automation of local passwords and verification when tacacs+ is enabled
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-23-2019 02:04 PM - edited 02-21-2020 09:42 PM
Here is a challenge:
I want to use a password automation program to change the local account password every 30 days without user intervention - completely automated. This account is only used if tacacs+ servers are unreachable.
The software that does this - connects to the device via ssh runs the commands and changes the username xxx password xxxx line BUT as part of the process it then tries to log in with that same local account and it fails due to tacacs+ (as designed).
I don't want to allow bot local & tacacs+ for console/vty access.
Can I specify a particular vty line that is local only and add an acl to it for the software programe server IP only?
- Labels:
-
Other VPN Topics
-
VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-23-2019 02:48 PM - edited 07-23-2019 02:49 PM
Sure all you requirement is possible, again depends how you implement and scripting is your choice.
