09-04-2019 12:36 PM
I have a C891F-K9 router running 15.3(3)M5. I have no SSH/Telnet access and am only able to access it via SNMP. On a device similar to it, I'm trying to enable Telnet by sending SNMP requests to it to tell it to copy a file into its running configuration. I'm trying to follow the guide here, but am having issues.
I've got a file on an FTP server that looks like the following:
configure terminal line vty 0 15 transport input ssh telnet
I've got a file without configure terminal as well. The guide shows needing configure terminal, but I've seen elsewhere where it's not being used, so I tried both to ensure that wasn't the issue.
Below are the commands I'm issuing from a Linux host.
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.2.200 i 2 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.3.200 i 1 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.4.200 i 4 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.5.200 a 10.48.7.159 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.6.200 s enable_telnet.txt snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.14.200 i 1
After issuing the commands, I get the below error.
Error in packet. Reason: inconsistentValue (The set value is illegal or unsupported in some way) Failed object: iso.3.6.1.4.1.9.9.96.1.1.1.1.14.200
I've verified that I'm using the correct SNMP string and that my IP is allowed in the ACL. I've also verified that I can copy the file from the FTP server via the CLI. When I do a debug on the router, I get the following error on the last command.
do_sets: All related objects not set make_error_pdu: Value is inconsistent with values of other managed objects.
Any ideas what the issue is? Thanks.
Solved! Go to Solution.
09-06-2019 12:50 PM
So it appears when you initiate an FTP connection via SNMP to the Cisco device, the Cisco device does not use the FTP credentials in the configuration. I found this URL here which helped me to determine how to supply the FTP username/password. Below is what I used to get FTP to work.
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.2.200 i 2 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.3.200 i 1 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.4.200 i 4 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.5.200 a 10.48.7.159 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.6.200 s enable_telnet.txt snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.7.200 s user snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.8.200 s pass snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.14.200 i 1
In my particular case, enabling Telnet did not allow me to access the device. This was due to an issue with the ACL applied to the VTY. The way I discovered this was copying the running-config from the device to the FTP server, so that I could examine the config and see what was wrong with it. I'm adding that here as well.
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.2.161 i 2 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.3.161 i 4 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.4.161 i 1 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.5.161 a 10.48.7.159 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.6.161 s running-config.txt snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.7.161 s user snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.8.161 s pass snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.14.161 i 1
It looks like it may be possible to supply the IOS commands as arguments within snmpset instead of adding all the IOS commands to a file and then copying it. I may prefer this route as I foresee issues where the FTP source-interface is not set on the device and could result in a file transfer via FTP failing. Issuing the IOS commands via snmpset would eliminate that problem. I may attempt this and update back my solution, assuming I can get it to work.
09-04-2019 11:34 PM
- I don't think it needs configure terminal ; however make sure the enable_telnet.txt ends with command end. If the protocol used is tftp , make sure the file has protection mode 666 (don't know why but it works for me).
M.
09-05-2019 07:30 AM
Thanks for the response. I tried adding end to my file, but I'm still receiving the same errors. Tried it with both configure terminal and without configure terminal, but no changes.
I'm using FTP.
09-05-2019 08:47 AM
So I'm able to get TFTP to work, but not FTP. Are there additional commands for getting FTP to work? Below is what I used for TFTP. It's only slightly different from the original.
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.2.200 i 1 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.3.200 i 1 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.4.200 i 4 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.5.200 a 10.48.7.159 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.6.200 s enable_telnet.txt snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.14.200 i 1
09-05-2019 09:06 AM
- I never used it with FTP , so I wonder how or were you specify the FTP server accont credentials for accessing the enable_telnet.txt file in the snmp set commands ?
M.
09-06-2019 08:12 AM
On the router itself, I have the below configured.
ip ftp username user ip ftp password pass
When I issue a copy via the CLI, it will user this username/password. I assumed that issuing the commands via SNMP would do the same thing, but maybe it doesn't. Looking online, I'm not seeing how to specify the username/password via the SNMP commands, so I'm not sure how to test if this is the issue or not.
09-06-2019 09:22 AM
- Perhaps , it could work like that, I am not sure though, this could be verified however, by examining your FTP server's logs when this is tried and verify whether enable_telnet.txt is accessed by the FTP server (for instance). You may in such cases turn on verbose logging on the FTP server.
M.
09-06-2019 12:50 PM
So it appears when you initiate an FTP connection via SNMP to the Cisco device, the Cisco device does not use the FTP credentials in the configuration. I found this URL here which helped me to determine how to supply the FTP username/password. Below is what I used to get FTP to work.
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.2.200 i 2 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.3.200 i 1 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.4.200 i 4 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.5.200 a 10.48.7.159 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.6.200 s enable_telnet.txt snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.7.200 s user snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.8.200 s pass snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.14.200 i 1
In my particular case, enabling Telnet did not allow me to access the device. This was due to an issue with the ACL applied to the VTY. The way I discovered this was copying the running-config from the device to the FTP server, so that I could examine the config and see what was wrong with it. I'm adding that here as well.
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.2.161 i 2 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.3.161 i 4 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.4.161 i 1 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.5.161 a 10.48.7.159 snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.6.161 s running-config.txt snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.7.161 s user snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.8.161 s pass snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.14.161 i 1
It looks like it may be possible to supply the IOS commands as arguments within snmpset instead of adding all the IOS commands to a file and then copying it. I may prefer this route as I foresee issues where the FTP source-interface is not set on the device and could result in a file transfer via FTP failing. Issuing the IOS commands via snmpset would eliminate that problem. I may attempt this and update back my solution, assuming I can get it to work.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: