The conf in Controller:
aaa server-group "TACACS-SVR-GROUP"
auth-server TACACS-SERVER-A
!
aaa authentication-server tacacs "TACACS-SERVER-A"
host "X.X.X.X"
key XXXXXXXXXXXXX
tcp-port 4949
session-authorization
!
aaa authentication mgmt
server-group "TACACS-SVR-GROUP"
enable
!
aaa tacacs-accounting server-group TACACS-SVR-GROUP mode enable command all
The error in ACS:
service denied - service=aruba protocol=common