cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
774
Views
0
Helpful
1
Replies

automation of local passwords and verification when tacacs+ is enabled

jenny conlan
Beginner
Beginner

Here is a challenge:

I want to use a password automation program to change the local account password every 30 days without user intervention - completely automated. This account is only used if tacacs+ servers are unreachable.

The software that does this - connects to the device via ssh runs the commands and changes the username xxx password xxxx line BUT as part of the process it then tries to log in with that same local account and it fails due to tacacs+ (as designed).

 

I don't want to allow bot local & tacacs+ for console/vty access. 

 

Can I specify a particular vty line that is local only and add an acl to it for the software programe server IP only? 

 

1 Reply 1

balaji.bandi
VIP Guru VIP Guru
VIP Guru

Sure all you requirement is possible, again depends how you implement and scripting is your choice.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers