Solved: problem with snmpget a running config via linux server

j.loduca · ‎04-21-2022

I am trying to simply toss some snmpgets at a single router and have it write its config to file on a server (192.168.110.2). I am instructing the router to call the destination file "scratchpad" on the server. I have snmpV3 running and the snmp credentials are of RW access. I can manually go on the router and do a "copy run tftp" and that works fine. Of course that process doesn't use SNMP. but it does rule out file permissions as my problem. So anyway, I do what I believe I've learned from examples on the internet and this does not work. The file on the server in that directory is always ZERO bytes after attempting the commands below. It looks to me like the first 6 commands are taking very well as I initiate the commands on my server reaching out to a remote router called "LAB-RTR". The last statement (1.3.6.1.4.1.9.9.96.1.1.1.1.13.345 i 1) is my attempt to find out why this didn't work. I don't know if "notWritable" is referring to this process or the failure of that last snmpset.. anyone know what I am doing wrong?

snmpset -v3 -l authPriv -u NETuser -a SHA -A shavalue -x AES -X aesvalue LAB-RTR 1.3.6.1.4.1.9.9.96.1.1.1.1.2.345 i 1
SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.2.345 = INTEGER: 1

snmpset -v3 -l authPriv -u NETuser -a SHA -A shavalue -x AES -X aesvalue LAB-RTR 1.3.6.1.4.1.9.9.96.1.1.1.1.3.345 i 4
SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.3.345 = INTEGER: 4

snmpset -v3 -l authPriv -u NETuser -a SHA -A shavalue -x AES -X aesvalue LAB-RTR 1.3.6.1.4.1.9.9.96.1.1.1.1.4.345 i 1
SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.4.345 = INTEGER: 1

snmpset -v3 -l authPriv -u NETuser -a SHA -A shavalue -x AES -X aesvalue LAB-RTR 1.3.6.1.4.1.9.9.96.1.1.1.1.5.345 a "192.168.110.2"
SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.5.345 = IpAddress: 192.168.110.2

snmpset -v3 -l authPriv -u NETuser -a SHA -A shavalue -x AES -X aesvalue LAB-RTR 1.3.6.1.4.1.9.9.96.1.1.1.1.6.345 s "/tftpdir/pub/scratchpad"
SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.6.345 = STRING: "/tftpdir/pub/scratchpad"

snmpset -v3 -l authPriv -u NETuser -a SHA -A shavalue -x AES -X aesvalue LAB-RTR 1.3.6.1.4.1.9.9.96.1.1.1.1.14.345 i 1
SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.14.345 = INTEGER: 1

snmpset -v3 -l authPriv -u NETuser -a SHA -A shavalue -x AES -X aesvalue LAB-RTR 1.3.6.1.4.1.9.9.96.1.1.1.1.13.345 i 1
Error in packet.
Reason: notWritable (That object does not support modification)
Failed object: SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.13.345

j.loduca · ‎04-22-2022

I figured this out.. and its strange if you ask me. I did all the same exact steps outlined above except one thing, that is specifying the directory in the .....1.1.6.345 s "/tftpdir/pub/scratchpad" I just removed the "/tftpdir/pub/" from this and it finally transferred the config file. It ended up going to /tftpdir/pub/ just the same.. So... go figure! but it's working and I wont argue with success!

View solution in original post

Flavio Miranda · ‎04-21-2022

Did you check the permission on the FTP directory ?

j.loduca · ‎04-21-2022

yes, sure did. This router has permissions to write files to this same device and same directory. I know I am comparing tftp to snmp and they are not the same thing obviously. But when I successfully tftp the running config, it goes to this same device, directory, & file with no issues. So I gotta believe its something in the OID's.. conceptually, each snmpget is setting variables, source, destination, server IP, and file name. the thing I can't say with 100% certainty is, is "1.3.6.1.4.1.9.9.96.1.1.1.1.14.345 i 1" going to be the thing to initiate the transfer of the running config. -looked at a bunch of things online, it looks easy for everyone in the world... except me!

Flavio Miranda · ‎04-21-2022

When you connect to the router and transfer the file you are doing this with your user on the router but when you do this using SNMP this change, right? I mean, you use another user to do the same task. Just wondering something arount permission .

j.loduca · ‎04-21-2022

I want to mention a few other things: in our routers, we are using aaa with securID to connect to the router. Now within snmpV3, we have a user within the string I put in "NETuser" plus some sha and aes credentials. All of that seems to be satisfied as I think you can see within the first 6 commands going in error free.. If that was messed, I should know about it.. I've looked at some more documentation regarding config transfers, seems like I can do tftp, rcp, a few others too. I selected tftp as my desire here is to do a quick config transfer and not have to monkey with producing securID numbers. But there are snmp get OIDs that I can specify what my username and password (different from snmp) is.. But if i dig into that, it sounds like that is for rcp, ftp, sftp and all that stuff that are actual sessions requiring user/pass. So I am confused as to where the breakdown is..

j.loduca · ‎04-22-2022

I figured this out.. and its strange if you ask me. I did all the same exact steps outlined above except one thing, that is specifying the directory in the .....1.1.6.345 s "/tftpdir/pub/scratchpad" I just removed the "/tftpdir/pub/" from this and it finally transferred the config file. It ended up going to /tftpdir/pub/ just the same.. So... go figure! but it's working and I wont argue with success!