Password recovery via SNMP

Unanswered Question
Apr 21st, 2010
User Badges:


Has anybody ever tried resetting a vty or the enable secret password via SNMP?  I've read that there is something you can do with pullling back the running-config and comparing it to startup-config....via snmp assuming you know the RW Community-string.

But I was sure there was another method available whereby you could (if you knew snmp community-name) reset the passwords remotely using snmp?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
angvarga Wed, 04/21/2010 - 09:19
User Badges:

Hello Mary,

To change the vty password, it is necessary to know the Read-Write (RW) community string, since the procedure needs to write information in some of the OIDs.

This is the link with the information about How To Copy Configurations To and From Cisco Devices Using SNMP:

You can create a .txt file with just the lines you want to send to the device and these ones will be added to the configuration you already have.

I will prepare an example for you and post it so you can take a look.

Angel V.

tavoularisr Thu, 12/15/2011 - 08:38
User Badges:

I had the same problem, and I followed these instructions and they worked perfectly.  I just wanted to say thanks!

angvarga Wed, 04/21/2010 - 10:48
User Badges:

Hello Mary,

This is the example I have for you:

We need to make is to create a new ROW in the device within the ccCopyTable Mib, where all the values are going to be stored in order to replace the line we want in the configuration:

The procedure to recover password via snmp only, instead of referencing a file with an entire configuration the contents of the file would be
simply the password information that you want to change to.  It won't leave you with a one line config.  It will just overwrite the one line
that is in your current running config.  The rest should stay the same.

For example, create a .txt file with just these 2 lines in the TFTP boot directory of your TFTP application:

enable password newpass

*** Note: the end statement is totally necessary.

Step 1 (Creating the Row).

Please look into MIB ccCopyEntryRowStatus

snmpset  -v  2c  -c  private  i  5

NOTE: var_type is "i" for Interger

Value is 5 for createAndWait

In the MIB the last .222 is the entry index in the table. If the row is occupied then please destroy it first and try to create it and wait again.

Step 2 (Setting the protocol).

We are going to use TFTP to transfer the device configuration with the OID ccCopyProtocol.

Please look into MIB ccCopyProtocol

snmpset  -v  2c  -c  private  i  1

NOTE: Value is 1 for tftp

Step 3 (Specifying  the Source).

We are going to specify that what we want to copy is the file in your PC.

Please look into MIB ccCopySourceFileType

snmpset  -v  2c  -c  private  i  1

NOTE: Value is 1 for networkFile

Step 4 (Specifying the Destination).

Once we have specified the Source, we need to tell what would be the destination to where
we are copying the file.

Please look into MIB ccCopyDestFileType

snmpset  -v  2c  -c  private  i  4

NOTE: Value is 4 for runningConfig

Step 5 (TFTP Server's Address).

Let's now setup the IP address of the server where the TFTP service is currently running and where the configuration is going to get copied.

Please look into MIB ccCopyServerAddress

snmpset  -v  2c  -c  private  a

NOTE: var_type is "a" for IP address

Value is the TFTP server's IP address

Step 6 (Specifying the File name in the TFTP Server).

Now, we need to tell the name of the file where the data is going to be sent to or stored (the one you create with the 2 lines).

Please look into MIB ccCopyFileName

snmpset  -v  2c  -c  private  s

NOTE: var_type is "s" for Display String. Sometimes the name could need " "

Value is the file name in the TFTP boot previously created with full privileges

Step 7 (Deploy the settings and run it).

Last thing is deploying the settings so the config archive takes place. Before activating the row 222,  we must double-check that the TFTP service is up and running.

Is the service running?

If yes, then activate the row with the following snmpset.

Please look into MIB ccCopyEntryRowStatus

snmpset  -v  2c  -c  private i 1

NOTE: Value is 1 for active.

Step 8 (Check the results).

Check if the transfer was successful.

do a snmpwalk to



Step 9.(Try to access the device).

This should be more than enough to change an specific line in the configuration using SNMP.

I hope this answered your question.

Best Regards,

Angel V.

m.renshaw Wed, 11/02/2011 - 08:26
User Badges:

Can you set the "ip tftp source-interface" before running the tftp?

angvarga Wed, 11/02/2011 - 08:46
User Badges:

No, it would not work, you have to set the IP address of the TFTP server in the ccCopyServerAddress OID; that is the value that will be used for the transfer.

m.renshaw Wed, 11/02/2011 - 08:52
User Badges:

So I if all my interfaces have "vrf forwarding" and I didn't have the "ip tftp source-interface" command  I wouldn't be able to pull the text file down to the router.

angvarga Wed, 11/02/2011 - 09:02
User Badges:

What I mean in my previous post is that you don't need that command, the TFTP transference is done by SNMP, therefore all the details about the TFTP transference needs to be configured/set in the OIDs of the ccCopyTable Mib. Obviosly, between the device and the PC in which you have the TFTP application you needs to have the TFTP protocol open ( no firewalls or ACLs blocking it) 

If you need further assistance with the procedure I strongly recommend you to open a TAC service request.

jagmeetsingh Sat, 05/03/2014 - 14:37
User Badges:

this work great on IOS 12.0 and above. Thanks for the instructions.

I am having issues with 4507 IOS-XE and its not working. Do you know the mibs value for 4507 as well.




Paul Wedde Thu, 07/24/2014 - 03:09
User Badges:


I tried to do this many years back with no success. Today I have managed to carry out the process with no issues! I had to try 2 times before it finally worked as the 1st time I messed up the path to the file and the second time I needed "enable secret" instead of "enable password". Also, each whole set of SNMP commands requires a different SNMP "row" number  else you will get an error if you attempt to reuse "222". 


Good Luck.

Rolf Fischer Sun, 07/27/2014 - 00:47
User Badges:
  • Blue, 1500 points or more
Also, each whole set of SNMP commands requires a different SNMP "row" number  else you will get an error if you attempt to reuse "222". 

As the final step you should always set the ccCopyEntryRowStatus to "destroy" (6):

snmpset  -v  2c  -c  private i 6

After that you can reuse the same random number.





This Discussion