How to copy configuration files to and from the Cisco IOS routers that use SNMP

TCC_2 · ‎06-18-2009

Resolution

This procedure is based on CISCO-CONFIG-COPY-MIB, generally available from Cisco IOS releases 12.0.

Management Information Base (MIB) objects used for the config transfer are present under the ccCopyTable of the MIB.

MIB Object Name	Object Identifier	Values used in the example
ccCopyEntryRowStatus	.1.3.6.1.4.1.9.9.96.1.1.1.1.14	active (1) createAndGo(4) createAndWait(5) destroy(6)
ccCopyProtocol	1.3.6.1.4.1.9.9.96.1.1.1.1.2	tftp(1) rcp(2)
ccCopySourceFileType	.1.3.6.1.4.1.9.9.96.1.1.1.1.3	networkFile(1) iosFile(2) startupConfig(3) runningConfig(4) terminal(5)
ccCopyDestFileType	.1.3.6.1.4.1.9.9.96.1.1.1.1.4
ccCopyServerAddress	.1.3.6.1.4.1.9.9.96.1.1.1.1.5
ccCopyFileName	.1.3.6.1.4.1.9.9.96.1.1.1.1.6
ccCopyState	.1.3.6.1.4.1.9.9.96.1.1.1.1.10	waiting(1) running(2) successful(3) failed(4)

This is the procedure to copy the running configuration from a Cisco IOS router to a TFTP server:

Create a row in the ccCopy Table, and set the necessary values for the attributes. Initiate the transfer process, as shown:

snmpset -v 2c -c   .1.3.6.1.4.1.9.9.96.1.1.1.1.2. i 1
.1.3.6.1.4.1.9.9.96.1.1.1.1.3. i 4
.1.3.6.1.4.1.9.9.96.1.1.1.1.4. i 1
.1.3.6.1.4.1.9.9.96.1.1.1.1.5. a ""
.1.3.6.1.4.1.9.9.96.1.1.1.1.6. s ""
.1.3.6.1.4.1.9.9.96.1.1.1.1.14. i 4

Check for the completion of transfer process, as shown:
```
snmpwalk -v 2c -c   .1.3.6.1.4.1.9.9.96.1.1.1.1.10.
```
Repeat the command until the state is successful.

Destroy the row created, as shown:

snmpset -v 2c -c   .1.3.6.1.4.1.9.9.96.1.1.1.1.14. i 6

These are examples of each step:

Cisco IOS Router Name/IP Address: 10.0.0.1

Server IP Address: 10.0.0.2

File Name: Router.cfg

SNMP Read Write Community String: private

Random Row number:50

Creating a row in the ccCopy Table, setting the necessary values of the attributes (protocol, source file type, destination file type, server address, file name), and initiating the transfer.

snmpset -v 2c -c private 10.0.0.1 .1.3.6.1.4.1.9.9.96.1.1.1.1.2.50 i 1
.1.3.6.1.4.1.9.9.96.1.1.1.1.3.50 i 4
.1.3.6.1.4.1.9.9.96.1.1.1.1.4.50 i 1
.1.3.6.1.4.1.9.9.96.1.1.1.1.5.50 a "10.0.0.2"
.1.3.6.1.4.1.9.9.96.1.1.1.1.6.50 s "Router.cfg"
.1.3.6.1.4.1.9.9.96.1.1.1.1.14.50 i 4

2. Checking the transfer status. Repeat checking until the status is successful.

snmpwalk -v 2c -c private 10.0.0.1 .1.3.6.1.4.1.9.9.96.1.1.1.1.10.50

3. Destroying the row.

snmpset -v 2c -c private 10.0.0.1 .1.3.6.1.4.1.9.9.96.1.1.1.1.14.50 i 6

id090365_warnier · ‎04-30-2010

Hello,

When I apply the first command, I face this problem:

id090365:~> snmpset -v2c -c communitystring hostipaddress .1.3.6.1.4.1.9.9.96.1.1.1.1.2.98 i 1
Error in packet.
Reason: noCreation (That table does not support row creation or that object can not ever be created)
Failed object: SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.2.98

Do you have any idea?

Thanks,

Olivier

grnelson · ‎05-01-2010

Are you able to do an snmpwalk on OID .1.3.6.1.4.1.9.9.96 ?

I cannot on my 6509E running 12.2(33)SXH.

Joe Clarke · ‎05-01-2010

No, you won't be able to until you create a row in the ccCopyTable. then you will be able to query the table to get things such as the copy status. Just follow this doc to create the row which will trigger the config copy operation. I also clarified one point in this discussion thread:

https://supportforums.cisco.com/thread/2015388?tstart=0

id090365_warnier · ‎05-02-2010

~> snmpwalk -v2c -c private HostIP .1.3.6.1.4.1.9.9.96
SNMPv2-SMI::enterprises.9.9.96 = No Such Object available on this agent at this OID

Knowing that my goal is not only to get a config from a router but also to push a config in a router using a snmp script, what is/are my solution(s)?

Hereunder the sh ver of the host router:

#sh ver
Cisco IOS Software, C828 Software (C828-OY6-M), Version 12.3(8)T11, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport

id090365_warnier · ‎05-03-2010

see here above.

jimmychanga · ‎09-08-2010

So, if I wanted to tell a device to go out and grab a file from a TFTP server, would also need to tell the router to save that config change ("wr mem" equivalent)?

Joe Clarke · ‎09-08-2010

It depends on where you copy the config locally. You can copy a config from TFTP directly into startup. In that case, a write mem would not be required. If, however, you merge a config file into your running configuration, then a write mem would be required to persist the changes.

Joe Clarke · ‎09-08-2010

The 800 series does not support the CISCO-CONFIG-COPY-MIB. For that platform, you will need to use the OLD-CISCO-SYS-MIB. For example:

snmpset -c private .1.3.6.1.4.1.9.2.1.50.X.X.X.X s config-file

Where X.X.X.X is the IP address of the TFTP server. That command will copy the config-file file from the TFTP server into the running config of the device.

jimmychanga · ‎09-08-2010

Joe, thanks for the reply.

If I was to send the changes (vs the entire config) to both running and startup would the save me having to do a "wr mem" (meaning using another SNMP trigger to copy running to startup)? Im in the process of developing a tool that uses SNMP to trigger a TFTP transfer of an prefix-list. What I want to avoid is having to issue a "wr mem". I was looking at looping through and tranfering the file to the running-config and then the startup-config. My only concern is that the router merges changes to the startup-config rather than replacing the startup-config.

Joe Clarke · ‎09-08-2010

The router will merge the changes into the running config and replace the startup config. Sending only the changes to startup would result in a truncated configuration. I suppose you could download the startup config, add your changes, then push the changed file back into NVRAM. But that could lead to a race that results in lost write mems.

jimmychanga · ‎09-08-2010

ok, thats what I thought. So would send the trigger to pull the file from TFTP and then send a second trigger to copy from running to startup.

jfinkjfink · ‎03-18-2011

Is there a definitive list of IOS versions and platforms where this works? I can get this to work on an IAD2431 running 12.4(24)T4, but it fails on an IAD2435 running the same version. It works on a 7204VXR running 12.4(23), but fails on a 6509 running 12.2(18)SXF17a.

In all my failure cases, I see this in the SNMP debug:

SNMP: Set request, reqid 2, errstat 0, erridx 0
ccCopyTable.1.2.41 = 1
ccCopyTable.1.3.41 = 4
ccCopyTable.1.4.41 = 1
ccCopyTable.1.5.41 = 10.0.0.25
ccCopyTable.1.6.41 = backup.txt
ccCopyTable.1.14.41 = 4
SNMP: Response, reqid 2, errstat 3, erridx 6
ccCopyTable.1.2.41 = 1
ccCopyTable.1.3.41 = 4
ccCopyTable.1.4.41 = 1
ccCopyTable.1.5.41 = 10.0.0.25
ccCopyTable.1.6.41 = backup.txt
ccCopyTable.1.14.41 = 4
SNMP: Packet sent via UDP to 10.0.0.25

I'd be more than happy to upgrade the routers where it doesn't work (if necessary) if I knew what minimum versions to test and then upgrade to.

Thanks,

-J

Joe Clarke · ‎03-19-2011

Likely instance 41 already exists. Try adding a set for:

ccCopyTable.1.14.41 i 6

To your script. This set needs to happen in its own packet. For example:

snmpset -c private 10.1.1.1

ccCopyTable.1.14.41 i 6

If things still fail, start a new discussion thread in this community.

Cody Hartley · ‎08-14-2014

I hadn't seen any snmp guides using snmpv3 and scp as transport protocol. For those looking to implement, here is what worked for me.

As with the other snmp config copy guides you will need to download the respective MIBS and load them in the snmp.conf file.

This post will specifically cover the snmpset commands for a v3 setup.

SNMP Environment:

Name        : net-snmp
Version     : 5.7.2
Release     : 17.fc20

snmp conf file in ~/.snmp/snmp.conf

contains

defSecurityName XXX <- replace with v3 username
defContext ""
defAuthType SHA
defPrivType AES
defSecurityLevel authPriv
defAuthPassphrase ***** <-replace with authentication pass
defPrivPassphrase ***** <-replace with encryption pass
defVersion 3
showMibErrors no
mibs ALL

I would verify basic snmpv3 functionality with a snmpwalk of something simple like sysUpTime. When that's good proceed to the CONFIG-COPY snmp commands.

This is my bash script that does the entire copy asking only for a single argument of IP/Hostname of the device being backed up. The 2>/dev/null shown in the script or at the cli below redirects STDERR to null to avoid the MIB modules parsing errors.

#!/usr/bin/bash
DEVICE=$1
RANNUM=42
USER=******
PASS=******
SERVER=X.X.X.X
DATE=$(date +"%m_%d_%y")

snmpset $DEVICE ccCopyProtocol.$RANNUM i 4 ccCopySourceFileType.$RANNUM i 4 ccCopyDestFileType.$RANNUM i 1 ccCopyServerAddress.$RANNUM a "$SERVER" ccCopyFileName.$RANNUM s "$DEVICE.$DATE" ccCopyUserName.$RANNUM s $USER ccCopyUserPassword.$RANNUM s $PASS ccCopyEntryRowStatus.$RANNUM i 4 2>/dev/null

Once run you can check the status of the copy with the following command.

[root@localhost hlsb]# snmpwalk sbs-tech-switch ciscoConfigCopyMIB 2>/dev/null
CISCO-CONFIG-COPY-MIB::ccCopyProtocol.42 = INTEGER: scp(4)
CISCO-CONFIG-COPY-MIB::ccCopySourceFileType.42 = INTEGER: runningConfig(4)
CISCO-CONFIG-COPY-MIB::ccCopyDestFileType.42 = INTEGER: networkFile(1)
CISCO-CONFIG-COPY-MIB::ccCopyServerAddress.42 = IpAddress: 10.10.10.193
CISCO-CONFIG-COPY-MIB::ccCopyFileName.42 = STRING: sbs-tech-switch.07_09_14
CISCO-CONFIG-COPY-MIB::ccCopyUserName.42 = STRING: XXXX
CISCO-CONFIG-COPY-MIB::ccCopyUserPassword.42 = STRING: XXXX
CISCO-CONFIG-COPY-MIB::ccCopyNotificationOnCompletion.42 = INTEGER: false(2)
CISCO-CONFIG-COPY-MIB::ccCopyState.42 = INTEGER: successful(3)
CISCO-CONFIG-COPY-MIB::ccCopyTimeStarted.42 = Timeticks: (52270199) 6 days, 1:11:41.99
CISCO-CONFIG-COPY-MIB::ccCopyTimeCompleted.42 = Timeticks: (52270339) 6 days, 1:11:43.39
CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus.42 = INTEGER: active(1)
CISCO-CONFIG-COPY-MIB::ccCopyServerAddressType.42 = INTEGER: ipv4(1)
CISCO-CONFIG-COPY-MIB::ccCopyServerAddressRev1.42 = STRING: "10.10.10.193"

After the successful copy completes the entry will exist for five minutes allowing for no further requests to be made with that particular random number. To send another request prior to the five minute clearing of the table send a "destroy" snmpset to clear the entry.

[root@localhost hlse]# snmpset sbs-tech-switch CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus.42 i 6 2>/dev/null
CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus.42 = INTEGER: destroy(6)

Hope this will save some time for those looking to implement a more secure snmp config copy setup.

V/R

Cody Hartley

jrickert · ‎08-23-2018

I have been trying to get this to work for several days off and on. I have come to realize that my ISR4331 doesn't support the .1.3.6.1.4.1.9.9.96.1.1.1.1.14. mib.

I can set all the parameters for the TFTP transfer (I have set multiple tasks), but no way to "start" the activity.

I can see my settings when I snmpwalk the .9.9.96.1.1.1.1 mib, but there is no entry for the .1.3.6.1.4.1.9.9.96.1.1.1.1.14 mib as shown below:

MyUbuntu@RSCADMIN2:/etc/snmp$ snmpwalk rscnr2 .1.3.6.1.4.1.9.9.96.1.1.1.1

MIB search path: /home/scopecmd/software/auto/mibs/v2

Cannot find module (DISMAN-SCHEDULE-MIB): At line 11 in (none)

Cannot find module (MTA-MIB): At line 11 in (none)

Cannot find module (NETWORK-SERVICES-MIB): At line 11 in (none)

Cannot find module (UCD-DISKIO-MIB): At line 11 in (none)

Cannot find module (UCD-DLMOD-MIB): At line 11 in (none)

Cannot find module (LM-SENSORS-MIB): At line 11 in (none)

Cannot find module (UCD-SNMP-MIB): At line 11 in (none)

Cannot find module (UCD-DEMO-MIB): At line 11 in (none)

Cannot find module (NET-SNMP-AGENT-MIB): At line 11 in (none)

Cannot find module (IPV6-ICMP-MIB): At line 11 in (none)

Cannot find module (IPV6-TCP-MIB): At line 11 in (none)

Cannot find module (IPV6-UDP-MIB): At line 11 in (none)

Cannot find module (NET-SNMP-PASS-MIB): At line 11 in (none)

Cannot find module (NET-SNMP-EXTEND-MIB): At line 11 in (none)

Cannot find module (SNMPv2-TM): At line 11 in (none)

Cannot find module (NET-SNMP-VACM-MIB): At line 11 in (none)

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.2.2 = INTEGER: 1

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.2.135 = INTEGER: 1

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.2.137 = INTEGER: 1

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.2.200 = INTEGER: 4

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.2.201 = INTEGER: 1

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.3.2 = INTEGER: 4

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.3.135 = INTEGER: 4

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.3.137 = INTEGER: 4

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.4.2 = INTEGER: 1

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.4.135 = INTEGER: 1

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.4.137 = INTEGER: 1

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.4.200 = INTEGER: 1

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.5.2 = IpAddress: 10.127.1.96

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.5.135 = IpAddress: 10.127.1.96

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.5.137 = IpAddress: 10.127.1.96

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.5.200 = IpAddress: 10.127.1.96

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.6.2 = STRING: "add-telnet.txt"

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.6.135 = STRING: "add-telnet.txt"

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.6.137 = STRING: "add-telnet.txt"

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.6.200 = STRING: "add-telnet.txt"

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.9.2 = INTEGER: 2

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.9.135 = INTEGER: 2

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.9.137 = INTEGER: 2

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.9.200 = INTEGER: 2

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.9.201 = INTEGER: 2

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.15.2 = INTEGER: 1

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.15.135 = INTEGER: 1

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.15.137 = INTEGER: 1

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.15.200 = INTEGER: 1

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.16.2 = STRING: "10.127.1.96"

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.16.135 = STRING: "10.127.1.96"

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.16.137 = STRING: "10.127.1.96"

SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.16.200 = STRING: "10.127.1.96"