1.9.9.96.1.1.1.1.4.[Random number] i 4
snmpset -c [snmp-community-string] -v 2c [ip-device] 1.3.6.1.4.1.9.9.96.1.1.1.1.5.[Random number] a [ip-tftp-server]
snmpset -c [snmp-community-string] -v 2c [ip-device] 1.3.6.1.4.1.9.9.96.1.1.1.1.6.[Random number] s [file-name]
snmpset -c [snmp-community-string] -v 2c [ip-device] 1.3.6.1.4.1.9.9.96.1.1.1.1.14.[Random number] i 1

Where:snmp-community-string is the community key of your Cisco device; Remember that the community must has write rights. Ip-device is the IP address of your Cisco device. Ip-tftp-server is the IP address of your TFTP server. File-name is the file, contains the commands to being executed to your Cisco device.

But what's the meaning of the last part of each command? See your below an explanation:

1.3.6.1.4.1.9.9.96.1.1.1.1.2.336 I 1

Cccopyprotocol:the Protocol File Transfer Protocol that should being used to copy the configuration file over the network. If the config file transfer is to occur locally on the SNMP agent, the method of the transfer was left up to the implementation Restricted to the protocols below. The object can be (in this case I choise the TFTP): tftp ftp rcp SCP sftp

1.3.6.1.4.1.9.9.96.1.1.1.1.3.336 I 1

Cccopysourcefiletype:specifies the type of file to copy from. The object can be: networkfile iosfile startupconfig runningconfig terminal fabricstartupconfig

1.3.6.1.4.1.9.9.96.1.1.1.1.4.336 I 4

Cccopydestfiletype:specifies the type of file to copy to. The object can be:networkfile iosfile startupconfig runningconfig terminal fabricstartupconfig

1.3.6.1.4.1.9.9.96.1.1.1.1.5.336 a 192.168.1.100

Cccopyserveraddress:the IP Address of the TFTP server to copy the configuration file. In this case, the TFTP server is 192.168.1.100.

Snmpset-c c1sc0zine-v 2c 192.168.1.1 1.3.6.1.4.1.9.9.96.1.1.1.1.6.336 s Ciscozine.txt

Cccopyfilename:the file name (including the path, if applicable) of the file.

1.3.6.1.4.1.9.9.96.1.1.1.1.14.336 I 1

Cccopyentryrowstatus:the Status of this table entry. Once The entry status is set to active, the associated entry cannot be modified until the request completes (Cccopystate t Ransitions to ' successful ' or ' failed '). The object can be: active notinservice notready Createandgo createandwait Destroy

Remember: The command syntax is the same on Linux or Windows PCs.

Example:
Suppose this want overwrite the running configuration from a configuration saved in a text file (like a "copy Tftp:running-config ").

The client sends the "SNMP set" commands to the router and then the router overwrites the running configuration with the "CIS Cozine.txt ", downloaded from the TFTP server.

The first five commands define the the the SNMP characteristics:

Snmpset-c c1sc0zine-v 2c 192.168.1.1 1.3.6.1.4.1.9.9.96.1.1.1.1.2.666 I 1
snmpset-c c1sc0zine-v 2c 192.168.1.1 1.3 .6.1.4.1.9.9.96.1.1.1.1.3.666 I 1
snmpset-c c1sc0zine-v 2c 192.168.1.1 1.3.6.1.4.1.9.9.96.1.1.1.1.4.666 I 4
Snmpset-c c1sc0zine-v 2c 192.168.1.1 1.3.6.1.4.1.9.9.96.1.1.1.1.5.666 a 192.168.1.100
snmpset-c c1sc0zine-v 2c 192 .168.1.1 1.3.6.1.4.1.9.9.96.1.1.1.1.6.666 S Ciscozine.txt

The last command submit the Snmpset commands:

Snmpset-c c1sc0zine-v 2c 192.168.1.1 1.3.6.1.4.1.9.9.96.1.1.1.1.14.666 I 1

After the last command, the router displays this message:

%sys-5-config_i:configured from Tftp://192.168.1.100/ciscozine.txt by console

Remember: the "Ciscozine.txt" can contain a startup-configuration or a single command; In fact, if you would only create a loopback interface, create a ciscozine.txt file like that:

conf T
  interface loopback1
  IP address 10.1.1.1 2552.55.255.255

After the Snmpset commands, the device would create the loopback1 interface!

Another good tip, it is to use the Snmpset commands to save some show output. How?  Suppose you want to save the "show interfaces" into the "Show.txt" file via tftp; Create a "ciscozine.txt" like that and execute the Snmpset:

Conf t do
 show Interf | redirect Tftp://192.168.1.100/show.txt
 exit

and.. Is it possible reload a device using SNMP? sure! First of all, enable the "Router/switch to do It" (remember it is dangerous ...):

Snmp-server System-shutdown

Then use only this command (the previous snmpset is not required):

Snmpset snmpset-c [snmp-community-string]-v 2c [Ip-device]  . 1.3.6.1.4.1.9.2.9.9.0 I 2

Where [Ip-device] is the IP address of the device so you want reload; The [snmp-community-string] is the Snmp-server community (must be r/w).

 Note:If you don ' t configure the "Snmp-server System-shutdown", the device shows this message:

%sys-4-reload_attempt:attempt via SNMP failed, system shutdown not configured

 Remember: Each time you copy to or from a device using SNMP, choose a random number. This number creates a row instance. It must is the same everywhere in your command. Once you use a specific number, it can is used again before it times out. The timeout is five minutes. If you use the same number within the five minutes, you get an error (snmp:inconsistent value.) You must upload complete configurations the Snmpset command. Partial configurations Erase What's currently stored in Non-volatile RAM (NVRAM). This is a needed for startup configurations. When you run a configuration copy it merges the contents. Summary article Name Send Cisco command via SNMP Description A Good tutorial that explains in Deph how it's simple Send C Ommands to your Cisco Router/switch via SNMP. With this feature it's possible configure the device or reload it (it is dangerous)! Author Fabio semperboni tags:  advanced configuration,  ios,  reload,  snmp,  Tips related Posts How to install the Cisco ISE using USB or CIMC interface How to access network devices via Radius server ddns:how to manage a Device with a dynamic public IP Using the Cisco ISE API to write web interface Cody Hartley

I hadn ' t seen any SNMP guides using Snmpv3 and SCP as transport protocol. For those looking to implement, here's what worked for me.

As with the other SNMP config copy guides you'll need to download the respective MIBS and load them in the snmp.conf fil E.

This post would specifically cover the Snmpset commands for a v3 setup.

SNMP Environment:

Name:net-snmp
version:5.7.2
Release:17.fc20

SNMP conf file in ~/.snmp/snmp.conf

Contains

Defsecurityname XXX <-Replace with v3 username
Defcontext ""
Defauthtype SHA
Defprivtype AES
Defsecuritylevel Authpriv
Defauthpassphrase * * * * <-replace with authentication Pass
Defprivpassphrase * * * * */dev/null shown in the script or at the CLI below redirects STDERR to null to avoid the MIB module s parsing errors.

#!/usr/bin/bash
Device=$1
Rannum=42
user=******
pass=******
server=x.x.x.x
date=$ (date + "%m_%d_%y")

Snmpset $DEVICE cccopyprotocol. $RANNUM i 4 cccopysourcefiletype. $RANNUM I 4 cccopydestfiletype. $RANNUM I 1 Cccopyserverad Dress. $RANNUM a "$SERVER" cccopyfilename. $RANNUM S "$DEVICE. $DATE" Cccopyusername. $RANNUM s $USER cccopyuserpassword.$ Rannum s $PASS cccopyentryrowstatus. $RANNUM I 4 2>/dev/null

Once Run you can check the status of the copy with the following command.

[Root@localhost hlsb]# snmpwalk sbs-tech-switch ciscoconfigcopymib 2>/dev/null
cisco-config-copy-mib::cccopyprotocol.42 = INTEGER:SCP (4)
cisco-config-copy-mib::cccopysourcefiletype.42 = Integer:runningconfig (4)
cisco-config-copy-mib::cccopydestfiletype.42 = Integer:networkfile (1)
cisco-config-copy-mib::cccopyserveraddress.42 = ipaddress:10.10.10.193
cisco-config-copy-mib::cccopyfilename.42 = string:sbs-tech-switch.07_09_14
cisco-config-copy-mib::cccopyusername.42 = string:xxxx
cisco-config-copy-mib::cccopyuserpassword.42 = string:xxxx
cisco-config-copy-mib::cccopynotificationoncompletion.42 = Integer:false (2)
cisco-config-copy-mib::cccopystate.42 = integer:successful (3)
cisco-config-copy-mib::cccopytimestarted.42 = timeticks: (52270199) 6 days, 1:11:41.99
cisco-config-copy-mib::cccopytimecompleted.42 = timeticks: (52270339) 6 days, 1:11:43.39
cisco-config-copy-mib::cccopyentryrowstatus.42 = integer:active (1)
cisco-config-copy-mib::cccopyserveraddresstype.42 = Integer:ipv4 (1)
cisco-config-copy-mib::cccopyserveraddressrev1.42 = STRING: "10.10.10.193"

After the successful copy completes the entry would exist for five minutes allowing for no further requests to being made with That particular random number. To send another request prior to the five minute clearing of the table, send a "destroy" Snmpset to clear the entry.

[Root@localhost hlse]# snmpset sbs-tech-switch cisco-config-copy-mib::cccopyentryrowstatus.42 I 6 2>/dev/null
cisco-config-copy-mib::cccopyentryrowstatus.42 = Integer:destroy (6)

Hope This would save some time for those looking to implement a more Secure SNMP config copy setup.

V/r

Cody Hartley Fabio Semperboni

thanks! Josh

Say, is there any-to-combine the | Redirect and the | Format? I ' d love to redirect the output as XML. Fabio Semperboni

I ' ve tried the redirect command but I checked so the result depends by IOS version: So try and check:) Falove

Thanks for Great tutorial! Could do you have a guide on how to use the "ping" command with SNMP and save to a tftp file? Fabio Semperboni

Have you read http://www.ciscozine.com/how-to-save-configurations-using-snmp/? :) Falove

Yes, I have read this tutorial but I can ' t get it work. Not sure what it didn ' w work.

Snmpset-c test-v 2c 172.16.10.1.1.3.6.1.4.1.9.9.16.1.1.1.16.335 Integer 6
Snmpset-c test-v 2c 172.16.10.1.1.3.6.1.4.1.9.9.16.1.1.1.16.335 Integer 5
Snmpset-c test-v 2c 172.16.10.1.1.3.6.1.4.1.9.9.16.1.1.1.15.335 octetstring Any_name
Snmpset-c test-v 2c 172.16.10.1.1.3.6.1.4.1.9.9.16.1.1.1.2.335 Integer 1
Snmpset-c test-v 2c 172.16.10.1.1.3.6.1.4.1.9.9.16.1.1.1.3.335 Octetstringhex "AC ten AA A2"
Snmpset-c test-v 2c 172.16.10.1.1.3.6.1.4.1.9.9.16.1.1.1.16.335
Snmpset-c test-v 2c 172.16.10.1.1.3.6.1.4.1.9.9.16.1.1.1.16.335 Integer 1
Snmpwalk-c test-v 2c 172.16.10.1.1.3.6.1.4.1.9.9.16.1.1.1
Snmpset-c test-v 2c 172.16.10.1 1.3.6.1.4.1.9.9.96.1.1.1.1.5.335 a 172.16.10.2
Snmpset-c test-v 2c 172.16.10.1 1.3.6.1.4.1.9.9.96.1.1.1.1.6.335 s Ping-test.txt
Snmpset-c test-v 2c 172.16.10.1.1.3.6.1.4.1.9.9.16.1.1.1.16.335 Integer 6 Rodrigo

Works like a charm. thanks! Roger Da Luz

Nice tutorial Gassi

Nice tutorial

So there is another securtity problem:
You dont need to set "Snmp-server System-shutdown"

Only use a text file with the reload CMD to the device with this content to Runn ing config:

Reload.txt:
Do Reload
Y
Y

First y:answer for saving the changed config (you is in config mode)
Second Y:to commit the reload