Enabling aaa new model means the switch will try and match all login attempts using a aaa method.
First, define the TACACS or RADIUS server using:
tacacs-server host <IP-address> <optional key value>
There are some other values you can use, but I’ve never had to use these.
Now, give your authentication method a name:
aaa group server tacacs+ <method-name> server <IP-address>
Call the method for authenttication
aaa authentication login default group <method-name> group <fallback method name if configured> local
You should now be good to go!