Configuring an encryption key
Use an encryption key in the switch if the switch will be requesting authentication from a TACACS+ server that also uses an encryption key. If the server expects a key, but the switch either does not provide one, or provides an incorrect key, then the authentication attempt fails.
Use a global encryption key if the same key applies to all TACACS+ servers the switch may use for authentication attempts.
Use a per-server encryption key if different servers the switch may use have different keys. For more details on encryption keys, see Encryption options in the switch.