Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1102
Views
0
Helpful
1
Replies

automation of local passwords and verification when tacacs+ is enabled

jenny conlan
Level 1
Level 1

‎07-23-2019 02:04 PM - edited ‎02-21-2020 09:42 PM

Here is a challenge:

I want to use a password automation program to change the local account password every 30 days without user intervention - completely automated. This account is only used if tacacs+ servers are unreachable.

The software that does this - connects to the device via ssh runs the commands and changes the username xxx password xxxx line BUT as part of the process it then tries to log in with that same local account and it fails due to tacacs+ (as designed).

 

I don't want to allow bot local & tacacs+ for console/vty access. 

 

Can I specify a particular vty line that is local only and add an acl to it for the software programe server IP only? 

 

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎07-23-2019 02:48 PM - edited ‎07-23-2019 02:49 PM

Sure all you requirement is possible, again depends how you implement and scripting is your choice.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Top