Security - configuring TACACS from another VRF

When adding a TACACS server as a method of applying AAA on a Cisco device, if the TACACS server is in a different VRF, then you must include that information when you configure the IP address of the TACACS server.

In general, if you want to add a TACACS server from a particular VRF, you can do so using the following commands:

Router(config)# tacacs server TACACS-SERVER Router(config-server-tacacs)# address ipv4 10.0.0.10 vrf MGMT Router(config-server-tacacs)# key Router(config-server-tacacs)# exit

Here you can see that the particular VRF on which the server is can be indicated. Here it is indicated as MGMT.

Links:

https://forum.networklessons.com/t/aaa-authentication-on-cisco-ios/1558/73?u=lagapides

https://networklessons.com/cisco/ccna-routing-switching-icnd2-200-105/aaa-authentication-on-cisco-ios/