I want to use a password automation program to change the local account password every 30 days without user intervention - completely automated. This account is only used if tacacs+ servers are unreachable.
The software that does this - connects to the device via ssh runs the commands and changes the username xxx password xxxx line BUT as part of the process it then tries to log in with that same local account and it fails due to tacacs+ (as designed).
I don't want to allow bot local & tacacs+ for console/vty access.
Can I specify a particular vty line that is local only and add an acl to it for the software programe server IP only?