Solved: Re: Unable to Copy File via SNMP on Cisco IOS

nonamer15 · ‎09-04-2019

I have a C891F-K9 router running 15.3(3)M5. I have no SSH/Telnet access and am only able to access it via SNMP. On a device similar to it, I'm trying to enable Telnet by sending SNMP requests to it to tell it to copy a file into its running configuration. I'm trying to follow the guide here, but am having issues.

I've got a file on an FTP server that looks like the following:

configure terminal
 line vty 0 15
  transport input ssh telnet

I've got a file without configure terminal as well. The guide shows needing configure terminal, but I've seen elsewhere where it's not being used, so I tried both to ensure that wasn't the issue.

Below are the commands I'm issuing from a Linux host.

snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.2.200 i 2
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.3.200 i 1
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.4.200 i 4
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.5.200 a 10.48.7.159
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.6.200 s enable_telnet.txt
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.14.200 i 1

After issuing the commands, I get the below error.

Error in packet.
Reason: inconsistentValue (The set value is illegal or unsupported in some way)
Failed object: iso.3.6.1.4.1.9.9.96.1.1.1.1.14.200

I've verified that I'm using the correct SNMP string and that my IP is allowed in the ACL. I've also verified that I can copy the file from the FTP server via the CLI. When I do a debug on the router, I get the following error on the last command.

do_sets: All related objects not set
make_error_pdu: Value is inconsistent with values of other managed objects.

Any ideas what the issue is? Thanks.

nonamer15 · ‎09-06-2019

So it appears when you initiate an FTP connection via SNMP to the Cisco device, the Cisco device does not use the FTP credentials in the configuration. I found this URL here which helped me to determine how to supply the FTP username/password. Below is what I used to get FTP to work.

snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.2.200 i 2
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.3.200 i 1
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.4.200 i 4
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.5.200 a 10.48.7.159
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.6.200 s enable_telnet.txt
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.7.200 s user
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.8.200 s pass
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.14.200 i 1

In my particular case, enabling Telnet did not allow me to access the device. This was due to an issue with the ACL applied to the VTY. The way I discovered this was copying the running-config from the device to the FTP server, so that I could examine the config and see what was wrong with it. I'm adding that here as well.

snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.2.161 i 2
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.3.161 i 4
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.4.161 i 1
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.5.161 a 10.48.7.159
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.6.161 s running-config.txt
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.7.161 s user
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.8.161 s pass
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.14.161 i 1

It looks like it may be possible to supply the IOS commands as arguments within snmpset instead of adding all the IOS commands to a file and then copying it. I may prefer this route as I foresee issues where the FTP source-interface is not set on the device and could result in a file transfer via FTP failing. Issuing the IOS commands via snmpset would eliminate that problem. I may attempt this and update back my solution, assuming I can get it to work.

View solution in original post

marce1000 · ‎09-04-2019

- I don't think it needs configure terminal ; however make sure the enable_telnet.txt ends with command end. If the protocol used is tftp , make sure the file has protection mode 666 (don't know why but it works for me).

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

nonamer15 · ‎09-05-2019

Thanks for the response. I tried adding end to my file, but I'm still receiving the same errors. Tried it with both configure terminal and without configure terminal, but no changes.

I'm using FTP.

nonamer15 · ‎09-05-2019

So I'm able to get TFTP to work, but not FTP. Are there additional commands for getting FTP to work? Below is what I used for TFTP. It's only slightly different from the original.

snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.2.200 i 1
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.3.200 i 1
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.4.200 i 4
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.5.200 a 10.48.7.159
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.6.200 s enable_telnet.txt
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.14.200 i 1

marce1000 · ‎09-05-2019

- I never used it with FTP , so I wonder how or were you specify the FTP server accont credentials for accessing the enable_telnet.txt file in the snmp set commands ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

nonamer15 · ‎09-06-2019

On the router itself, I have the below configured.

ip ftp username user
ip ftp password pass

When I issue a copy via the CLI, it will user this username/password. I assumed that issuing the commands via SNMP would do the same thing, but maybe it doesn't. Looking online, I'm not seeing how to specify the username/password via the SNMP commands, so I'm not sure how to test if this is the issue or not.

marce1000 · ‎09-06-2019

- Perhaps , it could work like that, I am not sure though, this could be verified however, by examining your FTP server's logs when this is tried and verify whether enable_telnet.txt is accessed by the FTP server (for instance). You may in such cases turn on verbose logging on the FTP server.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

nonamer15 · ‎09-06-2019

So it appears when you initiate an FTP connection via SNMP to the Cisco device, the Cisco device does not use the FTP credentials in the configuration. I found this URL here which helped me to determine how to supply the FTP username/password. Below is what I used to get FTP to work.

snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.2.200 i 2
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.3.200 i 1
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.4.200 i 4
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.5.200 a 10.48.7.159
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.6.200 s enable_telnet.txt
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.7.200 s user
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.8.200 s pass
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.14.200 i 1

In my particular case, enabling Telnet did not allow me to access the device. This was due to an issue with the ACL applied to the VTY. The way I discovered this was copying the running-config from the device to the FTP server, so that I could examine the config and see what was wrong with it. I'm adding that here as well.

snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.2.161 i 2
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.3.161 i 4
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.4.161 i 1
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.5.161 a 10.48.7.159
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.6.161 s running-config.txt
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.7.161 s user
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.8.161 s pass
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.14.161 i 1

It looks like it may be possible to supply the IOS commands as arguments within snmpset instead of adding all the IOS commands to a file and then copying it. I may prefer this route as I foresee issues where the FTP source-interface is not set on the device and could result in a file transfer via FTP failing. Issuing the IOS commands via snmpset would eliminate that problem. I may attempt this and update back my solution, assuming I can get it to work.