I’ve spent some time over the past few days trying to get our home grown Perl script designed to backup all our network switches to work with the Cisco Nexus 7010 and 5010 switches.
With previous Cisco switches such as the 6509, 3750, 2960, etc we know that the following commands (when sent via a Perl script using the Net-SNMP Perl module) would instruct the switch to copy it’s running-config to a TFTP server.
snmpset -v1 -c$COMMUNITY $HOST ccCopyProtocol.$RANDOM i 1 snmpset -v1 -c$COMMUNITY $HOST ccCopySourceFileType.$RANDOM i 4 snmpset -v1 -c$COMMUNITY $HOST ccCopyDestFileType.$RANDOM i 1 snmpset -v1 -c$COMMUNITY $HOST ccCopyServerAddress.$RANDOM a "10.1.1.50" snmpset -v1 -c$COMMUNITY $HOST ccCopyFileName.$RANDOM s "sw-train-acme.cfg" snmpset -v1 -c$COMMUNITY $HOST ccCopyEntryRowStatus.$RANDOM i 1 sleep 5 snmpget -v1 -c$COMMUNITY $HOST ccCopyState.$RANDOM #if not successful sleep 3 and re-check ccCopyState else continue and destroy table entry snmpset -v1 -c$COMMUNITY $HOST ccCopyEntryRowStatus.$RANDOM i 6
I know that the both the Cisco Nexus 7010 and 5010 both balk at the SNMP OIDS/MIBS used above. So I’m searching for a set of equivalent SNMP OIDS/MIBS as those in CISCO-CONFIG-COPY-MIB for NX-OS. I’m not sure that such a OID/MIB even exists for NX-OS but it doesn’t hurt to search and ask.
I’m curious if anyone else has come across this issue? I know that there is an XML interface available but I would prefer to keep using the PERL/SNMP script that I’ve already developed. In the interim I’ll probably write an Expect script (or add some Expect code to my existing Perl script) to remotely connect to the switches and issue the appropriate copy commands.
Cheers!
Updated: Monday June 27, 2011
I’ve finally found the issue and now I’m able to backup the Cisco Nexus switches as expected.
[ad name=”ad-articlefooter”]
Hi Michael,
Not sure of any commands for NX-OS (just started playing with 5000’s and 2000’s and hopefully soon 7000’s) but I took your backup script a while back, and modified it so I could call it from rancid (www.shrubbery.net/rancid/) which we already used for Cisco (IOS and NX-OS), Extreme Networks, Juniper (JunOS and ScreenOS), etc
Changes are commited to an SVN repository, and you get the diff output from what has changed in your email… really helps me a lot to track changes being performed.
Hi Wouter,
That script has matured greatly over the past year…. adding support for a lot of different equipment including Cisco switches/routers and a lot of sanity checks and debug logging.
I’m now trying to add support for the Cisco Nexus products although they don’t appear to support the OIDs in CISCO-CONFIG-COPY-MIB so I’m left to either explore the possibility of building an XML interface or just writing a quick Expect script so issue the commands from the command line.
I’ll probably re-release the backup script soon… just haven’t found the time right now.
Thanks for the comment!
I’m using a perl script using expect to accomplish the same thing on Fibre channel switches and Nexus switches. Not as clean an implementation, but it’s scope is broad for many of our non-SNMP compliant devices.
Hi Jason,
I’ve really grown to love Expect after using it for so many years… even if a system has an SNMP or SOAP/XML interface it only takes a few minutes to write a quick and dirty Expect script while it can take days and even months to write a full blown application. I also use Expect to automate the collection of troubleshooting information. For example, when the ARP/FDB issues were running rampant with the Nortel ERS 8600 switch I wrote a quick dirty little script that would ping all my switches every 60 seconds. If one of the switches timed out I would launch an Expect script to login to both core ERS 8600 switches and dump the FDB/MAC and ARP tables so I would examine them later. Even today when I open a ticket with Nortel/Avaya I run a script to collect all the information they request so I don’ t need to sit there doing the manual labor.
Cheers!
Cheers!
Did you get anywhere with the OIDs? I’m in the same boat. I just started digging through the documentation (and found your post. Glad I’m not alone)
Hi Jason,
I was never able to find a suitable MIB so I ended up deploying a quick and dirty little Expect script which connects to each switch via telnet and issues the commands to copy the running configuration to a TFTP server. I’m running a fairly old copy of NX-OS (v4.2) and I know that initially Cisco left out a lot of the SNMP stuff in the Nexus products believing that XML was the solution moving forward. I believe Cisco has been building back in a lot of the SNMP MIBS with each subsequent release because there are so many people still using SNMP to manage their networks.
I can post the Expect script if you’re interested.
Cheers!
Hi Michael,
I’ve just tested both on N7k and N5k and I was able to upload running config over TFTP. According to ftp://ftp-sj.cisco.com/pub/mibs/supportlists/nexus7000/Nexus7000MIBSupportList.html CISCO-CONFIG-COPY-MIB should be supported since 4.2 (we’re running 5.x release on N7k) and ftp://ftp-sj.cisco.com/pub/mibs/supportlists/nexus5000/Nexus5000MIBSupportList.html says that for N5k it should be available since 4.0 release.
Regards,
Martin
Hi Martin,
Thanks for the reply…. well I’m wondering then if I have something wrong in my SNMP configuration because I can’t use any of the SNMP MIBS above against either of my Cisco Nexus 7010 running v4.2.4 software. I’m schedule to upgrade to 4.2.6 this coming Wednesday so I’ll see after that, perhaps I’ll open a case with Cisco TAC.
Thanks!
Hi Michael,
running config gets copied with these …
my $vars = new SNMP::VarList(
[‘CISCO-CONFIG-COPY-MIB::ccCopyProtocol’, $rnd, 1], # tftp method
[‘CISCO-CONFIG-COPY-MIB::ccCopySourceFileType’, $rnd, 4], # 4 – running, 3 – startup, 1 – network file
[‘CISCO-CONFIG-COPY-MIB::ccCopyDestFileType’, $rnd, 1], # 4 – running, 3 – startup, 1 – network file
[‘CISCO-CONFIG-COPY-MIB::ccCopyServerAddress’, $rnd, $cfg->{tftp_server}],
[‘CISCO-CONFIG-COPY-MIB::ccCopyFileName’, $rnd, $filename],
[‘CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus’, $rnd, 4], # 4 – createAndGo, 6 – destroy
);
my $checkvars = new SNMP::VarList(
[‘CISCO-CONFIG-COPY-MIB::ccCopyState’, $rnd], # 1-waiting,2-running,3-successful,4-failed
);
my $termvars = new SNMP::VarList(
[‘CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus’, $rnd, 6], # 4 – createAndGo, 6 – destroy
);
I know that ccCopyServerAddress is deprecated, so I tried with ccCopyServerAddressRev1 and ccCopyServerAddressType, but it didn’t work. On the other side, I didn’t try really hard. :-)
Regards,
Martin
Hmm… that’s essentially what I’m using for all of our Cisco equipment and it’s working fine except with the Nexus 7010s and Nexus 5010s. I’m not sure if it’s a typo but I use ccCopyEntryRowStatus.$RND 1 to create and go, but that would probably break all Cisco devices. Let me test again and let you know. I just completed the upgrade from 4.2.4 to 4.2.6 to resolve some vPC issues on our Nexus 7010 switches.
Thanks for the help!
I wanted to be sure if I’m not doing anything wrong here, so I checked Cisco Object Navigator again … http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=1.3.6.1.4.1.9.9.96.1.1.1.1.14
Number ‘4’ seems to be correct for ccCopyEntryRowStatus to start transfer immediately.
Hi !
I’ve got the same problem. My Nexus 7K doesn’t want to hear about ccCopy*. MIB seems to be unknown by NXOS. Did you find some kind of solution or workaround on this problem?
Dis the upgrade solved the problem?
Hi Kireito,
I just tried this again today… doesn’t work for me. I tried using both the management VRF and the default VRF on a 5010 and 7010 and neither work for me. I’m able to walk the interface table so I know SNMP is working but I can’t get any useful reply.
Cheers!
I finally found the solution to this problem.
It appears that you cannot issue the various SNMP commands independently of each other. I found the following reference in the Cisco “How To Copy Configurations To and From Cisco Devices Using SNMP“;
So I wrote the following script and it works like a charm;
That works every time, so now I need to work that logic back into my Perl script.
Cheers!
Thank you. This is been a pain and the documentation is all over the map.
Sincerely,
Scott
Hi Scott,
Yes it took sometime to figure out… still need to figure out why the TFTP copy fails on my Cisco Nexus 7010 switches. I believe because I don’t have the management interfaces connected.
Cheers!
To make this work outside the management vrf use the following configuration to select the vrf to use.
This sets the vrf to the defalut vrf:
snmp-server context def vrf default
snmp-server mib community-map context def
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/command/reference/rel_5_0/sm_commands.html#wpmkr1628782
Thanks for the hint exatto!
I spent some additional time today troubleshooting this issue. I set the SNMP process into debug mode (debug snmp all) from the CIsco Nexus 7010 console and ran the script. In the debug output I found the following reference;
So it would appear that the copy is using the management vrf which is not connected on my Cisco Nexus 7010s.
Is there a way to override the VRF that the switch will use to source TFTP traffic?
I need to-do additional research, perhaps even open a ticket with Cisco.
Cheers!
To override the management vrf setting use this as mentioned above:
(I see that the community value has been lost in the previous post.)
snmp-server community MYCOMMUNITY group network-admin
snmp-server context def vrf default
snmp-server mib community-map MYCOMMUNITY context def
Use the MYCOMMUNITY when accessing the device. This works for me on the Nexus 5500 at least.
Thanks for your help exatto!
I had thought this would only impact the actual SNMP process but it causes the TFTP process to spawn out of the default VRF rather than the management VRF.
In short it works!
Thanks for your help!
Hi,
I have seem issue. I can use above snmpsets to get some cisco ios device’s configuration.
but I can’t get anyone using same method from nexus 7000.( I am not sure the administrator have added two lines(snmp-server context def… and snmp-server mib community-map MYCOMMUNITY context def)
[Editor: removed email address]
thx a lot!
[Editor: removed another email address]
Hi Peter,
I would suggest you read through the comments… the answer will be in there.
Good Luck!
I think the Nexus 7000 might be different, but I’m not sure. While the context lines are needed on the 5K, the 7K seems to work without them. This is what our 7K has in it for SNMP and the backup works:
snmp-server community MYCOMMUNITY group network-operator
snmp-server community MYCOMMUNITY use-acl snmp-ro
IP access list snmp-ro
10 permit ip 192.168.0.0/24 any
I pasted the wrong stuff. It should be this:
snmp-server community MYCOMMUNITY group network-adminsnmp-server community MYCOMMUNITY use-acl snmp-rw
IP access list snmp-rw
10 permit ip 192.168.0.0/24 any
I got help from Cisco and got a 5548 to backup via SNMP with the following script which only differs from yours by the first line:
snmpset -v1 -c $COMMUNITY $HOST ccCopyEntryRowStatus.$RANDOM i 5
snmpset -v1 -c $COMMUNITY $HOST ccCopyProtocol.$RANDOM i 1
snmpset -v1 -c $COMMUNITY $HOST ccCopySourceFileType.$RANDOM i 4
snmpset -v1 -c $COMMUNITY $HOST ccCopyDestFileType.$RANDOM i 1
snmpset -v1 -c $COMMUNITY $HOST ccCopyServerAddress.$RANDOM a "10.1.1.50"
snmpset -v1 -c $COMMUNITY $HOST ccCopyFileName.$RANDOM s "sw-train-acme.cfg"
snmpset -v1 -c $COMMUNITY $HOST ccCopyEntryRowStatus.$RANDOM i 1
sleep 5
snmpget -v1 -c $COMMUNITY $HOST ccCopyState.$RANDOM
#if not successful sleep 3 and re-check ccCopyState else continue and destroy table entry
snmpset -v1 -c $COMMUNITY $HOST ccCopyEntryRowStatus.$RANDOM i 6
I was also missing the following lines:
snmp-server context def vrf default
snmp-server mib community-map MYCOMMUNITY context def
Without adding the first line to the script, it would fail at the ccCopyProtocol command. Without the snmp-server lines, it would allow me to set all the variables, but the TFTP transfer would fail.
Hi Joseph,
What software release of NX-OS are you running on your 5548?
I’m only running 4.1.3 and as I mentioned in the comments above I had to perform all the SNMP set commands in a single statement.
I’m curious if Cisco has changed that requirement in newer releases of NX-OS.
Cheers!
I am running 5.0(3)N2(1).
Has anyone been able to apply config-changes to Nexus gear via SNMP? This works beautifully in IOS, but none of the parameters or debugging I try against Nexus seems to ever apply the configuration changes.
For example, the following snmpset command tells a device to fetch a config-file via tftp and add it to it’s running config:
=====
snmpset -v1 -c $community $node .1.3.6.1.4.1.9.9.96.1.1.1.1.2.$rand i 1 .1.3.6.1.4.1.9.9.96.1.1.1.1.3.$rand i 1 .1.3.6.1.4.1.9.9.96.1.1.1.1.4.$rand i 4 .1.3.6.1.4.1.9.9.96.1.1.1.1.5.$rand a $tftpserver .1.3.6.1.4.1.9.9.96.1.1.1.1.6.$rand s $policyfile .1.3.6.1.4.1.9.9.96.1.1.1.1.14.$rand i 4
=====
It tells the device to copy from ccCopySourceFileType ‘networkFile(1)’ to ccCopyDestFileType ‘runningConfig(4)’. As I’ve mentioned, this works awesome for IOS gear.
Nexus will pick up the file via tftp (I can see this in a tcpdump), but reports:
=====
SNMP log error : SNMP Operation (SET) failed. Reason:3 reqId (1921212778) errno (42) error index (6)
=====
Any thoughts? or suggestions?