Security - configuring TACACS from another VRF

When adding a TACACS server as a method of applying AAA on a Cisco device, if the TACACS server is in a different VRF, then you must include that information when you configure the IP address of the TACACS server.

In general, if you want to add a TACACS server from a particular VRF, you can do so using the following commands:

Router(config)# tacacs server TACACS-SERVER Router(config-server-tacacs)# address ipv4 vrf MGMT Router(config-server-tacacs)# key Router(config-server-tacacs)# exit

Here you can see that the particular VRF on which the server is can be indicated. Here it is indicated as MGMT.