TACACS+ authentication overview
TACACS+ authentication occurs as follows:
User credentials are sent from the switch to TACACS+ server using the PAP or CHAP authentication protocol.
If a user is authenticated, their role is communicated to the switch as Administrator, Operator, or Auditor.
An unknown user or a user who entered an invalid password is identified as such to the switch, which then rejects user login.