Setting static routes via SNMP - SNMP

This is a discussion on Setting static routes via SNMP - SNMP ; Hi, I'm working on a script that needs to feed static routes to Cisco routers using SNMPv3 in a secure way. I have done a lot of research and have found some discussion on this issue, but nothing really conclusive, ...

+ Reply to Thread
Results 1 to 14 of 14

Thread: Setting static routes via SNMP

  1. Setting static routes via SNMP

    Hi,

    I'm working on a script that needs to feed static routes to Cisco
    routers using SNMPv3 in a secure way. I have done a lot of research and
    have found some discussion on this issue, but nothing really
    conclusive, so here I am... :-)

    Before doing the coding I'm trying to get it done using command line
    SNMP functions on a Linux box (I'm using Net-SNMP v5.2.1.2).

    This is what I issue on the Linux box:

    james@euler ~ $ snmpset -v3 -n "" -u xxxxxx -l authPriv -a md5 -A
    xxxxxxxx -x DES -X xxxxxxxx x.x.x.x ipRouteDest a 192.168.108.0
    ipRouteMetric1 i 0 ipRouteNextHop a 192.168.20.15 ipRouteType i 4
    ipRouteProto i 2 ipRouteMask a 255.255.255.0
    Error in packet.
    Reason: noCreation (That table does not support row creation or that
    object can not ever be created)
    Failed object: RFC1213-MIB::ipRouteDest

    If I turn on "snmp packets" debugging on the router (Cisco 2651XM
    running IOS Version 12.3(11)T7) this is what I see:

    Router2-2651XM#
    *May 31 00:46:20.060 UTC: SNMP: Packet received via UDP from z.z.z.z on
    FastEthernet0/0
    *May 31 00:46:20.060 UTC: SNMP: Report, reqid 186108404, errstat 0,
    erridx 0
    internet.6.3.15.1.1.4.0 = 119
    *May 31 00:46:20.076 UTC: SNMP: Packet sent via UDP to z.z.z.z
    *May 31 00:46:20.268 UTC: SNMP: Packet received via UDP from z.z.z.z on
    FastEthernet0/0
    *May 31 00:46:20.280 UTC: SNMP: Set request, reqid 186108405, errstat
    0, erridx 0
    ipRouteEntry.1 = 192.168.108.0
    ipRouteEntry.3 = 0
    ipRouteEntry.7 = 192.168.20.15
    ipRouteEntry.8 = 4
    ipRouteEntry.9 = 2
    ipRouteEntry.11 = 255.255.255.0
    *May 31 00:46:20.356 UTC: SNMP: Response, reqid 186108405, errstat 11,
    erridx 1
    ipRouteEntry.1 = 192.168.108.0
    ipRouteEntry.3 = 0
    ipRouteEntry.7 = 192.168.20.15
    ipRouteEntry.8 = 4
    ipRouteEntry.9 = 2
    ipRouteEntry.11 = 255.255.255.0
    *May 31 00:46:20.440 UTC: SNMP: Packet sent via UDP to z.z.z.z
    Router2-2651XM#

    I believe that I need to "word" my command in a different way... maybe
    using specific instances or indexes for the ipRoutexxx OIDs? I'm
    lacking some conceptual knowledge about the use of tables here, since I
    was able to set scalar values using the snmpset command (for example,
    the sysContact string).

    Anybody done this before? I really need to get this tool working, so
    any help will be HIGHLY APPRECIATED!!!!

    Thanks,

    James


  2. Re: Setting static routes via SNMP

    Hi James,

    The following should do the trick:

    snmpset -v3 -n "" -u xxxxxx -l authPriv -a md5 -A
    xxxxxxxx -x DES -X xxxxxxxx x.x.x.x ipRouteDest.192.168.108.0 a
    192.168.108.0
    ipRouteMetric1.192.168.108.0 i 0 ipRouteNextHop.192.168.108.0 a
    192.168.20.15 ipRouteType.192.168.108.0 i 4
    ipRouteProto.192.168.108.0 i 2 ipRouteMask.192.168.108.0 a 255.255.255.0

    You were right with the assumption that you needed to provide
    an index value along with each column OID.

    Regards,
    Frank Fock

    James Schnack wrote:
    > Hi,
    >
    > I'm working on a script that needs to feed static routes to Cisco
    > routers using SNMPv3 in a secure way. I have done a lot of research and
    > have found some discussion on this issue, but nothing really
    > conclusive, so here I am... :-)
    >
    > Before doing the coding I'm trying to get it done using command line
    > SNMP functions on a Linux box (I'm using Net-SNMP v5.2.1.2).
    >
    > This is what I issue on the Linux box:
    >
    > james@euler ~ $ snmpset -v3 -n "" -u xxxxxx -l authPriv -a md5 -A
    > xxxxxxxx -x DES -X xxxxxxxx x.x.x.x ipRouteDest a 192.168.108.0
    > ipRouteMetric1 i 0 ipRouteNextHop a 192.168.20.15 ipRouteType i 4
    > ipRouteProto i 2 ipRouteMask a 255.255.255.0
    > Error in packet.
    > Reason: noCreation (That table does not support row creation or that
    > object can not ever be created)
    > Failed object: RFC1213-MIB::ipRouteDest
    >
    > If I turn on "snmp packets" debugging on the router (Cisco 2651XM
    > running IOS Version 12.3(11)T7) this is what I see:
    >
    > Router2-2651XM#
    > *May 31 00:46:20.060 UTC: SNMP: Packet received via UDP from z.z.z.z on
    > FastEthernet0/0
    > *May 31 00:46:20.060 UTC: SNMP: Report, reqid 186108404, errstat 0,
    > erridx 0
    > internet.6.3.15.1.1.4.0 = 119
    > *May 31 00:46:20.076 UTC: SNMP: Packet sent via UDP to z.z.z.z
    > *May 31 00:46:20.268 UTC: SNMP: Packet received via UDP from z.z.z.z on
    > FastEthernet0/0
    > *May 31 00:46:20.280 UTC: SNMP: Set request, reqid 186108405, errstat
    > 0, erridx 0
    > ipRouteEntry.1 = 192.168.108.0
    > ipRouteEntry.3 = 0
    > ipRouteEntry.7 = 192.168.20.15
    > ipRouteEntry.8 = 4
    > ipRouteEntry.9 = 2
    > ipRouteEntry.11 = 255.255.255.0
    > *May 31 00:46:20.356 UTC: SNMP: Response, reqid 186108405, errstat 11,
    > erridx 1
    > ipRouteEntry.1 = 192.168.108.0
    > ipRouteEntry.3 = 0
    > ipRouteEntry.7 = 192.168.20.15
    > ipRouteEntry.8 = 4
    > ipRouteEntry.9 = 2
    > ipRouteEntry.11 = 255.255.255.0
    > *May 31 00:46:20.440 UTC: SNMP: Packet sent via UDP to z.z.z.z
    > Router2-2651XM#
    >
    > I believe that I need to "word" my command in a different way... maybe
    > using specific instances or indexes for the ipRoutexxx OIDs? I'm
    > lacking some conceptual knowledge about the use of tables here, since I
    > was able to set scalar values using the snmpset command (for example,
    > the sysContact string).
    >
    > Anybody done this before? I really need to get this tool working, so
    > any help will be HIGHLY APPRECIATED!!!!
    >
    > Thanks,
    >
    > James
    >


  3. Re: Setting static routes via SNMP

    I found snmplink.org MIB browser useful if you want to understand the
    table structures.
    Goto MIBS, then cisco, online viewer.. you can search a OID
    number/name/or MIB description


  4. Re: Setting static routes via SNMP

    Frank,

    Thanks a lot for your help... I had already tried that with no luck,
    but I went ahead and tried it again, carefully checking syntax just in
    case, and here's what I get:

    james@euler ~ $ snmpset -v3 -n "" -u xxxxx -l authPriv -a md5 -A
    xxxxxxxx -x DES -X xxxxxxxx x.x.x.x ipRouteDest.192.168.108.0 a
    192.168.108.0 ipRouteMetric1.192.168.108.0 i 0
    ipRouteNextHop.192.168.108.0 a 192.168.20.15 ipRouteType.192.168.108.0
    i 4 ipRouteProto.192.168.108.0 i 2 ipRouteMask.192.168.108.0 a
    255.255.255.0
    Error in packet.
    Reason: noCreation (That table does not support row creation or that
    object can not ever be created)
    Failed object: RFC1213-MIB::ipRouteDest.192.168.108.0

    On the router side, having added debug snmp options "headers",
    "sessions" and "requests" ("packets" was on already), I get:

    Router2-2651XM#
    *May 31 22:19:48.226 UTC: SNMP: Packet received via UDP from z.z.z.z on
    FastEthernet0/0
    *May 31 22:19:48.226 UTC:
    Incoming SNMP packet
    *May 31 22:19:48.230 UTC: v3 packet security model: v3
    security level: noauth
    *May 31 22:19:48.230 UTC: username:
    *May 31 22:19:48.230 UTC: snmpEngineID: 8000000903000014A990C3E0
    *May 31 22:19:48.230 UTC: snmpEngineBoots: 0 snmpEngineTime: 0
    *May 31 22:19:48.230 UTC: SNMP: Report, reqid 28602275, errstat 0,
    erridx 0
    internet.6.3.15.1.1.4.0 = 124
    *May 31 22:19:48.242 UTC: SNMP: Packet sent via UDP to z.z.z.z
    *May 31 22:19:48.454 UTC: SNMP: Packet received via UDP from z.z.z.z on
    FastEthernet0/0
    *May 31 22:19:48.462 UTC: SNMP: Set request, reqid 28602276, errstat 0,
    erridx 0
    ipRouteEntry.1.192.168.108.0 = 192.168.108.0
    ipRouteEntry.3.192.168.108.0 = 0
    ipRouteEntry.7.192.168.108.0 = 192.168.20.15
    ipRouteEntry.8.192.168.108.0 = 4
    ipRouteEntry.9.192.168.108.0 = 2
    ipRouteEntry.11.192.168.108.0 = 255.255.255.0
    *May 31 22:19:48.538 UTC:
    Incoming SNMP packet
    *May 31 22:19:48.538 UTC: v3 packet security model: v3
    security level: priv
    *May 31 22:19:48.542 UTC: username: xxxxx
    *May 31 22:19:48.542 UTC: snmpEngineID: 8000000903000014A990C3E0
    *May 31 22:19:48.542 UTC: snmpEngineBoots: 4 snmpEngineTime: 2917897
    *May 31 22:19:48.542 UTC: SNMP: Response, reqid 28602276, errstat 11,
    erridx 1
    ipRouteEntry.1.192.168.108.0 = 192.168.108.0
    ipRouteEntry.3.192.168.108.0 = 0
    ipRouteEntry.7.192.168.108.0 = 192.168.20.15
    ipRouteEntry.8.192.168.108.0 = 4
    ipRouteEntry.9.192.168.108.0 = 2
    ipRouteEntry.11.192.168.108.0 = 255.255.255.0
    *May 31 22:19:48.630 UTC: SNMP: Packet sent via UDP to z.z.z.z
    Router2-2651XM#

    Maybe if we knew what the error codes in line "*May 31 22:19:48.542
    UTC: SNMP: Response, reqid 28602276, errstat 11, erridx 1" mean...

    Any more ideas, anybody?

    James


  5. Re: Setting static routes via SNMP

    Well, I can't think of any ideas specific to this, but I do have a
    question - what and how will you be using this? There may be a much
    simpler way to accomplish this than writing this script.


  6. Re: Setting static routes via SNMP

    I'm with a large service provider installing VPN managed services,
    using a VPN deployment tool for this. For a specific reason we're not
    able to use the template feature of this tool which is what would allow
    to add non-VPN specifics to each customer VPN router configuration
    (like some static routes needed in many of the customer scenarios).

    So I'm building a script that will allow the people turning up these
    routers to automate the verification and addition of static routes in a
    secure way (SNMP v3 with authentication & encryption).

    I'm kind of getting to a dead-end here now, so if anybody can think of
    anything I'll be glad to hear it!!!

    Thanks,

    J.


  7. Re: Setting static routes via SNMP

    If the customer VPN router is configured with SSH ( and in a VPN
    environment it should be), then a simple SSH script to add the statics
    via IOS CLI should work with no problem


  8. Re: Setting static routes via SNMP

    Agreed, but that raises some internal issues (mostly non-technical) so
    I really need to do this via SNMP...
    J.


  9. Re: Setting static routes via SNMP

    In comp.protocols.snmp James Schnack wrote:

    > Before doing the coding I'm trying to get it done using command line
    > SNMP functions on a Linux box (I'm using Net-SNMP v5.2.1.2).
    >
    > This is what I issue on the Linux box:
    >
    > james@euler ~ $ snmpset -v3 -n "" -u xxxxxx -l authPriv -a md5 -A
    > xxxxxxxx -x DES -X xxxxxxxx x.x.x.x ipRouteDest a 192.168.108.0
    > ipRouteMetric1 i 0 ipRouteNextHop a 192.168.20.15 ipRouteType i 4
    > ipRouteProto i 2 ipRouteMask a 255.255.255.0
    > Error in packet.
    > Reason: noCreation (That table does not support row creation or that
    > object can not ever be created)
    > Failed object: RFC1213-MIB::ipRouteDest


    The objects you are trying to use are hopelessly outdated. The table
    indexing in the ipRouteTable does not allow to represent classless
    forwarding table entries, something we are all going for more than
    a decade now.

    The IETF has developed better forwarding tables to address the
    shortcomings of the RFC1213 objects. The latest version of the IETF
    blessed forwarding table can be found in RFC 4292. Note that this
    document also explains the historic evolution, namely

    ipRouteTable -> ipForwardTable -> ipCidrRouteTable -> inetCidrRouteTable

    Please check whether your target device supports the ipCidrRouteTable.
    This table supports a RowStatus column (ipCidrRouteStatus) which can
    be used to do proper row creation. If your target device does not
    support a writable ipCidrRouteTable, you should consider to find a
    way to get out of the project.

    /js

    --
    Juergen Schoenwaelder International University Bremen
    P.O. Box 750 561, 28725 Bremen, Germany

  10. Re: Setting static routes via SNMP

    Yep, like I said James..
    try snmplink.org online Cisco MIB browser to understand the Table and
    what elements can be 'set'


  11. Re: Setting static routes via SNMP

    That is some *very* valuable input, Juergen.

    I will definately look for the ipCidrRoute objects you mention, plus go
    through RFC4292... and hopefully I will be able to stay on the project.
    ;-)

    My experience with SNMP has involved querying very basic objects, so
    when I queried the ipRouteTable and was able to find all the routing
    info I had configured on the router, I didn't think twice about it...

    When I work my way through this I will update this thread with my
    findings, for future reference.

    Thanks a lot!

    J.


  12. Re: Setting static routes via SNMP

    I'll revisit... I had gone there but I hadn't thought of looking for
    any new tables. Honestly, the fact that the ipRouteTable could be
    outdated did not cross my mind... :-(
    Thanks to all for the help!
    J.


  13. Re: Setting static routes via SNMP

    Juergen,

    I did read RFC4292 and am a bit worried by the fact that definitions
    for the main objects in inetCidrRouteTable and the older
    ipCidrRouteTable and ipForwardTable are listed as not-accessible or
    read-only (for example, inetCidrRouteDest, inetCidrRoutePfxLen and
    inetCidrRouteNextHop are not-accessible; ipCidrRouteDest,
    ipCidrRouteMask and ipCidrRouteNextHop are read-only; etc).

    It seems to me that I have a very slight chance that my target's
    implementation (Cisco IOS) will be a writable table... am I correct?
    How common is for vendors to have writable routing table objects in
    view of the latest RFCs on this? I'd like to know what you think.

    Also, since these newer tables are indexed on *several* objects (unlike
    ipRouteTable which was only indexed on ipRouteDest), I'm wondering what
    the row objects to set would have to be on my test (i.e. what the
    syntax would need to be)... I guess an snmpwalk will show me that,
    though.

    I will be able to test this on Monday. I am also having conversation
    with Cisco TAC so they can confirm. I'll let you know.

    James


  14. Re: Setting static routes via SNMP

    Hello. I know that this post is some 3-4 years old, but I had many headaches with that so I will put here my findings. Basically the command "snmpset" that sets a static route is:

    snmpset -v 3 -Os -l authPriv -u admin -a MD5 -A privateprivate -x DES -X privateprivate 127.0.0.1 IP-FORWARD-MIB::inetCidrRouteIfIndex.1.4.192.168.209.1.24.1.5 .1.4.0.0.0.0 i 0 IP-FORWARD-MIB::inetCidrRouteType.1.4.192.168.209.1.24.1.5.1. 4.0.0.0.0 i 3 IP-FORWARD-MIB::inetCidrRouteStatus.1.4.192.168.209.1.24.1.5. 1.4.0.0.0.0 i 4

    As you can see this is for SNMP v3.

+ Reply to Thread