Buy or Renew
Buy or Renew
Welcome to the new Cisco Community. LEARN MORE about the updates and what is coming.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
774
Views
0
Helpful
1
Replies

automation of local passwords and verification when tacacs+ is enabled

jenny conlan
Beginner
Beginner

‎07-23-2019 02:04 PM - edited ‎02-21-2020 09:42 PM

Here is a challenge:

I want to use a password automation program to change the local account password every 30 days without user intervention - completely automated. This account is only used if tacacs+ servers are unreachable.

The software that does this - connects to the device via ssh runs the commands and changes the username xxx password xxxx line BUT as part of the process it then tries to log in with that same local account and it fails due to tacacs+ (as designed).

 

I don't want to allow bot local & tacacs+ for console/vty access. 

 

Can I specify a particular vty line that is local only and add an acl to it for the software programe server IP only? 

 

Labels:
0 Helpful
1 Reply 1

balaji.bandi
VIP Guru VIP Guru
VIP Guru

‎07-23-2019 02:48 PM - edited ‎07-23-2019 02:49 PM

Sure all you requirement is possible, again depends how you implement and scripting is your choice.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents