...
You can configure at most two TACACS+ servers on the AmpCon-Campus server. One is the primary and active server, while the other one is the secondary server, which is used for backup. No need to configure the secondary server if backup is not needed.
You can designate authorization levels by using the priv-lvl parameter on the TACACS+ server. The priv-lvl configuration is sent in the TACACS+ authorization response. The priv-lvl parameter value is mapped to one of these local role levels: Readonly, Operator, Admin and Superadmin.
For how to configure authorization levels on the TACACS+ server, see the Sample Configuration of Authorization Level on TACACS+ Server (Linux tac_plus) section.
AmpCon-Campus sends authorization requests with “Arg[0]” service=AmpCon-Campus. On the TACACS+ server, you need to set the value of the parameter “service=AmpCon-Campus” to process the authorization request requests of AmpCon-Campus users.
If both TACACS+ servers are unreachable, you can use local users (global user or group user) to log in to the AmpCon-Campus UI.
...