Hello @Paheeradan Nagulan 

The tacacs-server timeout 5 command sets the time the switch waits for a response from a TACACS+ server before considering that specific request as failed. However, this does not mean the server is immediately marked as "dead." It only means that if the server does not respond within 5 seconds, the switch will treat that authentication attempt as unsuccessful and move to the next available authentication method or server if configured.

A TACACS+ server is marked as "dead" only after multiple consecutive failures, not just one timeout. This behavior is controlled by the TACACS+ deadtime feature. If a switch is configured with aaa server tacacs+ deadtime <minutes>, it will temporarily stop sending authentication requests to a server after repeated failures and use other available servers instead.

When a TACACS+ server is marked as dead, the switch does not send any further authentication requests to it until the deadtime expires or until the switch detects that the server is responding again. Server monitoring mechanisms periodically check if the server is reachable, and once it starts responding, it is marked as "alive," and authentication requests resume.

Without the deadtime configuration, the switch will keep trying the same TACACS+ server for each authentication attempt, even if it is unresponsive, causing potential delays.

Improve failover behavior ? it is best to configure both tacacs-server timeout and aaa server tacacs+ deadtime to ensure quick switching between available servers...