Hi Sean,
Honestly i did not understand your exact requirement. You can direct the traffic to the AAA server via a source interface of the router.
Tacacs :
ip tacacs source-interface subinterface-name
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_i1g.html#wp1074100
Radius:
ip radius source-interface subinterface-name [vrf vrf-name]
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_i1g.html#wp1071845
You can define the maximum attempts of the user as well. After failure of these attempts the account wll get locked out.
aaa authentication attempts login number-of-attempts
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_a1g.html#wp1070744
Hope this helps.
Regards,
Anisha
P.S.:Please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.