You want to disable TACACS+ authentication on your router’s console interface.

You can disable TACACS+ authentication on the router’s console port, while leaving it active on the rest of the router lines:

Router1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#aaa new-model
Router1(config)#aaa authentication login default group tacacs+ local
Router1(config)#aaa authentication login OREILLY line
Router1(config)#line con 0
Router1(config-line)#login authentication OREILLY
Router1(config-line)#end
Router1#

By default, when you configure a router to use AAA authentication, it automatically applies this authentication method to all lines. This means that you don’t have to explicitly configure each line to use AAA authentication. Normally this default behavior is useful because it requires less configuration. But there are times when you may want to use different authentication methods on different lines. For instance, in our example we wanted to be able to access the router’s console line with a simple password. But we didn’t want this change to affect the AAA authentication on any of the VTY or AUX lines.

The first two lines in the example simply enable TACACS+ authentication for all login access to the router:

Router1(config)#aaa new-model
Router1(config)#aaa authentication login default group tacacs+ local

As soon as you enter these commands, every line on the ...