Cisco MDS Scheduler with AAA

Posted on by

This is probably very old news but it’s here more for my reference than anything else. A little while ago we introduced 2 new MDS 9513 switches into our core and needed to setup a simple scheduled backup task to copy the configs to a tftp server daily. For some reason I wasn’t able to create the job in the scheduler when I was logged in as a user that had authenticated against AAA. MDS9513(config)# scheduler enable MDS9513(config)# scheduler job name backup_config Error: AAA authentication password not configured (for logged in user) I may have the reason behind this arse-backwards, but it seems like I’ve probably never been able to do this. I think what I’ve been doing is setting up the configs on the switches and then adding them to ACS. I could be wrong about that too, but I’m really just interested in workarounds, not understanding the problem.

For some information on using the scheduler with a AAA user, have a look at this link on Cisco’s website.  So here’s how to give the AAA user privileges to configure scheduled tasks.

login as: username
User Access Verification
Using keyboard-interactive authentication.
Password:

Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2009, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php

MDS9513# conf t
Enter configuration commands, one per line. End with CNTL/Z.
MDS9513(config)# scheduler enable
MDS9513(config)# scheduler aaa-authentication user username password password
MDS9513(config)# scheduler job name backup_config
MDS9513(config-job)# copy running-config startup-config
MDS9513(config-job)# copy startup-config tftp://tftphost/Backup/MDS9513_cfg_$(TIMESTAMP).txt
MDS9513(config-job)# end
MDS9513# show scheduler job name backup_config

Job Name: backup_config
-----------------------
copy running-config startup-config
copy startup-config tftp://tftphost/Backup/MDS9513_cfg_$(TIMESTAMP).txt
==============================================================================
 

The problem with this is that you might prefer to use a service account to get this done. But perhaps you’re lazy and can’t be bothered asking for a service account. So if you’ve used your admin account you might want to remove it. Note that this *shouldn’t* have an impact on your scheduler configuration.

MDS9513# conf t
Enter configuration commands, one per line. End with CNTL/Z.
MDS9513(config)# no scheduler aaa-authentication username username password password
MDS9513(config)# end
MDS9513# show running-config | include "scheduler aaa-authentication"
MDS9513# show scheduler job name backup_config
Job Name: backup_config
-----------------------
copy running-config startup-config
copy startup-config tftp://tftphost/Backup/MDS9513_cfg_$(TIMESTAMP).txt
==============================================================================

MDS9513#