We configured TACACS over Extreme Switch but you can also log in with a local account.
My Configuration is
configure tacacs primary server 172.16.11.52 49 client-ip 172.16.0.10 vr VR-Default
configure tacacs primary shared-secret encrypted "#$H4H5oLIn4H+TRgtYrxiHVtFwGtljZw=="
configure tacacs-accounting primary server 172.16.11.52 49 client-ip 172.16.0.10 vr VR-Default
configure tacacs-accounting primary shared-secret encrypted "#$hp08PEW0oz0kZBjQaP0bHYqBdCcqSg=="
configure tacacs timeout 60
configure tacacs fallback disallow
configure tacacs priv-lvl required
create account admin cisco encrypted "$5$sRVgQN$aL8UAzkEwMLmGPy82v1On6QLuvBeKdjVQGCRsUmcjq3"
Generally this issue is due to the TACACS+ server not replying with a 'fail' or 'accept' message. It is probably sending something else in response leading the switch to think that the server is not working, therefore, it falls back to local authentication.
These articles may be helpful:
You may also need to collect a PCAP of the TACACS+ exchange, decode it via wireshark, and see what the TACACS server is replying with. If it is not a 'Fail' or 'Accept', that would be the issue.
Hope that helps!