Hi Colin
Sorry but currently I don't have access to controller hence can't share the screenshot.
The config is like this
1. Created a Tacacs server , provided IP and shared secret. All other default. Authorization enabled.
2. Created a server group which has first entry as internal server and second as above mentioned tacacs server. But there is no server derived rule.
3. In Management authentication I have selected new server group. There is one option for mschap for radius but I believe that is unchecked.
- Harshad