Which two steps must you perform to allow access to a device when the connection to a remote TACACS+ authentication server fails? (Choose two.)
A. Configure accounting to reference the log of previously authenticated connections.
B. Include the local keyword in the AAA configuration.
C. Configure the device to accept Telnet and SSH connections.
D. Remove the aaa new model command from the global configuration.
E. Configure a local username and password on the device.
BE
https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/200606-aaa-authentication-login-default-local.html
Configure these commands on the device in global configuration mode:
aaa new-model
aaa authentication login default local group tacacs+
With just “aaa new model” configured, local authentication is applied to all lines and interfaces (except console line line con 0).
Here the AAA method list is applied on all login attempts on all lines of the device, where first local database is checked and then if required, Terminal Access Controller Access Control System (TACACS) server is tried.
username cisco privilege 15 password 0 cisco
Local user database.
tacacs-server host 10.20.220.141
tacacs-server key cisco
TACACS server configured.