Actually you may have a different problem than what you think you have. When you configure aaa it automatically sets the console and the vty to go to ACS for authentication. You need to configure something special if you want them to NOT go to ACS because going to ACS becomes the default when aaa is configured. So it looks to me like the 6509 is trying to use ACS and not succeeding. I think this is confirmed by the fact that it is prompting for username and password because this is more of an ACS behavior than a normal IOS behavior. So you need to find what the problem is. I would look at the ACS server and check the report of failed attempts and see if there is an indication that ACS is seeing the attempts and what error is indicated. I can think of several possible errors: perhaps the configuration of ACS does not have your 6509, perhaps the configuration of ACS does not give access to that device for the ID you are using, perhaps the configuration on the 6509 does not have the correct address of ACS, perhaps the configuration of 6509 does not have the correct password to connect to ACS.

Once you have identified what the problem is there are several possibilities that you may consider to access the 6509 and do what seems best for your situation.

If you configured the AAA to use TACACS first and if it does not work to use the existing password, then you can try disconnecting the port on the 6509 that provides connectivity to the part of the network where the TACACS server is located. If the switch cannot get to the server it should accept the old password and if you get to privileged mode you can update the configuration.

Or you might try doing password recovery on the 6509.

HTH

Rick