I have to go through all my SMs and change the SNMP setting from Read Only to Read/Write.
Does anyone know how to make a script to do this instead of having to go through each one myself?
If you have Prizm then
1. Go to the screen “Define Networks”, Select the subnet that all those SM will be accepted to, Enable (check) the option "Enforce Element Configuration (Overwrite Current Element Settings).
2. Accept those SMs for EMS management. Prizm will use those settings, such as SNMP community string, subnet accessing IPs and trap targets to overwrite the current settings on the radio, the new SNMP community string will be the write community for the radio.
However, there are two things you should be carefore:
1. The SNMP Account: use the default community “Canopy” or you can select a different one that must not be the same with the read only community of the radio (by default it is “Canopyro”).
2. The subnet accessing range will have a default value of the current computer that Prizm is on and every other ones are empty. It will put the radio only accessible from this computer only. If the radio should be accessible from other computer or on the different subnet then you can either wipe out the default value or fill up the other hosts IP to the rest of the values.
I can’t change SNMP settings within Prizm when the SM is already set to Read Only. That kind of defeats the purpose of having Read Only doesn’t it?
Yes, you can if you follow the instruction I gave. Oh, I forgot to mention that anyting configuration for the networ/subnet settings you change in the “Define Networks” screen must be saved by click the “Save Changes” button before it can take effect. That is the purpose of having Prizm as Management System. Only the user with admin permission of Prizm can do that.
I’ve tried following your directions but it still doesn’t work.
I’ve even called Motorola and they said there is no way to change from Read Only to Read/Write from Prizm. You have to log into the radio and change that first.
I’m sure some uberhax0r could write a script that does all of that via HTTP, but honestly if you’ve got “remote write access” disabled how do you expect a script to turn it on? LOL
(There doesn’t seem to be anything from the telnet interface either)
pcpolo wrote: I have to go through all my SMs and change the SNMP setting from Read Only to Read/Write.
Does anyone know how to make a script to do this instead of having to go through each one myself?
Are all the SMs running the same firmware, and what version? And do they all have the same password for http login?
If they're all the same then it's not too difficult to achieve. If firmware differs it gets ugly really fast.
j
Not all the SMs are on the same firmware but most are.
Most are on 9.3 and they all have the same password.
Do you have a linux box usable for this? I’ve got a pretty simple perl script that will connect to a single IP and change snmp-ro to snmp-rw for 9.x firmware. It depends on IO::Socket::INET.
I’m partware through altering it to run an nmap scan of a specified subnet and apply the change to all canopy devices it finds. (adds dependency on Nmap::Parser) I’d be happy to offer the script when finished, which should be by this weekend.
If you can run it in a linux console and pipe IPs to it one at a time it should run as it now stands, after just a little cleanup. (IE, ‘for IP in … do makewriteable.pl $IP;done’) Currently password is ‘hardcoded’ in the program itself. Eventual intention is to have it passed in along with IP or subnet on the commandline.
Basically it connects with http to the login.cgi page passing admin/password and gets a session ID, then connects to the SNMP settings page with that sessionID to get the snmpreadonly field name (strangely, it changes - for example I’ve just seen “311:SNMPReadOnly” and “900:SNMPReadOnly” on two 9.3 SMs in my testing) and finally connects to ‘himom.cgi’ with the appropriate change and sessionID. done.
j
At this point I’ve finally just gone through my SMs one at a time but I would be interested in playing with that script.
If you have nmap (at /usr/bin/nmap, or alter path in code) and perl module Nmap::Parser installed (either distro package, or “perl -MCPAN -e ‘install Nmap::Parser’”), try uncommenting the 12 commented-out code lines, and comment-out ‘makewriteable($ip);’ and ‘exit;’. You can then pass it any valid nmap address spec. (192.168.0-4.1-128 for example, as well as CIDR and other common notations) See ‘Target Specification’ in nmap manual for details.
As it stands it expects to be handed a single IP on the commandline, like “makewriteable.pl 10.11.12.1”, which allows it to be called repeatedly within a shell ‘for’ loop, etc. It should work with any 9.x firmware SMs.
Could be done more elegantly, but this suits the purpose just fine.
j
#!/usr/bin/perl
#
# change read-only to read/write SNMP on Canopy SMs running 9.x firmware
#
# Copyright 2009 Joel NewKirk
# jnewkirk@canmon.us
# subject to the MIT license as presented here: http://www.opensource.org/licenses/mit-license.php
$|=1;
my $debug=2;
use IO::Socket::INET;
#use Nmap::Parser;
#my $np = new Nmap::Parser;
my $ip=shift;
makewriteable($ip);
exit;
#my @scanblocks=($ip);
#$np->parsescan(’/usr/bin/nmap’,’-sP -PE -n -T5’,@scanblocks);
#for my $host ($np->all_hosts())
#{
# if ($host->status() eq ‘up’)
# {
# print “found something at “.$host->ipv4_addr.”'n” if ($debug>0);
# makewriteable($host->ipv4_addr);
# }
#}
sub makewriteable()
{
my $ip=shift;
my $host=$ip.":80";
my $EOL = “'015’012”;
print $ip . " " . $host . “'n”;
my $remote=IO::Socket::INET->new($host) or die “Failed to connect”;
$remote->autoflush(1);
print $remote “GET /login.cgi?CanopyUsername=admin&CanopyPassword=2121 HTTP/1.1”.$EOL;
print $remote ‘User-Agent: Mozilla/5.0’. $EOL;
print $remote $EOL;
print $remote $EOL;
while (<$remote>)
{
if (/Session=(.)’"/)
{
$sessid=$1;
print “session $sessid for $ip’n” if ($debug>1);
my $remote1=IO::Socket::INET->new($host) or die “Failed to connect”;
$remote1->autoflush(1);
print $remote1 “GET /main.cgi?catindex=1&pageindex=4&Session=$sessid HTTP/1.1”.$EOL;
print $remote1 ‘User-Agent: Mozilla/5.0’. $EOL;
print $remote1 $EOL;
print $remote1 $EOL;
while (<$remote1>)
{
if (/name=’’(.’:SNMPReadOnly)/)
{
$snmpro=$1;
print $snmpro . “'n” if ($debug>1);
my $remote2=IO::Socket::INET->new($host) or die “Failed to connect”;
$remote2->autoflush(1);
print $remote2 “GET /himom.cgi?ok=Save+Changes&”.$snmpro."=0&Session=$sessid HTTP/1.1".$EOL;
print $remote2 ‘User-Agent: Mozilla/5.0’. $EOL;
print $remote2 $EOL;
print $remote2 $EOL;
last;
}
}
last;
}
}
}
Thanks! I’ll try this out cause I’m sure there will be SMs I need to change still.
Woops, forgot that you need to change the ‘CanopyPassword’ in the “GET login.cgi…” line… (actually I forgot that I’d updated the script to pass the password on the commandline, and I pasted and described the wrong version… doh!)
Here’s the newer version that expects IP then PW on commandline (PW cannot contain spaces):
#!/usr/bin/perl
#
# change read-only to read/write SNMP on Canopy SMs running 9.x firmware
#
# Copyright 2009 Joel NewKirk
# jnewkirk@canmon.us
# subject to the MIT license as presented here: http://www.opensource.org/licenses/mit-license.php
$|=1;
my $debug=2;
use IO::Socket::INET;
#use Nmap::Parser;
#my $np = new Nmap::Parser;
my $ip=shift;
my $canpass=shift;
makewriteable($ip,$canpass);
exit;
#my @scanblocks=($ip);
#$np->parsescan(’/usr/bin/nmap’,’-sP -PE -n -T5’,@scanblocks);
#for my $host ($np->all_hosts())
#{
# if ($host->status() eq ‘up’)
# {
# print “found something at “.$host->ipv4_addr.”'n” if ($debug>0);
# makewriteable($host->ipv4_addr,$canpass);
# }
#}
sub makewriteable()
{
my ($ip,$canpass)=@_;
my $host=$ip.":80";
my $EOL = “'015’012”;
print $ip . " " . $host . “'n”;
my $remote=IO::Socket::INET->new($host) or die “Failed to connect”;
$remote->autoflush(1);
print $remote “GET /login.cgi?CanopyUsername=admin&CanopyPassword=”.$canpass." HTTP/1.1".$EOL;
print $remote ‘User-Agent: Mozilla/5.0’. $EOL;
print $remote $EOL;
print $remote $EOL;
while (<$remote>)
{
if (/Session=(.)’"/)
{
$sessid=$1;
print “session $sessid for $ip’n” if ($debug>1);
my $remote1=IO::Socket::INET->new($host) or die “Failed to connect”;
$remote1->autoflush(1);
print $remote1 “GET /main.cgi?catindex=1&pageindex=4&Session=$sessid HTTP/1.1”.$EOL;
print $remote1 ‘User-Agent: Mozilla/5.0’. $EOL;
print $remote1 $EOL;
print $remote1 $EOL;
while (<$remote1>)
{
if (/name=’’(.’:SNMPReadOnly)/)
{
$snmpro=$1;
print $snmpro . “'n” if ($debug>1);
my $remote2=IO::Socket::INET->new($host) or die “Failed to connect”;
$remote2->autoflush(1);
print $remote2 “GET /himom.cgi?ok=Save+Changes&”.$snmpro."=0&Session=$sessid HTTP/1.1".$EOL;
print $remote2 ‘User-Agent: Mozilla/5.0’. $EOL;
print $remote2 $EOL;
print $remote2 $EOL;
last;
}
}
last;
}
}
}
j
Very cool newkirk, you are clearly an uberhax0r
MIT licensing too 
I really hate to resurrect an old thread, but this is the closest thing I've found to do what I need to do. So yeah, I need to set write access on a couple hundred PMP100s... don't ask how we've been managing them so long with just the HTML interface. ;-)
Trying to run this script against a 13.4.1 unit and from a box with perl5 doesn't seem to go anywhere fast. Can anyone confirm that this will still work with the 13.4.1 code? Or if I'm just missing it, could someone point me to a newer version of this script?
Thanks,
R
Ok, I just answered my own question... the SetSNMPAccessibilty script in CNUT will set the configuration string to be read/write automatically. Just had to specifc the same string already being used.