Hello, I'm confident I already know the answer to this question but I want to be sure.
I am moving a large number of Cisco devices to a new TACACS server, is there anything that can be done to allow local login if the new TACACS server is reachable but not authenticating for some reason? For example if the Cisco source IP is not built correctly into the server or the key is not configured properly on the device; in these situations the server is reachable but will not provide authentication.
I already have AAA authentication set similar to the following:
Router1(config)#aaa authentication login default group tacacs+ line
This will allow me to use line authentication if the tacacs server is not reachable but not if the server is reachable and not authenticating properly.
Any ideas on how/if I can failover to local login for the example situation I provided above?
