Example of a Failed AuthenticationTo view the configuration, use the show config in LINE mode or the show running-config tacacs+ command in EXEC Privilegemode.If authentication fails using the primary method, Dell Networking OS employs the second method (or third method, if necessary)automatically. The fallback to the second method would happen only if the authentication failure is due to a non-reachable server or invalidTACACS server key. The fallback would not occur if the authentication failure is due to invalid credentials. For example, if the TACACS+server is reachable, but the server key is invalid, Dell Networking OS proceeds to the next authentication method. In the following example,the TACACS+ is incorrect, but the user is still authenticated by the secondary method.First bold line: Server key purposely changed to incorrect value.Second bold line: User authenticated using the secondary method.Dell(conf)#Dell(conf)#do show run aaa!aaa authentication enable default tacacs+ enableaaa authentication enable LOCAL enable tacacs+aaa authentication login default tacacs+ localaaa authentication login LOCAL local tacacs+aaa authorization exec default tacacs+ noneaaa authorization commands 1 default tacacs+ noneaaa authorization commands 15 default tacacs+ noneaaa accounting exec default start-stop tacacs+aaa accounting commands 1 default start-stop tacacs+aaa accounting commands 15 default start-stop tacacs+Dell(conf)#Dell(conf)#do show run tacacs+!tacacs-server key 7 d05206c308f4d35btacacs-server host 10.10.10.10 timeout 1Dell(conf)#tacacs-server key angelineDell(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user admin onvty0 (10.11.9.209)%RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable passwordauthentication success on vty0 ( 10.11.9.209 )%RPM0-P:CP %SEC-5-LOGOUT: Exec session is terminated for user admin on linevty0 (10.11.9.209)Dell(conf)#username angeline password angelineDell(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user angelineon vty0 (10.11.9.209)%RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable passwordauthentication success on vty0 ( 10.11.9.209 )Monitoring TACACS+To view information on TACACS+ transactions, use the following command.• View TACACS+ transactions to troubleshoot problems.EXEC Privilege modedebug tacacs+TACACS+ Remote AuthenticationThe system takes the access class from the TACACS+ server. Access class is the class of service that restricts Telnet access and packetsizes.If you have configured remote authorization, the system ignores the access class you have configured for the VTY line and gets this accessclass information from the TACACS+ server. The system must know the username and password of the incoming user before it can fetchSecurity 809