Re: sending show run config via one-way-link cable

Veroniks23 · ‎03-06-2022

hello everyone

I have a cisco Router - connected to a server in the same network as the router, with a one way link cable (which means there is only one way communication. from the router to the server only.)

do you know a way I can send the show run config, maybe using event manager through this interface?

thank you!

balaji.bandi · ‎03-06-2022

Not sure what you mean one way, as long you only copy from router to Server, its only one side, copy the config to router to Server. until you specify the script to copy from Server to router .

do you know a way I can send the show run config, maybe using event manager through this interface?

If the server is a connected router, you have only have 1 route to reach to the server,

Since we are not sure what Server running TFTP

below EEM Script TFTP :

event manager applet backup-config
event timer watchdog time 86400
action 1.0 cli command "enable"
action 2.0 info type routername
action 3.0 cli command "copy running-config tftp://x.x.x.x/$_info_routername.cfg" pattern "Address"
action 4.0 cli command "" pattern "Destination"
action 5.0 cli command ""

You can get TFTP portable here :

https://pjo2.github.io/tftpd64/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Richard Burts · ‎03-06-2022

I agree that it would be helpful if we had a better understanding of this "one way" connection. If I understand it literally then when the router sends a packet to the server the server is not able to send an acknowledgement to the router? If that is the case then TFTP will not work, not through a simple copy command and not through EEM. Without an acknowledgement of the previous data sent TFTP will not send the next packet of data.

HTH

Rick

Veroniks23 · ‎04-24-2022

You are correct.
Onw way link means that I can send data only from the router to the server - but there is no communication backwards.

is there any possible way you know I can work with? Maybe another udp protocol

Joseph W. Doherty · ‎04-24-2022

As @Richard Burts notes, TFTP is a two way protocol (even though it uses UDP).

Some protocols that use UDP and don't require response include syslog, (old) "debugging" protocols like chargen, echo and their like (part of Cisco's small udp services, which we generally disable for better security), and SNMP (BTW I recall OIDs also supports sending configs). Even if you use any of these, you have two problem. First, some how you need to trigger your config to be sent via one of these protocols. Second, having your server ready to accept and record the received data (remember, by default, unknown/unexpected packets will be dropped).

Georg Pauwen · ‎04-24-2022

Hello,

I do not know if this has already been mentioned, but TFTP uses UDP port 69 and is connectionless, have you tried:

copy run tftp://192.168.1.1//TFTP/configs

?

Richard Burts · ‎04-24-2022

The original poster has been very clear that the router will be able to send to the server but the server will NOT be able to send anything to the router. It is true that TFTP uses UDP port 69 and is connectionless. But that does not mean that it does not require 2 way communication. If trying to use TFTP the router will send the first packet and wait for an acknowledgement. It will not send a second packet if it does not receive an acknowledgement.

I do not know of any UDP protocol that would send the running config. And if there were such a protocol @Joseph W. Doherty has identified several issues with trying to use some one way protocol.

I would like to understand better what is this one way cable that the original poster describes.

HTH

Rick

Dan Frey · ‎04-24-2022

I agree with the others that there is no file transfer protocol to do one way connections but it is possible to stream the config over UDP to a server. Using this code can stream the running config to a server listing on UDP port 12345 at 192.168.0.28. This code can be pasted in the exec router prompt or saved to a file and executed by EEM. This code can not be placed directly in EEM since the "package require udp" is only supported under tclsh and not EEM.

tclsh
package require udp
set sock [udp_open]
set port 12345
set IP 192.168.0.28
term length 0
set result [exec show run]
fconfigure $sock -remote [list $IP $port]
puts -nonewline $sock $result
flush $sock

The server code to capture the running config on the server:

[root@CrashCart TCL]# more tcl_udp_server.tcl 
#!/usr/bin/tclsh
# A simple UDP server
# version 1.1
package require udp

proc udpEventHandler {sock} {
    set pkt [read $sock]
    set len [string length $pkt]

    if {$len > 0} {
         set mypkt [string range $pkt 0 end]
         set peer [fconfigure $sock -peer]
         set dat [exec date +%H:%M:%S.%N] 
         puts -nonewline "$peer: $mypkt"
#        puts -nonewline "$dat $len bytes $peer: $mypkt"
        return
   } 
}

proc udp_listen {port} {
    set srv [udp_open $port]
   fconfigure $srv -buffering none -blocking 0 -translation binary
   fconfigure $srv -buffering none -encoding binary
    fileevent $srv readable [list ::udpEventHandler $srv]
    puts "Mediation Server listening on udp port: [fconfigure $srv -myport]"
    return $srv
}

set sock [udp_listen 12345]
vwait forever

Server output:

[root@CrashCart TCL]# ./tcl_udp_server.tcl 
Mediation Server listening on udp port: 12345
#### Running config received by server:
192.168.0.20 51995: Building configuration...

Current configuration : 9305 bytes
!
! Last configuration change at 02:40:57 UTC Thu Apr 21 2022 by admin
!
version 17.6
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console serial
platform hardware throughput level MB 10000
<truncated>

Can you provide further details on why the link only transmits in a single direction? What type of media is this network?

Richard Burts · ‎04-25-2022

The code to stream the config is very interesting and gets a well deserved +5. Would this require coordination between router and server? Would you have to start the listener on the server and then start the process on the router? Or would the listener run all the time? I am not clear what would happen if there were some problem in transmission that caused a packet to be dropped. Is there any way to recognize that the config is really not complete?

I agree that the one way cable is puzzling and would like to understand it better.

HTH

Rick

Dan Frey · ‎04-25-2022

Hi Richard,

Thanks for the +5! There is no session control with the code and the router just pumps out the cli response to the network in a udp wrapper. The server just sits there and listens, prints to the screen when a packet is received. There is no error detection or error correction with this code.

- Dan

Richard Burts · ‎04-25-2022

Dan

It was an excellent suggestions and if I could do more than +5 I would. Thanks for the clarifications about the code. I was not sure that it was possible to do what the original poster asks on a one way link. You have provided a way to do what was requested.

Glad to see you in the Community and hope you will continue to be active.

HTH

Rick

Veroniks23 · ‎04-25-2022

Wow!! Thank you. I wasn’t familiar with this option on Cisco routers. Is there any link where I can read more about the option to write scripts to Cisco routers?

I am going to try this solution tomorrow - and reply to you.

thanks a lot to you and everyone who’s trying to help!