03-08-2018 07:51 AM
If ssh is down on a network device we want to be able to temporarily turn on telnet on that device using an SNMP SetRequest. Our preference is to do this from NetMRI if possible. Does NetMRI have that capability to send an SNMP SetRequest to a device (when ssh is down on the target device) ?.
Much appreciated !
03-12-2018 08:04 AM
If you know the SNMP commands and post it here I can see what I can do
03-12-2018 02:22 PM
That is a good question. Normally when you send a SNMP Set request you use external software such as Net-SNMP. As this is going to be coming from NetMRI I am thinking that there is probably nothing native in CCS which can do it. I did wonder if a Perl script/job could do it. I understand that Perl has an SNMP module (Net:NMP) which can retrieve or update information on a remote host. Being new to NetMRI I didn't know if that module was available already in NetMRI or could be installed for NetMRI to use.
03-12-2018 02:38 PM
I have a workaround I just need the OID to test it
03-12-2018 02:53 PM
Are you thinking of the CISCO-CONFIG-COPY-MIB? You can use SNMP RW to copy a partial or complete config file from a TFTP server to the running-config.
03-13-2018 01:10 PM
Yes, that is correct
A linux script to do it:
#echo -n "Host name: "; read host
if [ -z "$1" ]; then
echo usage: $0 hostname random_number
echo example: $0 10.15.20.25 11
# ccCopyProtocol is set to TFTP
snmpset -v2c -c XXXXXX $1 188.8.131.52.184.108.40.206.220.127.116.11.1.2.$2 i 1
#ccCopySourceFileType = 1 = networkfile
snmpset -v2c -c XXXXXX $1 18.104.22.168.22.214.171.124.126.96.36.199.1.3.$2 i 1
#ccCopyDestFileType = 4 = running-config
snmpset -v2c -c XXXXXX $1 188.8.131.52.184.108.40.206.220.127.116.11.1.4.$2 i 4
#set tftp server address
snmpset -v2c -c XXXXXX $1 18.104.22.168.22.214.171.124.126.96.36.199.1.5.$2 a 10.20.30.40
snmpset -v2c -c XXXXXX $1 188.8.131.52.184.108.40.206.220.127.116.11.1.6.$2 s config.txt
snmpset -v2c -c XXXXXX $1 18.104.22.168.22.214.171.124.126.96.36.199.1.14.$2 i 1
The config.txt file would contain the lines:
line vty 0 15
transport input ssh telnet
03-20-2018 05:25 AM
I think this should it, really all you need to do is send backticks " ` "
# BEGIN-SCRIPT-BLOCK # # Script-Filter: # true # # Script-Variables: # $tftp string "10.15.20.25 11" # # END-SCRIPT-BLOCK # ccCopyProtocol is set to TFTP my $results1 = `snmpset -v2c -c XXXXXX $1 188.8.131.52.184.108.40.206.220.127.116.11.1.2.$2 i 1` #ccCopySourceFileType = 1 = networkfile my $results2 = `snmpset -v2c -c XXXXXX $1 18.104.22.168.22.214.171.124.126.96.36.199.1.3.$2 i 1` #ccCopyDestFileType = 4 = running-config my $results3 = `snmpset -v2c -c XXXXXX $1 188.8.131.52.184.108.40.206.220.127.116.11.1.4.$2 i 4` #set tftp server address my $results4 = `snmpset -v2c -c XXXXXX $1 18.104.22.168.22.214.171.124.126.96.36.199.1.5.$2 a $tftp` #set filename my $results5 = `snmpset -v2c -c XXXXXX $1 188.8.131.52.184.108.40.206.220.127.116.11.1.6.$2 s config.txt` #start copy my $results6 = `snmpset -v2c -c XXXXXX $1 18.104.22.168.22.214.171.124.126.96.36.199.1.14.$2 i 1` #Results: #1:waiting #2:running #3:successful #4:failed $easy->log_message('info', $results9); #Step 9.(Try to access the device). #This should be more than enough to change an specific line in the configuration using SNMP.
03-20-2018 02:20 PM
Thank you. I think my problem is that I am trying to run before I can walk. Your script makes complete sense to me generally speaking but I am not sure how I would get it to work with NetMRI. I don't know for sure if snmpset is available in NetMRI via Perl scripting. I am guessing that it is probably not. It sounds possible that we could utilize the Perl Net:NMP library for this somehow but like I said I am not that far down the road in my NetMRI education yet. I really appreciate the feedback that you haved given but don't want to take up too much of your valuable time so it may just be a case of me looking at sandboxes etc (no one here knows how to access the NetMRI Sandbox). I believe that Perl modules can be installed in the Sandbox
03-21-2018 05:19 AM
Using the " ` " access it in the Sandbox
03-23-2018 08:52 AM
Awesome. I get it now. I can see that the snmpset command is available in our sandbox. Is it possible to get this in a job which would be runnable from the gui ?. I ask this because a normal job requires you to select a device or device group which NetMRI would connect to using cli creds and ssh. In this case the reason that we would be doing this operation is that ssh is down on the device concerned.
04-04-2018 10:08 AM
I don't have the details in front of me, but there is a netmri_easy routine that accesses/brokers a device without attempting to connect to it.