cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2556
Views
0
Helpful
7
Replies

Unable to Copy File via SNMP on Cisco IOS

nonamer15
Level 1
Level 1

I have a C891F-K9 router running 15.3(3)M5. I have no SSH/Telnet access and am only able to access it via SNMP. On a device similar to it, I'm trying to enable Telnet by sending SNMP requests to it to tell it to copy a file into its running configuration. I'm trying to follow the guide here, but am having issues.

 

I've got a file on an FTP server that looks like the following:

configure terminal
 line vty 0 15
  transport input ssh telnet

I've got a file without configure terminal as well. The guide shows needing configure terminal, but I've seen elsewhere where it's not being used, so I tried both to ensure that wasn't the issue.

 

Below are the commands I'm issuing from a Linux host.

snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.2.200 i 2
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.3.200 i 1
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.4.200 i 4
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.5.200 a 10.48.7.159
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.6.200 s enable_telnet.txt
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.14.200 i 1

 

After issuing the commands, I get the below error.

Error in packet.
Reason: inconsistentValue (The set value is illegal or unsupported in some way)
Failed object: iso.3.6.1.4.1.9.9.96.1.1.1.1.14.200

 

I've verified that I'm using the correct SNMP string and that my IP is allowed in the ACL. I've also verified that I can copy the file from the FTP server via the CLI. When I do a debug on the router, I get the following error on the last command.

do_sets: All related objects not set
make_error_pdu: Value is inconsistent with values of other managed objects.

 

Any ideas what the issue is? Thanks.

1 Accepted Solution

Accepted Solutions

So it appears when you initiate an FTP connection via SNMP to the Cisco device, the Cisco device does not use the FTP credentials in the configuration. I found this URL here which helped me to determine how to supply the FTP username/password. Below is what I used to get FTP to work.

snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.2.200 i 2
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.3.200 i 1
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.4.200 i 4
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.5.200 a 10.48.7.159
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.6.200 s enable_telnet.txt
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.7.200 s user
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.8.200 s pass
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.14.200 i 1

 

In my particular case, enabling Telnet did not allow me to access the device. This was due to an issue with the ACL applied to the VTY. The way I discovered this was copying the running-config from the device to the FTP server, so that I could examine the config and see what was wrong with it. I'm adding that here as well.

snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.2.161 i 2
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.3.161 i 4
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.4.161 i 1
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.5.161 a 10.48.7.159
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.6.161 s running-config.txt
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.7.161 s user
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.8.161 s pass
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.14.161 i 1

 

It looks like it may be possible to supply the IOS commands as arguments within snmpset instead of adding all the IOS commands to a file and then copying it. I may prefer this route as I foresee issues where the FTP source-interface is not set on the device and could result in a file transfer via FTP failing. Issuing the IOS commands via snmpset would eliminate that problem. I may attempt this and update back my solution, assuming I can get it to work.

 

View solution in original post

7 Replies 7

marce1000
VIP
VIP

 

 - I don't think it needs configure terminal ; however make sure the enable_telnet.txt ends with command end. If the protocol used is tftp , make sure the file has protection mode 666 (don't know why but it works for me).

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Thanks for the response. I tried adding end to my file, but I'm still receiving the same errors. Tried it with both configure terminal and without configure terminal, but no changes.

 

I'm using FTP.

So I'm able to get TFTP to work, but not FTP. Are there additional commands for getting FTP to work? Below is what I used for TFTP. It's only slightly different from the original.

 

snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.2.200 i 1
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.3.200 i 1
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.4.200 i 4
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.5.200 a 10.48.7.159
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.6.200 s enable_telnet.txt
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.14.200 i 1

 

 - I never used it with FTP , so I wonder how or were you specify the FTP server accont credentials for accessing  the enable_telnet.txt file  in the snmp set commands ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

On the router itself, I have the below configured.

ip ftp username user
ip ftp password pass

When I issue a copy via the CLI, it will user this username/password. I assumed that issuing the commands via SNMP would do the same thing, but maybe it doesn't. Looking online, I'm not seeing how to specify the username/password via the SNMP commands, so I'm not sure how to test if this is the issue or not.

 

 - Perhaps , it could work like that, I am not sure though, this could be verified however, by examining your FTP server's logs when this is tried and verify whether enable_telnet.txt is accessed by the FTP server (for instance).                        You may in such cases turn on verbose logging on the FTP server.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

So it appears when you initiate an FTP connection via SNMP to the Cisco device, the Cisco device does not use the FTP credentials in the configuration. I found this URL here which helped me to determine how to supply the FTP username/password. Below is what I used to get FTP to work.

snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.2.200 i 2
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.3.200 i 1
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.4.200 i 4
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.5.200 a 10.48.7.159
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.6.200 s enable_telnet.txt
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.7.200 s user
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.8.200 s pass
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.14.200 i 1

 

In my particular case, enabling Telnet did not allow me to access the device. This was due to an issue with the ACL applied to the VTY. The way I discovered this was copying the running-config from the device to the FTP server, so that I could examine the config and see what was wrong with it. I'm adding that here as well.

snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.2.161 i 2
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.3.161 i 4
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.4.161 i 1
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.5.161 a 10.48.7.159
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.6.161 s running-config.txt
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.7.161 s user
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.8.161 s pass
snmpset -c password -v 2c 10.98.252.201 1.3.6.1.4.1.9.9.96.1.1.1.1.14.161 i 1

 

It looks like it may be possible to supply the IOS commands as arguments within snmpset instead of adding all the IOS commands to a file and then copying it. I may prefer this route as I foresee issues where the FTP source-interface is not set on the device and could result in a file transfer via FTP failing. Issuing the IOS commands via snmpset would eliminate that problem. I may attempt this and update back my solution, assuming I can get it to work.

 

Review Cisco Networking for a $25 gift card