Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Nexus 5600 Automated Backup with EEM (EEM command authorization)

Hello,

we are about to deploy some NEXUS 5600 (7.3(0)N1(1)) switches in our detacenter and I am trying to implement automatic configuration backup. On Catalyst we are using kron and archive commands to upload config to ftp server. Now I am trying to achieve the same with EEM.

event manager applet DailySave
event timer cron cron-entry "15 3 * * *"
action 1.0 cli command "copy running-config startup-config"

event manager applet FTPBackup
event cli match "copy running-config startup-config"
action 0.3 syslog msg "Backup started."
action 0.5 cli command "enable"
action 1.0 cli command "copy running-config ftp://user:password@ourserver.com/path/$(SWITCHNAME)_$(TIMESTAMP) vrf default"
action 1.6 syslog msg "Backup ended."
action 2.0 event-default

event manager applet TEST
event cli match "show ip interface brief"
action 1.0 puts "Script begin."
action 1.8 cli command "enable"
action 2.0 cli command "show logging last 5"
action 9.0 puts "Script end."
action 9.9 event-default

The copy command works perfectly fine as long as it is executed interactively from the CLI. The EEM puts actions in the TEST applet work perfectly fine as well. What does not work however are any of the cli actions.

We are using AAA/TACACS+ to do the full AAA. This brings me to the idea that the command authorization does not work correctly. There apparently were ways in Catalyst IOS how to get around this, but these do not seem to be available in NX-OS. Or I just can't find them. 

One thing to mention is that in the ACS log I am not seeing any authentication/authorization attempts.

I would welcome any suggestions how to execute the cli commands, thanks.

AAA config for reference:

aaa authentication login default group ACS_Cluster local 
aaa authentication login console group ACS_Cluster local
aaa authorization config-commands default group ACS_Cluster local
aaa authorization commands default group ACS_Cluster local
aaa authorization config-commands console group ACS_Cluster local
aaa authorization commands console group ACS_Cluster local
aaa accounting default group ACS_Cluster local

Thanks, 

Marek

1 REPLY
VIP Purple

This works for me , im just

This works for me , im just backing up to flash twice a day , as I have Prime taking configs to an NFS share aswell , the OID is for Nexus found it online on another forum , timer set to 43200 , so it backs up every 12 hours

event manager applet NX-OS_Configuration_Backup
  event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.6.1 get-type exact entry-op le entry-val 12345 poll-interval 43200
  action 1.0 cli command enable
  action 2.0 cli copy run bootflash:NX-OS_Latest_Running_Config_Backup
  action 3.0 syslog priority notifications msg Running_Config_Backup_Complete

54
Views
0
Helpful
1
Replies