Hello there,
We all have used SNMP to retrieve information from Cisco routers.
However, I have never tried to do so directly by accessing the MIBS.
Applications that do so like Solar Winds use them to get such information.
I started to write an application using shell scripting so I could perform some operations like retrieving the running configuration however, I found a script that someone had written. It only did a few things so I did expand it to do a little more.
You will need a few things to test this.
- A Linux server capable of running bash, although you can also use Windows, more on that later. This is the SNMP server that is allowed to talk to the router.
- The SNMP server should have SNMP utils that will allow it to communicate with the router via SNMP.
- A TFTP server, it does not matter on what server you run it. It can be on the same server you are running the script but not necessarily.
- A Cisco router so you can test. It currently supports v1 or v2c. More work will be needed if SNMP v3 is needed.
- And of course, you need to configure the router with a minimal configuration that should have:
- An IP address
- SNMP configured with a RW community and allow the server to talk via SNMP to the router.
- And of course, your server needs to be able to communicate with the router.
if you have this in place then download the following file.
Named it whatever you wish, give it .sh as an extension and make it executable.
If you run it without parameters you will see:
cisco-pwn-1.sh <router-ip> <tftp-serverip> <community> <option> <filename> Available options are: 0. Extract Cisco IOS version via SNMP 1. Download Cisco running-config File (save as NAME) 2. Merge Cisco running-config File (use NAME) 3. Check status of the copy 4. Write Cisco startup-config File (NAME) !!File needs to have the full configuration!!
As you can see it will allow you to download the running configuration to a file called whatever you wish. The TFTP server needs to be running to do this.
If you want to add to the running configuration then create a second file and insert any commands you wish.
For example assume you want to enable another interface then on the file add the following:
conf t interface fastethernet 0/0 no shu ip address 192.168l.1.1 255.255.255.0
Save the file then run the script using option (1). That’s it.
This procedure only merges new commands to the running configuration. If you want this to be permanent then you need to write it to the startup configuration.
You need to be careful though, unlike merging the configuration you need a full configuration otherwise you shoot yourself in the foot.
Retrieve the running configuration first that is to be saved. Then use option (4) to write it onto the router. Easy.
Now what if you have a Windows machine, you can run the CYGWIN environment, or on Windows 10 you can run the WSL but there is no need to do this.
You only need SNMP and some Linux utilities like the bash shell and some others.
First, get the net-snmp utils for windows from here.
Then get bash for windows and finally the GNU utils for windows.
Copy the SNMP utils to a directory on your Windows like SNMP-GET. Then copy bash and the GNU utils to another directory like UNXUTILS.
Finally, get the following file and copy it onto the SNMP-GET directory.
This file is identical to the previous one except that some modifications were made so it can be used on windows, If you look at the file you will see them, it also tells you how to run it at the command prompt.
If you want to learn more about how it is done follow the links at the top of the script, or just Google it and you will find lots of information.
Enjoy.
Ciao.