Setting static routes via SNMP

Discussion in 'Cisco' started by James Schnack, May 3, 2006.

  1. Hi,

    I'm working on a script that needs to feed static routes to Cisco
    routers using SNMPv3 in a secure way. I have done a lot of research and
    have found some discussion on this issue, but nothing really
    conclusive, so here I am... :)

    Before doing the coding I'm trying to get it done using command line
    SNMP functions on a Linux box (I'm using Net-SNMP v5.2.1.2).

    This is what I issue on the Linux box:

    [email protected] ~ $ snmpset -v3 -n "" -u xxxxxx -l authPriv -a md5 -A
    xxxxxxxx -x DES -X xxxxxxxx x.x.x.x ipRouteDest a 192.168.108.0
    ipRouteMetric1 i 0 ipRouteNextHop a 192.168.20.15 ipRouteType i 4
    ipRouteProto i 2 ipRouteMask a 255.255.255.0
    Error in packet.
    Reason: noCreation (That table does not support row creation or that
    object can not ever be created)
    Failed object: RFC1213-MIB::ipRouteDest

    If I turn on "snmp packets" debugging on the router (Cisco 2651XM
    running IOS Version 12.3(11)T7) this is what I see:

    Router2-2651XM#
    *May 31 00:46:20.060 UTC: SNMP: Packet received via UDP from z.z.z.z on
    FastEthernet0/0
    *May 31 00:46:20.060 UTC: SNMP: Report, reqid 186108404, errstat 0,
    erridx 0
    internet.6.3.15.1.1.4.0 = 119
    *May 31 00:46:20.076 UTC: SNMP: Packet sent via UDP to z.z.z.z
    *May 31 00:46:20.268 UTC: SNMP: Packet received via UDP from z.z.z.z on
    FastEthernet0/0
    *May 31 00:46:20.280 UTC: SNMP: Set request, reqid 186108405, errstat
    0, erridx 0
    ipRouteEntry.1 = 192.168.108.0
    ipRouteEntry.3 = 0
    ipRouteEntry.7 = 192.168.20.15
    ipRouteEntry.8 = 4
    ipRouteEntry.9 = 2
    ipRouteEntry.11 = 255.255.255.0
    *May 31 00:46:20.356 UTC: SNMP: Response, reqid 186108405, errstat 11,
    erridx 1
    ipRouteEntry.1 = 192.168.108.0
    ipRouteEntry.3 = 0
    ipRouteEntry.7 = 192.168.20.15
    ipRouteEntry.8 = 4
    ipRouteEntry.9 = 2
    ipRouteEntry.11 = 255.255.255.0
    *May 31 00:46:20.440 UTC: SNMP: Packet sent via UDP to z.z.z.z
    Router2-2651XM#

    I believe that I need to "word" my command in a different way... maybe
    using specific instances or indexes for the ipRoutexxx OIDs? I'm
    lacking some conceptual knowledge about the use of tables here, since I
    was able to set scalar values using the snmpset command (for example,
    the sysContact string).

    Anybody done this before? I really need to get this tool working, so
    any help will be HIGHLY APPRECIATED!!!!

    Thanks,

    James
     
    James Schnack, May 3, 2006
    #1
    1. Advertisements

  2. James Schnack

    Frank Fock Guest

    Hi James,

    The following should do the trick:

    snmpset -v3 -n "" -u xxxxxx -l authPriv -a md5 -A
    xxxxxxxx -x DES -X xxxxxxxx x.x.x.x ipRouteDest.192.168.108.0 a
    192.168.108.0
    ipRouteMetric1.192.168.108.0 i 0 ipRouteNextHop.192.168.108.0 a
    192.168.20.15 ipRouteType.192.168.108.0 i 4
    ipRouteProto.192.168.108.0 i 2 ipRouteMask.192.168.108.0 a 255.255.255.0

    You were right with the assumption that you needed to provide
    an index value along with each column OID.

    Regards,
    Frank Fock
     
    Frank Fock, May 3, 2006
    #2
    1. Advertisements

  3. James Schnack

    jay Guest

    I found snmplink.org MIB browser useful if you want to understand the
    table structures.
    Goto MIBS, then cisco, online viewer.. you can search a OID
    number/name/or MIB description
     
    jay, May 4, 2006
    #3
  4. James Schnack

    acrux14 Guest

    Frank,

    Thanks a lot for your help... I had already tried that with no luck,
    but I went ahead and tried it again, carefully checking syntax just in
    case, and here's what I get:

    [email protected] ~ $ snmpset -v3 -n "" -u xxxxx -l authPriv -a md5 -A
    xxxxxxxx -x DES -X xxxxxxxx x.x.x.x ipRouteDest.192.168.108.0 a
    192.168.108.0 ipRouteMetric1.192.168.108.0 i 0
    ipRouteNextHop.192.168.108.0 a 192.168.20.15 ipRouteType.192.168.108.0
    i 4 ipRouteProto.192.168.108.0 i 2 ipRouteMask.192.168.108.0 a
    255.255.255.0
    Error in packet.
    Reason: noCreation (That table does not support row creation or that
    object can not ever be created)
    Failed object: RFC1213-MIB::ipRouteDest.192.168.108.0

    On the router side, having added debug snmp options "headers",
    "sessions" and "requests" ("packets" was on already), I get:

    Router2-2651XM#
    *May 31 22:19:48.226 UTC: SNMP: Packet received via UDP from z.z.z.z on
    FastEthernet0/0
    *May 31 22:19:48.226 UTC:
    Incoming SNMP packet
    *May 31 22:19:48.230 UTC: v3 packet security model: v3
    security level: noauth
    *May 31 22:19:48.230 UTC: username:
    *May 31 22:19:48.230 UTC: snmpEngineID: 8000000903000014A990C3E0
    *May 31 22:19:48.230 UTC: snmpEngineBoots: 0 snmpEngineTime: 0
    *May 31 22:19:48.230 UTC: SNMP: Report, reqid 28602275, errstat 0,
    erridx 0
    internet.6.3.15.1.1.4.0 = 124
    *May 31 22:19:48.242 UTC: SNMP: Packet sent via UDP to z.z.z.z
    *May 31 22:19:48.454 UTC: SNMP: Packet received via UDP from z.z.z.z on
    FastEthernet0/0
    *May 31 22:19:48.462 UTC: SNMP: Set request, reqid 28602276, errstat 0,
    erridx 0
    ipRouteEntry.1.192.168.108.0 = 192.168.108.0
    ipRouteEntry.3.192.168.108.0 = 0
    ipRouteEntry.7.192.168.108.0 = 192.168.20.15
    ipRouteEntry.8.192.168.108.0 = 4
    ipRouteEntry.9.192.168.108.0 = 2
    ipRouteEntry.11.192.168.108.0 = 255.255.255.0
    *May 31 22:19:48.538 UTC:
    Incoming SNMP packet
    *May 31 22:19:48.538 UTC: v3 packet security model: v3
    security level: priv
    *May 31 22:19:48.542 UTC: username: xxxxx
    *May 31 22:19:48.542 UTC: snmpEngineID: 8000000903000014A990C3E0
    *May 31 22:19:48.542 UTC: snmpEngineBoots: 4 snmpEngineTime: 2917897
    *May 31 22:19:48.542 UTC: SNMP: Response, reqid 28602276, errstat 11,
    erridx 1
    ipRouteEntry.1.192.168.108.0 = 192.168.108.0
    ipRouteEntry.3.192.168.108.0 = 0
    ipRouteEntry.7.192.168.108.0 = 192.168.20.15
    ipRouteEntry.8.192.168.108.0 = 4
    ipRouteEntry.9.192.168.108.0 = 2
    ipRouteEntry.11.192.168.108.0 = 255.255.255.0
    *May 31 22:19:48.630 UTC: SNMP: Packet sent via UDP to z.z.z.z
    Router2-2651XM#

    Maybe if we knew what the error codes in line "*May 31 22:19:48.542
    UTC: SNMP: Response, reqid 28602276, errstat 11, erridx 1" mean...

    Any more ideas, anybody?

    James
     
    acrux14, May 4, 2006
    #4
  5. James Schnack

    rdymek Guest

    Well, I can't think of any ideas specific to this, but I do have a
    question - what and how will you be using this? There may be a much
    simpler way to accomplish this than writing this script.
     
    rdymek, May 4, 2006
    #5
  6. James Schnack

    acrux14 Guest

    I'm with a large service provider installing VPN managed services,
    using a VPN deployment tool for this. For a specific reason we're not
    able to use the template feature of this tool which is what would allow
    to add non-VPN specifics to each customer VPN router configuration
    (like some static routes needed in many of the customer scenarios).

    So I'm building a script that will allow the people turning up these
    routers to automate the verification and addition of static routes in a
    secure way (SNMP v3 with authentication & encryption).

    I'm kind of getting to a dead-end here now, so if anybody can think of
    anything I'll be glad to hear it!!!

    Thanks,

    J.
     
    acrux14, May 4, 2006
    #6
  7. James Schnack

    Merv Guest

    If the customer VPN router is configured with SSH ( and in a VPN
    environment it should be), then a simple SSH script to add the statics
    via IOS CLI should work with no problem
     
    Merv, May 4, 2006
    #7
  8. James Schnack

    acrux14 Guest

    Agreed, but that raises some internal issues (mostly non-technical) so
    I really need to do this via SNMP...
    J.
     
    acrux14, May 4, 2006
    #8
  9. The objects you are trying to use are hopelessly outdated. The table
    indexing in the ipRouteTable does not allow to represent classless
    forwarding table entries, something we are all going for more than
    a decade now.

    The IETF has developed better forwarding tables to address the
    shortcomings of the RFC1213 objects. The latest version of the IETF
    blessed forwarding table can be found in RFC 4292. Note that this
    document also explains the historic evolution, namely

    ipRouteTable -> ipForwardTable -> ipCidrRouteTable -> inetCidrRouteTable

    Please check whether your target device supports the ipCidrRouteTable.
    This table supports a RowStatus column (ipCidrRouteStatus) which can
    be used to do proper row creation. If your target device does not
    support a writable ipCidrRouteTable, you should consider to find a
    way to get out of the project. :)

    /js
     
    Juergen Schoenwaelder, May 4, 2006
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.