Fortinet black logo

CLI Reference

config user tacacs+

config user tacacs+

Configure TACACS+ server entries.

config user tacacs+
    Description: Configure TACACS+ server entries.
    edit <name>
        set authen-type [mschap|chap|...]
        set authorization [enable|disable]
        set interface {string}
        set interface-select-method [auto|sdwan|...]
        set key {password}
        set port {integer}
        set secondary-key {password}
        set secondary-server {string}
        set server {string}
        set source-ip {string}
        set tertiary-key {password}
        set tertiary-server {string}
    next
end

config user tacacs+

Parameter

Description

Type

Size

Default

authen-type

Allowed authentication protocols/methods.

option

-

auto

Option

Description

mschap

MSCHAP.

chap

CHAP.

pap

PAP.

ascii

ASCII.

auto

Use PAP, MSCHAP, and CHAP (in that order).

authorization

Enable/disable TACACS+ authorization.

option

-

disable

Option

Description

enable

Enable TACACS+ authorization.

disable

Disable TACACS+ authorization.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

key

Key to access the primary server.

password

Not Specified

name

TACACS+ server entry name.

string

Maximum length: 35

port

Port number of the TACACS+ server.

integer

Minimum value: 1 Maximum value: 65535

49

secondary-key

Key to access the secondary server.

password

Not Specified

secondary-server

Secondary TACACS+ server CN domain name or IP address.

string

Maximum length: 63

server

Primary TACACS+ server CN domain name or IP address.

string

Maximum length: 63

source-ip

Source IP address for communications to TACACS+ server.

string

Maximum length: 63

tertiary-key

Key to access the tertiary server.

password

Not Specified

tertiary-server

Tertiary TACACS+ server CN domain name or IP address.

string

Maximum length: 63

config user tacacs+

Configure TACACS+ server entries.

config user tacacs+
    Description: Configure TACACS+ server entries.
    edit <name>
        set authen-type [mschap|chap|...]
        set authorization [enable|disable]
        set interface {string}
        set interface-select-method [auto|sdwan|...]
        set key {password}
        set port {integer}
        set secondary-key {password}
        set secondary-server {string}
        set server {string}
        set source-ip {string}
        set tertiary-key {password}
        set tertiary-server {string}
    next
end

config user tacacs+

Parameter

Description

Type

Size

Default

authen-type

Allowed authentication protocols/methods.

option

-

auto

Option

Description

mschap

MSCHAP.

chap

CHAP.

pap

PAP.

ascii

ASCII.

auto

Use PAP, MSCHAP, and CHAP (in that order).

authorization

Enable/disable TACACS+ authorization.

option

-

disable

Option

Description

enable

Enable TACACS+ authorization.

disable

Disable TACACS+ authorization.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

key

Key to access the primary server.

password

Not Specified

name

TACACS+ server entry name.

string

Maximum length: 35

port

Port number of the TACACS+ server.

integer

Minimum value: 1 Maximum value: 65535

49

secondary-key

Key to access the secondary server.

password

Not Specified

secondary-server

Secondary TACACS+ server CN domain name or IP address.

string

Maximum length: 63

server

Primary TACACS+ server CN domain name or IP address.

string

Maximum length: 63

source-ip

Source IP address for communications to TACACS+ server.

string

Maximum length: 63

tertiary-key

Key to access the tertiary server.

password

Not Specified

tertiary-server

Tertiary TACACS+ server CN domain name or IP address.

string

Maximum length: 63