Yes I have, username xxx privilege 15 secret xxx. But that doesn t work.

ip domain-name xxx      

crypto key generate rsa        

ip ssh time-out 120            

ip ssh authentication-retries 3

ip ssh version 2

aaa new-model

aaa group server radius ISE

server xxx.xxx.xxx.xx

server xxx.xxx.xxx.xx

 aaa authentication login VTY group ISE local

aaa authorization exec VTY group ISE local if-authenticated

aaa accounting exec default start-stop group ISE          

radius-server host xxx.xxx.xxx.xx key 0 xxx

radius-server host xxx.xxx.xxx.xx key 0 xxx

line vty 0 15

transport input ssh

login authentication VTY

authorization exec VTY    

this is my configuration on swith. I have policy on ISE , and I login over ssh with my admin domain username and password. When ISE is not on network, I cannot login on switch. Maybe is problem with this command:

aaa authentication login VTY group ISE local ?

Hi

Heres a working one of mine when  ACS or ISE are not working it still authenticates off local DB in device , you must have enable after local too

aaa new-model
!
!
aaa group server tacacs+ AAA
 server-private X.X.X.X key 7 04564E3C3D6444170B4E534A414A284F1B7F650F1D
 server-private X.X.X.X key 7 1308522839490C7329737E6E6663374C2757407177
 ip tacacs source-interface XXXXXXXXXX
!
aaa authentication login default group AAA local enable
aaa authentication enable default group AAA enable
aaa authorization exec default group AAA local
aaa accounting exec default start-stop group AAA
aaa accounting commands 0 default start-stop group AAA
aaa accounting commands 1 default start-stop group AAA
aaa accounting commands 15 default start-stop group AAA
aaa accounting network default start-stop group AAA
aaa accounting connection default start-stop group AAA
aaa accounting system default start-stop group AAA

Thanks, I try this in Wednesday. I want to try on real system, to unplugged net cable from ise, and than to try. I will inform you, about results. :)