1. Home
  2. Cisco Systems
  3. Setting static routes via SNMP

Setting static routes via SNMP

Hi,

I'm working on a script that needs to feed static routes to Cisco routers using SNMPv3 in a secure way. I have done a lot of research and have found some discussion on this issue, but nothing really conclusive, so here I am... :-)

Before doing the coding I'm trying to get it done using command line SNMP functions on a Linux box (I'm using Net-SNMP v5.2.1.2).

This is what I issue on the Linux box:

james@euler ~ $ snmpset -v3 -n "" -u xxxxxx -l authPriv -a md5 -A xxxxxxxx -x DES -X xxxxxxxx x.x.x.x ipRouteDest a 192.168.108.0 ipRouteMetric1 i 0 ipRouteNextHop a 192.168.20.15 ipRouteType i 4 ipRouteProto i 2 ipRouteMask a 255.255.255.0 Error in packet. Reason: noCreation (That table does not support row creation or that object can not ever be created) Failed object: RFC1213-MIB::ipRouteDest

If I turn on "snmp packets" debugging on the router (Cisco 2651XM running IOS Version 12.3(11)T7) this is what I see:

Router2-2651XM#

*May 31 00:46:20.060 UTC: SNMP: Packet received via UDP from z.z.z.z on FastEthernet0/0 *May 31 00:46:20.060 UTC: SNMP: Report, reqid 186108404, errstat 0, erridx 0 internet.6.3.15.1.1.4.0 = 119 *May 31 00:46:20.076 UTC: SNMP: Packet sent via UDP to z.z.z.z *May 31 00:46:20.268 UTC: SNMP: Packet received via UDP from z.z.z.z on FastEthernet0/0 *May 31 00:46:20.280 UTC: SNMP: Set request, reqid 186108405, errstat 0, erridx 0 ipRouteEntry.1 = 192.168.108.0 ipRouteEntry.3 = 0 ipRouteEntry.7 = 192.168.20.15 ipRouteEntry.8 = 4 ipRouteEntry.9 = 2 ipRouteEntry.11 = 255.255.255.0 *May 31 00:46:20.356 UTC: SNMP: Response, reqid 186108405, errstat 11, erridx 1 ipRouteEntry.1 = 192.168.108.0 ipRouteEntry.3 = 0 ipRouteEntry.7 = 192.168.20.15 ipRouteEntry.8 = 4 ipRouteEntry.9 = 2 ipRouteEntry.11 = 255.255.255.0 *May 31 00:46:20.440 UTC: SNMP: Packet sent via UDP to z.z.z.z Router2-2651XM#

I believe that I need to "word" my command in a different way... maybe using specific instances or indexes for the ipRoutexxx OIDs? I'm lacking some conceptual knowledge about the use of tables here, since I was able to set scalar values using the snmpset command (for example, the sysContact string).

Anybody done this before? I really need to get this tool working, so any help will be HIGHLY APPRECIATED!!!!

Thanks,

James

Reply to
James Schnack
Loading thread data ...

Hi James,

The following should do the trick:

snmpset -v3 -n "" -u xxxxxx -l authPriv -a md5 -A xxxxxxxx -x DES -X xxxxxxxx x.x.x.x ipRouteDest.192.168.108.0 a

192.168.108.0 ipRouteMetric1.192.168.108.0 i 0 ipRouteNextHop.192.168.108.0 a 192.168.20.15 ipRouteType.192.168.108.0 i 4 ipRouteProto.192.168.108.0 i 2 ipRouteMask.192.168.108.0 a 255.255.255.0

You were right with the assumption that you needed to provide an index value along with each column OID.

Regards, Frank Fock

James Schnack wrote:

Reply to
Frank Fock

I found snmplink.org MIB browser useful if you want to understand the table structures. Goto MIBS, then cisco, online viewer.. you can search a OID number/name/or MIB description

Reply to
jay

Frank,

Thanks a lot for your help... I had already tried that with no luck, but I went ahead and tried it again, carefully checking syntax just in case, and here's what I get:

james@euler ~ $ snmpset -v3 -n "" -u xxxxx -l authPriv -a md5 -A xxxxxxxx -x DES -X xxxxxxxx x.x.x.x ipRouteDest.192.168.108.0 a

192.168.108.0 ipRouteMetric1.192.168.108.0 i 0 ipRouteNextHop.192.168.108.0 a 192.168.20.15 ipRouteType.192.168.108.0 i 4 ipRouteProto.192.168.108.0 i 2 ipRouteMask.192.168.108.0 a 255.255.255.0 Error in packet. Reason: noCreation (That table does not support row creation or that object can not ever be created) Failed object: RFC1213-MIB::ipRouteDest.192.168.108.0

On the router side, having added debug snmp options "headers", "sessions" and "requests" ("packets" was on already), I get:

Router2-2651XM#

*May 31 22:19:48.226 UTC: SNMP: Packet received via UDP from z.z.z.z on FastEthernet0/0 *May 31 22:19:48.226 UTC: Incoming SNMP packet *May 31 22:19:48.230 UTC: v3 packet security model: v3 security level: noauth *May 31 22:19:48.230 UTC: username: *May 31 22:19:48.230 UTC: snmpEngineID: 8000000903000014A990C3E0 *May 31 22:19:48.230 UTC: snmpEngineBoots: 0 snmpEngineTime: 0 *May 31 22:19:48.230 UTC: SNMP: Report, reqid 28602275, errstat 0, erridx 0 internet.6.3.15.1.1.4.0 = 124 *May 31 22:19:48.242 UTC: SNMP: Packet sent via UDP to z.z.z.z *May 31 22:19:48.454 UTC: SNMP: Packet received via UDP from z.z.z.z on FastEthernet0/0 *May 31 22:19:48.462 UTC: SNMP: Set request, reqid 28602276, errstat 0, erridx 0 ipRouteEntry.1.192.168.108.0 = 192.168.108.0 ipRouteEntry.3.192.168.108.0 = 0 ipRouteEntry.7.192.168.108.0 = 192.168.20.15 ipRouteEntry.8.192.168.108.0 = 4 ipRouteEntry.9.192.168.108.0 = 2 ipRouteEntry.11.192.168.108.0 = 255.255.255.0 *May 31 22:19:48.538 UTC: Incoming SNMP packet *May 31 22:19:48.538 UTC: v3 packet security model: v3 security level: priv *May 31 22:19:48.542 UTC: username: xxxxx *May 31 22:19:48.542 UTC: snmpEngineID: 8000000903000014A990C3E0 *May 31 22:19:48.542 UTC: snmpEngineBoots: 4 snmpEngineTime: 2917897 *May 31 22:19:48.542 UTC: SNMP: Response, reqid 28602276, errstat 11, erridx 1 ipRouteEntry.1.192.168.108.0 = 192.168.108.0 ipRouteEntry.3.192.168.108.0 = 0 ipRouteEntry.7.192.168.108.0 = 192.168.20.15 ipRouteEntry.8.192.168.108.0 = 4 ipRouteEntry.9.192.168.108.0 = 2 ipRouteEntry.11.192.168.108.0 = 255.255.255.0 *May 31 22:19:48.630 UTC: SNMP: Packet sent via UDP to z.z.z.z Router2-2651XM#

Maybe if we knew what the error codes in line "*May 31 22:19:48.542 UTC: SNMP: Response, reqid 28602276, errstat 11, erridx 1" mean...

Any more ideas, anybody?

James

Reply to
acrux14

Well, I can't think of any ideas specific to this, but I do have a question - what and how will you be using this? There may be a much simpler way to accomplish this than writing this script.

Reply to
rdymek

I'm with a large service provider installing VPN managed services, using a VPN deployment tool for this. For a specific reason we're not able to use the template feature of this tool which is what would allow to add non-VPN specifics to each customer VPN router configuration (like some static routes needed in many of the customer scenarios).

So I'm building a script that will allow the people turning up these routers to automate the verification and addition of static routes in a secure way (SNMP v3 with authentication & encryption).

I'm kind of getting to a dead-end here now, so if anybody can think of anything I'll be glad to hear it!!!

Thanks,

J.

Reply to
acrux14

If the customer VPN router is configured with SSH ( and in a VPN environment it should be), then a simple SSH script to add the statics via IOS CLI should work with no problem

Reply to
Merv

Agreed, but that raises some internal issues (mostly non-technical) so I really need to do this via SNMP... J.

Reply to
acrux14

The objects you are trying to use are hopelessly outdated. The table indexing in the ipRouteTable does not allow to represent classless forwarding table entries, something we are all going for more than a decade now.

The IETF has developed better forwarding tables to address the shortcomings of the RFC1213 objects. The latest version of the IETF blessed forwarding table can be found in RFC 4292. Note that this document also explains the historic evolution, namely

ipRouteTable -> ipForwardTable -> ipCidrRouteTable -> inetCidrRouteTable

Please check whether your target device supports the ipCidrRouteTable. This table supports a RowStatus column (ipCidrRouteStatus) which can be used to do proper row creation. If your target device does not support a writable ipCidrRouteTable, you should consider to find a way to get out of the project. :)

/js

Reply to
Juergen Schoenwaelder

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.