TACACS+ server redundancy and access sequence

To prevent authentication and authorization interruption, it is common practice to configure more than one TACACS+ server. When identifying TACACS+ servers to the switch, server group order (and server order within the group), determines server access order.

NOTE:

When defining the server access sequence for authentication withaaa authentication login default, there is an impliedlocalincluded as the last item in the list. If no TACACS+ server can be reached, local authentication will be attempted.

NOTE:

When defining the server access sequence for authorization withaaa authorization commands,建议总是包括local或none作为the last item in the list.