Fortinet white logo
Fortinet white logo

Administration Guide

TACACS+ Servers

TACACS+ Servers

TACACS+ is a remote authentication protocol that provides access control for routers, network access servers, and other networked computing devices through one or more centralized servers. TACACS+ allows a client to accept a user name and password and send a query to a TACACS+ authentication server. The server host determines whether to accept or deny the request and sends a response back that allows or denies the user access to the network.

TACACS+ offers fully encrypted packet bodies and supports both IP and AppleTalk protocols. TACACS+ uses TCP port 49, which is seen as more reliable than RADIUSʼs UDP.

By default, the TACACS+ Servers option under User & Device is not visible unless you add a server using the following CLI command:

config user tacacs+
    edit <name>
        set server <IP_address>
    next
end

To manage TACACS+ servers, go to User & Authentication > TACACS+ Servers.

Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

The following options are available:

Create New

Create a TACACS+ server. See Create or edit a TACACS server.

Edit

Modify a TACACS+ server. See Create or edit a TACACS server.

Clone

Make a copy of a TACACS+ server.

Delete

Remove a server or servers.

Search

Enter a search term to find in the TACACS+ server list.

Name

The name that identifies the TACACS+ server on the unit.

Server

The domain name or IP address of the TACACS+ server.

Authentication Type

The authentication type used by the server.

Ref.

Displays the number of times the object is referenced to other objects.

To view the location of the referenced object, select the number in Ref.; the Object Usage window opens and displays the various locations of the referenced object.

TACACS+ Servers

TACACS+ Servers

TACACS+ is a remote authentication protocol that provides access control for routers, network access servers, and other networked computing devices through one or more centralized servers. TACACS+ allows a client to accept a user name and password and send a query to a TACACS+ authentication server. The server host determines whether to accept or deny the request and sends a response back that allows or denies the user access to the network.

TACACS+ offers fully encrypted packet bodies and supports both IP and AppleTalk protocols. TACACS+ uses TCP port 49, which is seen as more reliable than RADIUSʼs UDP.

By default, the TACACS+ Servers option under User & Device is not visible unless you add a server using the following CLI command:

config user tacacs+
    edit <name>
        set server <IP_address>
    next
end

To manage TACACS+ servers, go to User & Authentication > TACACS+ Servers.

Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

The following options are available:

Create New

Create a TACACS+ server. See Create or edit a TACACS server.

Edit

Modify a TACACS+ server. See Create or edit a TACACS server.

Clone

Make a copy of a TACACS+ server.

Delete

Remove a server or servers.

Search

Enter a search term to find in the TACACS+ server list.

Name

The name that identifies the TACACS+ server on the unit.

Server

The domain name or IP address of the TACACS+ server.

Authentication Type

The authentication type used by the server.

Ref.

Displays the number of times the object is referenced to other objects.

To view the location of the referenced object, select the number in Ref.; the Object Usage window opens and displays the various locations of the referenced object.