How to copy configuration files to and from the Cisco IOS routers that use SNMP

Document

Thu, 08/14/2014 - 14:10
Jun 18th, 2009

Resolution

This procedure is based on CISCO-CONFIG-COPY-MIB,    generally available from Cisco IOS  releases 12.0.

Management Information Base (MIB) objects used for the config transfer are present under the ccCopyTable    of the MIB.

MIB Object Name
Object Identifier
Values used in the example
ccCopyEntryRowStatus.1.3.6.1.4.1.9.9.96.1.1.1.1.14

active (1)
        createAndGo(4)
        createAndWait(5)
        destroy(6)

ccCopyProtocol1.3.6.1.4.1.9.9.96.1.1.1.1.2

tftp(1)
        rcp(2)

ccCopySourceFileType.1.3.6.1.4.1.9.9.96.1.1.1.1.3

networkFile(1)
iosFile(2)
startupConfig(3)
runningConfig(4)
terminal(5)

ccCopyDestFileType.1.3.6.1.4.1.9.9.96.1.1.1.1.4
ccCopyServerAddress.1.3.6.1.4.1.9.9.96.1.1.1.1.5
ccCopyFileName.1.3.6.1.4.1.9.9.96.1.1.1.1.6
ccCopyState.1.3.6.1.4.1.9.9.96.1.1.1.1.10waiting(1)
      running(2)
      successful(3)
      failed(4)

This is the procedure to copy the running configuration from a Cisco IOS router to a TFTP server:

  1. Create a row in the ccCopy Table, and set the necessary values for the attributes. Initiate the transfer process, as shown:
    snmpset -v 2c -c   .1.3.6.1.4.1.9.9.96.1.1.1.1.2. i 1
    .1.3.6.1.4.1.9.9.96.1.1.1.1.3. i 4
    .1.3.6.1.4.1.9.9.96.1.1.1.1.4. i 1
    .1.3.6.1.4.1.9.9.96.1.1.1.1.5. a ""
    .1.3.6.1.4.1.9.9.96.1.1.1.1.6. s ""
    .1.3.6.1.4.1.9.9.96.1.1.1.1.14. i 4
     
  2. Check for the completion of transfer process, as shown: 
    snmpwalk -v 2c -c   .1.3.6.1.4.1.9.9.96.1.1.1.1.10.

    Repeat the command until the state is successful.

  3. Destroy the row created, as shown: 
    snmpset -v 2c -c   .1.3.6.1.4.1.9.9.96.1.1.1.1.14. i 6

These are examples of each step:

Cisco IOS Router Name/IP Address: 10.0.0.1

Server IP Address: 10.0.0.2

File Name: Router.cfg

SNMP Read Write Community String: private

Random Row number:50

  1. Creating a row in the ccCopy Table, setting the necessary values of the attributes (protocol, source file type, destination file type, server address, file name), and initiating the transfer.

snmpset -v 2c -c private 10.0.0.1 .1.3.6.1.4.1.9.9.96.1.1.1.1.2.50 i 1

.1.3.6.1.4.1.9.9.96.1.1.1.1.3.50 i 4

.1.3.6.1.4.1.9.9.96.1.1.1.1.4.50 i 1

.1.3.6.1.4.1.9.9.96.1.1.1.1.5.50 a "10.0.0.2"

.1.3.6.1.4.1.9.9.96.1.1.1.1.6.50 s "Router.cfg"

.1.3.6.1.4.1.9.9.96.1.1.1.1.14.50 i 4

     2. Checking the transfer status. Repeat checking until the status is successful.

snmpwalk -v 2c -c private 10.0.0.1 .1.3.6.1.4.1.9.9.96.1.1.1.1.10.50

     3. Destroying the row.

snmpset -v 2c -c private 10.0.0.1 .1.3.6.1.4.1.9.9.96.1.1.1.1.14.50 i 6


Loading.
id090365_warnier Fri, 04/30/2010 - 07:15

Hello,

When I apply the first command, I face this problem:

id090365:~> snmpset -v2c -c communitystring hostipaddress .1.3.6.1.4.1.9.9.96.1.1.1.1.2.98 i 1
Error in packet.
Reason: noCreation (That table does not support row creation or that object can not ever be created)
Failed object: SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.2.98

Do you have any idea?

Thanks,

Olivier

grnelson Sat, 05/01/2010 - 12:34

Are you able to do an snmpwalk on OID .1.3.6.1.4.1.9.9.96    ?

I cannot on my 6509E running 12.2(33)SXH.

id090365_warnier Sun, 05/02/2010 - 23:49

~> snmpwalk -v2c -c private HostIP .1.3.6.1.4.1.9.9.96
SNMPv2-SMI::enterprises.9.9.96 = No Such Object available on this agent at this OID

Knowing that my goal is not only to get a config from a router but also to push a config in a router using a snmp script, what is/are my solution(s)?

Hereunder the sh ver of the host router:

#sh ver
Cisco IOS Software, C828 Software (C828-OY6-M), Version 12.3(8)T11, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport

Joe Clarke Wed, 09/08/2010 - 19:23

The 800 series does not support the CISCO-CONFIG-COPY-MIB.  For that platform, you will need to use the OLD-CISCO-SYS-MIB.  For example:

snmpset -c private .1.3.6.1.4.1.9.2.1.50.X.X.X.X s config-file

Where X.X.X.X is the IP address of the TFTP server.  That command will copy the config-file file from the TFTP server into the running config of the device.

jimmychanga Wed, 09/08/2010 - 19:14

So, if I wanted to tell a device to go out and grab a file from a TFTP server, would also need to tell the router to save that config change ("wr mem" equivalent)?

Joe Clarke Wed, 09/08/2010 - 19:16

It depends on where you copy the config locally.  You can copy a config from TFTP directly into startup.  In that case, a write mem would not be required.  If, however, you merge a config file into your running configuration, then a write mem would be required to persist the changes.

jimmychanga Wed, 09/08/2010 - 19:23

Joe, thanks for the reply.

If I was to send the changes (vs the entire config) to both running and startup would the save me having to do a "wr mem" (meaning using another SNMP trigger to copy running to startup)? Im in the process of developing a tool that uses SNMP to trigger a TFTP transfer of an prefix-list. What I want to avoid is having to issue a "wr mem". I was looking at looping through and tranfering the file to the running-config and then the startup-config. My only concern is that the router merges changes to the startup-config rather than replacing the startup-config.

Joe Clarke Wed, 09/08/2010 - 19:28

The router will merge the changes into the running config and replace the startup config.  Sending only the changes to startup would result in a truncated configuration.  I suppose you could download the startup config, add your changes, then push the changed file back into NVRAM.  But that could lead to a race that results in lost write mems.

jimmychanga Wed, 09/08/2010 - 19:29

ok, thats what I thought. So would send the trigger to pull the file from TFTP and then send a second trigger to copy from running to startup.

jfinkjfink Fri, 03/18/2011 - 14:30

Is there a definitive list of IOS versions and platforms where this works?  I can get this to work on an IAD2431 running 12.4(24)T4, but it fails on an IAD2435 running the same version.  It works on a 7204VXR running 12.4(23), but fails on a 6509 running 12.2(18)SXF17a.

In all my failure cases, I see this in the SNMP debug:

SNMP: Set request, reqid 2, errstat 0, erridx 0
ccCopyTable.1.2.41 = 1
ccCopyTable.1.3.41 = 4
ccCopyTable.1.4.41 = 1
ccCopyTable.1.5.41 = 10.0.0.25
ccCopyTable.1.6.41 = backup.txt
ccCopyTable.1.14.41 = 4
SNMP: Response, reqid 2, errstat 3, erridx 6
ccCopyTable.1.2.41 = 1
ccCopyTable.1.3.41 = 4
ccCopyTable.1.4.41 = 1
ccCopyTable.1.5.41 = 10.0.0.25
ccCopyTable.1.6.41 = backup.txt
ccCopyTable.1.14.41 = 4
SNMP: Packet sent via UDP to 10.0.0.25

I'd be more than happy to upgrade the routers where it doesn't work (if necessary) if I knew what minimum versions to test and then upgrade to.

Thanks,

-J

Joe Clarke Sat, 03/19/2011 - 22:40

Likely instance 41 already exists.  Try adding a set for:

ccCopyTable.1.14.41 i 6

To your script.  This set needs to happen in its own packet.  For example:

snmpset -c private 10.1.1.1

ccCopyTable.1.14.41 i 6

If things still fail, start a new discussion thread in this community.

Cody Hartley Thu, 08/14/2014 - 14:11

I hadn't seen any snmp guides using snmpv3 and scp as transport protocol. For those looking to implement, here is what worked for me.

As with the other snmp config copy guides you will need to download the respective MIBS and load them in the snmp.conf file.

This post will specifically cover the snmpset commands for a v3 setup.

SNMP Environment:

Name        : net-snmp
Version     : 5.7.2
Release     : 17.fc20
 

snmp conf file in ~/.snmp/snmp.conf

   contains

defSecurityName XXX <- replace with v3 username
defContext ""
defAuthType SHA
defPrivType AES
defSecurityLevel authPriv
defAuthPassphrase ***** <-replace with authentication pass
defPrivPassphrase *****  <-replace with encryption pass
defVersion 3
showMibErrors no
mibs ALL

I would verify basic snmpv3 functionality with a snmpwalk of something simple like sysUpTime. When that's good proceed to the CONFIG-COPY snmp commands.

 

This is my bash script that does the entire copy asking only for a single argument of IP/Hostname of the device being backed up. The 2>/dev/null shown in the script or at the cli below redirects STDERR to null to avoid the MIB modules parsing errors.

#!/usr/bin/bash
DEVICE=$1
RANNUM=42
USER=******
PASS=******
SERVER=X.X.X.X
DATE=$(date +"%m_%d_%y")

snmpset $DEVICE ccCopyProtocol.$RANNUM i 4 ccCopySourceFileType.$RANNUM i 4 ccCopyDestFileType.$RANNUM i 1 ccCopyServerAddress.$RANNUM a "$SERVER" ccCopyFileName.$RANNUM s "$DEVICE.$DATE" ccCopyUserName.$RANNUM s $USER ccCopyUserPassword.$RANNUM s $PASS ccCopyEntryRowStatus.$RANNUM i 4 2>/dev/null

 

Once run you can check the status of the copy with the following command.

[[email protected] hlsb]# snmpwalk sbs-tech-switch ciscoConfigCopyMIB 2>/dev/null
CISCO-CONFIG-COPY-MIB::ccCopyProtocol.42 = INTEGER: scp(4)
CISCO-CONFIG-COPY-MIB::ccCopySourceFileType.42 = INTEGER: runningConfig(4)
CISCO-CONFIG-COPY-MIB::ccCopyDestFileType.42 = INTEGER: networkFile(1)
CISCO-CONFIG-COPY-MIB::ccCopyServerAddress.42 = IpAddress: 10.10.10.193
CISCO-CONFIG-COPY-MIB::ccCopyFileName.42 = STRING: sbs-tech-switch.07_09_14
CISCO-CONFIG-COPY-MIB::ccCopyUserName.42 = STRING: XXXX
CISCO-CONFIG-COPY-MIB::ccCopyUserPassword.42 = STRING: XXXX
CISCO-CONFIG-COPY-MIB::ccCopyNotificationOnCompletion.42 = INTEGER: false(2)
CISCO-CONFIG-COPY-MIB::ccCopyState.42 = INTEGER: successful(3)
CISCO-CONFIG-COPY-MIB::ccCopyTimeStarted.42 = Timeticks: (52270199) 6 days, 1:11:41.99
CISCO-CONFIG-COPY-MIB::ccCopyTimeCompleted.42 = Timeticks: (52270339) 6 days, 1:11:43.39
CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus.42 = INTEGER: active(1)
CISCO-CONFIG-COPY-MIB::ccCopyServerAddressType.42 = INTEGER: ipv4(1)
CISCO-CONFIG-COPY-MIB::ccCopyServerAddressRev1.42 = STRING: "10.10.10.193"

 

After the successful copy completes the entry will exist for five minutes allowing for no further requests to be made with that particular random number. To send another request prior to the five minute clearing of the table send a "destroy" snmpset to clear the entry.

 

[[email protected] hlse]# snmpset sbs-tech-switch CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus.42 i 6 2>/dev/null
CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus.42 = INTEGER: destroy(6)

 

Hope this will save some time for those looking to implement a more secure snmp config copy setup.

V/R

Cody Hartley

Actions

This Document