Home / server / Questions / 177856
Accepted
brent
Asked: 2010-09-04 09:35:20 +0800 CST

Possible to configure Cisco switch (IOS) via SNMP?

  • 772

Is it possible to configure a Cisco switch running IOS via SNMP? I know there is a method for initiating a TFTP copy via SNMP (doc), but is there something like port level config directly from SNMP writes?

Alternatively, is there a way to initiate transferring a configuration snippet to apply, rather than replacing the entire configuration?

Let me know if you'd like anything clarified. I'm trying to avoid using Expect or anything that is not similar to accessing an API.

snmp cisco switch

4 Answers

  1. Best Answer

    To answer my own question, it doesn't look like Cisco provides high granularity configuration via SNMP (e.g., port configuration), but it does provide a method for initiating a FTP/TFTP/SCP config copy to the switch. This copy can be performed to the running configuration which allows merging. This means a configuration snippet could be written to a text file, then TFTP'd to the switch which will merge with the running config, rather than replacing it. If copying to the start configuration, a merge operation is not done, so it replaces the entire config. An important distinction ;)

    Details here: http://www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_example09186a0080094aa6.shtml

    • 3

  2. Yes it is possible. See this tech note about configuring VLANs for an example.

    You can see which MIBs are supported on your switch by running the command show snmp mib from an enabled terminal.

    • 2

  3. I honestly don't know of any reason you can't configure IOS via SNMP... however I would suggest NOT doing it. SNMP is very insecure. If you're not worried about security, you can simply dump your config changes into a text file & blindly replay them into a telnet session... which I would also recommend not doing.

    • 0

  4. I hadn't seen any snmp guides using snmpv3 and scp as transport protocol. For those looking to implement, here is what worked for me.

    As with the other snmp config copy guides you will need to download the respective MIBS and load them in the snmp.conf file.

    This post will specifically cover the snmpset commands for a v3 setup.

    SNMP Environment:

Name        : net-snmp
Version     : 5.7.2
Release     : 17.fc20

    snmp conf file in ~/.snmp/snmp.conf

    contains

    defSecurityName XXX <- replace with v3 username
defContext ""
defAuthType SHA
defPrivType AES
defSecurityLevel authPriv
defAuthPassphrase ***** <-replace with authentication pass
defPrivPassphrase *****  <-replace with encryption pass
defVersion 3
showMibErrors no
mibs ALL

    I would verify basic snmpv3 functionality with a snmpwalk of something simple like sysUpTime. When that's good proceed to the CONFIG-COPY snmp commands.

    This is my bash script that does the entire copy asking only for a single argument of IP/Hostname of the device being backed up. The 2>/dev/null shown in the script or at the cli below redirects STDERR to null to avoid the MIB modules parsing errors.

    #!/usr/bin/bash
DEVICE=$1
RANNUM=42
USER=******
PASS=******
SERVER=X.X.X.X
DATE=$(date +"%m_%d_%y")

snmpset $DEVICE ccCopyProtocol.$RANNUM i 4 ccCopySourceFileType.$RANNUM i 4 ccCopyDestFileType.$RANNUM i 1 ccCopyServerAddress.$RANNUM a "$SERVER" ccCopyFileName.$RANNUM s "$DEVICE.$DATE" ccCopyUserName.$RANNUM s $USER ccCopyUserPassword.$RANNUM s $PASS ccCopyEntryRowStatus.$RANNUM i 4 2>/dev/null

    Once run you can check the status of the copy with the following command.

    [root@localhost hlsb]# snmpwalk sbs-tech-switch ciscoConfigCopyMIB 2>/dev/null
CISCO-CONFIG-COPY-MIB::ccCopyProtocol.42 = INTEGER: scp(4)
CISCO-CONFIG-COPY-MIB::ccCopySourceFileType.42 = INTEGER: runningConfig(4)
CISCO-CONFIG-COPY-MIB::ccCopyDestFileType.42 = INTEGER: networkFile(1)
CISCO-CONFIG-COPY-MIB::ccCopyServerAddress.42 = IpAddress: 10.10.10.193
CISCO-CONFIG-COPY-MIB::ccCopyFileName.42 = STRING: sbs-tech-switch.07_09_14
CISCO-CONFIG-COPY-MIB::ccCopyUserName.42 = STRING: XXXX
CISCO-CONFIG-COPY-MIB::ccCopyUserPassword.42 = STRING: XXXX
CISCO-CONFIG-COPY-MIB::ccCopyNotificationOnCompletion.42 = INTEGER: false(2)
CISCO-CONFIG-COPY-MIB::ccCopyState.42 = INTEGER: successful(3)
CISCO-CONFIG-COPY-MIB::ccCopyTimeStarted.42 = Timeticks: (52270199) 6 days, 1:11:41.99
CISCO-CONFIG-COPY-MIB::ccCopyTimeCompleted.42 = Timeticks: (52270339) 6 days, 1:11:43.39
CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus.42 = INTEGER: active(1)
CISCO-CONFIG-COPY-MIB::ccCopyServerAddressType.42 = INTEGER: ipv4(1)
CISCO-CONFIG-COPY-MIB::ccCopyServerAddressRev1.42 = STRING: "10.10.10.193"

    After the successful copy completes the entry will exist for five minutes allowing for no further requests to be made with that particular random number. To send another request prior to the five minute clearing of the table send a "destroy" snmpset to clear the entry.

    [root@localhost hlse]# snmpset sbs-tech-switch CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus.42 i 6 2>/dev/null
CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus.42 = INTEGER: destroy(6)

    Hope this will save some time for those looking to implement a more secure snmp config copy setup.

    • 0