AAA Authorization and Authentication Cache was integrated in IOS 15.0(1)M. This feature enables the router to store AAA credentials in its cache after it received the RADIUS or TACACS+ reply to an AAA request. The cache can be used either for performance boost (avoiding sending requests to the AAA server) or for a fallback method in case the servers are unreachable. The mode depends on the order you place your authentication methods in the aaa commands (see below).
In this example we are caching TACACS admin users’ credentials (telnet, vty) and RADIUS VPN users’ credentials (IKE xauth). The VPN group is also defined on the RADIUS server.