Hi,

First make sure that your CatOS version supports fallback, because few earlier versions were not able to do so,

Anyhow, here you go,

/----------------------------------/

!--- Define localuser to prevent ourself from being lockedout

!--- For backdoor purpose

set localuser user password privilege 15

!--- Specify the TACACS server ip address,i.e., ACS ip address

set tacacs server

set tacacs key

set tacacs timeout 30

!--- For backdoor purspose, specify authentication for

!--- login and enable via local database.

set authentication login local enable all

!--- Specifying authentication for login & enable via TACACS

set authentication login tacacs enable telnet primary

set authorization exec enable tacacs+ none telnet

!--- Specifying accouting for exec level

set accounting exec enable start-stop tacacs+

!--- Specifying accounting for users telnetting out of the switch

set accounting connect enable start-stop tacacs+

!--- Accounts for system level changes over switch

set accounting system enable start-stop tacacs+

!--- For accounting events performed by users,i.e.,commands being issued

set accounting commands enable all start-stop tacacs+

/----------------------------------/

For 8.6:

Configuring the Switch Access Using AAA:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_6/confg_gd/authent.htm

Regards,

Prem