Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    7.6.1
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config user tacacs+

    config user tacacs+

    Configure TACACS+ server entries.

    config user tacacs+
    Description: Configure TACACS+ server entries.
    edit <name>
        set authen-type [mschap|chap|...]
        set authorization [enable|disable]
        set interface {string}
        set interface-select-method [auto|sdwan|...]
        set key {password}
        set port {integer}
        set secondary-key {password}
        set secondary-server {string}
        set server {string}
        set source-ip {string}
        set status-ttl {integer}
        set tertiary-key {password}
        set tertiary-server {string}
        set vrf-select {integer}
    next
end

    config user tacacs+

    Parameter

    Description

    Type

    Size

    Default

    authen-type

    Allowed authentication protocols/methods.

    option

    -

    auto

    Option

    Description

    mschap

    MSCHAP.

    chap

    CHAP.

    pap

    PAP.

    ascii

    ASCII.

    auto

    Use PAP, MSCHAP, and CHAP (in that order).

    authorization

    Enable/disable TACACS+ authorization.

    option

    -

    disable

    Option

    Description

    enable

    Enable TACACS+ authorization.

    disable

    Disable TACACS+ authorization.

    interface

    Specify outgoing interface to reach server.

    string

    Maximum length: 15

    interface-select-method

    Specify how to select outgoing interface to reach server.

    option

    -

    auto

    Option

    Description

    auto

    Set outgoing interface automatically.

    sdwan

    Set outgoing interface by SD-WAN or policy routing rules.

    specify

    Set outgoing interface manually.

    key

    Key to access the primary server.

    password

    Not Specified

    name

    TACACS+ server entry name.

    string

    Maximum length: 35

    port

    Port number of the TACACS+ server.

    integer

    Minimum value: 1 Maximum value: 65535

    49

    secondary-key

    Key to access the secondary server.

    password

    Not Specified

    secondary-server

    Secondary TACACS+ server CN domain name or IP address.

    string

    Maximum length: 63

    server

    Primary TACACS+ server CN domain name or IP address.

    string

    Maximum length: 63

    source-ip

    Source IP address for communications to TACACS+ server.

    string

    Maximum length: 63

    status-ttl

    Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time.

    integer

    Minimum value: 0 Maximum value: 600

    300

    tertiary-key

    Key to access the tertiary server.

    password

    Not Specified

    tertiary-server

    Tertiary TACACS+ server CN domain name or IP address.

    string

    Maximum length: 63

    vrf-select

    VRF ID used for connection to server.

    integer

    Minimum value: 0 Maximum value: 511

    0
    Previous
    Next

    config user tacacs+

    config user tacacs+

    Configure TACACS+ server entries.

    config user tacacs+
    Description: Configure TACACS+ server entries.
    edit <name>
        set authen-type [mschap|chap|...]
        set authorization [enable|disable]
        set interface {string}
        set interface-select-method [auto|sdwan|...]
        set key {password}
        set port {integer}
        set secondary-key {password}
        set secondary-server {string}
        set server {string}
        set source-ip {string}
        set status-ttl {integer}
        set tertiary-key {password}
        set tertiary-server {string}
        set vrf-select {integer}
    next
end

    config user tacacs+

    Parameter

    Description

    Type

    Size

    Default

    authen-type

    Allowed authentication protocols/methods.

    option

    -

    auto

    Option

    Description

    mschap

    MSCHAP.

    chap

    CHAP.

    pap

    PAP.

    ascii

    ASCII.

    auto

    Use PAP, MSCHAP, and CHAP (in that order).

    authorization

    Enable/disable TACACS+ authorization.

    option

    -

    disable

    Option

    Description

    enable

    Enable TACACS+ authorization.

    disable

    Disable TACACS+ authorization.

    interface

    Specify outgoing interface to reach server.

    string

    Maximum length: 15

    interface-select-method

    Specify how to select outgoing interface to reach server.

    option

    -

    auto

    Option

    Description

    auto

    Set outgoing interface automatically.

    sdwan

    Set outgoing interface by SD-WAN or policy routing rules.

    specify

    Set outgoing interface manually.

    key

    Key to access the primary server.

    password

    Not Specified

    name

    TACACS+ server entry name.

    string

    Maximum length: 35

    port

    Port number of the TACACS+ server.

    integer

    Minimum value: 1 Maximum value: 65535

    49

    secondary-key

    Key to access the secondary server.

    password

    Not Specified

    secondary-server

    Secondary TACACS+ server CN domain name or IP address.

    string

    Maximum length: 63

    server

    Primary TACACS+ server CN domain name or IP address.

    string

    Maximum length: 63

    source-ip

    Source IP address for communications to TACACS+ server.

    string

    Maximum length: 63

    status-ttl

    Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time.

    integer

    Minimum value: 0 Maximum value: 600

    300

    tertiary-key

    Key to access the tertiary server.

    password

    Not Specified

    tertiary-server

    Tertiary TACACS+ server CN domain name or IP address.

    string

    Maximum length: 63

    vrf-select

    VRF ID used for connection to server.

    integer

    Minimum value: 0 Maximum value: 511

    0
    Previous
    Next