Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
831
Views
0
Helpful
2
Replies

Nexus Switch Backup Config with less privilege

Go to solution
Gustav Klein
Level 1
Level 1

‎12-18-2018 12:24 AM - edited ‎03-08-2019 04:50 PM

Hello Community,

 

were having a mixed Core Infrastructure with some Cisco Switches and 2 ASA 5585x.

Besides that we have a Syslog and Backup Linux Server running.

 

So Our Goal is to get the running-config over tftp to our Syslog Server, but we dont want to use a Privilge 15 User for that because the Password is set in Plain Text on this Linux Server and this is an Security Issue.

i did get it to Work with our WS-C3560X-48 Switches, therfore i did use the folowing Commands:

 

#username configbackup privilege 7 password 7 *********

#privilege exec level 7 copy running-config

 

With these Steps this User can Copy the Running Config from the Core Devices with only needed Priviliges.

 

 

Now the Porblem is that we have some Cisco Nexus Switches, here the above Commands wont work!

Nexus 5010

Nexus 5548

 

i did try 

username configbackup password 5 **************** role priv-7

 

but i cant set permissions only to do copy running-config to tftp Server.

 

Maybe sombody can help me out here.

 

Thank you verry Much

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Simon Darlington
Level 1
Level 1

‎12-18-2018 12:37 AM - edited ‎12-18-2018 12:51 AM

Hi Gustav

RBAC (role based access control) on Nexus should meet your requirements. One solution would be to create a user with command rules to allow execution only of your required commands.

 

Please see this link for more details:

 

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/system_management/502_n1_1/b_Cisco_n5k_system_mgmt_cg_rel_502_n1_1/Cisco_n5k_system_mgmt_cg_rel_502_n1_1_chapter6.pdf

 

Hope this helps. Please rate if it does.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Simon Darlington
Level 1
Level 1

‎12-18-2018 12:37 AM - edited ‎12-18-2018 12:51 AM

Hi Gustav

RBAC (role based access control) on Nexus should meet your requirements. One solution would be to create a user with command rules to allow execution only of your required commands.

 

Please see this link for more details:

 

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/system_management/502_n1_1/b_Cisco_n5k_system_mgmt_cg_rel_502_n1_1/Cisco_n5k_system_mgmt_cg_rel_502_n1_1_chapter6.pdf

 

Hope this helps. Please rate if it does.

0 Helpful

Go to solution
Gustav Klein
Level 1
Level 1
In response to Simon Darlington

‎01-21-2019 07:28 AM

Ty Verry Much, indeed it was exaclty what i was looking for.

Kind regards Gustav
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card