[rancid] Retrieving cisco configuration using SNMP+TFTP
Kevin
kkadow at gmail.com
Tue Jun 27 21:49:13 UTC 2006
Has any work been done with RANCID to retrieve cisco configuration via SNMP?
I have a script using the Cisco::CopyConfig perl module to extract
from switches and routers. I'm working on hooking this into rancid.
The script uses a ReadWrite community string to send a SNMP command
instructing IOS to upload configuration to a TFTP server.
This isn't quite as insecure as you might think at first glance :)
IOS provides "snmp-server view" and "snmp-server tftp-server-list" settings,
restricting a SNMP community to a source IP accessing a specific OID,
and simultaneously restricting destination TFTP server. The tricky
part may be ensuring that the TFTP server itself is secure. To this end I
use OpenBSD's TFTP proxy.
Kevin Kadow
===== Pseudocode follows =====
#! /usr/bin/perl
#
# Cisco::CopyConfig requires Net::SNMP
#
use Cisco::CopyConfig;
use Socket;
unless(-w $filename) {
open(NEW,">$filename"); close(NEW);
chmod 0622, $filename;
}
$config = Cisco::CopyConfig->new( 'Host' => $ip, 'Comm' => $community);
$config->copy($tftpserver, $filename);
chmod 0622, $filename:
die "Error result is $error" if($error=$config->error());
###EOF###
More information about the Rancid-discuss
mailing list