some can explain to me what is the usage of thoses options TACACS+ Setting ? I are using our ACS server to authenticate administrative session to our telecom devices. The first policie asked the authentication should be done by our RSA server. If RSA server is not responding local user crenditial in the ACS server should be use to authenticate user. In the AAA client I defined the acces policy should be done by ACS server and if is not responding before timeout timer local credential on the AAA client become available.
This is working perfectly, but is the case of the unavaibility of the RSA server the token is always aked as a password which this do not give the information of the local credentials should be used. And also when the policy for a specific user do not aking to authenticate by RSA server it is not possible to make visible on the AAA which password should be provide local of the ACS server or local on the AAA client (I had modify the string but nothnig appear differently on CLI of the AAA client authentication process)