Password Change Using SNMP

snoop-09 · ‎12-19-2006

Is there a way to use SNMP to change a device or enable password?

Joe Clarke · ‎12-19-2006

Yes. See http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094aa6.shtml on how to use the CISCO-CONFIG-COPY-MIB to upload and download device configurations. To change an enable [secret] password on an IOS device, you would simply upload a config snipet such as:

enable secret s3cr3t

end

snoop-09 · ‎12-20-2006

I am prevented from using anything but SNMPv3 due to security policy. I want to know if there is a way to use only the SNMPv3 protocol to change the password?

Joe Clarke · ‎12-20-2006

Same procedure applies, just use SNMPv3 arguments to your SNMP tools.

snoop-09 · ‎12-20-2006

I cannot use TFTP - that protocol is not permitted through the perimeter security boundary. I need a method that only uses SNMPv3.

Joe Clarke · ‎12-20-2006

There is no way to do a password change with just SNMP. SNMP is simply a catalyst protocol that triggers a config transfer.

jchan28 · ‎12-28-2006

You may not able to directly reset a password, however SNMP could help reset a password by upload/download the config. See http://www.petri.co.il/csc_reset_admin_password_with_cisco_snmp.htm for details, cheers.

cheung.kelvin · ‎01-03-2007

This MIB does not work on router 3845.

I can not find any MIB that work on the 3845.

I snmpwalked on the router,

enterprises.9.9.96.1.1.1.1.2.111 = INTEGER: 1

enterprises.9.9.96.1.1.1.1.3.111 = INTEGER: 4

enterprises.9.9.96.1.1.1.1.4.111 = INTEGER: 1

enterprises.9.9.96.1.1.1.1.9.111 = INTEGER: 2

There are something missing.

Regards

Kelvin Cheung

Joe Clarke · ‎01-03-2007

Exactly what SNMP sets did you send to the router, and what was the responses? The CISCO-CONFIG-COPY-MIB is supported on the 3845, and this procedure should work barring any bugs.