A number of people I know have struggled with some of the more
"interesting" functions of Foundry's SNMP mibs. Most of the mib works
exactly as you expect, but when you try to do more advanced work (the
sort of things you might do in a home-grown management system), it
always fails.
There turns out to be a trick: Not only do you need to know the write
community, but you must also prove to the device you know the enable
password!! On top of that, your entire request MUST happen in one SNMP
PDU. Fortunately, if you use one net-snmp snmpset command, that
happens.
You can also provice a username & pw combo, if the pw has sufficient
access rights. You'll want to check the mib (or the pdf
docs) for info on how to do that.
Alternately, you can remove this restriction via the CLI command:
no snmp-server pw-check. I don't really recommend this; this extra
level of security is pretty nice, once you get used to it.
You can download the Foundry
Mib (via Somix's excellent mib archive).
Write the running config to tftp
For example, if you want to write the config to tftp via snmp, you
need to set all of the following in one packet:
What | Symbolic | OID | content |
Set an enable password | snAgGblPassword |
.1.3.6.1.4.1.1991.1.1.2.1.15.0 | your enable
password |
target tftp server | snAgTftpServerIp |
.1.3.6.1.4.1.1991.1.1.2.1.5.0 | ip address |
tftp file name | snAgCfgFname |
.1.3.6.1.4.1.1991.1.1.2.1.8.0 | file name |
action | snAgCfgLoad |
.1.3.6.1.4.1.1991.1.1.2.1.9.0 | set to 22 (uploadFromDramToServer) |
(note: netsnmp requires the trailing .0's on all the following
OIDs. If these OIDs don't work for you, try striping the trailing .0)
For example, the following netsnmp command line might work for you
(assuming a write community of private, and netsnmp v5):
snmpset -v2c -c private switch .1.3.6.1.4.1.1991.1.1.2.1.15.0
s enable .1.3.6.1.4.1.1991.1.1.2.1.5.0 a 127.0.0.1
.1.3.6.1.4.1.1991.1.1.2.1.8.0 s subdir/targetfile
.1.3.6.1.4.1.1991.1.1.2.1.9.0 i 22
While this is running, you can poll snAgCfgLoad for status. Values for
snAgCfgLoad include:
- normal status,ro
- flashPrepareReadFailure status,ro
- flashReadError status,ro
- flashPrepareWriteFailure status,ro
- flashWriteError status,ro
- tftpTimeoutError status,ro
- tftpOutOfBufferSpace status,ro
- tftpBusy status,ro
- tftpRemoteOtherErrors status,ro
- tftpRemoteNoFile status,ro
- tftpRemoteBadAccess status,ro
- tftpRemoteDiskFull status,ro
- tftpRemoteBadOperation status,ro
- tftpRemoteBadId status,ro
- tftpRemoteFileExists status,ro
- tftpRemoteNoUser status,ro
- operationError status,ro
- loading status,ro
- apparently, no value?
- uploadFromFlashToServer command,settable
- downloadToFlashFromServer command,settable
- uploadFromDramToServer command,settable
- downloadToDramFromServer command,settable
- uploadFromFlashToNMS command,settable
- downloadToFlashFromNMS command,settable
- uploadFromDramToNMS command,settable
- downloadToDramFromNMS command,settable
- operationDoneWithNMS command,settable
- tftpWrongFileType command,settable
In the above,
- Dram ==> Running config
- Flash ==> startup config
- Server ==> TFTPserver
- NMS ==> Foundry's Network Management Station
Commanding a device to save the running config to NVRAM
Writing a config to memory ("wr mem") is accomplished by setting the
following, all in one PDU:
What | Symbolic | OID | content |
Set an enable password | snAgGblPassword |
.1.3.6.1.4.1.1991.1.1.2.1.15.0 | your enable
password |
Write config to nvram | snAgWriteNVRAM |
.1.3.6.1.4.1.1991.1.1.2.1.3 | set to 3 (write) |
Snmpget the contents of snAgWriteNVRAM to see the status of your request:
- normal done, no problems
- error
- write action command, not a status. if it stays here, the
device didn't accept your request
- writing accepted && in progress
Uploading or downloading a new code image via SNMP
Copying an OS image to flash, primary or secondary: (again, all in one
pdu!)
What | Symbolic | OID | content |
Set an enable password | snAgGblPassword |
.1.3.6.1.4.1.1991.1.1.2.1.15.0 | your enable
password |
target tftp server | snAgTftpServerIp |
.1.3.6.1.4.1.1991.1.1.2.1.5.0 | ip address |
tftp file name | snAgImgFname |
.1.3.6.1.4.1.1991.1.1.2.1.6.0 | file name |
command to download/upload image | snAgImgLoad |
.1.3.6.1.4.1.1991.1.1.2.1.7.0 | set to your requested
command, 20 == download file to primary flash |
As before, read from snAgImgLoad to get status of your request. Values
can be:
- normal status,ro
- flashPrepareReadFailure status,ro
- flashReadError status,ro
- flashPrepareWriteFailure status,ro
- flashWriteError status,ro
- tftpTimeoutError status,ro
- tftpOutOfBufferSpace status,ro
- tftpBusy status,ro
- tftpRemoteOtherErrors status,ro
- tftpRemoteNoFile status,ro
- tftpRemoteBadAccess status,ro
- tftpRemoteDiskFull status,ro
- tftpRemoteBadOperation status,ro
- tftpRemoteBadId status,ro
- tftpRemoteFileExists status,ro
- tftpRemoteNoUser status,ro
- operationError status,ro
- loading status,ro
- uploadPrimary command,settable, copy primary flash to server
- downloadPrimary command,settable, copy server to primary flash
- uploadSecondary command,settable, copy secondary flash to server
- downloadSecondary command,settable, copy secondary to primary flash
- tftpWrongFileType status,ro