We have a Cisco 4948 and we would like to enter all of the AAA commands necessary to satisfy our security scans without entering our TACACS server yet. In other words if the TACACS or Radius server is not defined in the comand line on the switch will having the AAA commands entered create any operational or login problems? Our TACACS will be difined down the road during deployment.
I was assuming that you needed to put in the real AAA commands that you would use. But it now sounds like it would work for you if you just put in some bogus AAA commands. For example you would usually use the default methods for authentication and authorization which might look like this:
aaa authentication login default group tacacs+ line
aaa authorization exec default group tacacs+ if-authenticated
But you could configure authentication and authorization for a named method like this
aaa authentication login temp_authen group tacacs+ line
aaa authorization exec temp_author group tacacs+ if-authenticated
With this the scan would see AAA authentication and authorization and be happy. And since the named methods are never applied anywhere it would have absolutely no operational impact on your routers and switches.