Fortinet black logo

CLI Reference

config user tacacs+

config user tacacs+

Configure TACACS+ server entries.

config user tacacs+

Description: Configure TACACS+ server entries.

edit <name>

set server {string}

set secondary-server {string}

set tertiary-server {string}

set port {integer}

set key {password}

set secondary-key {password}

set tertiary-key {password}

set authen-type [mschap|chap|...]

set authorization [enable|disable]

set source-ip {string}

set interface-select-method [auto|sdwan|...]

set interface {string}

next

end

config user tacacs+

Parameter

Description

Type

Size

Default

server

Primary TACACS+ server CN domain name or IP address.

string

Maximum length: 63

secondary-server

Secondary TACACS+ server CN domain name or IP address.

string

Maximum length: 63

tertiary-server

Tertiary TACACS+ server CN domain name or IP address.

string

Maximum length: 63

port

Port number of the TACACS+ server.

integer

Minimum value: 1 Maximum value: 65535

49

key

Key to access the primary server.

password

Not Specified

secondary-key

Key to access the secondary server.

password

Not Specified

tertiary-key

Key to access the tertiary server.

password

Not Specified

authen-type

Allowed authentication protocols/methods.

option

-

auto

Option

Description

mschap

MSCHAP.

chap

CHAP.

pap

PAP.

ascii

ASCII.

auto

Use PAP, MSCHAP, and CHAP (in that order).

authorization

Enable/disable TACACS+ authorization.

option

-

disable

Option

Description

enable

Enable TACACS+ authorization.

disable

Disable TACACS+ authorization.

source-ip

Source IP address for communications to TACACS+ server.

string

Maximum length: 63

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

config user tacacs+

Configure TACACS+ server entries.

config user tacacs+

Description: Configure TACACS+ server entries.

edit <name>

set server {string}

set secondary-server {string}

set tertiary-server {string}

set port {integer}

set key {password}

set secondary-key {password}

set tertiary-key {password}

set authen-type [mschap|chap|...]

set authorization [enable|disable]

set source-ip {string}

set interface-select-method [auto|sdwan|...]

set interface {string}

next

end

config user tacacs+

Parameter

Description

Type

Size

Default

server

Primary TACACS+ server CN domain name or IP address.

string

Maximum length: 63

secondary-server

Secondary TACACS+ server CN domain name or IP address.

string

Maximum length: 63

tertiary-server

Tertiary TACACS+ server CN domain name or IP address.

string

Maximum length: 63

port

Port number of the TACACS+ server.

integer

Minimum value: 1 Maximum value: 65535

49

key

Key to access the primary server.

password

Not Specified

secondary-key

Key to access the secondary server.

password

Not Specified

tertiary-key

Key to access the tertiary server.

password

Not Specified

authen-type

Allowed authentication protocols/methods.

option

-

auto

Option

Description

mschap

MSCHAP.

chap

CHAP.

pap

PAP.

ascii

ASCII.

auto

Use PAP, MSCHAP, and CHAP (in that order).

authorization

Enable/disable TACACS+ authorization.

option

-

disable

Option

Description

enable

Enable TACACS+ authorization.

disable

Disable TACACS+ authorization.

source-ip

Source IP address for communications to TACACS+ server.

string

Maximum length: 63

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15