Using SNMP to Perform Mass Configuration Changes

Problem

You want to automate the distribution of a set of configuration commands to a large number of routers.

Solution

The following Perl script will distribute configuration commands to a large number of routers. It works by using SNMP to trigger TFTP file transfers into the routers. In effect, this script lets you automatically distribute a series configuration commands to a list of routers. Automating routine changes like this saves time and effort, but more importantly, it virtually eliminates typographical mistakes.

Here's some example output:

Freebsd% ./snmpcfg.pl =================================== toronto - Update Successful toronto - Wr Mem Successful =================================== boston - Update Successful boston - Wr Mem Successful =================================== denver - Update Successful denver - Wr Mem Successful =================================== newyork - Update Successful newyork - Wr Mem Successful =================================== detroit - Update Failed =================================== chicago - Update Successful chicago - Wr Mem Successful =================================== sanfran - Update Successful sanfran - Wr Mem Successful =================================== seattle - Update Successful seattle - Wr Mem Successful =================================== Freebsd%

The Perl code follows in Example 17-3.

Example 17-3. snmpcfg.pl

#!/usr/bin/perl -w # # snmpcfg.pl -- a script to perform mass configuration changes to # a list of routers using SNMP. # # # Set behavior $workingdir="/home/nms"; $snmprw="ORARW"; $tftpsrv="172.25.1.1"; # # $rtrlist="$workingdir/RTR_LIST"; open (RTR, "$rtrlist") || die "Can't open $rtrlist file"; open (LOG, ">$workingdir/RESULT") || die "Can't open $workingdir/RESULT file"; # while () { chomp($rtr="$_"); print LOG "=================================== "; print "=================================== "; $snmpset="/usr/local/bin/snmpset -t 20 -r 2 v1 c $snmprw $rtr "; chomp($result=Q$snmpset .1.3.6.1.4.1.9.2.1.50.$tftpsrv s SNMPCFGQ); if ($result=~/.+ = "(.+)"$/ ) { if( $1 eq SNMPCFG ) { print LOG "$rtr - Update Successful "; print "$rtr - Update Successful "; chomp($result=Q$snmpset .1.3.6.1.4.1.9.2.1.54.0 i 1Q); if ($result=~/.+ = (.+)$/ ) { if( $1 == 1 ) { print LOG "$rtr - Wr Mem Successful "; print "$rtr - Wr Mem Successful "; } else { print LOG "$rtr - Wr Mem Failed "; print "$rtr - Wr Mem Failed "; } } else { print LOG "$rtr - Wr Mem Failed "; print "$rtr - Wr Mem Failed "; } } else { print LOG "$rtr - Update Failed "; print "$rtr - Update Failed "; } } else { print LOG "$rtr - Update Failed "; print "$rtr - Update Failed "; } }

Discussion

This script distributes a set of configuration commands to a list of routers using SNMP to trigger TFTP transfers, as we did manually in Recipe 17.9. The script goes through a list of routers in sequence, performing an snmpset command on each one to force the router to upload a pre-defined configuration file. If the file transfer completes successfully, then the script will issue another snmpset command that permanently saves the running configuration file to NVRAM. The script displays a status report to the terminal screen and sends the same messages to a flat log file.

This script requires the NET-SNMP toolset. The script looks for the executable snmpset in the default location, /usr/local/bin. If your system has snmpset in another location, then you have to change the variable $snmpset.

Before running the script, change the variable $workingdir to point to the directory where the script resides. Also set the variable $snmprw to your organization's SNMP read-write community string. This script will not work with a read-only community string. And you will need to set the value of $tftpsrv to the IP address of the TFTP server where the configuration file resides.

The script expects to find the router list located in the working directory in a file called RTR_LIST. This file should have a single router name per line. You can change the default name and location of this file by modifying the variable $rtrlist.

By default, the script will copy the configuration file SNMPCFG residing in the /tftpboot directory to every router in the list. The configuration file must be world readable. This file should include a list of Cisco configuration commands as you would type them from a command prompt on the router. We recommended inserting the keyword end at the end of the configuration file to prevent spurious error messages. If you want to change the filename, you will need to change both occurrences of the default filename SNMPCFG to the name of the new file.

The script creates a status report in a file called RESULT in the working directory. The script will automatically create this file the first time you execute it and will clear its contents each time the script is run. The status file allows you to run the script unattended and check for failures later. The easiest way to check for failures is to use the Unix grep utility to search the status report file for the keyword Fail.

See Also

Recipe 17.2; Recipe 17.6; Recipe 17.8; Recipe 17.9; Appendix A

Категории