[tac_plus] Create TACACS server hierarchy?

[Aaron Wasserott]

Is there a way to create a TACACS server hierarchy? For example, point a network device at tacacs server B, if the user does not exist there, then forward request to tacacs server A to complete? Ideally with server B handling all of the communication, such that a network device only needs to be configured for server B for AAA.

This is for a lab situation, where I would like people who don't normally have network device access to be able to manage their own devices. I would point all my lab network devices to a lab tacacs server, and if they were not granted additional permissions in the lab, it would fail-back to the level of auth they would normally have (ie, none).