[c-nsp] Regain CLI access with snmp sets?

Lee ler762 at gmail.com
Sat Sep 10 13:14:27 EDT 2011 

On 9/10/11, Persio Pucci <persio at gmail.com> wrote:
> Here is my steps:
>
> persio.pucci at tacacs:/tftpboot$snmpset -v2c -c COMUNITY 10.20.30.1
>> .1.3.6.1.4.1.9.9.96.1.1.1.1.2.200 integer 1
>> SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.2.200 = INTEGER: 1
>> persio.pucci at tacacs:/tftpboot$ snmpset -v2c -c COMUNITY 10.20.30.1
>> .1.3.6.1.4.1.9.9.96.1.1.1.1.3.200 integer 1
>> SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.3.200 = INTEGER: 1
>> persio.pucci at tacacs:/tftpboot$ snmpset -v2c -c COMUNITY 10.20.30.1
>> .1.3.6.1.4.1.9.9.96.1.1.1.1.4.200 integer 4
>> SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.4.200 = INTEGER: 4
>> persio.pucci at tacacs:/tftpboot$ snmpset -v2c -c COMUNITY 10.20.30.1
>> .1.3.6.1.4.1.9.9.96.1.1.1.1.5.200 address 10.10.10.1
>> SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.5.200 = IpAddress: 10.10.10.1
>> persio.pucci at tacacs:/tftpboot$ snmpset -v2c -c COMUNITY 10.20.30.1
>> .1.3.6.1.4.1.9.9.96.1.1.1.1.6.200 string user
>> SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.6.200 = STRING: "user"
>> persio.pucci at tacacs:/tftpboot$ snmpset -v2c -c COMUNITY 10.20.30.1
>> .1.3.6.1.4.1.9.9.96.1.1.1.1.14.200 integer 4
>> Error in packet.
>> Reason: inconsistentValue (The set value is illegal or unsupported in some
>> way)
>> Failed object: SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.14.200
>
>
> As you can see, the object gets created, but it does not accepts the active
> command

I'm guessing the row already exists.  For createAndGo(4) to work (your
last snmpset) the row has to be created in one call & you've got
multiple snmpsets

Try deleting the row, doing a create & wait on the row, set the other
variables and then set the row status to active(1)

Take a look at the description of ccCopyEntry in CISCO-CONFIG-COPY-MIB
and of RowStatus in SNMPv2-TC for a full explanation.

And I'd strongly suggest that you restrict which hosts the router
allows tftp to/from.  See the
snmp-server tftp-server-list command.

Regards,
Lee


>
>  persio.pucci at tacacs:/tftpboot$ snmpwalk -v2c -c COMUNITY 10.20.30.1
>> .1.3.6.1.4.1.9.9.96.1.1.1.1
>> SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.2.200 = INTEGER: 1
>> SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.3.200 = INTEGER: 1
>> SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.4.200 = INTEGER: 4
>> SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.5.200 = IpAddress: 10.10.10.1
>> SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.6.200 = STRING: "user"
>> SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.9.200 = INTEGER: 2
>> SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.10.200 = INTEGER: 4
>> SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.11.200 = Timeticks: (1836298009)
>> 212
>> days, 12:49:40.09
>> SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.12.200 = Timeticks: (1836302109)
>> 212
>> days, 12:50:21.09
>> SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.13.200 = INTEGER: 3
>> SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.14.200 = INTEGER: 1
>> SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.15.200 = INTEGER: 1
>> SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.16.200 = STRING: "10.10.10.1"
>> persio.pucci at tacacs:/tftpboot$
>
>
> On Fri, Sep 9, 2011 at 10:12 PM, Lee <ler762 at gmail.com> wrote:
>
>> On 9/9/11, Persio Pucci <persio at gmail.com> wrote:
>> > Anybody would have a working recipe for routers, specialy 7200? I've
>> > been trying the ones posted at Cisco (specially the one where you need
>> > several commands) but the final "activate" command gets an error
>> > response...
>>
>> echo "processing $DEV"
>> echo "     delete row 3"
>> $SNMPSET $community -m CISCO-CONFIG-COPY-MIB $DEV ccCopyEntryRowStatus.3 i
>> 6
>> echo "     create row 3 & wait"
>> $SNMPSET $community -m CISCO-CONFIG-COPY-MIB $DEV ccCopyEntryRowStatus.3 i
>> 5
>>
>> $SNMPSET $community -m CISCO-CONFIG-COPY-MIB $DEV ccCopyProtocol.3 i 1
>> #   use tftp
>> $SNMPSET $community -m CISCO-CONFIG-COPY-MIB $DEV ccCopySourceFileType.3 i
>> 1
>> #   1=networkFile  3=startupConfig   4=runningConfig
>> $SNMPSET $community -m CISCO-CONFIG-COPY-MIB $DEV ccCopyDestFileType.3 i 4
>> #   1=networkFile  3=startupConfig   4=runningConfig
>> $SNMPSET $community -m CISCO-CONFIG-COPY-MIB $DEV
>> ccCopyServerAddress.3 a $TFTPHOST
>> $SNMPSET $community -m CISCO-CONFIG-COPY-MIB $DEV ccCopyFileName.3 s $FILE
>> $SNMPSET $community -m CISCO-CONFIG-COPY-MIB $DEV
>> ccCopyNotificationOnCompletion.3 i 1
>> #  1: true  2: false
>> $SNMPSET $community -m CISCO-CONFIG-COPY-MIB $DEV ccCopyEntryRowStatus.3 i
>> 1
>> #  make it active
>> echo "Done!"
>>
>>
>> Regards,
>> Lee
>>
>>
>>
>>
>> > Em 08/09/2011, às 18:44, Mike <mike-cisconsplist at tiedyenetworks.com>
>> > escreveu:
>> >
>> >> Hello,
>> >>
>> >>    I am sure this can be done and am calling on my fellows to help
>> >> light
>> >> the way!
>> >>
>> >>    I have a cisco 2970 switch newly installed in a remote, inaccessible
>> >> location that presently lacks OOB serial access. Due to a config error,
>> I
>> >> cannot telnet into the unit due to missing config elements:
>> >>
>> >> Escape character is '^]'.
>> >>
>> >>
>> >> Password required, but none set
>> >> Connection closed by foreign host.
>> >>
>> >>
>> >>    I do have, however, a writable snmp community string. So I am
>> wondering
>> >> if it would be possible to update the running config using snmp in
>> >> order
>> >> to give me telnet access to this unit? It would beat a trip back out
>> there
>> >> and would serve my cisco education well too. So how about it, any
>> takers?
>> >>
>> >> Mike-
>> >> _______________________________________________
>> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> >
>> > _______________________________________________
>> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/cisco-nsp
>> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>> >
>>
>

More information about the cisco-nsp mailing list