Setting static routes via SNMP

Discussion in 'Cisco' started by James Schnack, May 3, 2006.

  1. Hi,

    I'm working on a script that needs to feed static routes to Cisco
    routers using SNMPv3 in a secure way. I have done a lot of research and
    have found some discussion on this issue, but nothing really
    conclusive, so here I am... :)

    Before doing the coding I'm trying to get it done using command line
    SNMP functions on a Linux box (I'm using Net-SNMP v5.2.1.2).

    This is what I issue on the Linux box:

    james@euler ~ $ snmpset -v3 -n "" -u xxxxxx -l authPriv -a md5 -A
    xxxxxxxx -x DES -X xxxxxxxx x.x.x.x ipRouteDest a 192.168.108.0
    ipRouteMetric1 i 0 ipRouteNextHop a 192.168.20.15 ipRouteType i 4
    ipRouteProto i 2 ipRouteMask a 255.255.255.0
    Error in packet.
    Reason: noCreation (That table does not support row creation or that
    object can not ever be created)
    Failed object: RFC1213-MIB::ipRouteDest

    If I turn on "snmp packets" debugging on the router (Cisco 2651XM
    running IOS Version 12.3(11)T7) this is what I see:

    Router2-2651XM#
    *May 31 00:46:20.060 UTC: SNMP: Packet received via UDP from z.z.z.z on
    FastEthernet0/0
    *May 31 00:46:20.060 UTC: SNMP: Report, reqid 186108404, errstat 0,
    erridx 0
    internet.6.3.15.1.1.4.0 = 119
    *May 31 00:46:20.076 UTC: SNMP: Packet sent via UDP to z.z.z.z
    *May 31 00:46:20.268 UTC: SNMP: Packet received via UDP from z.z.z.z on
    FastEthernet0/0
    *May 31 00:46:20.280 UTC: SNMP: Set request, reqid 186108405, errstat
    0, erridx 0
    ipRouteEntry.1 = 192.168.108.0
    ipRouteEntry.3 = 0
    ipRouteEntry.7 = 192.168.20.15
    ipRouteEntry.8 = 4
    ipRouteEntry.9 = 2
    ipRouteEntry.11 = 255.255.255.0
    *May 31 00:46:20.356 UTC: SNMP: Response, reqid 186108405, errstat 11,
    erridx 1
    ipRouteEntry.1 = 192.168.108.0
    ipRouteEntry.3 = 0
    ipRouteEntry.7 = 192.168.20.15
    ipRouteEntry.8 = 4
    ipRouteEntry.9 = 2
    ipRouteEntry.11 = 255.255.255.0
    *May 31 00:46:20.440 UTC: SNMP: Packet sent via UDP to z.z.z.z
    Router2-2651XM#

    I believe that I need to "word" my command in a different way... maybe
    using specific instances or indexes for the ipRoutexxx OIDs? I'm
    lacking some conceptual knowledge about the use of tables here, since I
    was able to set scalar values using the snmpset command (for example,
    the sysContact string).

    Anybody done this before? I really need to get this tool working, so
    any help will be HIGHLY APPRECIATED!!!!

    Thanks,

    James
     
    James Schnack, May 3, 2006
    #1
    1. Advertising

  2. James Schnack

    Frank Fock Guest

    Hi James,

    The following should do the trick:

    snmpset -v3 -n "" -u xxxxxx -l authPriv -a md5 -A
    xxxxxxxx -x DES -X xxxxxxxx x.x.x.x ipRouteDest.192.168.108.0 a
    192.168.108.0
    ipRouteMetric1.192.168.108.0 i 0 ipRouteNextHop.192.168.108.0 a
    192.168.20.15 ipRouteType.192.168.108.0 i 4
    ipRouteProto.192.168.108.0 i 2 ipRouteMask.192.168.108.0 a 255.255.255.0

    You were right with the assumption that you needed to provide
    an index value along with each column OID.

    Regards,
    Frank Fock

    James Schnack wrote:
    > Hi,
    >
    > I'm working on a script that needs to feed static routes to Cisco
    > routers using SNMPv3 in a secure way. I have done a lot of research and
    > have found some discussion on this issue, but nothing really
    > conclusive, so here I am... :)
    >
    > Before doing the coding I'm trying to get it done using command line
    > SNMP functions on a Linux box (I'm using Net-SNMP v5.2.1.2).
    >
    > This is what I issue on the Linux box:
    >
    > james@euler ~ $ snmpset -v3 -n "" -u xxxxxx -l authPriv -a md5 -A
    > xxxxxxxx -x DES -X xxxxxxxx x.x.x.x ipRouteDest a 192.168.108.0
    > ipRouteMetric1 i 0 ipRouteNextHop a 192.168.20.15 ipRouteType i 4
    > ipRouteProto i 2 ipRouteMask a 255.255.255.0
    > Error in packet.
    > Reason: noCreation (That table does not support row creation or that
    > object can not ever be created)
    > Failed object: RFC1213-MIB::ipRouteDest
    >
    > If I turn on "snmp packets" debugging on the router (Cisco 2651XM
    > running IOS Version 12.3(11)T7) this is what I see:
    >
    > Router2-2651XM#
    > *May 31 00:46:20.060 UTC: SNMP: Packet received via UDP from z.z.z.z on
    > FastEthernet0/0
    > *May 31 00:46:20.060 UTC: SNMP: Report, reqid 186108404, errstat 0,
    > erridx 0
    > internet.6.3.15.1.1.4.0 = 119
    > *May 31 00:46:20.076 UTC: SNMP: Packet sent via UDP to z.z.z.z
    > *May 31 00:46:20.268 UTC: SNMP: Packet received via UDP from z.z.z.z on
    > FastEthernet0/0
    > *May 31 00:46:20.280 UTC: SNMP: Set request, reqid 186108405, errstat
    > 0, erridx 0
    > ipRouteEntry.1 = 192.168.108.0
    > ipRouteEntry.3 = 0
    > ipRouteEntry.7 = 192.168.20.15
    > ipRouteEntry.8 = 4
    > ipRouteEntry.9 = 2
    > ipRouteEntry.11 = 255.255.255.0
    > *May 31 00:46:20.356 UTC: SNMP: Response, reqid 186108405, errstat 11,
    > erridx 1
    > ipRouteEntry.1 = 192.168.108.0
    > ipRouteEntry.3 = 0
    > ipRouteEntry.7 = 192.168.20.15
    > ipRouteEntry.8 = 4
    > ipRouteEntry.9 = 2
    > ipRouteEntry.11 = 255.255.255.0
    > *May 31 00:46:20.440 UTC: SNMP: Packet sent via UDP to z.z.z.z
    > Router2-2651XM#
    >
    > I believe that I need to "word" my command in a different way... maybe
    > using specific instances or indexes for the ipRoutexxx OIDs? I'm
    > lacking some conceptual knowledge about the use of tables here, since I
    > was able to set scalar values using the snmpset command (for example,
    > the sysContact string).
    >
    > Anybody done this before? I really need to get this tool working, so
    > any help will be HIGHLY APPRECIATED!!!!
    >
    > Thanks,
    >
    > James
    >
     
    Frank Fock, May 3, 2006
    #2
    1. Advertising

  3. James Schnack

    jay Guest

    I found snmplink.org MIB browser useful if you want to understand the
    table structures.
    Goto MIBS, then cisco, online viewer.. you can search a OID
    number/name/or MIB description
     
    jay, May 4, 2006
    #3
  4. James Schnack

    Guest

    Frank,

    Thanks a lot for your help... I had already tried that with no luck,
    but I went ahead and tried it again, carefully checking syntax just in
    case, and here's what I get:

    james@euler ~ $ snmpset -v3 -n "" -u xxxxx -l authPriv -a md5 -A
    xxxxxxxx -x DES -X xxxxxxxx x.x.x.x ipRouteDest.192.168.108.0 a
    192.168.108.0 ipRouteMetric1.192.168.108.0 i 0
    ipRouteNextHop.192.168.108.0 a 192.168.20.15 ipRouteType.192.168.108.0
    i 4 ipRouteProto.192.168.108.0 i 2 ipRouteMask.192.168.108.0 a
    255.255.255.0
    Error in packet.
    Reason: noCreation (That table does not support row creation or that
    object can not ever be created)
    Failed object: RFC1213-MIB::ipRouteDest.192.168.108.0

    On the router side, having added debug snmp options "headers",
    "sessions" and "requests" ("packets" was on already), I get:

    Router2-2651XM#
    *May 31 22:19:48.226 UTC: SNMP: Packet received via UDP from z.z.z.z on
    FastEthernet0/0
    *May 31 22:19:48.226 UTC:
    Incoming SNMP packet
    *May 31 22:19:48.230 UTC: v3 packet security model: v3
    security level: noauth
    *May 31 22:19:48.230 UTC: username:
    *May 31 22:19:48.230 UTC: snmpEngineID: 8000000903000014A990C3E0
    *May 31 22:19:48.230 UTC: snmpEngineBoots: 0 snmpEngineTime: 0
    *May 31 22:19:48.230 UTC: SNMP: Report, reqid 28602275, errstat 0,
    erridx 0
    internet.6.3.15.1.1.4.0 = 124
    *May 31 22:19:48.242 UTC: SNMP: Packet sent via UDP to z.z.z.z
    *May 31 22:19:48.454 UTC: SNMP: Packet received via UDP from z.z.z.z on
    FastEthernet0/0
    *May 31 22:19:48.462 UTC: SNMP: Set request, reqid 28602276, errstat 0,
    erridx 0
    ipRouteEntry.1.192.168.108.0 = 192.168.108.0
    ipRouteEntry.3.192.168.108.0 = 0
    ipRouteEntry.7.192.168.108.0 = 192.168.20.15
    ipRouteEntry.8.192.168.108.0 = 4
    ipRouteEntry.9.192.168.108.0 = 2
    ipRouteEntry.11.192.168.108.0 = 255.255.255.0
    *May 31 22:19:48.538 UTC:
    Incoming SNMP packet
    *May 31 22:19:48.538 UTC: v3 packet security model: v3
    security level: priv
    *May 31 22:19:48.542 UTC: username: xxxxx
    *May 31 22:19:48.542 UTC: snmpEngineID: 8000000903000014A990C3E0
    *May 31 22:19:48.542 UTC: snmpEngineBoots: 4 snmpEngineTime: 2917897
    *May 31 22:19:48.542 UTC: SNMP: Response, reqid 28602276, errstat 11,
    erridx 1
    ipRouteEntry.1.192.168.108.0 = 192.168.108.0
    ipRouteEntry.3.192.168.108.0 = 0
    ipRouteEntry.7.192.168.108.0 = 192.168.20.15
    ipRouteEntry.8.192.168.108.0 = 4
    ipRouteEntry.9.192.168.108.0 = 2
    ipRouteEntry.11.192.168.108.0 = 255.255.255.0
    *May 31 22:19:48.630 UTC: SNMP: Packet sent via UDP to z.z.z.z
    Router2-2651XM#

    Maybe if we knew what the error codes in line "*May 31 22:19:48.542
    UTC: SNMP: Response, reqid 28602276, errstat 11, erridx 1" mean...

    Any more ideas, anybody?

    James
     
    , May 4, 2006
    #4
  5. James Schnack

    rdymek Guest

    Well, I can't think of any ideas specific to this, but I do have a
    question - what and how will you be using this? There may be a much
    simpler way to accomplish this than writing this script.
     
    rdymek, May 4, 2006
    #5
  6. James Schnack

    Guest

    I'm with a large service provider installing VPN managed services,
    using a VPN deployment tool for this. For a specific reason we're not
    able to use the template feature of this tool which is what would allow
    to add non-VPN specifics to each customer VPN router configuration
    (like some static routes needed in many of the customer scenarios).

    So I'm building a script that will allow the people turning up these
    routers to automate the verification and addition of static routes in a
    secure way (SNMP v3 with authentication & encryption).

    I'm kind of getting to a dead-end here now, so if anybody can think of
    anything I'll be glad to hear it!!!

    Thanks,

    J.
     
    , May 4, 2006
    #6
  7. James Schnack

    Merv Guest

    If the customer VPN router is configured with SSH ( and in a VPN
    environment it should be), then a simple SSH script to add the statics
    via IOS CLI should work with no problem
     
    Merv, May 4, 2006
    #7
  8. James Schnack

    Guest

    Agreed, but that raises some internal issues (mostly non-technical) so
    I really need to do this via SNMP...
    J.
     
    , May 4, 2006
    #8
  9. In comp.protocols.snmp James Schnack <> wrote:

    > Before doing the coding I'm trying to get it done using command line
    > SNMP functions on a Linux box (I'm using Net-SNMP v5.2.1.2).
    >
    > This is what I issue on the Linux box:
    >
    > james@euler ~ $ snmpset -v3 -n "" -u xxxxxx -l authPriv -a md5 -A
    > xxxxxxxx -x DES -X xxxxxxxx x.x.x.x ipRouteDest a 192.168.108.0
    > ipRouteMetric1 i 0 ipRouteNextHop a 192.168.20.15 ipRouteType i 4
    > ipRouteProto i 2 ipRouteMask a 255.255.255.0
    > Error in packet.
    > Reason: noCreation (That table does not support row creation or that
    > object can not ever be created)
    > Failed object: RFC1213-MIB::ipRouteDest


    The objects you are trying to use are hopelessly outdated. The table
    indexing in the ipRouteTable does not allow to represent classless
    forwarding table entries, something we are all going for more than
    a decade now.

    The IETF has developed better forwarding tables to address the
    shortcomings of the RFC1213 objects. The latest version of the IETF
    blessed forwarding table can be found in RFC 4292. Note that this
    document also explains the historic evolution, namely

    ipRouteTable -> ipForwardTable -> ipCidrRouteTable -> inetCidrRouteTable

    Please check whether your target device supports the ipCidrRouteTable.
    This table supports a RowStatus column (ipCidrRouteStatus) which can
    be used to do proper row creation. If your target device does not
    support a writable ipCidrRouteTable, you should consider to find a
    way to get out of the project. :)

    /js

    --
    Juergen Schoenwaelder International University Bremen
    <http://www.eecs.iu-bremen.de/> P.O. Box 750 561, 28725 Bremen, Germany
     
    Juergen Schoenwaelder, May 4, 2006
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steve Holdoway
    Replies:
    0
    Views:
    1,264
    Steve Holdoway
    Jul 10, 2003
  2. John

    Backup Static Routes

    John, Dec 17, 2003, in forum: Cisco
    Replies:
    3
    Views:
    5,986
    Vincent C Jones
    Dec 18, 2003
  3. Bruce Campbell
    Replies:
    0
    Views:
    1,598
    Bruce Campbell
    Apr 3, 2004
  4. newb
    Replies:
    1
    Views:
    2,784
    mcaissie
    Sep 10, 2004
  5. Frank L.
    Replies:
    0
    Views:
    959
    Frank L.
    Jun 28, 2006
Loading...

Share This Page