Buy or Renew
Buy or Renew
Join the Catalyst Center Onboarding Ask Me Anything event happening now!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11003
Views
5
Helpful
6
Replies

Copy config out from switch via SNMP - fails

Go to solution
dal
Level 3
Level 3

‎06-15-2017 02:13 PM - edited ‎03-08-2019 10:59 AM

Hi.

I have lost contact with one of my switches due to error in an vty ACL.

As I can read from other posts on this forum, it should be possile to read and write the running-config into/onto the switch using SNMP.
As can be read here: https://supportforums.cisco.com/document/10046/how-copy-configuration-files-and-cisco-ios-routers-use-snmp

But I get an error:

Here is what I'm running:

snmpset -v:2c -c:private -r:1.1.1.1 -o:.1.3.6.1.4.1.9.9.96.1.1.1.1.2.52 -tp:int -val:1 - Telling that TFTP shall be used
snmpset -v:2c -c:private -r:1.1.1.1 -o:.1.3.6.1.4.1.9.9.96.1.1.1.1.3.52 -tp:int -val:4 - Source file = running-config
snmpset -v:2c -c:private -r:1.1.1.1 -o:.1.3.6.1.4.1.9.9.96.1.1.1.1.4.52 -tp:int -val:1 - Destination file = network file
snmpset -v:2c -c:private -r:1.1.1.1 -o:.1.3.6.1.4.1.9.9.96.1.1.1.1.5.52 -tp:ip -val:172.20.225.55 - IP to TFTP-server
snmpset -v:2c -c:private -r:1.1.1.1 -o:.1.3.6.1.4.1.9.9.96.1.1.1.1.6.52 -tp:str -val:"filename"

I get an OK on all of the above. But when I try to execute the file copy with this line:
snmpset -v:2c -c:private -r:1.1.1.1 -o:..1.3.6.1.4.1.9.9.96.1.1.1.1.14.52 -tp:int -val:4 - Copies the file to TFTP

It fails with this error message:

%Failed to set value to SNMP variable. Inconsistent Value (inconsistentValue(12))

Any ideas what could be wrong?

Thanks.

2 people had this problem
Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Rolf Fischer
Level 9
Level 9

‎06-16-2017 04:07 AM

Hi,

snmpset -v:2c -c:private -r:1.1.1.1 -o:..1.3.6.1.4.1.9.9.96.1.1.1.1.14.52 -tp:int -val:4

Can you try to set this value to 1 (ccCopyEntryRowStatus = active)?

Maybe you need to set it to 6 first (ccCopyEntryRowStatus = destroy) and repeat the whole procedure. You should always destroy the session at the end.

https://supportforums.cisco.com/discussion/11813936/snmp-tftp-config-files

HTH
Rolf

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Rolf Fischer
Level 9
Level 9

‎06-16-2017 04:07 AM

Hi,

snmpset -v:2c -c:private -r:1.1.1.1 -o:..1.3.6.1.4.1.9.9.96.1.1.1.1.14.52 -tp:int -val:4

Can you try to set this value to 1 (ccCopyEntryRowStatus = active)?

Maybe you need to set it to 6 first (ccCopyEntryRowStatus = destroy) and repeat the whole procedure. You should always destroy the session at the end.

https://supportforums.cisco.com/discussion/11813936/snmp-tftp-config-files

HTH
Rolf

0 Helpful

Go to solution
dal
Level 3
Level 3
In response to Rolf Fischer

‎06-16-2017 04:07 AM

Excellent, that did the trick!

So, on to the next question: If I want to copy the file from TFTP to running-config, I can just reverse these two lines:

snmpset -v:2c -c:private -r:1.1.1.1 -o:.1.3.6.1.4.1.9.9.96.1.1.1.1.3.52 -tp:int -val:4 - Source file = running-config
snmpset -v:2c -c:private -r:1.1.1.1 -o:.1.3.6.1.4.1.9.9.96.1.1.1.1.4.52 -tp:int -val:1 - Destination file = network file

?

Thanks again

0 Helpful

Go to solution
Rolf Fischer
Level 9
Level 9
In response to dal

‎06-16-2017 04:18 AM

You're welcome.

So, on to the next question: If I want to copy the file from TFTP to running-config, I can just reverse these two lines:

Yes.

0 Helpful

Go to solution
dal
Level 3
Level 3
In response to Rolf Fischer

‎06-16-2017 04:29 AM

Tested, and it works like a charm.

Thanks again.

0 Helpful

Go to solution
andrew.butterworth
Level 7
Level 7

‎11-16-2021 09:19 AM - edited ‎11-16-2021 09:43 AM

I've used this several times to get around issues with telnet being disabled on VTY lines and the IOS & IOS-XE device not having a crypto-key so you get locked out.  It has got me out of trouble several times.

I have a C9300L switch that has been upgraded to 17.3.4 and this by default, applies 'transport input ssh' to the VTY lines if there is nothing there.  I didn't check if SSH worked prior to the upgrade so now I'm locked out.  As SNMP is setup I thought I'd use this old trick to enable telnet.  However this is managed OoB using the rear Ethernet interface in the Mgmt-vrf VRF.  It doesn't look like there is an option to specify a source vrf in the OID .1.3.6.1.4.1.9.9.96.1.1.1.1.

I can see my SNMPSET is delivering the commands to the switch, however I don't see any attempts to TFTP copy the 'fix-vty.cfg' file from the TFTP server and I suspect it is because its trying in the global table rather than the Mgmt-vrf.

Has this OID ever been updated to include the option to set a VRF?

 

Andy

0 Helpful

Go to solution
Shrikant123
Level 1
Level 1
In response to andrew.butterworth

‎06-01-2022 10:49 PM

Is there any OID through which we can set the VRF for configuration copy using the CONFIG-COPY-MIB ?

I am able to set all the values, but the device is taking the default VRF and as a result, it fails.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card