Cisco - Config changes via SNMP | Don't Blame The Network

NoBlameNetwork May 21, 2020 0 views

Once upon a time I managed to get myself locked out of a device entirely. Traffic was still flowing, monitoring was still fine, but I could not get into a command line for a Core Switch.

This is the method I used to add a new privileged user to the configuration via SNMP, so I could get back into the device.

Things you'll need

Device with SNMP RW (Read/Write) and not just RO (Read-Only)

Computer with the ability to use snmpset

Linux: Free Software found here.
Windows: Free Software found here.

Computer with the ability to be a tftp server

Linux: Free Software found here.
Windows: Free software found here.

Requirement #1

Device with SNMP RW: The following is from the CLI of my Cisco 881W Switch

I have a RW community string of "DBTN"

Requirement #2

Computer with snmpset: The following is from my Raspberry Pi.

Requirement #3

Computer with the ability to be a tftp server: The following is from my Windows Desktop.

I put the file "test.txt" in the tftp root directory.

I'm only altering the hostname of the Switch as an example.

The following list of commands will push your config:

snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.2.12 i 1
snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.3.12 i 1
snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.4.12 i 4
snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.5.12 a 10.10.83.191
snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.6.12 s test.txt 
snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.14.12 i 1

The blue text is variable.

Where I have ".12" you just pick a oid number, just pick anything.
10.10.83.225 is our Switch IP
10.10.83.191 is our TFTP Server IP
test.txt is the file with the configuration changes.

Here you can see me implementing the config as listed above

And here you can see the change was implemented.

You're probably able to make it work based on the above information, but down below I have some more granular details as to what each of these OIDs represents.

Line #1: ccCopyProtocol - Sets the Protocol to TFTP.

snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.2.12 i 1

Line #2: ccCopySourceFileType - Sets the source file type as "networkFile".

snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.3.12 i 1

Line #3: ccCopyDestFileType - Sets the destination file type as "runningConfig".

snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.4.12 i 4

Line #4: ccCopyServerAddress - Sets the TFTP Server Address.

snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.5.12 a 10.10.83.191

Line #5: ccCopyFileName - Sets the File Name to be copied.

snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.6.12 s test.txt

Line #6: ccCopyEntryRowStatus - Begins the transfer

snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.14.12 i 1

Tags: Cisco Linux SNMP

Back to all articles

Don't Blame The Network

Cisco - Config changes via SNMP

Search

Recent Posts

Top Tags

All Tags