TACACS+ authentication provides control of authentication through login and password.
who a user is
whether to allow the user access to the NAS
Important
Prompts for log on and password occur prior to the authentication process. If TACACS+ fails because no valid servers exist, the device uses the user name and password from the local database. If TACACS+ or the local database returns an access denied packet, the authentication process stops. The device attempts no other authentication methods.
The following figure illustrates the authentication process.
