Security - configuring TACACS from another VRF
When adding a TACACS server as a method of applying AAA on a Cisco device, if the TACACS server is in a different VRF, then you must include that information when you configure the IP address of the TACACS server.
In general, if you want to add a TACACS server from a particular VRF, you can do so using the following commands:
Router(config)# tacacs server TACACS-SERVER Router(config-server-tacacs)# address ipv4 10.0.0.10 vrf MGMT Router(config-server-tacacs)# keyRouter(config-server-tacacs)# exit
Here you can see that the particular VRF on which the server is can be indicated. Here it is indicated as MGMT
.
Links:
https://forum.networklessons.com/t/aaa-authentication-on-cisco-ios/1558/73?u=lagapides