Configure the Client to Use TACACS+ for Login Authentication

View the parameters to set the authentication mode so TACACS+ is primary.

After you configure the client-side TACACS+ server list, you must set the authentication mode so that TACACS+ is used as the primary source of authentication.

Full Syntax  [no] aaa authentication login tacacs+ local-auth-fallback
Parameter descriptions 

keyword no: Negate the command

keyword aaa : Configure preferred order of types of AAA server (only TACACS+ is supported)

keyword authentication: Configure preferred order for authentication

Keyword login: Order of sources for login (default='local')

Keyword tacacs+ : Use TACACS+ servers

Keyword local-auth-fallback: Use local switch database if TACACS+ authentication methods are not active or authorization fails.
Command modes  Configuration mode
Permissions & Validations 
  • This command is allowed in configuration mode only.
  • This command is available only to users with admin role. 
Behavior description  By default, the local database is used for authentication. You can configure the application to authenticate users with the TACACS+ server as the primary method, with the local database as the fallback if TACACS+ is unavailable or authentication fails.
9037106-00 Rev AA