cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10431
Views
5
Helpful
6
Replies

Copy config out from switch via SNMP - fails

dal
Level 3
Level 3

Hi.

I have lost contact with one of my switches due to error in an vty ACL.

As I can read from other posts on this forum, it should be possile to read and write the running-config into/onto the switch using SNMP.
As can be read here: https://supportforums.cisco.com/document/10046/how-copy-configuration-files-and-cisco-ios-routers-use-snmp

But I get an error:

Here is what I'm running:

snmpset -v:2c -c:private -r:1.1.1.1 -o:.1.3.6.1.4.1.9.9.96.1.1.1.1.2.52 -tp:int -val:1 - Telling that TFTP shall be used
snmpset -v:2c -c:private -r:1.1.1.1 -o:.1.3.6.1.4.1.9.9.96.1.1.1.1.3.52 -tp:int -val:4 - Source file = running-config
snmpset -v:2c -c:private -r:1.1.1.1 -o:.1.3.6.1.4.1.9.9.96.1.1.1.1.4.52 -tp:int -val:1 - Destination file = network file
snmpset -v:2c -c:private -r:1.1.1.1 -o:.1.3.6.1.4.1.9.9.96.1.1.1.1.5.52 -tp:ip -val:172.20.225.55 - IP to TFTP-server
snmpset -v:2c -c:private -r:1.1.1.1 -o:.1.3.6.1.4.1.9.9.96.1.1.1.1.6.52 -tp:str -val:"filename"

I get an OK on all of the above. But when I try to execute the file copy with this line:
snmpset -v:2c -c:private -r:1.1.1.1 -o:..1.3.6.1.4.1.9.9.96.1.1.1.1.14.52 -tp:int -val:4 - Copies the file to TFTP

It fails with this error message:

%Failed to set value to SNMP variable. Inconsistent Value (inconsistentValue(12))

Any ideas what could be wrong?

Thanks.

1 Accepted Solution

Accepted Solutions

Rolf Fischer
Level 9
Level 9

Hi,

snmpset -v:2c -c:private -r:1.1.1.1 -o:..1.3.6.1.4.1.9.9.96.1.1.1.1.14.52 -tp:int -val:4

Can you try to set this value to 1 (ccCopyEntryRowStatus = active)?

Maybe you need to set it to 6 first (ccCopyEntryRowStatus = destroy) and repeat the whole procedure. You should always destroy the session at the end.

https://supportforums.cisco.com/discussion/11813936/snmp-tftp-config-files

HTH
Rolf

View solution in original post

6 Replies 6

Rolf Fischer
Level 9
Level 9

Hi,

snmpset -v:2c -c:private -r:1.1.1.1 -o:..1.3.6.1.4.1.9.9.96.1.1.1.1.14.52 -tp:int -val:4

Can you try to set this value to 1 (ccCopyEntryRowStatus = active)?

Maybe you need to set it to 6 first (ccCopyEntryRowStatus = destroy) and repeat the whole procedure. You should always destroy the session at the end.

https://supportforums.cisco.com/discussion/11813936/snmp-tftp-config-files

HTH
Rolf

Excellent, that did the trick!

So, on to the next question: If I want to copy the file from TFTP to running-config, I can just reverse these two lines:

snmpset -v:2c -c:private -r:1.1.1.1 -o:.1.3.6.1.4.1.9.9.96.1.1.1.1.3.52 -tp:int -val:4 - Source file = running-config
snmpset -v:2c -c:private -r:1.1.1.1 -o:.1.3.6.1.4.1.9.9.96.1.1.1.1.4.52 -tp:int -val:1 - Destination file = network file

?

Thanks again

You're welcome.

So, on to the next question: If I want to copy the file from TFTP to running-config, I can just reverse these two lines:

Yes.

Tested, and it works like a charm.

Thanks again.

I've used this several times to get around issues with telnet being disabled on VTY lines and the IOS & IOS-XE device not having a crypto-key so you get locked out.  It has got me out of trouble several times.

I have a C9300L switch that has been upgraded to 17.3.4 and this by default, applies 'transport input ssh' to the VTY lines if there is nothing there.  I didn't check if SSH worked prior to the upgrade so now I'm locked out.  As SNMP is setup I thought I'd use this old trick to enable telnet.  However this is managed OoB using the rear Ethernet interface in the Mgmt-vrf VRF.  It doesn't look like there is an option to specify a source vrf in the OID .1.3.6.1.4.1.9.9.96.1.1.1.1.

I can see my SNMPSET is delivering the commands to the switch, however I don't see any attempts to TFTP copy the 'fix-vty.cfg' file from the TFTP server and I suspect it is because its trying in the global table rather than the Mgmt-vrf.

Has this OID ever been updated to include the option to set a VRF?

 

Andy

Is there any OID through which we can set the VRF for configuration copy using the CONFIG-COPY-MIB ?

I am able to set all the values, but the device is taking the default VRF and as a result, it fails.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco