[rancid] Re: Retrieving cisco configuration using SNMP+TFTP

Chris Moody cmoody at qualcomm.com
Tue Jun 27 23:15:42 UTC 2006


There's already work existing that does the snmp based "write net"

http://www.pancho.org/

-Chris

Freeman, Michael wrote:
> I don't think it would take much to hook it into rancid, as I believe if
> you have the file already downloaded you can feed it into one of the
> 'rancid' utilities from the command line and it will do its thing. 
> 
> -----Original Message-----
> From: rancid-discuss-bounces at shrubbery.net
> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Kevin
> Sent: Tuesday, June 27, 2006 4:49 PM
> To: rancid-discuss at shrubbery.net
> Subject: [rancid] Retrieving cisco configuration using SNMP+TFTP
> 
> Has any work been done with RANCID to retrieve cisco configuration via
> SNMP?
> 
> I have a script using the Cisco::CopyConfig perl module to extract from
> switches and routers.  I'm working on hooking this into rancid.
> 
> The script uses a ReadWrite community string to send a SNMP command
> instructing IOS to upload configuration to a TFTP server.
> 
> This isn't quite as insecure as you might think at first glance :)
> 
> IOS provides "snmp-server view" and "snmp-server tftp-server-list"
> settings, restricting a SNMP community to a source IP accessing a
> specific OID, and simultaneously restricting destination TFTP server.
> The tricky part may be ensuring that the TFTP server itself is secure.
> To this end I use OpenBSD's TFTP proxy.
> 
> 
> Kevin Kadow
> 
> ===== Pseudocode follows =====
> #! /usr/bin/perl
> #
> # Cisco::CopyConfig requires Net::SNMP
> #
> use Cisco::CopyConfig;
> use Socket;
> 
> unless(-w $filename) {
>   open(NEW,">$filename"); close(NEW);
>   chmod 0622, $filename;
>   }
> 
> $config = Cisco::CopyConfig->new( 'Host' => $ip, 'Comm' => $community);
> $config->copy($tftpserver, $filename); chmod 0622, $filename:
> 
> die "Error result is $error" if($error=$config->error());
> 
> ###EOF###
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> 
> Netco Government Services has recently acquired Multimax and is changing its name to Multimax Inc.
> Visit http://www.multimax.com for more information.
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> 
> 



More information about the Rancid-discuss mailing list