Colorlib Khazi Peppers2020-05-21

Cisco - Config changes via SNMP

CiscoLinuxSNMP

Once upon a time I managed to get myself locked out of a device entirely. Traffic was still flowing, monitoring was still fine, but I could not get into a command line for a Core Switch.

 This is the method I used to add a new privileged user to the configuration via SNMP, so I could get back into the device. 

 Things you'll need

  • Device with SNMP RW (Read/Write) and not just RO (Read-Only)
  • Computer with the ability to use snmpset
    • Linux: Free Software found here.
    • Windows: Free Software found here.
  • Computer with the ability to be a tftp server
    • Linux: Free Software found here.
    • Windows: Free software found here.
Requirement #1
Device with SNMP RWThe following is from the CLI of my Cisco 881W Switch 
I have a RW community string of "DBTN" 

Requirement #2
 Computer with snmpset: The following is from my Raspberry Pi. 

Requirement #3
 Computer with the ability to be a tftp server: The following is from my Windows Desktop.
I put the file "test.txt" in the tftp root directory. 
I'm only altering the hostname of the Switch as an example.


The following list of commands will push your config:
snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.2.12 i 1
snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.3.12 i 1
snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.4.12 i 4
snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.5.12 a 10.10.83.191
snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.6.12 s test.txt 
snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.14.12 i 1

The blue text is variable.
  • Where I have ".12" you just pick a oid number, just pick anything.
  • 10.10.83.225 is our Switch IP
  • 10.10.83.191 is our TFTP Server IP
  • test.txt is the file with the configuration changes.
 Here you can see me implementing the config as listed above

And here you can see the change was implemented.



You're probably able to make it work based on the above information, but down below I have some more granular details as to what each of these OIDs represents.

Line #1: ccCopyProtocol - Sets the Protocol to TFTP.
snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.2.12 i 1

 Line #2: ccCopySourceFileType - Sets the source file type as "networkFile".
snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.3.12 i 1

 Line #3: ccCopyDestFileType - Sets the destination file type as "runningConfig".
snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.4.12 i 4

 Line #4: ccCopyServerAddress - Sets the TFTP Server Address.
snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.5.12 a 10.10.83.191

 Line #5: ccCopyFileName - Sets the File Name to be copied.
snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.6.12 s test.txt

 Line #6: ccCopyEntryRowStatus - Begins the transfer
snmpset -c DBTN -v 2c 10.10.83.225 1.3.6.1.4.1.9.9.96.1.1.1.1.14.12 i 1

Categories: Cisco, Linux, SNMP