Fortinet white logo
Fortinet white logo

CLI Reference

config user tacacs+

config user tacacs+

Configure TACACS+ server entries.

config user tacacs+
    Description: Configure TACACS+ server entries.
    edit <name>
        set server {string}
        set secondary-server {string}
        set tertiary-server {string}
        set port {integer}
        set key {password}
        set secondary-key {password}
        set tertiary-key {password}
        set status-ttl {integer}
        set authen-type [mschap|chap|...]
        set authorization [enable|disable]
        set source-ip {string}
        set interface-select-method [auto|specify]
        set interface {string}
    next
end

config user tacacs+

Parameter

Description

Type

Size

Default

name

TACACS+ server entry name.

string

Maximum length: 35

server

Primary TACACS+ server CN domain name or IP address.

string

Maximum length: 63

secondary-server

Secondary TACACS+ server CN domain name or IP address.

string

Maximum length: 63

tertiary-server

Tertiary TACACS+ server CN domain name or IP address.

string

Maximum length: 63

port

Port number of the TACACS+ server.

integer

Minimum value: 1 Maximum value: 65535

49

key

Key to access the primary server.

password

Not Specified

secondary-key

Key to access the secondary server.

password

Not Specified

tertiary-key

Key to access the tertiary server.

password

Not Specified

status-ttl

Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time.

integer

Minimum value: 0 Maximum value: 600

300

authen-type

Allowed authentication protocols/methods.

option

-

auto

Option

Description

mschap

MSCHAP.

chap

CHAP.

pap

PAP.

ascii

ASCII.

auto

Use PAP, MSCHAP, and CHAP (in that order).

authorization

Enable/disable TACACS+ authorization.

option

-

disable

Option

Description

enable

Enable TACACS+ authorization.

disable

Disable TACACS+ authorization.

source-ip

Source IP address for communications to TACACS+ server.

string

Maximum length: 63

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

config user tacacs+

config user tacacs+

Configure TACACS+ server entries.

config user tacacs+
    Description: Configure TACACS+ server entries.
    edit <name>
        set server {string}
        set secondary-server {string}
        set tertiary-server {string}
        set port {integer}
        set key {password}
        set secondary-key {password}
        set tertiary-key {password}
        set status-ttl {integer}
        set authen-type [mschap|chap|...]
        set authorization [enable|disable]
        set source-ip {string}
        set interface-select-method [auto|specify]
        set interface {string}
    next
end

config user tacacs+

Parameter

Description

Type

Size

Default

name

TACACS+ server entry name.

string

Maximum length: 35

server

Primary TACACS+ server CN domain name or IP address.

string

Maximum length: 63

secondary-server

Secondary TACACS+ server CN domain name or IP address.

string

Maximum length: 63

tertiary-server

Tertiary TACACS+ server CN domain name or IP address.

string

Maximum length: 63

port

Port number of the TACACS+ server.

integer

Minimum value: 1 Maximum value: 65535

49

key

Key to access the primary server.

password

Not Specified

secondary-key

Key to access the secondary server.

password

Not Specified

tertiary-key

Key to access the tertiary server.

password

Not Specified

status-ttl

Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time.

integer

Minimum value: 0 Maximum value: 600

300

authen-type

Allowed authentication protocols/methods.

option

-

auto

Option

Description

mschap

MSCHAP.

chap

CHAP.

pap

PAP.

ascii

ASCII.

auto

Use PAP, MSCHAP, and CHAP (in that order).

authorization

Enable/disable TACACS+ authorization.

option

-

disable

Option

Description

enable

Enable TACACS+ authorization.

disable

Disable TACACS+ authorization.

source-ip

Source IP address for communications to TACACS+ server.

string

Maximum length: 63

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15