You can connect the TACACS+ server to the switch:
In-band through one of the data ports.
Out-of-band through the management port.
Connect the TACACS+ server through a local interface. Management PCs can reside on an out-of-band management Ethernet port, or on the corporate network. Place the TACACS+ server on the corporate network so you can route it to the switch.
Before you configure the switch, you must configure at least one TACACS+ server and a key.
Encryption key
Connection mode (single connection or per-session connection. Per-session connection is the same as multi-connection mode.)
TCP port number
You can configure a secondary TACACS+ server for backup authentication. You specify the primary authentication server when you configure the switch.