[rancid] Re: Retrieving cisco configuration using SNMP+TFTP
Chris Moody
cmoody at qualcomm.com
Tue Jun 27 23:15:42 UTC 2006
There's already work existing that does the snmp based "write net"
http://www.pancho.org/
-Chris
Freeman, Michael wrote:
> I don't think it would take much to hook it into rancid, as I believe if
> you have the file already downloaded you can feed it into one of the
> 'rancid' utilities from the command line and it will do its thing.
>
> -----Original Message-----
> From: rancid-discuss-bounces at shrubbery.net
> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Kevin
> Sent: Tuesday, June 27, 2006 4:49 PM
> To: rancid-discuss at shrubbery.net
> Subject: [rancid] Retrieving cisco configuration using SNMP+TFTP
>
> Has any work been done with RANCID to retrieve cisco configuration via
> SNMP?
>
> I have a script using the Cisco::CopyConfig perl module to extract from
> switches and routers. I'm working on hooking this into rancid.
>
> The script uses a ReadWrite community string to send a SNMP command
> instructing IOS to upload configuration to a TFTP server.
>
> This isn't quite as insecure as you might think at first glance :)
>
> IOS provides "snmp-server view" and "snmp-server tftp-server-list"
> settings, restricting a SNMP community to a source IP accessing a
> specific OID, and simultaneously restricting destination TFTP server.
> The tricky part may be ensuring that the TFTP server itself is secure.
> To this end I use OpenBSD's TFTP proxy.
>
>
> Kevin Kadow
>
> ===== Pseudocode follows =====
> #! /usr/bin/perl
> #
> # Cisco::CopyConfig requires Net::SNMP
> #
> use Cisco::CopyConfig;
> use Socket;
>
> unless(-w $filename) {
> open(NEW,">$filename"); close(NEW);
> chmod 0622, $filename;
> }
>
> $config = Cisco::CopyConfig->new( 'Host' => $ip, 'Comm' => $community);
> $config->copy($tftpserver, $filename); chmod 0622, $filename:
>
> die "Error result is $error" if($error=$config->error());
>
> ###EOF###
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
> Netco Government Services has recently acquired Multimax and is changing its name to Multimax Inc.
> Visit http://www.multimax.com for more information.
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
More information about the Rancid-discuss
mailing list