10

I have a lab setup where I'm trying to use SCP via SNMP to a cisco router.I found some online documentation such as: http://ccie20728.wordpress.com/2008/05/20/get-the-cisco-configuration-over-snmp/

Here's my high level setup. On router:

R1(config)# username cisco password cisco
R1(config)# ip domain-name somedomain.com
R1(config)# crypto key generate rsa general-keys modulus 1024
R1(config)# aaa new-model
R1(config)# aaa authentication login cisco local
R1(config)# aaa authorization exec cisco local
R1(config)# ip scp server enable
R1(config)# line vty 0
R1(config)# login authentication cisco
R1(config)# snmp-server community cisco RW

In order to get the router to act as the SCP server, need to enable with above cmd. On a ubuntu server, I have openSSH installed/running and doing this cmds:

snmpset -c cisco -v 2c <router ip addr> 1.3.6.1.4.1.9.9.96.1.1.1.1.2.111 i 4
snmpset -c cisco -v 2c <router ip addr> 1.3.6.1.4.1.9.9.96.1.1.1.1.3.111 i 4
snmpset -c cisco -v 2c <router ip addr> 1.3.6.1.4.1.9.9.96.1.1.1.1.4.111 i 1
snmpset -c cisco -v 2c <router ip addr> 1.3.6.1.4.1.9.9.96.1.1.1.1.5.111 a <svr ip addr>
snmpset -c cisco -v 2c <router ip addr> 1.3.6.1.4.1.9.9.96.1.1.1.1.6.111 s cisco.txt
snmpset -c cisco -v 2c <router ip addr> 1.3.6.1.4.1.9.9.96.1.1.1.1.7.111 s cisco
snmpset -c cisco -v 2c <router ip addr> 1.3.6.1.4.1.9.9.96.1.1.1.1.8.111 s cisco
snmpset -c cisco -v 2c <router ip addr> 1.3.6.1.4.1.9.9.96.1.1.1.1.14.111 i 1

Then to check what the status is, I do a snmpget and/or snmpwalk via:

snmpwalk -c cisco -v 2c <router ip addr> 1.3.6.1.4.1.9.9.96.1.1.1.1.10.111

when I run this, I get the integer (2), which means it's running, then it goes to integer (4), which means it failed.

Then I check the reason for failure:

snmpwalk -c cisco -v 2c <router ip addr> 1.3.6.1.4.1.9.9.96.1.1.1.1.13.111

and I get the integer (2), which means "badfilename".

So I've tried different permutations of a filename for ".6.111 string" above, including different file extensions, with and without hypens, same file name as running config cmds, even specified absolute path file name but none seem to work.

I've tried debugging the sshd with various logging levels and getting no output from the saved/stored syslog file.

Has anyone been able to get this to work?

Improve this question
4
  • here are two other links I used for documentation: tools.cisco.com/Support/SNMP/do/… and cisco.com/en/US/tech/tk648/tk362/…
    – user1609
    Commented Jun 10, 2013 at 19:55
  • In order to discard issues on SCP server, is it working if you run the copy manually from your router? I seem to remember some TFTP server which did not allow us to create new files while writing to it,so first we had to create an empty file on the server side and then run the copy with destination file pointing to the empty filename
    – Daniel Yuste Aroca
    Commented Jun 10, 2013 at 21:54
  • yep, I tried this too manually from the router to the server via scp and it worked fine. I was able to copy the file over to the server manually even without creating an empty file before.
    – user1609
    Commented Jun 11, 2013 at 5:35
  • Did any answer help you? If so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you can post and accept your own answer.
    – Ron Maupin
    Commented Jan 3, 2021 at 5:09

4 Answers 4

Reset to default
6

I just tried this on my CPE:

[ytti@lintukoto ~]% cat moi2.sh 
#!/bin/sh

snmp="snmpset -v2c -cfoo bu.ip.fi"

$snmp 1.3.6.1.4.1.9.9.96.1.1.1.1.2.9 i 4 \
      1.3.6.1.4.1.9.9.96.1.1.1.1.3.9 i 4 \
      1.3.6.1.4.1.9.9.96.1.1.1.1.4.9 i 1 \
      1.3.6.1.4.1.9.9.96.1.1.1.1.5.9 a 91.198.120.2 \
      1.3.6.1.4.1.9.9.96.1.1.1.1.6.9 s filename \
      1.3.6.1.4.1.9.9.96.1.1.1.1.7.9 s username \
      1.3.6.1.4.1.9.9.96.1.1.1.1.8.9 s password \
      1.3.6.1.4.1.9.9.96.1.1.1.1.14.9 i 4
sleep 10
$snmp 1.3.6.1.4.1.9.9.96.1.1.1.1.14.9 i 6
[ytti@lintukoto ~]%

Which copies running config (4) to network (1), by swapping these you can change the direction (from network to running).

Running above script my home directory will have 'filename' file, which contains my CPE running-config:

[ytti@lintukoto ~]% ls -la filename
ls: cannot access filename: No such file or directory
[2 ytti@lintukoto ~]% ./moi2.sh      
iso.3.6.1.4.1.9.9.96.1.1.1.1.2.9 = INTEGER: 4
iso.3.6.1.4.1.9.9.96.1.1.1.1.3.9 = INTEGER: 4
iso.3.6.1.4.1.9.9.96.1.1.1.1.4.9 = INTEGER: 1
iso.3.6.1.4.1.9.9.96.1.1.1.1.5.9 = IpAddress: 91.198.120.2
iso.3.6.1.4.1.9.9.96.1.1.1.1.6.9 = STRING: "filename"
iso.3.6.1.4.1.9.9.96.1.1.1.1.7.9 = STRING: "username"
iso.3.6.1.4.1.9.9.96.1.1.1.1.8.9 = STRING: "password"
iso.3.6.1.4.1.9.9.96.1.1.1.1.14.9 = INTEGER: 4
iso.3.6.1.4.1.9.9.96.1.1.1.1.14.9 = INTEGER: 6
[ytti@lintukoto ~]% ls -la filename
-rw-r--r-- 1 ytti ytti 16172 Jun 11 00:35 filename
[ytti@lintukoto ~]%

On top of what @daniel mentions also your '14' or 'rowstatus' is wrong, you use 1 'active', while you should use 4 'createAndGo'.

Improve this answer
7
  • just tried it again by changing "14" to integer 4 and still getting Error in packet, Reason: inconsistent value. I've even cleared the snmpset with "6" like you did each time. by the way, you were able to get it to work with your setup above?
    – user1609
    Commented Jun 10, 2013 at 21:25
  • Yes. Above works just fine on my 881G running 15.1(2)T5. I added output of script. If I have that index/id (9) hanging, then I get same 'inconsistent value' complaint, it takes quite long before you can destroy it. You might test with fresh index/ID to be sure.
    – ytti
    Commented Jun 10, 2013 at 21:38
  • tried it with different index/ID, still not happening. I'm going to try a different device. maybe this specific device is not actually supported. thing is, even in the cisco mib and software matrix, it shows that these MIBs are supported for the current IOS i'm testing on.
    – user1609
    Commented Jun 10, 2013 at 21:47
  • It's pretty old MIB by now, like maybe 5<10 years. So probably not that. From IOS CLI does this work: 'copy running-config scp://username:password@server/filename'
    – ytti
    Commented Jun 10, 2013 at 21:50
  • yes, doing a manual scp copy from the router to the server works fine. I can even create a kron scheduler or EEM script to do this and works fine doing scp from router to the server. just not via snmp...
    – user1609
    Commented Jun 11, 2013 at 5:12
4

According to Cisco SNMP Object Navigator, value 4 is not supported for 1.3.6.1.4.1.9.9.96.1.1.1.1.3. Instead, value 2 means the running-config:

Object  ccCopySourceFileType
OID     1.3.6.1.4.1.9.9.96.1.1.1.1.3
Type    ConfigFileType
1:startupConfig
2:runningConfig
Permission  read-create

Probably that's why you are getting the badFileName error.

EDIT:

Actually seems there is contradiction between SNMP Object Navigator and the MIB Definition, as type for ccCopySourceFileType and ccCopyDestFileType is ConfigFileType and according to MIB definition:

ConfigFileType ::= TEXTUAL-CONVENTION

SYNTAX          INTEGER  {
                        networkFile(1),
                        iosFile(2),
                        startupConfig(3),
                        runningConfig(4),
                        terminal(5),
                        fabricStartupConfig(6) }

And this seems backed up by ytti's answer

Improve this answer
4
  • yea, i saw that in the mib too, but even if I change it to an integer of 2, I get an error saying: *** snmpset -c <str> -v 2c <ip> 1.3.6.1.4.1.9.9.96.1.1.1.1.3.111 i 2 Error in packet. Reason: wrongValue (The set value is illegal or unsupported in some way) Failed object: iso.3.6.1.4.1.9.9.96.1.1.1.1.3.111 *** I've tried different permutations of this too with .3 and .4 where maybe the integer was different in either case. Im trying to copy from router to server, which as I understand, is run-cfg to networkfile.
    – user1609
    Commented Jun 10, 2013 at 21:08
  • I think the contradiction might be because there are two generations of copy mibs. The original was lot simpler/dumber and did just tftp, I can't recall but maybe in that era 1 was startup and 2 running.
    – ytti
    Commented Jun 10, 2013 at 21:41
  • that's a good point. so it seems changes were made with code upgrades.
    – user1609
    Commented Jun 10, 2013 at 21:48
  • the "write-net" mib was depreciated (for numerous reasons) in favor of the "config-copy" mib, which is still the current way to do it.
    – Ricky
    Commented Jun 11, 2013 at 18:57
3

I've post this before: http://checkforbees.com/router-backup/

I think your issue is with the multiple snmpset's. You have to start by creating the entry to do this. [14.xxx = 5 (createAndWait)] Then you can setup the entry as necessary before setting the rowStatus to "1" (active).

[Note: My scripts are decades old, so they're tuned for tftp.]

[root:pts/6{8}]debian1:/tmp/[01:32 AM]:./test.sh
CISCO-CONFIG-COPY-MIB::ccCopyProtocol.111 = INTEGER: scp(4)
CISCO-CONFIG-COPY-MIB::ccCopySourceFileType.111 = INTEGER: runningConfig(4)
CISCO-CONFIG-COPY-MIB::ccCopyDestFileType.111 = INTEGER: networkFile(1)
CISCO-CONFIG-COPY-MIB::ccCopyServerAddress.111 = IpAddress: 192.168.55.25
CISCO-CONFIG-COPY-MIB::ccCopyFileName.111 = STRING: cisco.txt
CISCO-CONFIG-COPY-MIB::ccCopyUserName.111 = STRING: cisco
CISCO-CONFIG-COPY-MIB::ccCopyUserPassword.111 = STRING: cisco
CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus.111 = INTEGER: active(1)
..
Status: successful []
CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus.111 = INTEGER: destroy(6)
[root:pts/6{8}]debian1:/tmp/[01:32 AM]:ls -l cisco.txt
-rw-r--r-- 1 root root 15790 Jun 12 01:32 cisco.txt

I'm looping over ...10.111 (state) while it's "running". I suspect you've never deleted your "111" entry. Those are otherwise your exact sequence of snmpsets against a 2960S with the ssh server of a linux box. (as my prompt suggests, a debian box.)

Improve this answer
7
  • I tried as per your suggestion, still didn't work :-(. I get the same failure and reason for failure. I wonder if this has got to be some bug then for this specific IOS code. 12.2(33)SCF4
    – user1609
    Commented Jun 11, 2013 at 5:38
  • What device are you using?
    – Ricky
    Commented Jun 11, 2013 at 18:56
  • been doing my testing on a cisco ubr10k CMTS, also tried with a cisco 3725 (12.4T code), getting the same result
    – user1609
    Commented Jun 12, 2013 at 5:01
  • badFilename could also signify an ssh login failure, but I get a noConfig(5) for that. (which is opposite of what it should say)
    – Ricky
    Commented Jun 12, 2013 at 5:53
  • I get a badFileName(2) from 12.4T. (the 2960S is 15.x)
    – Ricky
    Commented Jun 12, 2013 at 6:01
0

Check here: How to copy configuration files to and from the Cisco IOS routers that use SNMP

Change ccCopyProtocol to your desired transfer method:

  1. tftp
  2. ftp
  3. rcp
  4. scp
  5. sftp

Here’s a bash script to automate configuration backups.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.