Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2787
Views
0
Helpful
2
Replies

Nexus 5600 Automated Backup with EEM (EEM command authorization)

marek.petko
Level 1
Level 1

‎03-03-2017 02:32 AM

Hello,

we are about to deploy some NEXUS 5600 (7.3(0)N1(1)) switches in our detacenter and I am trying to implement automatic configuration backup. On Catalyst we are using kron and archive commands to upload config to ftp server. Now I am trying to achieve the same with EEM.

event manager applet DailySave
 event timer cron cron-entry "15 3 * * *"
 action 1.0 cli command "copy running-config startup-config" 

event manager applet FTPBackup
 event cli match "copy running-config startup-config"
 action 0.3 syslog msg "Backup started."
 action 0.5 cli command "enable" 
 action 1.0 cli command "copy running-config ftp://user:password@ourserver.com/path/$(SWITCHNAME)_$(TIMESTAMP) vrf default" 
 action 1.6 syslog msg "Backup ended."
 action 2.0 event-default

event manager applet TEST
 event cli match "show ip interface brief"
 action 1.0 puts "Script begin."
 action 1.8 cli command "enable" 
 action 2.0 cli command "show logging last 5" 
 action 9.0 puts "Script end."
 action 9.9 event-default

The copy command works perfectly fine as long as it is executed interactively from the CLI. The EEM puts actions in the TEST applet work perfectly fine as well. What does not work however are any of the cli actions.

We are using AAA/TACACS+ to do the full AAA. This brings me to the idea that the command authorization does not work correctly. There apparently were ways in Catalyst IOS how to get around this, but these do not seem to be available in NX-OS. Or I just can't find them. 

One thing to mention is that in the ACS log I am not seeing any authentication/authorization attempts.

I would welcome any suggestions how to execute the cli commands, thanks.

AAA config for reference:

aaa authentication login default group ACS_Cluster local 
aaa authentication login console group ACS_Cluster local 
aaa authorization config-commands default group ACS_Cluster local 
aaa authorization commands default group ACS_Cluster local 
aaa authorization config-commands console group ACS_Cluster local 
aaa authorization commands console group ACS_Cluster local 
aaa accounting default group ACS_Cluster local

Thanks, 

Marek

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Mark Malone
VIP Alumni
VIP Alumni

‎03-21-2017 08:14 AM

This works for me , im just backing up to flash twice a day , as I have Prime taking configs to an NFS share aswell , the OID is for Nexus found it online on another forum , timer set to 43200 , so it backs up every 12 hours

event manager applet NX-OS_Configuration_Backup
  event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.6.1 get-type exact entry-op le entry-val 12345 poll-interval 43200
  action 1.0 cli command enable
  action 2.0 cli copy run bootflash:NX-OS_Latest_Running_Config_Backup
  action 3.0 syslog priority notifications msg Running_Config_Backup_Complete

0 Helpful

charlesp
Level 1
Level 1

‎01-25-2018 02:36 PM

I have a similar problem. Did you find a solution?

0 Helpful
Customers Also Viewed These Support Documents