10-21-2020 03:43 AM - edited 10-21-2020 03:49 AM
Hi,
I want to check the config of our routers/switches in our network, using a script, for correct config lines. But some commands are shown differently on the devices (depending on the hw / ios version). On some devices a command is shown in running-config and on others the command is a default one and is only showing up in "sh run all".
So as all custom commands also are shown inside "sh run all" / "system:default-running-config" it would be the best approach to read this and check if a config command is there. But I'm stuck at getting this information using snmp. I cannot find a working snmp OID to accomplish this.
I already tried "ccCopy..." OIDs and thought maybe the "iosFile" could help accessing "system:default-running-config", but this already fails because with those OIDs it is only allowed to copy files to or from run/startup config. Not from iosFile to networkFile.
I also tried the "ciscoFlashCopy..." OIDs. But while trying this I saw that it is not possible to access "system:". I cann only access "flash:", "webui:" and "crashinfo:". So this also isn't working.
Does anyone know another possible approach I could try.
! It needs to be SNMP !
Thanks in advance
10-21-2020 03:51 AM - edited 10-21-2020 03:53 AM
I would do below approach - not sure what is your end goal.
i will write a script out of box to get device information and validate (based on security practice of your business)
show run all (ALL will pull hidden configuration, which default configured) - i will ignore with all (i do compare show run - if you have any reason to pull all - that is different discussion).
You need to Load some SNMP OID based on the model and device, so i would go above steps so the script run on any device to pull the config and compare and audit.
make sense ? or tell us any thing i am missing here to understand the requirement.
EDIT : if you like only SNMP limited to devices :
10-21-2020 03:56 AM
As already written. It needs to be the "all" output, because on some devices a config line is default and on some others the same config line isn't. So to be sure the line is active/configured I'm forced to see the "all" output.
10-21-2020 03:57 AM
Sure and understand, then you can do out of the box script to pull and compare.
10-21-2020 03:51 AM
- I very much doubt this is possible , as you mention CISCO-COPY-CONFIG-MIB , can for instance be used to copy the config to an external destination or vice versa , but that's all (no run-all will be included).
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide