Cisco::CopyConfig - IOS running-config manipulation
use Cisco::CopyConfig ();
see METHODS section below
Cisco::CopyConfig provides methods for manipulating the running-config of devices running IOS via SNMP directed TFTP. This module is essentially a wrapper for Net::SNMP and the CISCO-CONFIG-COPY-MIB-V1SMI.my MIB schema.
A read-write SNMP community needs to be defined on each device, which allows the setting of parameters to copy or merge a running-config. Below is an example configuration that attempts to restrict read-write access to only the 10.0.1.3 host (a less guessable community than 'public' would be wise):
access-list 10 permit host 10.0.1.3 access-list 10 deny any ! snmp-server tftp-server-list 10 snmp-server view backup ciscoMgmt.96.1.1.1.1 included snmp-server community public view backup RW 10 end
Create a new Cisco::CopyConfig object.
$config = Cisco::CopyConfig->new( Host => $ios_device_hostname, Comm => $community_string, [ Tmout => $snmp_timeout_in_seconds, ] [ Retry => $snmp_retries_on_failure, ] );
Copy the running-config to a file via TFTP:
$config->copy($tftp_address, $tftp_file);
Merge a configuration file into the running-config via TFTP:
$config->merge($tftp_address, $tftp_file);
Return the last error message, if any. This is a convenience method that simply returns the value of $config->{'err'}:
$config->error();
Using 10.0.1.3 as a TFTP server, the following example merges a configuration file into the running-config of lab-router-a, and then copies the entire config of lab-router-a to a file:
use Cisco::CopyConfig; $| = 1; # autoflush output $tftp = '10.0.1.3'; $merge_f = 'new-config.upload'; $copy_f = 'lab-router-a.config'; $host = 'lab-router-a'; $comm = 'public'; $config = Cisco::CopyConfig->new( Host => $host, Comm => $comm ); $path = "/tftpboot/${copy_f}"; open(COPY_FH, "> $path") || die $!; close(COPY_FH); chmod 0666, $path || die $!; print "${tftp}:${merge_f} -> ${host}:running-config... "; if ($config->merge($tftp, $merge_f)) { # merge the new config print "OK\n"; } else { die $config->error(); } print "${host}:running-config -> ${tftp}:${copy_f}... "; if ($config->copy($tftp, $copy_f)) { # copy the updated config print "OK\n"; } else { die $config->error(); } ---->8---- new-config.upload file ---->8---- alias exec example_ccout copy running-config tftp alias exec example_ccin copy tftp running-config ! configuration uploads need an 'end' statement end
Manipulating the running-configuration of a device running IOS can be a frustrating experience. Checking the status of $config->error() is a good starting point to debugging the problem. Here's a short list of other things to try before giving up:
Most TFTP servers will not automatically create files. Scripts should create files that will be read from or copied to, and set the appropriate permissions (usually global).
Most TFTP servers change directories (usually to '/tftpboot') for security reasons. If it does, make sure not to prepend the TFTP directory in the file path passed to Cisco::CopyConfig.
Try manually copying files to and from the TFTP server to flash. This is accomplished via the "copy" command in IOS (copy ? for help). If the files are able to be copied in each direction, it is probably a problem with the SNMP configuration. It could also indicate a file path issue. See above.
Make sure the community string in the script and the IOS device match and that it is a read/write (RW) community. See PREPERATION above for an example of how to set a read/write community with reasonable restrictions.
This module requires the Net::SNMP and Socket modules.
Local file creation and permissions checking are not performed, as TFTP file destinations can be somewhere other than the local system.
Only SNMP v1 and v2 are currently supported in this module. SNMP v3 is on the TODO list.
Aaron Scarisbrick <aaronsca@cpan.org>
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
To install Cisco::CopyConfig, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Cisco::CopyConfig
CPAN shell
perl -MCPAN -e shell install Cisco::CopyConfig
For more information on module installation, please visit the detailed CPAN module installation guide.