Is there any way that authentication can be configured to use TACACS+ and local authentication simultaneously. For example, most users will have user profiles and will be authenticated using a TACACS server, but a few accounts will be configured locally on the Cisco device. I have used the following two configurations:
aaa authentication login default group tacacs+ local
(This configuration only goes to the local database if communication with the TACACS server fails completely)
aaa authentication login default local group tacacs+
(This configuration only checks the local database and never goes to the TACACS server)
I have not been able to find a configuration that will use TACACS and local authentication simultaneously