Configuring an encryption key
Use an encryption key in the switch if the switch
will be requesting authentication from a TACACS+ server that also
uses an encryption key. (If the server expects a key, but the switch
either does not provide one, or provides an incorrect key, then the
authentication attempt will fail.)
Use a global encryption key if the same key applies to all TACACS+ servers the switch may use for authentication attempts.
Use a per-server encryption key if different servers the switch may use will have different keys.(For more details on encryption keys, see Using the encryption key.