[rancid] Re: Retrieving cisco configuration using SNMP+TFTP

Freeman, Michael mfreeman at netcogov.com
Tue Jun 27 21:50:39 UTC 2006

I don't think it would take much to hook it into rancid, as I believe if
you have the file already downloaded you can feed it into one of the
'rancid' utilities from the command line and it will do its thing. 

-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Kevin
Sent: Tuesday, June 27, 2006 4:49 PM
To: rancid-discuss at shrubbery.net
Subject: [rancid] Retrieving cisco configuration using SNMP+TFTP

Has any work been done with RANCID to retrieve cisco configuration via

I have a script using the Cisco::CopyConfig perl module to extract from
switches and routers.  I'm working on hooking this into rancid.

The script uses a ReadWrite community string to send a SNMP command
instructing IOS to upload configuration to a TFTP server.

This isn't quite as insecure as you might think at first glance :)

IOS provides "snmp-server view" and "snmp-server tftp-server-list"
settings, restricting a SNMP community to a source IP accessing a
specific OID, and simultaneously restricting destination TFTP server.
The tricky part may be ensuring that the TFTP server itself is secure.
To this end I use OpenBSD's TFTP proxy.

Kevin Kadow

===== Pseudocode follows =====
#! /usr/bin/perl
# Cisco::CopyConfig requires Net::SNMP
use Cisco::CopyConfig;
use Socket;

unless(-w $filename) {
  open(NEW,">$filename"); close(NEW);
  chmod 0622, $filename;

$config = Cisco::CopyConfig->new( 'Host' => $ip, 'Comm' => $community);
$config->copy($tftpserver, $filename); chmod 0622, $filename:

die "Error result is $error" if($error=$config->error());

Rancid-discuss mailing list
Rancid-discuss at shrubbery.net

Netco Government Services has recently acquired Multimax and is changing its name to Multimax Inc.
Visit http://www.multimax.com for more information.

More information about the Rancid-discuss mailing list