Send Cisco commands via SNMP

In the article “How to save configurations using SNMP“, I have explained how to get the Cisco configuration using SNMP. Now, I explain how to send commands via SNMP using the “ciscoConfigCopyMIB” MIB;  with this MIB, you can replace running/startup configuration, send commands, save the “show” output or reload the device.

OK, let’s start :)

First of all, check if your PC/Server has the SNMP suite; if not, install the net-snmp software (http://net-snmp.sourceforge.net/).

Then open a terminal on your pc and use these commands:

snmpset -c [snmp-community-string] -v 2c [ip-device][Random number] i 1
snmpset -c [snmp-community-string] -v 2c [ip-device][Random number] i 1
snmpset -c [snmp-community-string] -v 2c [ip-device][Random number] i 4
snmpset -c [snmp-community-string] -v 2c [ip-device][Random number] a [ip-tftp-server]
snmpset -c [snmp-community-string] -v 2c [ip-device][Random number] s [file-name]
snmpset -c [snmp-community-string] -v 2c [ip-device][Random number] i 1


  • snmp-community-string is the community key of your Cisco device; remember that the community must have write rights.
  • ip-device is the ip address of your Cisco device.
  • ip-tftp-server is the ip address of your tftp server.
  • file-name is the file that contains the commands to be executed to your Cisco device.

But what is the meaning of the last part of each command? See you below an explanation: i 1

ccCopyProtocol: The protocol file transfer protocol that should be used to copy the configuration file over the network. If the config file transfer is to occur locally on the SNMP agent, the method of transfer is left up to the implementation, and is not restricted to the protocols below. The object can be (in this case I choise the tftp):

  • tftp
  • ftp
  • rcp
  • scp
  • sftp i 1

ccCopySourceFileType: Specifies the type of file to copy from. The object can be:

  • networkFile
  • iosFile
  • startupConfig
  • runningConfig
  • terminal
  • fabricStartupConfig i 4

ccCopyDestFileType: specifies the type of file to copy to. The object can be:

  • networkFile
  • iosFile
  • startupConfig
  • runningConfig
  • terminal
  • fabricStartupConfig a

ccCopyServerAddress: The IP address of the TFTP server to copy the configuration file. In this case the tftp server is


snmpset -c c1sc0zine -v 2c s ciscozine.txt

ccCopyFileName: The file name (including the path, if applicable) of the file. i 1

ccCopyEntryRowStatus: The status of this table entry. Once the entry status is set to active, the associated entry cannot be modified until the request completes (ccCopyState transitions to ‘successful’ or ‘failed’ state). The object can be:

  • active
  • notInService
  • notReady
  • createAndGo
  • createAndWait
  • destroy


Remember: The command syntax are the same on linux or windows PCs.


Suppose that you want overwrite the running configuration from a configuration saved in a text file (like a “copy tftp: running-config”).

The client sends the “snmp set” commands to the router, then the router overwrites the running configuration with the “ciscozine.txt”, downloaded from the tftp server.

The first five commands define the the SNMP characteristics:


snmpset -c c1sc0zine -v 2c i 1
snmpset -c c1sc0zine -v 2c i 1
snmpset -c c1sc0zine -v 2c i 4
snmpset -c c1sc0zine -v 2c a
snmpset -c c1sc0zine -v 2c s ciscozine.txt

The last command submit the snmpset commands:


snmpset -c c1sc0zine -v 2c i 1

After the last command, the router displays this message:

%SYS-5-CONFIG_I: Configured from tftp:// by console

Remember: the “ciscozine.txt” can contain a startup-configuration or a single command; in fact, if you would ONLY create a loopback interface, create a ciscozine.txt file like that:

conf t
  interface loopback1
  ip address 2552.55.255.255

After the snmpset commands, the device will create the loopback1 interface!

Another good tip, it is to use the snmpset commands to save some show output. How? Suppose you want to save the “show interfaces” into the “show.txt” file via tftp;  create a “ciscozine.txt” like that and execute the snmpset:

conf t
 do show interf | redirect tftp://

And.. Is it possible reload a device using SNMP? Sure! First of all, enable the router/switch to do it (remember it is dangerous…):

snmp-server system-shutdown

Then use only this command (the previous snmpset are not required):

snmpset snmpset -c [snmp-community-string] -v 2c [ip-device]  . i 2

Where [ip-device] is the ip address of the device that you want reload; the [snmp-community-string] is the snmp-server community (must be R/W).

Note: If you don’t configure the “snmp-server system-shutdown”, the device shows this message:

%SYS-4-RELOAD_ATTEMPT: Attempt via SNMP failed, system shutdown not configured


  • Each time you copy to or from a device using SNMP, choose a random number. This number creates a row instance. It must be the same everywhere in your command. Once you use a specific number, it can not be used again before it times out. The timeout is five minutes. If you use the same number within the five minutes, you get an error (SNMP: Inconsistent value.)
  • You must upload complete configurations when you use the snmpset command. Partial configurations erase what is currently stored in non-volatile RAM (NVRAM). This is only needed for startup configurations. When you run a configuration copy it merges the contents.
Send Cisco command via SNMP
Article Name
Send Cisco command via SNMP
A good tutorial that explains in deph how it is simple send commands to your Cisco router/switch via SNMP. With this feature it is possible configure the device or reload it (it is dangerous)!
  • Cody Hartley

    I hadn’t seen any snmp guides using snmpv3 and scp as transport protocol. For those looking to implement, here is what worked for me.

    As with the other snmp config copy guides you will need to download the respective MIBS and load them in the snmp.conf file.

    This post will specifically cover the snmpset commands for a v3 setup.

    SNMP Environment:

    Name : net-snmp
    Version : 5.7.2
    Release : 17.fc20

    snmp conf file in ~/.snmp/snmp.conf


    defSecurityName XXX <- replace with v3 username
    defContext ""
    defAuthType SHA
    defPrivType AES
    defSecurityLevel authPriv
    defAuthPassphrase ***** <-replace with authentication pass
    defPrivPassphrase ***** /dev/null shown in the script or at the cli below redirects STDERR to null to avoid the MIB modules parsing errors.

    DATE=$(date +”%m_%d_%y”)

    snmpset $DEVICE ccCopyProtocol.$RANNUM i 4 ccCopySourceFileType.$RANNUM i 4 ccCopyDestFileType.$RANNUM i 1 ccCopyServerAddress.$RANNUM a “$SERVER” ccCopyFileName.$RANNUM s “$DEVICE.$DATE” ccCopyUserName.$RANNUM s $USER ccCopyUserPassword.$RANNUM s $PASS ccCopyEntryRowStatus.$RANNUM i 4 2>/dev/null

    Once run you can check the status of the copy with the following command.

    [root@localhost hlsb]# snmpwalk sbs-tech-switch ciscoConfigCopyMIB 2>/dev/null
    CISCO-CONFIG-COPY-MIB::ccCopyProtocol.42 = INTEGER: scp(4)
    CISCO-CONFIG-COPY-MIB::ccCopySourceFileType.42 = INTEGER: runningConfig(4)
    CISCO-CONFIG-COPY-MIB::ccCopyDestFileType.42 = INTEGER: networkFile(1)
    CISCO-CONFIG-COPY-MIB::ccCopyServerAddress.42 = IpAddress:
    CISCO-CONFIG-COPY-MIB::ccCopyFileName.42 = STRING: sbs-tech-switch.07_09_14
    CISCO-CONFIG-COPY-MIB::ccCopyUserPassword.42 = STRING: XXXX
    CISCO-CONFIG-COPY-MIB::ccCopyNotificationOnCompletion.42 = INTEGER: false(2)
    CISCO-CONFIG-COPY-MIB::ccCopyState.42 = INTEGER: successful(3)
    CISCO-CONFIG-COPY-MIB::ccCopyTimeStarted.42 = Timeticks: (52270199) 6 days, 1:11:41.99
    CISCO-CONFIG-COPY-MIB::ccCopyTimeCompleted.42 = Timeticks: (52270339) 6 days, 1:11:43.39
    CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus.42 = INTEGER: active(1)
    CISCO-CONFIG-COPY-MIB::ccCopyServerAddressType.42 = INTEGER: ipv4(1)
    CISCO-CONFIG-COPY-MIB::ccCopyServerAddressRev1.42 = STRING: “”

    After the successful copy completes the entry will exist for five minutes allowing for no further requests to be made with that particular random number. To send another request prior to the five minute clearing of the table send a “destroy” snmpset to clear the entry.

    [root@localhost hlse]# snmpset sbs-tech-switch CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus.42 i 6 2>/dev/null
    CISCO-CONFIG-COPY-MIB::ccCopyEntryRowStatus.42 = INTEGER: destroy(6)

    Hope this will save some time for those looking to implement a more secure snmp config copy setup.


    Cody Hartley

  • Thanks!

  • Josh

    Say, is there any way to combine the | redirect and the | format? I’d love to redirect the output as xml.

  • I’ve tried the redirect command but I checked that the result depends by IOS version.. So try and check :)

  • Falove

    Thanks for great tutorial! Could you please post a guide of how to use “ping” command with SNMP and save to a tftp file?

  • Falove

    Yes, I have read that tutorial but I can’t get it work. Not sure why it didn’w work.

    snmpset -c test -v 2c . integer 6
    snmpset -c test -v 2c . integer 5
    snmpset -c test -v 2c . octetstring any_name
    snmpset -c test -v 2c . integer 1
    snmpset -c test -v 2c . octetstringhex “AC 10 AA A2”
    snmpset -c test -v 2c .
    snmpset -c test -v 2c . integer 1
    snmpwalk -c test -v 2c .
    snmpset -c test -v 2c a
    snmpset -c test -v 2c s ping-test.txt
    snmpset -c test -v 2c . integer 6

  • Rodrigo

    Works like a charm. Thanks!

  • Roger Da Luz

    nice tutorial

  • Gassi

    nice tutorial

    so there is another securtity problem:
    you dont need to set “snmp-server system-shutdown”

    only use a text file with the reload cmd to the device with this content to runn ing config:

    do reload

    first y: answer for saving the changed config (you are in config mode)
    second y: to commit the reload

  • Samuel Bauer

    Thank you very much for the tutorial!
    You also used the command “snmp-server system-shutdown” for a system shutdown. Do you know where can I get the possible commands? I want to turn of radio (wireless lan) on my RV340W which has no telnet / SSH access.
    THANK YOU :)

  • You need to search the OID supported by your device!

  • Is your group able to write?

    When you specify the snmp group you can specify a read view for that group:

    Ciscozine(config)#snmp-server group READONLY v3 priv ?
    access specify an access-list associated with this group
    context specify a context to associate these views for the group
    match context name match criteria
    notify specify a notify view for the group
    read specify a read view for the group
    write specify a write view for the group

  • Trond Skogland

    Thank you so much for your reply, Fabio. I missed the write view, when adding it everything worked fine.

    Thanks again,