Get the Cisco configuration over SNMP
Saving the configurations from Cisco Devices is normally done by a tool (CW2k, Solarwinds Cirrus or whatever) but if you do not want to buy a tool here’s a way to do it yourself.
Cisco has a SNMP MIB called CISCO-CONFIG-COPY-MIB.oid which allows to save the configurations from Cisco devices over SNMP. If you also know your way around scripting (Shell, Perl or whatever you prefer) this is how you could save your devices automatic.
How to copy a config
This is a step by step guide on how to save the running-config on a TFTP Server. You need SNMP Write Access at the device and a device where you can use the snmpset command. The shown command line syntax was taken from NET-SMP 5.4.1. Please remember to use the ReadWrite Community for your devices.
snmpset -c <community> -v 1 <device> 1.3.6.1.4.1.9.9.96.1.1.1.1.2.111 i 1
The ConfigCopyProtocol is set to TFTP
snmpset -c <community> -v 1 <device> 1.3.6.1.4.1.9.9.96.1.1.1.1.3.111 i 4
Set the SourceFileType to running-config
snmpset -c <community> -v 1 <device> 1.3.6.1.4.1.9.9.96.1.1.1.1.4.111 i 1
Set the DestinationFileType to networkfile
snmpset -c <community> -v 1 <device> 1.3.6.1.4.1.9.9.96.1.1.1.1.5.111 a <TFTP IP>
Sets the ServerAddress to the IP address of the TFTP server
snmpset -c <community> -v 1 <device> 1.3.6.1.4.1.9.9.96.1.1.1.1.6.111 s <Filename>
Sets the CopyFilename to your desired file name.
snmpset -c <community> -v 1 <device> 1.3.6.1.4.1.9.9.96.1.1.1.1.14.111 i 1
Sets the CopyStatus to active which starts the copy process.
snmpset -c <community> -v 1 <device> 1.3.6.1.4.1.9.9.96.1.1.1.1.14.111 i 6
Sets the CopyStatus to delete which cleans all saved informations out of the MIB
The number 111 at each OIDs end is nothing else then a randomly picket number which has to be the same during the whole copy process. Just to keep it easy and the same way I always use 111.
The following section describes all CISCO-CONFIG-COPY-MIB functions so you can change the process how you like it.
CISCO-CONFIG-COPY-MIB.oid functions
ccConfigCopyProtocol
OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.2
Type: INTEGER
Options:tftp(1)
ftp(2)
rcp(3)
scp(4)
sftp(5)
Description: Defines whicn protocol is used for the copy process. TFTP is default
ccCopySourceFileType
OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.3
Type: INTEGER
Options: networkFile(1)
iosFile(2)
startupConfig(3)
runningConfig(4)
terminal(5)
Descripton: Defines the source. Either the Source or the DestinatioFileType have to be set to startupConfig or runningConfig. Furthermore the SourceFileType has to be different to the DestinationFileType.
ccCopyDestFileType
OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.4
Type: INTEGER
Options: networkFile(1)
iosFile(2)
startupConfig(3)
runningConfig(4)
terminal(5)
Description: Defines the destination.Either the Source or the DestinatioFileType have to be set to startupConfig or runningConfig. Furthermore the SourceFileType has to be different to the DestinationFileType.
ccCopyServerAddress
OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.5
Type: IP Address
Description: Sets the address of the server to which the file will be copied to. Values like 0.0.0.0 or FF.FF.FF.FF are not allowed for this OID.
ccCopyFileName
OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.6
Type: STRING
Description: Sets the name of the destination or source file. This OID has to be set as far as the destination or sourceFileType are set to networkFile or iosFile.
ccCopyUserName
OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.7
Type: STRING
Description: Sets a username for FTP, RCP, SFTP or SCP. This will overwrite the user name which might have been set over the rcmd remote-username <username> command if RCP is used as protocol.
ccCopyUserPassword
OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.8
Type: STRING
Description: Sets the password for FTP, RCP, SFTP or SCP
ccCopyNotificationOnCompletion
OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.9
Type: INTEGER
Description: Defines if a notification has to be sent after the process has ended.
ccCopyState
OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.10
Type: INTEGER
Options: waiting(1)
running(2)
successful(3)
failed(4)
Description: Shows the copy process’ status. This value will be set after the COPYEntryRowStatus has been set to active.
ccCopyTimeStarted
OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.11
Type: TimeStamp
Description: Shows the last start time of the process or zero if the process never changed the status to running.
ccCopyTimeCompleted
OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.12
Type: TimeStamp
Description: Shows the last time after the process changed from running to successful or failed.
ccCopyFailCause
OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.13
Type: INTEGER
Options: unknown(1)
badFileName(2)
timeout(3)
noMem(4)
noConfig(5)
unsupportedProtocol(6)
someConfigApplyFailed(7)
Description: Shows why the process failed
ccCopyEntryRowStatus
OID: 1.3.6.1.4.1.9.9.96.1.1.1.1.14
Type: INTEGER
Options: active(1)
notInService(2)
createAndGo(4)
createAndWait(5)
destroy(6)
Description: Shows the process’ status
10 Comments »
Leave a comment
About
Im a network engineer working for an international medical company based in Basel, Switzerland. I began my professional life in 2000 after 4 years of an IT apprenticeship. I started as the Network Management System responsible with quite a lot other of other tasks inside the Cisco networking field. In 2005 I changed to my current employer where I changed my field of knowledge from part NMS part Networking to full time Networking. I also started to educate myself deeper into networking. After passing the CCNA and CCNP exams I wanted to go further with my education and took the CCIE R&S track instead of doing a school with lots of stuff Im not interested in 
I started the CCIE journey in August 2007 with the first of 5 workshops at the Cisco Network Academy in Rapperswil and passed the CCIE in Brussels at 07th of May 2008.
During that time I wrote a lot of documents to keep the stuff I learned and I thought it might be an idea to make it public so it might help other people on their path through the Cisco Certifications. I hope this site gets useful not only for CCIE candidates but also for other networking professionals on their search for knowledge.
If you have any questions or want to contact me, please drop me a line to pashtuk at gmail.com
Hi
Great stuff. I’m a CCNA and CCNP teacher working in Viborg Denmark, and currently teaching technicians for a large Danish ISP in QoS and MPLS.
Just found the OID’s I was searching for.
Thanks
Henrik Thomsen
Hi Henrik
Thank you, what I saw lately is that there is now a Perl Module on CPAN for the whole thingie.
best regards
Michel
Hi Michel
What’s the name of the perl module on CPAN for the whole thing. I’m trying to implement this.
thanks
Maruf
Maruf, this one looks right: http://search.cpan.org/~aaronsca/Cisco-CopyConfig-1.4/CopyConfig.pm
I did not test it but the docu sounds like it is a Perl Module for the whole Cisco MIB.
Best regards
Michel
Hello,
So what next? We defined the values? But how are we gonna get the configuration from the device?
snmpget -c -v1 (and what’s next?)
Regards…
b^2-4ac
Hi
Did you read the part “How to copy a config”? There it is written how you will get the config step by step.
best regards
Michel
Hi,
I am successful using SNMPv3 and tftp(1) but I cannot do it with scp(4). Have you ever tried it with scp?
I’ve tried using “SCP” with NetSNMP as follows:
snmpset – 1.1.2.111 i 4 [or scp(4)]
snmpset – 1.1.3.111 i 3 [or startupConfig(3)]
snmpset – 1.1.4.111 i 4 [or runningConfig(4) and tried 1 as a networkFile(1) - anything different from 3.111]
snmpset – 1.1.4.111 a 10.1.1.25 [able to use it for tftp(1) - can manually do a secure-copy using "copy run scp:" to this host]
snmpset – 1.1.7.111 s “username” [works well from CLI]
snmpset – 1.1.6.111 s “device_config’ [works well from CLI]
snmpset – 1.1.8.111 s “password” [no problems logging in and moving config to my OpenSSH server from CLI]
snmpget – 1.1.10.111 always comes back with a failed(4)
Thanks for your assistance. Chris
Hi Chris
Sorry I never used that option and I cant see anything wrong with your syntax, as long as you specify networkFile within -1.1.4.111 that should basically work.
What did you get back after the fail for: -1.1.13.111? (ccCopyFailCause) Maybe that error message helps a bit.
best regards
Michel
Hi Pashtuk,
I attempted to use tftp to get runningConfig to tftp server. After I executed the command, I got ccCopyState to running (2) and then failed(4). ccCopyFailCause was timeout(3).
How is the tftp server involved during the operation? Does the tftp server issue tftp command get configuration from cisco switch? Or the Cisco switch issue command tftp and put the configuration file onto the tftp server?
Appreciate your attention. Shuilong
Hi Shuilong
The TFTP Server should not initate anything, the Cisco device starts the connection and the file upload. Something you can try is to copy the running config manually to that tftp server with copy flash tftp and see if it works.
Best regards
Michel