For a simple TACACS+ daemon config –> simple TACACS+ config
!
aaa new-model
!
!
aaa authentication fail-message ^C
–> local authentication failed ! <–
^C
!
! Set the prompt that will show up if the TACACS+ service is unavailable
aaa authentication password-prompt “Enter local password: ”
aaa authentication username-prompt “Enter local username: ”
!
aaa authentication login default local group tacacs+
aaa authentication login REMOTE group tacacs+ local
aaa authorization exec default local group tacacs+
!
!
tacacs-server host 192.168.20.99
tacacs-server key 7 xxxxxxxxxxxxxxxxx
!
line vty 0 4
login authentication REMOTE
!