Using SNMP to Copy a New IOS Image

Using SNMP to Copy a New IOS Image

Problem

You want use SNMP to remotely upgrade a router's IOS.

Solution

Before you can upload or download the router's IOS image to a TFTP server, you have to set up a valid read-write SNMP community string:

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#snmp-server community ORARW rw
Router(config)#end

Then you can download a copy of your router's current IOS file to your TFTP server with the following Unix commands:

Freebsd% touch /tftpboot/c2600-jk9o3s-mz.122-7a.bin
Freebsd% chmod 666 /tftpboot/c2600-jk9o3s-mz.122-7a.bin
Freebsd% snmpset v1 -c ORARW Router .1.3.6.1.4.1.9.2.10.9.172.25.1.1 s c2600-jk9o3s-mz.122-7a.bin
enterprises.9.2.10.9.172.25.1.1 = "c2600-jk9o3s-mz.122-7a.bin"
Freebsd%

Use the following commands to upload an IOS file from your TFTP server to the router's flash memory:

Freebsd% chmod 666 /tftpboot/c2600-jk9o3s-mz.122-7a.bin
Freebsd% snmpset v1 -c ORARW Router .1.3.6.1.4.1.9.2.10.6.0 i 1
enterprises.9.2.10.6.0 = 1
Freebsd% snmpset v1 -c ORARW Router.1.3.6.1.4.1.9.2.10.12.172.25.1.1 s c2600-jk9o3s-mz.122-7a.bin
enterprises.9.2.10.12.172.25.1.1 = "c2600-jk9o3s-mz.122-7a.bin"
Freebsd%

Discussion

The first example demonstrates how to use SNMP to force a router to download its IOS file to a TFTP server. Most TFTP servers will not accept an incoming transfer unless the destination file is world writable. On Unix computers, the touch command creates a file, and the chmod command gives it the proper file attributes.

This snmpset command instructs the router to use TFTP to copy its IOS file to a particular file on the specified server:

Freebsd% snmpset v1 -c ORARW Router .1.3.6.1.4.1.9.2.10.9.172.25.1.1 s c2600-jk9o3s-mz.122-7a.bin

In this case, Router is the router's name or IP address, and we use ORARW for the read-write SNMP community string. The OID value of the Cisco MIB variable that instructs the router to transfer its IOS image is .1.3.6.1.4.1.9.2.10.9. You concatenate the server's IP address, which is 172.25.1.1 in this example, to the end of the OID value. The last argument, c2600-jk9o3s-mz.122-7a.bin, is the name of the file as it will appear on the TFTP server.

This command is useful because it allows you to easily build a central library of all running IOS versions on your network. Then, if you have problems with a router and need to replace it, you can easily make sure that the new device is running the same IOS version as the old one. It is also useful if you discover that a particular IOS version behaves better, and you want to copy that version into other routers.

The second example shows how to use SNMP to start a TFTP upload of a new IOS version. This is useful because it makes it easy to build a script to automate changing the IOS versions on a large number of similar routers. You should be careful when doing this, however. It is safe to copy a new IOS image into the router's flash memory on most Cisco routers. The router will continue running the old version until it reboots. So a good procedure for doing a large number of upgrades like this would be to run a script to copy the new images to the routers, and then you should check each router to ensure that the upload completed successfully before rebooting.

The method shown for uploading a new IOS file to a router is similar to the method for downloading an IOS file. The one important difference is the step that erases the flash before the uploading commences. In our example, the first snmpset command erases the flash:

Freebsd% snmpset v1 -c ORARW Router .1.3.6.1.4.1.9.2.10.6.0 i 1
enterprises.9.2.10.6.0 = 1

This step is only necessary if there is not enough flash space available to load the new IOS file. Then the second command actually copies the image into the router's flash memory:

Freebsd% snmpset v1 -c ORARW Router.1.3.6.1.4.1.9.2.10.12.172.25.1.1 s c2600-jk9o3s-mz.122-7a.bin

Note that some types of Cisco routers do not support this method for uploading IOS images. In particular, Cisco 2500 series routers actually run directly from the IOS image in flash instead of copying an image of the IOS into processor memory at boot time. Changing the IOS version in flash would cause serious problems, so the router will not allow you to do it.

See Also