Type the following command under the line：

　　Username cisco password cisco

　　Aaa new-model

　　AAA authenticaiton on Cisco device

　　Aaa authentication login vty.authengroup tacacs+ local none

　　Tacacs-server host 192.168.127.233 key cisco

　　Radius-server host 192.168.127.233 key cisco

　　Line vty 0 15

　　Password ppp

　　Login authentication vty.authen

　　***if we set the ACS correctly， we should create a username Devin； and input the server client on the ACS.

　　Because we type the command vty.authengroup tacacs+ local none； then authentication will first find the ACS tacas server， if it is not successful， it will seek local username/password. If the local also don’t have the username/password， it will keep none login.

　　Test：

　　1， make the network between client and ACS broken down， we can use the PPP login this router without password； also we can use the devin to login the router without password. At last we need to use cisco with password cisco to login.

　　2， if the network is ok， we can only use the ACS as the authentication， then we canonly use the devin as the only way to login.