Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.2.1
Copy Link

Configure TACACS+ server entries.

  config user tacacs+
      Description: Configure TACACS+ server entries.
      edit <name>
          set server {string}
          set secondary-server {string}
          set tertiary-server {string}
          set port {integer}
          set key {password}
          set secondary-key {password}
          set tertiary-key {password}
          set authen-type [mschap|chap|...]
          set authorization [enable|disable]
          set source-ip {string}
      next
  end

config user tacacs+

Parameter Name Description Type Size
server Primary TACACS+ server CN domain name or IP address. string Maximum length: 63
secondary-server Secondary TACACS+ server CN domain name or IP address. string Maximum length: 63
tertiary-server Tertiary TACACS+ server CN domain name or IP address. string Maximum length: 63
port Port number of the TACACS+ server. integer Minimum value: 1 Maximum value: 65535
key Key to access the primary server. password Not Specified
secondary-key Key to access the secondary server. password Not Specified
tertiary-key Key to access the tertiary server. password Not Specified
authen-type Allowed authentication protocols/methods.
mschap: MSCHAP.
chap: CHAP.
pap: PAP.
ascii: ASCII.
auto: Use PAP, MSCHAP, and CHAP (in that order).
option -
authorization Enable/disable TACACS+ authorization.
enable: Enable TACACS+ authorization.
disable: Disable TACACS+ authorization.
option -
source-ip source IP for communications to TACACS+ server. string Maximum length: 63

Configure TACACS+ server entries.

  config user tacacs+
      Description: Configure TACACS+ server entries.
      edit <name>
          set server {string}
          set secondary-server {string}
          set tertiary-server {string}
          set port {integer}
          set key {password}
          set secondary-key {password}
          set tertiary-key {password}
          set authen-type [mschap|chap|...]
          set authorization [enable|disable]
          set source-ip {string}
      next
  end

config user tacacs+

Parameter Name Description Type Size
server Primary TACACS+ server CN domain name or IP address. string Maximum length: 63
secondary-server Secondary TACACS+ server CN domain name or IP address. string Maximum length: 63
tertiary-server Tertiary TACACS+ server CN domain name or IP address. string Maximum length: 63
port Port number of the TACACS+ server. integer Minimum value: 1 Maximum value: 65535
key Key to access the primary server. password Not Specified
secondary-key Key to access the secondary server. password Not Specified
tertiary-key Key to access the tertiary server. password Not Specified
authen-type Allowed authentication protocols/methods.
mschap: MSCHAP.
chap: CHAP.
pap: PAP.
ascii: ASCII.
auto: Use PAP, MSCHAP, and CHAP (in that order).
option -
authorization Enable/disable TACACS+ authorization.
enable: Enable TACACS+ authorization.
disable: Disable TACACS+ authorization.
option -
source-ip source IP for communications to TACACS+ server. string Maximum length: 63