Mailing List Archive: Updating running config via tftp/snmp

Updating running config via tftp/snmp

Nov 7, 2005, 4:41 AM

Post #1 of 5 (1947 views)

Hi,

I'm trying to change my acl-update-script from a ssh/expect hack to snmp
since snmp is a bit more responsive and (hopefully) causes fewer
"hiccups" (apparently the foundry sshd hangs every now and then).

After reading up on the MIB [1] I hacked together a script which sets
the tftp servers ip address, the name of the config file and snAgCfgLoad
to 23 in one packet (should download the config from the tftp server to
the foundries ram). I see that the foundry fetches the config from the
tftp server but apparently the config file doesn't get applied (no
changes in the ACLs visible, no "running-config was changed..." message
in the log).

Setting snAgCfgLoad to 21 (fetch config from tftp and write it to flash)
works, (although overwriting your complete config with just an
acl-update might be a bad thing in case you want to reload your switch ;) ).

"no snmp-server pw-check" is already configured.

Any ideas?

[1] http://www.foundrynet.com/services/documentation/MIB/mib.pdf

--

best regards,
Michael Renner - Network services

Preisvergleich Internet Services AG
Obere Donaustra?e 63/2, A-1020 Wien
Tel: +43 1 5811609 80
Fax: +43 1 5811609 55

Updating running config via tftp/snmp [ In reply to ]

michael.renner at geizhals

Nov 15, 2005, 1:35 PM

Post #2 of 5 (1945 views)

Permalink

Cliff Fogle wrote:
> Just making sure...You have a 'no access-list <blah>' at the top and the last line of the acl is 'end'?

I didn't have the "end" in there, tested it now but that doesn't work
either.

I attached a sample acl in case there's something in there which I just
missed.

The SNMP query should be correct too, this is the stuff that gets
sent/received:

We throw all the needed data (tftp-server-ip, filename, command) in a
packet:
19:23:39.983246 IP 1.2.3.136.49798 > 1.2.3.130.161: C=community
SetRequest(81) .1.3.6.1.4.1.1991.1.1.2.1.5.0=1.2.3.136
.1.3.6.1.4.1.1991.1.1.2.1.8.0="acl.txt" .1.3.6.1.4.1.1991.1.1.2.1.9.0=23

The foundry responds:
19:23:39.983796 IP 1.2.3.130.161 > 1.2.3.136.49798: C=community
GetResponse(81) .1.3.6.1.4.1.1991.1.1.2.1.5.0=1.2.3.136
.1.3.6.1.4.1.1991.1.1.2.1.8.0="acl.txt" .1.3.6.1.4.1.1991.1.1.2.1.9.0=23

The status code of the save command gets queried:
19:23:40.990643 IP 1.2.3.136.49798 > 1.2.3.130.161: C=community
GetRequest(31) .1.3.6.1.4.1.1991.1.1.2.1.9.0

And the foundry says that everything's fine:
19:23:40.991072 IP 1.2.3.130.161 > 1.2.3.136.49798: C=community
GetResponse(32) .1.3.6.1.4.1.1991.1.1.2.1.9.0=1

best regards,
michael
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: acl.txt
Url: https://puck.nether.net/pipermail/foundry-nsp/attachments/20051115/f6fe7d76/acl.txt

Updating running config via tftp/snmp [ In reply to ]

Cliff at kodakgallery

Nov 16, 2005, 2:09 PM

Post #3 of 5 (1931 views)

Permalink

Well. I can reproduce the situation. I'm gonna open a support
ticket...

-----Original Message-----
From: Michael Renner [mailto:michael.renner@geizhals.at]
Sent: Tuesday, November 15, 2005 10:36 AM
To: Cliff Fogle
Cc: foundry-nsp at puck.nether.net
Subject: Re: [f-nsp] Updating running config via tftp/snmp

Cliff Fogle wrote:
> Just making sure...You have a 'no access-list <blah>' at the top and
the last line of the acl is 'end'?

I didn't have the "end" in there, tested it now but that doesn't work
either.

I attached a sample acl in case there's something in there which I just
missed.

The SNMP query should be correct too, this is the stuff that gets
sent/received:

We throw all the needed data (tftp-server-ip, filename, command) in a
packet:
19:23:39.983246 IP 1.2.3.136.49798 > 1.2.3.130.161: C=community
SetRequest(81) .1.3.6.1.4.1.1991.1.1.2.1.5.0=1.2.3.136
.1.3.6.1.4.1.1991.1.1.2.1.8.0="acl.txt" .1.3.6.1.4.1.1991.1.1.2.1.9.0=23

The foundry responds:
19:23:39.983796 IP 1.2.3.130.161 > 1.2.3.136.49798: C=community
GetResponse(81) .1.3.6.1.4.1.1991.1.1.2.1.5.0=1.2.3.136
.1.3.6.1.4.1.1991.1.1.2.1.8.0="acl.txt" .1.3.6.1.4.1.1991.1.1.2.1.9.0=23

The status code of the save command gets queried:
19:23:40.990643 IP 1.2.3.136.49798 > 1.2.3.130.161: C=community
GetRequest(31) .1.3.6.1.4.1.1991.1.1.2.1.9.0

And the foundry says that everything's fine:
19:23:40.991072 IP 1.2.3.130.161 > 1.2.3.136.49798: C=community
GetResponse(32) .1.3.6.1.4.1.1991.1.1.2.1.9.0=1

best regards,
michael

Updating running config via tftp/snmp [ In reply to ]

michael.renner at geizhals

Nov 16, 2005, 3:41 PM

Post #4 of 5 (1931 views)

Permalink

Cliff Fogle wrote:
> Well. I can reproduce the situation. I'm gonna open a support
> ticket...

Thank you very much! I mailed the foundry sales staff today that we'd
like a bronze support contract because of this (and because I lost my
source for software updates, but that's another story).

best regards,
michael

Updating running config via tftp/snmp [ In reply to ]

Cliff at kodakgallery

Nov 23, 2005, 12:03 PM

Post #5 of 5 (1943 views)

Permalink

Okay...here's the deal. This doesn't work in tons of different code
revs, seemingly across the hardware model spectrum. It works neither on
my FESX/FWSX nor my FastIron Jetcore boxen. 7.8.1 and up seems to fix
the issue on the FI Jetcore stuff. On the FESX, 2.1 and up work.

-----Original Message-----
From: Michael Renner [mailto:michael.renner@geizhals.at]
Sent: Wednesday, November 16, 2005 12:42 PM
To: Cliff Fogle
Cc: foundry-nsp at puck.nether.net
Subject: Re: [f-nsp] Updating running config via tftp/snmp

Cliff Fogle wrote:
> Well. I can reproduce the situation. I'm gonna open a support
> ticket...

Thank you very much! I mailed the foundry sales staff today that we'd
like a bronze support contract because of this (and because I lost my
source for software updates, but that's another story).

best regards,
michael